GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient 

Fixes gh-4741
pull/4424/merge
Joe Grandja 8 years ago
parent
2a00232a5b
commit
e4887057bc
7 changed files with 44 additions and 44 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
  2. 26
      config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
  3. 14
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
  4. 8
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
  5. 4
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
  6. 14
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
  7. 10
      samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java

12
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
Unescape View File

@ -62,7 +62,7 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer; import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
import org.springframework.security.web.DefaultSecurityFilterChain; import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.PortMapper; import org.springframework.security.web.PortMapper;
@ -945,8 +945,8 @@ public final class HttpSecurity extends
* *
* <p> * <p>
* At this point in the <i>&quot;authentication flow&quot;</i>, the configured * At this point in the <i>&quot;authentication flow&quot;</i>, the configured
* {@link AuthorizationGrantTokenExchanger} * {@link OAuth2AccessTokenResponseClient}
* will exchange the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource * will getTokenResponse the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
* at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService}) * at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
* in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>&quot;authenticated&quot;</i> session. * in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>&quot;authenticated&quot;</i> session.
* *
@ -992,7 +992,7 @@ public final class HttpSecurity extends
* .oauth2Login() * .oauth2Login()
* .clients(this.clientRegistrationRepository()) * .clients(this.clientRegistrationRepository())
* .authorizationRequestUriBuilder(this.authorizationRequestUriBuilder()) * .authorizationRequestUriBuilder(this.authorizationRequestUriBuilder())
* .authorizationCodeTokenExchanger(this.authorizationCodeTokenExchanger()) * .accessTokenResponseClient(this.accessTokenResponseClient())
* .userInfoEndpoint() * .userInfoEndpoint()
* .userInfoService(this.userInfoService()) * .userInfoService(this.userInfoService())
* .userInfoEndpoint() * .userInfoEndpoint()
@ -1014,7 +1014,7 @@ public final class HttpSecurity extends
* } * }
* *
* &#064;Bean * &#064;Bean
* public AuthorizationGrantTokenExchanger&lt;OAuth2LoginAuthenticationToken&gt; authorizationCodeTokenExchanger() { * public OAuth2AccessTokenResponseClient&lt;OAuth2LoginAuthenticationToken&gt; accessTokenResponseClient() {
* // Custom implementation that exchanges an &quot;Authorization Code Grant&quot; for an &quot;Access Token&quot; * // Custom implementation that exchanges an &quot;Authorization Code Grant&quot; for an &quot;Access Token&quot;
* return new AuthorizationCodeTokenExchangerImpl(); * return new AuthorizationCodeTokenExchangerImpl();
* } * }
@ -1041,7 +1041,7 @@ public final class HttpSecurity extends
* @see org.springframework.security.oauth2.client.registration.ClientRegistration * @see org.springframework.security.oauth2.client.registration.ClientRegistration
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
* @see AuthorizationRequestUriBuilder * @see AuthorizationRequestUriBuilder
* @see AuthorizationGrantTokenExchanger * @see OAuth2AccessTokenResponseClient
* @see org.springframework.security.oauth2.client.user.OAuth2UserService * @see org.springframework.security.oauth2.client.user.OAuth2UserService
* *
* @return the {@link OAuth2LoginConfigurer} for further customizations * @return the {@link OAuth2LoginConfigurer} for further customizations

26
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
Unescape View File

@ -23,9 +23,9 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder; import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenExchanger; import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry; import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
@ -131,17 +131,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
} }
public class TokenEndpointConfig { public class TokenEndpointConfig {
private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger; private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
private JwtDecoderRegistry jwtDecoderRegistry; private JwtDecoderRegistry jwtDecoderRegistry;
private TokenEndpointConfig() { private TokenEndpointConfig() {
} }
public TokenEndpointConfig authorizationCodeTokenExchanger( public TokenEndpointConfig accessTokenResponseClient(
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger) { OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; this.accessTokenResponseClient = accessTokenResponseClient;
return this; return this;
} }
@ -225,10 +225,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
super.init(http); super.init(http);
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger = OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
this.tokenEndpointConfig.authorizationCodeTokenExchanger; this.tokenEndpointConfig.accessTokenResponseClient;
if (authorizationCodeTokenExchanger == null) { if (accessTokenResponseClient == null) {
authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger(); accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
} }
OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService; OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService;
@ -249,7 +249,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
} }
OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider = OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService); new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oauth2LoginAuthenticationProvider.setAuthoritiesMapper( oauth2LoginAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper); this.userInfoEndpointConfig.userAuthoritiesMapper);
@ -259,7 +259,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = new OidcUserService(); OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = new OidcUserService();
OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider = OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
new OidcAuthorizationCodeAuthenticationProvider( new OidcAuthorizationCodeAuthenticationProvider(
authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry); accessTokenResponseClient, oidcUserService, jwtDecoderRegistry);
if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) { if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper( oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(
this.userInfoEndpointConfig.userAuthoritiesMapper); this.userInfoEndpointConfig.userAuthoritiesMapper);

