GitHub-Spring
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

provide access token to refresh token generator 

Signed-off-by: felipe.malaquias <felipe.malaquias@idealo.de>
pull/2131/head
felipe.malaquias 5 months ago
parent
9283f47038
commit
e8120e203b
2 changed files with 16 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 11
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java
  2. 9
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java

11
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java
Unescape View File

@ -165,7 +165,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic @@ -165,7 +165,7 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
Jwt dPoPProof = DPoPProofVerifier.verifyIfAvailable(refreshTokenAuthentication);
if (dPoPProof != null
& clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
&& clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
// For public clients, verify the DPoP Proof public key is same as (current)
// access token public key binding
Map<String, Object> accessTokenClaims = authorization.getAccessToken().getClaims();
@ -215,7 +215,10 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic @@ -215,7 +215,10 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
// ----- Refresh token -----
OAuth2RefreshToken currentRefreshToken = refreshToken.getToken();
if (!registeredClient.getTokenSettings().isReuseRefreshTokens()) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
tokenContext = tokenContextBuilder
.tokenType(OAuth2TokenType.REFRESH_TOKEN)
.authorization(authorizationBuilder.build()) // allows refresh token to retrieve access token
.build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
@ -253,8 +256,8 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic @@ -253,8 +256,8 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
idToken = new OidcIdToken(generatedIdToken.getTokenValue(), generatedIdToken.getIssuedAt(),
generatedIdToken.getExpiresAt(), ((Jwt) generatedIdToken).getClaims());
authorizationBuilder.token(idToken,
(metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
authorizationBuilder.token(idToken, metadata ->
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
}
else {
idToken = null;

9
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
Unescape View File

@ -22,6 +22,7 @@ import java.util.Collections; @@ -22,6 +22,7 @@ import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
@ -328,6 +329,14 @@ public class OAuth2RefreshTokenAuthenticationProviderTests { @@ -328,6 +329,14 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider
.authenticate(authentication);
ArgumentCaptor<OAuth2TokenContext> oAuth2TokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
verify(this.tokenGenerator, times(2)).generate(oAuth2TokenContextCaptor.capture());
// tokenGenerator is first invoked for generating a new access token and then for generating the refresh token for this access token
List<OAuth2TokenContext> tokenContexts = oAuth2TokenContextCaptor.getAllValues();
assertThat(tokenContexts).hasSize(2);
assertThat(tokenContexts.get(0).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("access-token");
assertThat(tokenContexts.get(1).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("refreshed-access-token");
ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
verify(this.authorizationService).save(authorizationCaptor.capture());
OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();

Write Preview
Loading…
Cancel
Save