Polish endpoint package

* Remove ErrorResponseAttributes
* Rename AuthorizationRequestAttributes -> AuthorizationRequest
* Remove AuthorizationCodeTokenRequestAttributes
* Rename TokenResponseAttributes -> TokenResponse

Issue gh-4593

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationToken.java

@@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.authentication;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.util.Assert;
 
 /**
@@ -33,11 +33,11 @@ import org.springframework.util.Assert;
 public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuthenticationToken {
 	private final String authorizationCode;
 	private final ClientRegistration clientRegistration;
-	private final AuthorizationRequestAttributes authorizationRequest;
+	private final AuthorizationRequest authorizationRequest;
 
 	public AuthorizationCodeAuthenticationToken(String authorizationCode,
 												ClientRegistration clientRegistration,
-												AuthorizationRequestAttributes authorizationRequest) {
+												AuthorizationRequest authorizationRequest) {
 		super(AuthorizationGrantType.AUTHORIZATION_CODE);
 		Assert.hasText(authorizationCode, "authorizationCode cannot be empty");
 		Assert.notNull(clientRegistration, "clientRegistration cannot be null");
@@ -66,7 +66,7 @@ public class AuthorizationCodeAuthenticationToken extends AuthorizationGrantAuth
 		return this.clientRegistration;
 	}
 
-	public AuthorizationRequestAttributes getAuthorizationRequest() {
+	public AuthorizationRequest getAuthorizationRequest() {
 		return this.authorizationRequest;
 	}
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticator.java

@@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.authentication;
 
 import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.core.AccessToken;
-import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 import org.springframework.util.Assert;
 
 /**
@@ -50,7 +50,7 @@ public class AuthorizationCodeAuthenticator implements AuthorizationGrantAuthent
 			return null;
 		}
 
-		TokenResponseAttributes tokenResponse =
+		TokenResponse tokenResponse =
 			this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
 
 		AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilter.java

@@ -28,11 +28,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationIdentifierStrategy;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.converter.AuthorizationResponseConverter;
-import org.springframework.security.oauth2.client.web.converter.ErrorResponseAttributesConverter;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
-import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
@@ -75,7 +73,7 @@ import java.io.IOException;
  * @see AuthorizationCodeAuthenticationToken
  * @see AuthorizationCodeAuthenticationProvider
  * @see AuthorizationCodeRequestRedirectFilter
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  * @see AuthorizationRequestRepository
  * @see ClientRegistrationRepository
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
@@ -86,7 +84,6 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 	private static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
 	private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
-	private final ErrorResponseAttributesConverter errorResponseConverter = new ErrorResponseAttributesConverter();
 	private final AuthorizationResponseConverter authorizationResponseConverter = new AuthorizationResponseConverter();
 	private ClientRegistrationRepository clientRegistrationRepository;
 	private RequestMatcher authorizationResponseMatcher = new AuthorizationResponseMatcher();
@@ -101,15 +98,15 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException, IOException, ServletException {
 
-		ErrorResponseAttributes authorizationError = this.errorResponseConverter.apply(request);
-		if (authorizationError != null) {
-			OAuth2Error oauth2Error = new OAuth2Error(authorizationError.getErrorCode(),
-					authorizationError.getDescription(), authorizationError.getUri());
+		AuthorizationResponse authorizationResponse = this.authorizationResponseConverter.apply(request);
+
+		if (authorizationResponse.statusError()) {
 			this.getAuthorizationRequestRepository().removeAuthorizationRequest(request);
-			throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+			throw new OAuth2AuthenticationException(
+				authorizationResponse.getError(), authorizationResponse.getError().toString());
 		}
 
-		AuthorizationRequestAttributes matchingAuthorizationRequest = this.resolveAuthorizationRequest(request);
+		AuthorizationRequest matchingAuthorizationRequest = this.resolveAuthorizationRequest(request);
 		String registrationId = (String)matchingAuthorizationRequest.getAdditionalParameters().get(OAuth2Parameter.REGISTRATION_ID);
 		ClientRegistration clientRegistration = this.getClientRegistrationRepository().findByRegistrationId(registrationId);
 
@@ -124,8 +121,6 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 			.redirectUri(matchingAuthorizationRequest.getRedirectUri())
 			.build();
 
-		AuthorizationResponse authorizationResponse = this.authorizationResponseConverter.apply(request);
-
 		AuthorizationCodeAuthenticationToken authorizationCodeAuthentication = new AuthorizationCodeAuthenticationToken(
 				authorizationResponse.getCode(), clientRegistration, matchingAuthorizationRequest);
 		authorizationCodeAuthentication.setDetails(this.authenticationDetailsSource.buildDetails(request));
@@ -177,8 +172,8 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 		this.authorizationRequestRepository = authorizationRequestRepository;
 	}
 
