GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix Reactive OIDC to add refresh token 

Fixes: gh-5858
pull/5862/head
Rob Winch 7 years ago
parent
72301e548a
commit
cc8935e904
2 changed files with 32 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
  2. 30
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java

3
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManager.java
Unescape View File

@ -177,7 +177,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements @@ -177,7 +177,8 @@ public class OidcAuthorizationCodeReactiveAuthenticationManager implements
authorizationCodeAuthentication.getAuthorizationExchange(),
oauth2User,
mappedAuthorities,
accessToken);
accessToken,
accessTokenResponse.getRefreshToken());
});
}

30
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java
Unescape View File

@ -189,6 +189,36 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests { @@ -189,6 +189,36 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
assertThat(result.isAuthenticated()).isTrue();
}
@Test
public void authenticationWhenRefreshTokenThenRefreshTokenInAuthorizedClient() {
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("foo")
.tokenType(OAuth2AccessToken.TokenType.BEARER)
.additionalParameters(Collections.singletonMap(OidcParameterNames.ID_TOKEN, this.idToken.getTokenValue()))
.refreshToken("refresh-token")
.build();
Map<String, Object> claims = new HashMap<>();
claims.put(IdTokenClaimNames.ISS, "https://issuer.example.com");
claims.put(IdTokenClaimNames.SUB, "rob");
claims.put(IdTokenClaimNames.AUD, Arrays.asList("client-id"));
Instant issuedAt = Instant.now();
Instant expiresAt = Instant.from(issuedAt).plusSeconds(3600);
Jwt idToken = new Jwt("id-token", issuedAt, expiresAt, claims, claims);
when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(Mono.just(accessTokenResponse));
DefaultOidcUser user = new DefaultOidcUser(AuthorityUtils.createAuthorityList("ROLE_USER"), this.idToken);
when(this.userService.loadUser(any())).thenReturn(Mono.just(user));
when(this.jwtDecoder.decode(any())).thenReturn(Mono.just(idToken));
this.manager.setDecoderFactory(c -> this.jwtDecoder);
OAuth2LoginAuthenticationToken result = (OAuth2LoginAuthenticationToken) this.manager.authenticate(loginToken()).block();
assertThat(result.getPrincipal()).isEqualTo(user);
assertThat(result.getAuthorities()).containsOnlyElementsOf(user.getAuthorities());
assertThat(result.isAuthenticated()).isTrue();
assertThat(result.getRefreshToken().getTokenValue()).isNotNull();
}
// gh-5368
@Test
public void authenticateWhenTokenSuccessResponseThenAdditionalParametersAddedToUserRequest() {

Write Preview
Loading…
Cancel
Save