14
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java
Unescape View File

@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest; import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService; import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
@ -50,7 +50,7 @@ import java.util.Collection;
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see OAuth2LoginAuthenticationToken * @see OAuth2LoginAuthenticationToken
* @see AuthorizationGrantTokenExchanger * @see OAuth2AccessTokenResponseClient
* @see OAuth2UserService * @see OAuth2UserService
* @see OAuth2User * @see OAuth2User
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
@ -60,17 +60,17 @@ import java.util.Collection;
public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider { public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter"; private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter"; private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger; private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService; private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OAuth2LoginAuthenticationProvider( public OAuth2LoginAuthenticationProvider(
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger, OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) { OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
Assert.notNull(userService, "userService cannot be null"); Assert.notNull(userService, "userService cannot be null");
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; this.accessTokenResponseClient = accessTokenResponseClient;
this.userService = userService; this.userService = userService;
} }
@ -110,7 +110,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
} }
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse accessTokenResponse =
this.authorizationCodeTokenExchanger.exchange( this.accessTokenResponseClient.getTokenResponse(
new OAuth2AuthorizationCodeGrantRequest( new OAuth2AuthorizationCodeGrantRequest(
authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getClientRegistration(),
authorizationCodeAuthentication.getAuthorizationExchange())); authorizationCodeAuthentication.getAuthorizationExchange()));

8
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java
Unescape View File

@ -48,7 +48,7 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
/** /**
* An implementation of an {@link AuthorizationGrantTokenExchanger} that <i>&quot;exchanges&quot;</i> * An implementation of an {@link OAuth2AccessTokenResponseClient} that <i>&quot;exchanges&quot;</i>
* an <i>Authorization Code</i> credential for an <i>Access Token</i> credential * an <i>Authorization Code</i> credential for an <i>Access Token</i> credential
* at the Authorization Server's <i>Token Endpoint</i>. * at the Authorization Server's <i>Token Endpoint</i>.
* *
@ -57,18 +57,18 @@ import java.util.Set;
* *
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see AuthorizationGrantTokenExchanger * @see OAuth2AccessTokenResponseClient
* @see OAuth2AuthorizationCodeGrantRequest * @see OAuth2AuthorizationCodeGrantRequest
* @see OAuth2AccessTokenResponse * @see OAuth2AccessTokenResponse
* @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a> * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
*/ */
public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> { public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response"; private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
@Override @Override
public OAuth2AccessTokenResponse exchange(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest) public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
throws OAuth2AuthenticationException { throws OAuth2AuthenticationException {
ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration(); ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();

4
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java
Unescape View File

@ -34,8 +34,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
*/ */
public interface AuthorizationGrantTokenExchanger<T extends AbstractOAuth2AuthorizationGrantRequest> { public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> {
OAuth2AccessTokenResponse exchange(T authorizationGrantRequest) throws OAuth2AuthenticationException; OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
} }

14
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java
Unescape View File

@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry; import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest; import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
@ -63,7 +63,7 @@ import java.util.List;
* @author Joe Grandja * @author Joe Grandja
* @since 5.0 * @since 5.0
* @see OidcAuthorizationCodeAuthenticationToken * @see OidcAuthorizationCodeAuthenticationToken
* @see AuthorizationGrantTokenExchanger * @see OAuth2AccessTokenResponseClient
* @see OidcUserService * @see OidcUserService
* @see OidcUser * @see OidcUser
* @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Grant Flow</a> * @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Grant Flow</a>
@ -74,20 +74,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter"; private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter"; private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token"; private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger; private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
private final OAuth2UserService<OidcUserRequest, OidcUser> userService; private final OAuth2UserService<OidcUserRequest, OidcUser> userService;
private final JwtDecoderRegistry jwtDecoderRegistry; private final JwtDecoderRegistry jwtDecoderRegistry;
private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities); private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
public OidcAuthorizationCodeAuthenticationProvider( public OidcAuthorizationCodeAuthenticationProvider(
AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger, OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
OAuth2UserService<OidcUserRequest, OidcUser> userService, OAuth2UserService<OidcUserRequest, OidcUser> userService,
JwtDecoderRegistry jwtDecoderRegistry) { JwtDecoderRegistry jwtDecoderRegistry) {
Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null"); Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
Assert.notNull(userService, "userService cannot be null"); Assert.notNull(userService, "userService cannot be null");
Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null"); Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger; this.accessTokenResponseClient = accessTokenResponseClient;
this.userService = userService; this.userService = userService;
this.jwtDecoderRegistry = jwtDecoderRegistry; this.jwtDecoderRegistry = jwtDecoderRegistry;
} }
@ -128,7 +128,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
} }
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse accessTokenResponse =
this.authorizationCodeTokenExchanger.exchange( this.accessTokenResponseClient.getTokenResponse(
new OAuth2AuthorizationCodeGrantRequest( new OAuth2AuthorizationCodeGrantRequest(
authorizationCodeAuthentication.getClientRegistration(), authorizationCodeAuthentication.getClientRegistration(),
authorizationCodeAuthentication.getAuthorizationExchange())); authorizationCodeAuthentication.getAuthorizationExchange()));

10
samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java
Unescape View File

@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger; import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest; import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@ -351,21 +351,21 @@ public class OAuth2LoginApplicationTests {
.and() .and()
.oauth2Login() .oauth2Login()
.tokenEndpoint() .tokenEndpoint()
.authorizationCodeTokenExchanger(this.mockAuthorizationCodeTokenExchanger()) .accessTokenResponseClient(this.mockAccessTokenResponseClient())
.and() .and()
.userInfoEndpoint() .userInfoEndpoint()
.userService(this.mockUserInfoService()); .userService(this.mockUserInfoService());
} }
// @formatter:on // @formatter:on
private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> mockAuthorizationCodeTokenExchanger() { private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234") OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
.tokenType(OAuth2AccessToken.TokenType.BEARER) .tokenType(OAuth2AccessToken.TokenType.BEARER)
.expiresIn(60 * 1000) .expiresIn(60 * 1000)
.build(); .build();
AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class); OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class);
when(mock.exchange(any())).thenReturn(accessTokenResponse); when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse);
return mock; return mock;
} }

Write Preview
Loading…
Cancel
Save