-	private AuthorizationRequestAttributes resolveAuthorizationRequest(HttpServletRequest request) {
-		AuthorizationRequestAttributes authorizationRequest =
+	private AuthorizationRequest resolveAuthorizationRequest(HttpServletRequest request) {
+		AuthorizationRequest authorizationRequest =
 				this.getAuthorizationRequestRepository().loadAuthorizationRequest(request);
 		if (authorizationRequest == null) {
 			OAuth2Error oauth2Error = new OAuth2Error(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE);
@@ -189,7 +184,7 @@ public class AuthorizationCodeAuthenticationFilter extends AbstractAuthenticatio
 		return authorizationRequest;
 	}
 
-	private void assertMatchingAuthorizationRequest(HttpServletRequest request, AuthorizationRequestAttributes authorizationRequest) {
+	private void assertMatchingAuthorizationRequest(HttpServletRequest request, AuthorizationRequest authorizationRequest) {
 		String state = request.getParameter(OAuth2Parameter.STATE);
 		if (!authorizationRequest.getState().equals(state)) {
 			OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilter.java

@@ -19,7 +19,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.security.crypto.keygen.StringKeyGenerator;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
@@ -52,7 +52,7 @@ import java.util.Map;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  * @see AuthorizationRequestRepository
  * @see AuthorizationRequestUriBuilder
  * @see ClientRegistration
@@ -127,8 +127,8 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
 		Map<String,Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
 
-		AuthorizationRequestAttributes authorizationRequestAttributes =
-			AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest authorizationRequest =
+			AuthorizationRequest.authorizationCode()
 				.clientId(clientRegistration.getClientId())
 				.authorizeUri(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.redirectUri(redirectUriStr)
@@ -137,9 +137,9 @@ public class AuthorizationCodeRequestRedirectFilter extends OncePerRequestFilter
 				.additionalParameters(additionalParameters)
 				.build();
 
-		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
+		this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 
-		URI redirectUri = this.authorizationUriBuilder.build(authorizationRequestAttributes);
+		URI redirectUri = this.authorizationUriBuilder.build(authorizationRequest);
 		this.authorizationRedirectStrategy.sendRedirect(request, response, redirectUri.toString());
 	}
 

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationGrantTokenExchanger.java

@@ -19,7 +19,7 @@ package org.springframework.security.oauth2.client.web;
 import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 
 /**
  * Implementations of this interface are responsible for <i>&quot;exchanging&quot;</i>
@@ -30,13 +30,13 @@ import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes
  * @since 5.0
  * @see AuthorizationGrantType
  * @see AuthorizationGrantAuthenticationToken
- * @see TokenResponseAttributes
+ * @see TokenResponse
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-1.3">Section 1.3 Authorization Grant</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
  */
 public interface AuthorizationGrantTokenExchanger<T extends AuthorizationGrantAuthenticationToken>  {
 
-	TokenResponseAttributes exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
+	TokenResponse exchange(T authorizationGrantAuthentication) throws OAuth2AuthenticationException;
 
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestRepository.java

@@ -15,14 +15,14 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
  * Implementations of this interface are responsible for the persistence
- * of {@link AuthorizationRequestAttributes} between requests.
+ * of {@link AuthorizationRequest} between requests.
  *
  * <p>
  * Used by the {@link AuthorizationCodeRequestRedirectFilter} for persisting the <i>Authorization Request</i>
@@ -32,16 +32,16 @@ import javax.servlet.http.HttpServletResponse;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  * @see HttpSessionAuthorizationRequestRepository
  */
 public interface AuthorizationRequestRepository {
 
-	AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request);
+	AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request);
 
-	void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
-		HttpServletResponse response);
+	void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
+									HttpServletResponse response);
 
-	AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request);
+	AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request);
 
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/AuthorizationRequestUriBuilder.java

@@ -16,7 +16,7 @@
 package org.springframework.security.oauth2.client.web;
 
 
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 
 import java.net.URI;
 
@@ -37,10 +37,10 @@ import java.net.URI;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
  */
 public interface AuthorizationRequestUriBuilder {
 
-	URI build(AuthorizationRequestAttributes authorizationRequestAttributes);
+	URI build(AuthorizationRequest authorizationRequest);
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/DefaultAuthorizationRequestUriBuilder.java

@@ -15,7 +15,7 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.oauth2.core.endpoint.ResponseType;
 import org.springframework.web.util.UriComponentsBuilder;
@@ -29,24 +29,24 @@ import java.util.stream.Collectors;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
  */
 public class DefaultAuthorizationRequestUriBuilder implements AuthorizationRequestUriBuilder {
 
