GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support 

When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
pull/16443/head
Rob Winch 1 year ago
parent
8d3e0844c5
commit
0ed7b18f42
No known key found for this signature in database
2 changed files with 17 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
  2. 15
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java

3
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
Unescape View File

@ -196,7 +196,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA @@ -196,7 +196,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
// value.
applyNonce(builder);
}
if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())
|| clientRegistration.getClientSettings().isRequireProofKey()) {
DEFAULT_PKCE_APPLIER.accept(builder);
}
return builder;

15
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
Unescape View File

@ -27,6 +27,7 @@ import org.springframework.http.HttpStatus; @@ -27,6 +27,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
import org.springframework.mock.web.server.MockServerWebExchange;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientSettings;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
@ -169,6 +170,20 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests { @@ -169,6 +170,20 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
assertPkceNotApplied(request, registration2);
}
@Test
void resolveWhenRequireProofKeyTrueThenPkceEnabled() {
ClientSettings pkceEnabled = ClientSettings.builder().requireProofKey(true).build();
ClientRegistration clientWithPkceEnabled = TestClientRegistrations.clientRegistration()
.clientSettings(pkceEnabled)
.build();
given(this.clientRegistrationRepository.findByRegistrationId(any()))
.willReturn(Mono.just(clientWithPkceEnabled));
OAuth2AuthorizationRequest request = resolve(
"/oauth2/authorization/" + clientWithPkceEnabled.getRegistrationId());
assertPkceApplied(request, clientWithPkceEnabled);
}
private void assertPkceApplied(OAuth2AuthorizationRequest authorizationRequest,
ClientRegistration clientRegistration) {
assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE);

Write Preview
Loading…
Cancel
Save