diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java index 2051fdcf2d..2e60bb0098 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java @@ -47,7 +47,7 @@ public final class ClientRegistration implements Serializable { private String registrationId; private String clientId; private String clientSecret; - private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC; + private ClientAuthenticationMethod clientAuthenticationMethod; private AuthorizationGrantType authorizationGrantType; private String redirectUriTemplate; private Set scopes = Collections.emptySet(); @@ -298,7 +298,7 @@ public final class ClientRegistration implements Serializable { private String registrationId; private String clientId; private String clientSecret; - private ClientAuthenticationMethod clientAuthenticationMethod = ClientAuthenticationMethod.BASIC; + private ClientAuthenticationMethod clientAuthenticationMethod; private AuthorizationGrantType authorizationGrantType; private String redirectUriTemplate; private Set scopes; @@ -564,12 +564,16 @@ public final class ClientRegistration implements Serializable { clientRegistration.registrationId = this.registrationId; clientRegistration.clientId = this.clientId; clientRegistration.clientSecret = StringUtils.hasText(this.clientSecret) ? this.clientSecret : ""; - clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod; - if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType) && - !StringUtils.hasText(this.clientSecret)) { - clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE; + if (this.clientAuthenticationMethod != null) { + clientRegistration.clientAuthenticationMethod = this.clientAuthenticationMethod; + } else { + if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType) && + !StringUtils.hasText(this.clientSecret)) { + clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.NONE; + } else { + clientRegistration.clientAuthenticationMethod = ClientAuthenticationMethod.BASIC; + } } - clientRegistration.authorizationGrantType = this.authorizationGrantType; clientRegistration.redirectUriTemplate = this.redirectUriTemplate; clientRegistration.scopes = this.scopes; diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java index 93befea7b7..3526e8c624 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationCodeGrantRequestEntityConverterTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -106,6 +106,7 @@ public class OAuth2AuthorizationCodeGrantRequestEntityConverterTests { @Test public void convertWhenPkceGrantRequestValidThenConverts() { ClientRegistration clientRegistration = clientRegistrationBuilder + .clientAuthenticationMethod(null) .clientSecret(null) .build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java index afacd25d79..fe8484afcd 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveAuthorizationCodeTokenResponseClientTests.java @@ -315,6 +315,7 @@ public class WebClientReactiveAuthorizationCodeTokenResponseClientTests { private OAuth2AuthorizationCodeGrantRequest pkceAuthorizationCodeGrantRequest() { ClientRegistration registration = this.clientRegistration + .clientAuthenticationMethod(null) .clientSecret(null) .build(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java index 1547706f2a..4a1e3779d1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java @@ -771,4 +771,19 @@ public class ClientRegistrationTests { assertThat(updated.getProviderDetails().getConfigurationMetadata()) .containsOnlyKeys("a-new-config").containsValue("a-new-value"); } + + // gh-8903 + @Test + public void buildWhenCustomClientAuthenticationMethodProvidedThenSet() { + ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod("tls_client_auth"); + ClientRegistration clientRegistration = ClientRegistration.withRegistrationId(REGISTRATION_ID) + .clientId(CLIENT_ID) + .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) + .clientAuthenticationMethod(clientAuthenticationMethod) + .redirectUriTemplate(REDIRECT_URI) + .authorizationUri(AUTHORIZATION_URI) + .tokenUri(TOKEN_URI) + .build(); + assertThat(clientRegistration.getClientAuthenticationMethod()).isEqualTo(clientAuthenticationMethod); + } }