 	@Override
-	public URI build(AuthorizationRequestAttributes authorizationRequestAttributes) {
+	public URI build(AuthorizationRequest authorizationRequest) {
 		UriComponentsBuilder uriBuilder = UriComponentsBuilder
-				.fromUriString(authorizationRequestAttributes.getAuthorizeUri())
+				.fromUriString(authorizationRequest.getAuthorizeUri())
 				.queryParam(OAuth2Parameter.RESPONSE_TYPE, ResponseType.CODE.getValue());
-		if (authorizationRequestAttributes.getRedirectUri() != null) {
-			uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequestAttributes.getRedirectUri());
+		if (authorizationRequest.getRedirectUri() != null) {
+			uriBuilder.queryParam(OAuth2Parameter.REDIRECT_URI, authorizationRequest.getRedirectUri());
 		}
 		uriBuilder
-				.queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequestAttributes.getClientId())
+				.queryParam(OAuth2Parameter.CLIENT_ID, authorizationRequest.getClientId())
 				.queryParam(OAuth2Parameter.SCOPE,
-						authorizationRequestAttributes.getScope().stream().collect(Collectors.joining(" ")))
-				.queryParam(OAuth2Parameter.STATE, authorizationRequestAttributes.getState());
+						authorizationRequest.getScope().stream().collect(Collectors.joining(" ")))
+				.queryParam(OAuth2Parameter.STATE, authorizationRequest.getState());
 
 		return uriBuilder.build().encode().toUri();
 	}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/HttpSessionAuthorizationRequestRepository.java

@@ -15,7 +15,7 @@
  */
 package org.springframework.security.oauth2.client.web;
 
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -23,11 +23,11 @@ import javax.servlet.http.HttpSession;
 
 /**
  * An implementation of an {@link AuthorizationRequestRepository} that stores
- * {@link AuthorizationRequestAttributes} in the {@link HttpSession}.
+ * {@link AuthorizationRequest} in the {@link HttpSession}.
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationRequestAttributes
+ * @see AuthorizationRequest
  */
 public final class HttpSessionAuthorizationRequestRepository implements AuthorizationRequestRepository {
 	private static final String DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME =
@@ -35,18 +35,18 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
 	private String sessionAttributeName = DEFAULT_AUTHORIZATION_REQUEST_ATTR_NAME;
 
 	@Override
-	public AuthorizationRequestAttributes loadAuthorizationRequest(HttpServletRequest request) {
-		AuthorizationRequestAttributes authorizationRequest = null;
+	public AuthorizationRequest loadAuthorizationRequest(HttpServletRequest request) {
+		AuthorizationRequest authorizationRequest = null;
 		HttpSession session = request.getSession(false);
 		if (session != null) {
-			authorizationRequest = (AuthorizationRequestAttributes) session.getAttribute(this.sessionAttributeName);
+			authorizationRequest = (AuthorizationRequest) session.getAttribute(this.sessionAttributeName);
 		}
 		return authorizationRequest;
 	}
 
 	@Override
-	public void saveAuthorizationRequest(AuthorizationRequestAttributes authorizationRequest, HttpServletRequest request,
-			HttpServletResponse response) {
+	public void saveAuthorizationRequest(AuthorizationRequest authorizationRequest, HttpServletRequest request,
+											HttpServletResponse response) {
 		if (authorizationRequest == null) {
 			this.removeAuthorizationRequest(request);
 			return;
@@ -55,8 +55,8 @@ public final class HttpSessionAuthorizationRequestRepository implements Authoriz
 	}
 
 	@Override
-	public AuthorizationRequestAttributes removeAuthorizationRequest(HttpServletRequest request) {
-		AuthorizationRequestAttributes authorizationRequest = this.loadAuthorizationRequest(request);
+	public AuthorizationRequest removeAuthorizationRequest(HttpServletRequest request) {
+		AuthorizationRequest authorizationRequest = this.loadAuthorizationRequest(request);
 		if (authorizationRequest != null) {
 			request.getSession().removeAttribute(this.sessionAttributeName);
 		}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/converter/AuthorizationResponseConverter.java

@@ -17,7 +17,7 @@ package org.springframework.security.oauth2.client.web.converter;
 
 import org.springframework.security.oauth2.core.endpoint.AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
-import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.function.Function;
@@ -36,12 +36,23 @@ public final class AuthorizationResponseConverter implements Function<HttpServle
 	@Override
 	public AuthorizationResponse apply(HttpServletRequest request) {
 		String code = request.getParameter(OAuth2Parameter.CODE);
-		Assert.hasText(code, OAuth2Parameter.CODE + " attribute is required");
-
+		String errorCode = request.getParameter(OAuth2Parameter.ERROR);
 		String state = request.getParameter(OAuth2Parameter.STATE);
 
