Fixed validation in ClientRegistration.Builder

ClientRegistration.Builder defaulted to validating as an authorization_code registration, though a custom grant type could be in use. The actual grant_type is now verified for every case. - Fixed validation in ClientRegistration.Builder - New test that fails unless the issue is fixed. Also made OAuth2AuthorizationGrantRequestEntityUtils public to help implementing custom token response clients. Fixes gh-7040
7 years ago · e7588fb32f
2 changed files with 24 additions and 1 deletions
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@ -486,7 +486,7 @@ public final class ClientRegistration implements Serializable {
				@@ -486,7 +486,7 @@ public final class ClientRegistration implements Serializable {
 				this.validateClientCredentialsGrantType();
 			} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				this.validateImplicitGrantType();
-			} else {
+			} else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
 			return this.create();
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@ -535,4 +535,27 @@ public class ClientRegistrationTests {
				@@ -535,4 +535,27 @@ public class ClientRegistrationTests {
 						.build()
 		).isInstanceOf(IllegalArgumentException.class);
 	}
+
+	@Test
+	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
+		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(customGrantType)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+
+		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
+		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
+		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType);
+		assertThat(registration.getScopes()).isEqualTo(SCOPES);
+		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
+		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
+	}
 }