-		return AuthorizationResponse.success(code)
-			.state(state)
-			.build();
+		if (StringUtils.hasText(code)) {
+			return AuthorizationResponse.success(code)
+				.state(state)
+				.build();
+		} else if (StringUtils.hasText(errorCode)) {
+			String description = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
+			String uri = request.getParameter(OAuth2Parameter.ERROR_URI);
+			return AuthorizationResponse.error(errorCode)
+				.errorDescription(description)
+				.errorUri(uri)
+				.state(state)
+				.build();
+		}
+
+		return null;
 	}
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/converter/ErrorResponseAttributesConverter.java

@@ -1,56 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.client.web.converter;
-
-import org.springframework.security.oauth2.core.endpoint.ErrorResponseAttributes;
-import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
-import org.springframework.util.StringUtils;
-
-import javax.servlet.http.HttpServletRequest;
-import java.util.function.Function;
-
-/**
- * A <code>Function</code> that converts an <i>OAuth 2.0 Error Response</i>
- * (in the form of a {@link HttpServletRequest}) to a {@link ErrorResponseAttributes}.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see ErrorResponseAttributes
- */
-public final class ErrorResponseAttributesConverter implements Function<HttpServletRequest, ErrorResponseAttributes> {
-
-	@Override
-	public ErrorResponseAttributes apply(HttpServletRequest request) {
-		ErrorResponseAttributes response;
-
-		String errorCode = request.getParameter(OAuth2Parameter.ERROR);
-		if (!StringUtils.hasText(errorCode)) {
-			return null;
-		}
-
-		String description = request.getParameter(OAuth2Parameter.ERROR_DESCRIPTION);
-		String uri = request.getParameter(OAuth2Parameter.ERROR_URI);
-		String state = request.getParameter(OAuth2Parameter.STATE);
-
-		response = ErrorResponseAttributes.withErrorCode(errorCode)
-			.description(description)
-			.uri(uri)
-			.state(state)
-			.build();
-
-		return response;
-	}
-}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/nimbus/NimbusAuthorizationCodeTokenExchanger.java

@@ -24,7 +24,6 @@ import com.nimbusds.oauth2.sdk.ErrorObject;
 import com.nimbusds.oauth2.sdk.ParseException;
 import com.nimbusds.oauth2.sdk.TokenErrorResponse;
 import com.nimbusds.oauth2.sdk.TokenRequest;
-import com.nimbusds.oauth2.sdk.TokenResponse;
 import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
 import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
 import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
@@ -40,7 +39,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 import org.springframework.util.CollectionUtils;
 
 import java.io.IOException;
@@ -62,7 +61,7 @@ import java.util.stream.Collectors;
  * @author Joe Grandja
  * @since 5.0
  * @see AuthorizationCodeAuthenticationToken
- * @see TokenResponseAttributes
+ * @see TokenResponse
  * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
@@ -71,7 +70,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
 	@Override
-	public TokenResponseAttributes exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
+	public TokenResponse exchange(AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken)
 			throws OAuth2AuthenticationException {
 
 		ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();
@@ -92,7 +91,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 			clientAuthentication = new ClientSecretBasic(clientId, clientSecret);
 		}
 
-		TokenResponse tokenResponse;
+		com.nimbusds.oauth2.sdk.TokenResponse tokenResponse;
 		try {
 			// Send the Access Token request
 			TokenRequest tokenRequest = new TokenRequest(tokenUri, clientAuthentication, authorizationCodeGrant);
@@ -100,7 +99,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 			httpRequest.setAccept(MediaType.APPLICATION_JSON_VALUE);
 			httpRequest.setConnectTimeout(30000);
 			httpRequest.setReadTimeout(30000);
-			tokenResponse = TokenResponse.parse(httpRequest.send());
+			tokenResponse = com.nimbusds.oauth2.sdk.TokenResponse.parse(httpRequest.send());
 		} catch (ParseException pe) {
 			// This error occurs if the Access Token Response is not well-formed,
 			// for example, a required attribute is missing
@@ -134,7 +133,7 @@ public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrant
 		Map<String, Object> additionalParameters = accessTokenResponse.getCustomParameters().entrySet().stream()
 				.collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
 
-		return TokenResponseAttributes.withToken(accessToken)
+		return TokenResponse.withToken(accessToken)
 			.tokenType(accessTokenType)
 			.expiresIn(expiresIn)
 			.scope(scope)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/oidc/client/authentication/OidcAuthorizationCodeAuthenticator.java

@@ -25,7 +25,7 @@ import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderR
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
 import org.springframework.security.oauth2.core.AccessToken;
-import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 import org.springframework.security.oauth2.oidc.core.IdToken;
 import org.springframework.security.oauth2.oidc.core.endpoint.OidcParameter;
 import org.springframework.util.Assert;
@@ -66,7 +66,7 @@ public class OidcAuthorizationCodeAuthenticator implements AuthorizationGrantAut
 
 		ClientRegistration clientRegistration = authorizationCodeAuthentication.getClientRegistration();
 
-		TokenResponseAttributes tokenResponse =
+		TokenResponse tokenResponse =
 			this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthentication);
 
 		AccessToken accessToken = new AccessToken(tokenResponse.getTokenType(),

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeAuthenticationFilterTests.java

@@ -34,7 +34,7 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
@@ -245,8 +245,8 @@ public class AuthorizationCodeAuthenticationFilterTests {
 		Map<String,Object> additionalParameters = new HashMap<>();
 		additionalParameters.put(OAuth2Parameter.REGISTRATION_ID, clientRegistration.getRegistrationId());
 
-		AuthorizationRequestAttributes authorizationRequestAttributes =
-			AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest authorizationRequest =
+			AuthorizationRequest.authorizationCode()
 				.clientId(clientRegistration.getClientId())
 				.authorizeUri(clientRegistration.getProviderDetails().getAuthorizationUri())
 				.redirectUri(clientRegistration.getRedirectUri())
@@ -255,7 +255,7 @@ public class AuthorizationCodeAuthenticationFilterTests {
 				.additionalParameters(additionalParameters)
 				.build();
 
-		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequestAttributes, request, response);
+		authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, response);
 	}
 
 	private MockHttpServletRequest setupRequest(ClientRegistration clientRegistration) {

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/AuthorizationCodeRequestRedirectFilterTests.java

@@ -23,7 +23,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
-import org.springframework.security.oauth2.core.endpoint.AuthorizationRequestAttributes;
+import org.springframework.security.oauth2.core.endpoint.AuthorizationRequest;
 
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
@@ -100,17 +100,17 @@ public class AuthorizationCodeRequestRedirectFilterTests {
 		Mockito.verifyZeroInteractions(filterChain);        // Request should not proceed up the chain
 
 		// The authorization request attributes are saved in the session before the redirect happens
-		AuthorizationRequestAttributes authorizationRequestAttributes =
+		AuthorizationRequest authorizationRequest =
 				authorizationRequestRepository.loadAuthorizationRequest(request);
-		Assertions.assertThat(authorizationRequestAttributes).isNotNull();
-
-		Assertions.assertThat(authorizationRequestAttributes.getAuthorizeUri()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getGrantType()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getResponseType()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getClientId()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getRedirectUri()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getScope()).isNotNull();
-		Assertions.assertThat(authorizationRequestAttributes.getState()).isNotNull();
+		Assertions.assertThat(authorizationRequest).isNotNull();
+
+		Assertions.assertThat(authorizationRequest.getAuthorizeUri()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getGrantType()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getResponseType()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getClientId()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getRedirectUri()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getScope()).isNotNull();
+		Assertions.assertThat(authorizationRequest.getState()).isNotNull();
 	}
 
 	private AuthorizationCodeRequestRedirectFilter setupFilter(String authorizationUri,
@@ -118,7 +118,7 @@ public class AuthorizationCodeRequestRedirectFilterTests {
 
 		AuthorizationRequestUriBuilder authorizationUriBuilder = Mockito.mock(AuthorizationRequestUriBuilder.class);
 		URI authorizationURI = new URI(authorizationUri);
-		Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequestAttributes.class))).thenReturn(authorizationURI);
+		Mockito.when(authorizationUriBuilder.build(Matchers.any(AuthorizationRequest.class))).thenReturn(authorizationURI);
 
 		return setupFilter(authorizationUriBuilder, clientRegistrations);
 	}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java

@@ -30,7 +30,7 @@ import org.springframework.util.Assert;
  * @since 5.0
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-11.4">Section 11.4 OAuth Extensions Error Registry</a>
  */
-public class OAuth2Error {
+public final class OAuth2Error {
 	// Standard error codes
 	public static final String INVALID_REQUEST_ERROR_CODE = "invalid_request";
 	public static final String INVALID_CLIENT_ERROR_CODE = "invalid_client";

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributes.java

@@ -1,76 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.util.Assert;
-
-/**
- * A representation of an <i>OAuth 2.0 Access Token Request</i> for the authorization code grant type.
- *
- * @author Joe Grandja
- * @since 5.0
- * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
- */
-public final class AuthorizationCodeTokenRequestAttributes {
-	private String code;
-	private String clientId;
-	private String redirectUri;
-
-	private AuthorizationCodeTokenRequestAttributes() {
-	}
-
-	public String getCode() {
-		return this.code;
-	}
-
-	public String getClientId() {
-		return this.clientId;
-	}
-
-	public String getRedirectUri() {
-		return this.redirectUri;
-	}
-
-	public static Builder withCode(String code) {
-		return new Builder(code);
-	}
-
-	public static class Builder {
-		private final AuthorizationCodeTokenRequestAttributes authorizationCodeTokenRequest;
-
-		private Builder(String code) {
-			Assert.hasText(code, "code cannot be empty");
-			this.authorizationCodeTokenRequest = new AuthorizationCodeTokenRequestAttributes();
-			this.authorizationCodeTokenRequest.code = code;
-		}
-
-		public Builder clientId(String clientId) {
-			this.authorizationCodeTokenRequest.clientId = clientId;
-			return this;
-		}
-
-		public Builder redirectUri(String redirectUri) {
-			this.authorizationCodeTokenRequest.redirectUri = redirectUri;
-			return this;
-		}
-
-		public AuthorizationCodeTokenRequestAttributes build() {
-			Assert.hasText(this.authorizationCodeTokenRequest.clientId, "clientId cannot be empty");
-			Assert.hasText(this.authorizationCodeTokenRequest.redirectUri, "redirectUri cannot be empty");
-			return this.authorizationCodeTokenRequest;
-		}
-	}
-}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequest.java

@@ -37,7 +37,7 @@ import java.util.Set;
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Code Grant Request</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.1">Section 4.2.1 Implicit Grant Request</a>
  */
-public final class AuthorizationRequestAttributes implements Serializable {
+public final class AuthorizationRequest implements Serializable {
 	private String authorizeUri;
 	private AuthorizationGrantType authorizationGrantType;
 	private ResponseType responseType;
@@ -47,7 +47,7 @@ public final class AuthorizationRequestAttributes implements Serializable {
 	private String state;
 	private Map<String,Object> additionalParameters;
 
-	private AuthorizationRequestAttributes() {
+	private AuthorizationRequest() {
 	}
 
 	public String getAuthorizeUri() {
@@ -82,16 +82,16 @@ public final class AuthorizationRequestAttributes implements Serializable {
 		return this.additionalParameters;
 	}
 
-	public static Builder withAuthorizationCode() {
+	public static Builder authorizationCode() {
 		return new Builder(AuthorizationGrantType.AUTHORIZATION_CODE);
 	}
 
 	public static class Builder {
-		private final AuthorizationRequestAttributes authorizationRequest;
+		private final AuthorizationRequest authorizationRequest;
 
 		private Builder(AuthorizationGrantType authorizationGrantType) {
 			Assert.notNull(authorizationGrantType, "authorizationGrantType cannot be null");
-			this.authorizationRequest = new AuthorizationRequestAttributes();
+			this.authorizationRequest = new AuthorizationRequest();
 			this.authorizationRequest.authorizationGrantType = authorizationGrantType;
 			if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(authorizationGrantType)) {
 				this.authorizationRequest.responseType = ResponseType.CODE;
@@ -128,7 +128,7 @@ public final class AuthorizationRequestAttributes implements Serializable {
 			return this;
 		}
 
-		public AuthorizationRequestAttributes build() {
+		public AuthorizationRequest build() {
 			Assert.hasText(this.authorizationRequest.clientId, "clientId cannot be empty");
 			Assert.hasText(this.authorizationRequest.authorizeUri, "authorizeUri cannot be empty");
 			this.authorizationRequest.scope = Collections.unmodifiableSet(

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/AuthorizationResponse.java

@@ -51,7 +51,7 @@ public final class AuthorizationResponse {
 	}
 
 	public boolean statusError() {
-		return this.error != null && this.error.getErrorCode() != null;
+		return (this.error != null && this.error.getErrorCode() != null);
 	}
 
 	public static Builder success(String code) {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributes.java

@@ -1,96 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.util.Assert;
-
-/**
- * A representation of an <i>OAuth 2.0 Error Response</i>.
- *
- * <p>
- * An error response may be returned from either of the following locations:
- * <ul>
- * <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.2.1">Section 4.1.2.1</a> Authorization Code Grant Response</li>
- * <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.2.2.1">Section 4.2.2.1</a> Implicit Grant Response</li>
- * <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.2">Section 5.2</a> Access Token Response</li>
- * <li><a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.2">Section 7.2</a> Protected Resource Response</li>
- * </ul>
- *
- * @author Joe Grandja
- * @since 5.0
- */
-public final class ErrorResponseAttributes {
-	private OAuth2Error errorObject;
-	private String state;
-
-	private ErrorResponseAttributes() {
-	}
-
-	public String getErrorCode() {
-		return this.errorObject.getErrorCode();
-	}
-
-	public String getDescription() {
-		return this.errorObject.getDescription();
-	}
-
-	public String getUri() {
-		return this.errorObject.getUri();
-	}
-
-	public String getState() {
-		return this.state;
-	}
-
-	public static Builder withErrorCode(String errorCode) {
-		return new Builder(errorCode);
-	}
-
-	public static class Builder {
-		private String errorCode;
-		private String description;
-		private String uri;
-		private String state;
-
-		private Builder(String errorCode) {
-			Assert.hasText(errorCode, "errorCode cannot be empty");
-			this.errorCode = errorCode;
-		}
-
-		public Builder description(String description) {
-			this.description = description;
-			return this;
-		}
-
-		public Builder uri(String uri) {
-			this.uri = uri;
-			return this;
-		}
-
-		public Builder state(String state) {
-			this.state = state;
-			return this;
-		}
-
-		public ErrorResponseAttributes build() {
-			ErrorResponseAttributes errorResponse = new ErrorResponseAttributes();
-			errorResponse.errorObject = new OAuth2Error(this.errorCode, this.description, this.uri);
-			errorResponse.state = this.state;
-			return errorResponse;
-		}
-	}
-}

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/TokenResponse.java

@@ -31,11 +31,11 @@ import java.util.Set;
  * @see AccessToken
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-5.1">Section 5.1 Access Token Response</a>
  */
-public final class TokenResponseAttributes {
+public final class TokenResponse {
 	private AccessToken accessToken;
 	private Map<String,Object> additionalParameters;
 
-	private TokenResponseAttributes() {
+	private TokenResponse() {
 	}
 
 	public String getTokenValue() {
@@ -97,12 +97,12 @@ public final class TokenResponseAttributes {
 			return this;
 		}
 
-		public TokenResponseAttributes build() {
+		public TokenResponse build() {
 			Assert.isTrue(this.expiresIn >= 0, "expiresIn must be a positive number");
 			Instant issuedAt = Instant.now();
 			AccessToken accessToken = new AccessToken(this.tokenType, this.tokenValue, issuedAt,
 				issuedAt.plusSeconds(this.expiresIn), this.scope);
-			TokenResponseAttributes tokenResponse = new TokenResponseAttributes();
+			TokenResponse tokenResponse = new TokenResponse();
 			tokenResponse.accessToken = accessToken;
 			tokenResponse.additionalParameters = Collections.unmodifiableMap(
 				this.additionalParameters != null ? this.additionalParameters : Collections.emptyMap());

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationCodeTokenRequestAttributesTest.java

@@ -1,75 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.junit.Test;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-/**
- * Tests {@link AuthorizationCodeTokenRequestAttributes}
- *
- * @author Luander Ribeiro
- */
-public class AuthorizationCodeTokenRequestAttributesTest {
-	private static final String CODE = "code";
-	private static final String CLIENT_ID = "client id";
-	private static final String REDIRECT_URI = "http://redirect.uri/";
-
-	@Test(expected = IllegalArgumentException.class)
-	public void buildWhenCodeIsNullThenThrowIllegalArgumentException() {
-		AuthorizationCodeTokenRequestAttributes
-			.withCode(null)
-			.clientId(CLIENT_ID)
-			.redirectUri(REDIRECT_URI)
-			.build();
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
-		AuthorizationCodeTokenRequestAttributes
-			.withCode(CODE)
-			.clientId(null)
-			.redirectUri(REDIRECT_URI)
-			.build();
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void buildWhenRedirectUriIsNullThenThrowIllegalArgumentException() {
-		AuthorizationCodeTokenRequestAttributes
-			.withCode(CODE)
-			.clientId(CLIENT_ID)
-			.redirectUri(null)
-			.build();
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() {
-		AuthorizationCodeTokenRequestAttributes
-			.withCode(CODE)
-			.redirectUri(REDIRECT_URI)
-			.build();
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void buildWhenRedirectUriNotSetThenThrowIllegalArgumentException() {
-		AuthorizationCodeTokenRequestAttributes
-			.withCode(CODE)
-			.clientId(CLIENT_ID)
-			.build();
-	}
-}

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/AuthorizationRequestTest.java

@@ -24,11 +24,11 @@ import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatCode;
 
 /**
- * Tests {@link AuthorizationRequestAttributes}
+ * Tests {@link AuthorizationRequest}
  *
  * @author Luander Ribeiro
  */
-public class AuthorizationRequestAttributesTest {
+public class AuthorizationRequestTest {
 	private static final String AUTHORIZE_URI = "http://authorize.uri/";
 	private static final String CLIENT_ID = "client id";
 	private static final String REDIRECT_URI = "http://redirect.uri/";
@@ -37,7 +37,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizationUriIsNullThenThrowIllegalArgumentException() {
-		AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest.authorizationCode()
 			.authorizeUri(null)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
@@ -48,7 +48,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenAuthorizeUriNotSetThenThrowIllegalArgumentException() {
-		AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest.authorizationCode()
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
 			.scope(SCOPE)
@@ -58,7 +58,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenClientIdIsNullThenThrowIllegalArgumentException() {
-		AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(null)
 			.redirectUri(REDIRECT_URI)
@@ -69,7 +69,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenClientIdNotSetThenThrowIllegalArgumentException() {
-		AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.redirectUri(REDIRECT_URI)
 			.scope(SCOPE)
@@ -79,8 +79,8 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenGetResponseTypeIsCalledThenReturnCode() {
-		AuthorizationRequestAttributes attributes;
-		attributes = AuthorizationRequestAttributes.withAuthorizationCode()
+		AuthorizationRequest authorizationRequest;
+		authorizationRequest = AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
@@ -88,12 +88,12 @@ public class AuthorizationRequestAttributesTest {
 			.state(STATE)
 			.build();
 
-		assertThat(attributes.getResponseType()).isEqualTo(ResponseType.CODE);
+		assertThat(authorizationRequest.getResponseType()).isEqualTo(ResponseType.CODE);
 	}
 
 	@Test
 	public void buildWhenRedirectUriIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(null)
@@ -104,7 +104,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenRedirectUriNotSetThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.scope(SCOPE)
@@ -114,7 +114,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenScopesIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
@@ -125,7 +125,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenScopesNotSetThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
@@ -135,7 +135,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenStateIsNullThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)
@@ -146,7 +146,7 @@ public class AuthorizationRequestAttributesTest {
 
 	@Test
 	public void buildWhenStateNotSetThenDoesNotThrowAnyException() {
-		assertThatCode(() -> AuthorizationRequestAttributes.withAuthorizationCode()
+		assertThatCode(() -> AuthorizationRequest.authorizationCode()
 			.authorizeUri(AUTHORIZE_URI)
 			.clientId(CLIENT_ID)
 			.redirectUri(REDIRECT_URI)

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/ErrorResponseAttributesTest.java

@@ -1,32 +0,0 @@
-/*
- * Copyright 2012-2017 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.core.endpoint;
-
-import org.junit.Test;
-
-/**
- * Tests {@link ErrorResponseAttributes}
- *
- * @author Luander Ribeiro
- */
-public class ErrorResponseAttributesTest {
-
-	@Test(expected = IllegalArgumentException.class)
-	public void withErrorCodeWhenCodeIsNullThenThrowIllegalArgumentException() {
-		ErrorResponseAttributes.withErrorCode(null)
-			.build();
-	}
-}

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TokenResponseTest.java

@@ -21,11 +21,11 @@ import org.springframework.security.oauth2.core.AccessToken;
 import java.util.Collections;
 
 /**
- * Tests {@link TokenResponseAttributes}
+ * Tests {@link TokenResponse}
  *
  * @author Luander Ribeiro
  */
-public class TokenResponseAttributesTest {
+public class TokenResponseTest {
 
 	private static final String TOKEN = "token";
 	private static final long INVALID_EXPIRES_IN = -1L;
@@ -33,7 +33,7 @@ public class TokenResponseAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenValueIsNullThenThrowIllegalArgumentException() {
-		TokenResponseAttributes.withToken(null)
+		TokenResponse.withToken(null)
 			.expiresIn(EXPIRES_IN)
 			.additionalParameters(Collections.emptyMap())
 			.scope(Collections.emptySet())
@@ -43,7 +43,7 @@ public class TokenResponseAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenExpiresInIsNegativeThenThrowIllegalArgumentException() {
-		TokenResponseAttributes.withToken(TOKEN)
+		TokenResponse.withToken(TOKEN)
 			.expiresIn(INVALID_EXPIRES_IN)
 			.additionalParameters(Collections.emptyMap())
 			.scope(Collections.emptySet())
@@ -53,7 +53,7 @@ public class TokenResponseAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenTypeIsInvalidThenThrowIllegalArgumentException() {
-		TokenResponseAttributes.withToken(TOKEN)
+		TokenResponse.withToken(TOKEN)
 			.expiresIn(EXPIRES_IN)
 			.additionalParameters(Collections.emptyMap())
 			.tokenType(null)
@@ -62,7 +62,7 @@ public class TokenResponseAttributesTest {
 
 	@Test(expected = IllegalArgumentException.class)
 	public void buildWhenTokenTypeNotSetThenThrowIllegalArgumentException() {
-		TokenResponseAttributes.withToken(TOKEN)
+		TokenResponse.withToken(TOKEN)
 			.expiresIn(EXPIRES_IN)
 			.additionalParameters(Collections.emptyMap())
 			.build();

samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java

@@ -47,7 +47,7 @@ import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2Parameter;
 import org.springframework.security.oauth2.core.endpoint.ResponseType;
-import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
+import org.springframework.security.oauth2.core.endpoint.TokenResponse;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -381,7 +381,7 @@ public class OAuth2LoginApplicationTests {
 		// @formatter:on
 
 		private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> mockAuthorizationCodeTokenExchanger() {
-			TokenResponseAttributes tokenResponse = TokenResponseAttributes.withToken("access-token-1234")
+			TokenResponse tokenResponse = TokenResponse.withToken("access-token-1234")
 				.tokenType(AccessToken.TokenType.BEARER)
 				.expiresIn(60 * 1000)
 				.scope(Collections.singleton("openid"))