Rename TokenType to OAuth2TokenType

Closes gh-219
This commit is contained in:
Joe Grandja 2021-02-09 11:44:21 -05:00
parent 2f1684d44b
commit 3c6571044d
24 changed files with 153 additions and 123 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2020 the original author or authors. * Copyright 2020-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -13,27 +13,41 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package org.springframework.security.oauth2.server.authorization; package org.springframework.security.oauth2.core;
import org.springframework.util.Assert;
import java.io.Serializable; import java.io.Serializable;
import org.springframework.security.oauth2.server.authorization.Version;
import org.springframework.util.Assert;
/** /**
* Standard token types defined in the OAuth Token Type Hints Registry.
*
* @author Joe Grandja * @author Joe Grandja
* @since 0.0.1
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc7009#section-4.1.2">4.1.2 OAuth Token Type Hints Registry</a>
*/ */
public final class TokenType implements Serializable { public final class OAuth2TokenType implements Serializable {
private static final long serialVersionUID = Version.SERIAL_VERSION_UID; private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
public static final TokenType ACCESS_TOKEN = new TokenType("access_token"); public static final OAuth2TokenType ACCESS_TOKEN = new OAuth2TokenType("access_token");
public static final TokenType REFRESH_TOKEN = new TokenType("refresh_token"); public static final OAuth2TokenType REFRESH_TOKEN = new OAuth2TokenType("refresh_token");
public static final TokenType AUTHORIZATION_CODE = new TokenType("authorization_code");
private final String value; private final String value;
public TokenType(String value) { /**
* Constructs an {@code OAuth2TokenType} using the provided value.
*
* @param value the value of the token type
*/
public OAuth2TokenType(String value) {
Assert.hasText(value, "value cannot be empty"); Assert.hasText(value, "value cannot be empty");
this.value = value; this.value = value;
} }
/**
* Returns the value of the token type.
*
* @return the value of the token type
*/
public String getValue() { public String getValue() {
return this.value; return this.value;
} }
@ -46,12 +60,12 @@ public final class TokenType implements Serializable {
if (obj == null || this.getClass() != obj.getClass()) { if (obj == null || this.getClass() != obj.getClass()) {
return false; return false;
} }
TokenType that = (TokenType) obj; OAuth2TokenType that = (OAuth2TokenType) obj;
return this.getValue().equals(that.getValue()); return getValue().equals(that.getValue());
} }
@Override @Override
public int hashCode() { public int hashCode() {
return this.getValue().hashCode(); return getValue().hashCode();
} }
} }

View File

@ -23,6 +23,7 @@ import java.util.concurrent.ConcurrentHashMap;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode; import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -59,7 +60,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
@Nullable @Nullable
@Override @Override
public OAuth2Authorization findByToken(String token, @Nullable TokenType tokenType) { public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) {
Assert.hasText(token, "token cannot be empty"); Assert.hasText(token, "token cannot be empty");
return this.authorizations.values().stream() return this.authorizations.values().stream()
.filter(authorization -> hasToken(authorization, token, tokenType)) .filter(authorization -> hasToken(authorization, token, tokenType))
@ -67,7 +68,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
.orElse(null); .orElse(null);
} }
private static boolean hasToken(OAuth2Authorization authorization, String token, @Nullable TokenType tokenType) { private static boolean hasToken(OAuth2Authorization authorization, String token, @Nullable OAuth2TokenType tokenType) {
if (tokenType == null) { if (tokenType == null) {
return matchesState(authorization, token) || return matchesState(authorization, token) ||
matchesAuthorizationCode(authorization, token) || matchesAuthorizationCode(authorization, token) ||
@ -75,11 +76,11 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
matchesRefreshToken(authorization, token); matchesRefreshToken(authorization, token);
} else if (OAuth2ParameterNames.STATE.equals(tokenType.getValue())) { } else if (OAuth2ParameterNames.STATE.equals(tokenType.getValue())) {
return matchesState(authorization, token); return matchesState(authorization, token);
} else if (TokenType.AUTHORIZATION_CODE.equals(tokenType)) { } else if (OAuth2ParameterNames.CODE.equals(tokenType.getValue())) {
return matchesAuthorizationCode(authorization, token); return matchesAuthorizationCode(authorization, token);
} else if (TokenType.ACCESS_TOKEN.equals(tokenType)) { } else if (OAuth2TokenType.ACCESS_TOKEN.equals(tokenType)) {
return matchesAccessToken(authorization, token); return matchesAccessToken(authorization, token);
} else if (TokenType.REFRESH_TOKEN.equals(tokenType)) { } else if (OAuth2TokenType.REFRESH_TOKEN.equals(tokenType)) {
return matchesRefreshToken(authorization, token); return matchesRefreshToken(authorization, token);
} }
return false; return false;

View File

@ -16,6 +16,7 @@
package org.springframework.security.oauth2.server.authorization; package org.springframework.security.oauth2.server.authorization;
import org.springframework.lang.Nullable; import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.OAuth2TokenType;
/** /**
* Implementations of this interface are responsible for the management * Implementations of this interface are responsible for the management
@ -24,6 +25,7 @@ import org.springframework.lang.Nullable;
* @author Joe Grandja * @author Joe Grandja
* @since 0.0.1 * @since 0.0.1
* @see OAuth2Authorization * @see OAuth2Authorization
* @see OAuth2TokenType
*/ */
public interface OAuth2AuthorizationService { public interface OAuth2AuthorizationService {
@ -46,10 +48,10 @@ public interface OAuth2AuthorizationService {
* or {@code null} if not found. * or {@code null} if not found.
* *
* @param token the token credential * @param token the token credential
* @param tokenType the {@link TokenType token type} * @param tokenType the {@link OAuth2TokenType token type}
* @return the {@link OAuth2Authorization} if found, otherwise {@code null} * @return the {@link OAuth2Authorization} if found, otherwise {@code null}
*/ */
@Nullable @Nullable
OAuth2Authorization findByToken(String token, @Nullable TokenType tokenType); OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType);
} }

View File

@ -20,6 +20,7 @@ import java.time.temporal.ChronoUnit;
import java.util.Collections; import java.util.Collections;
import java.util.Set; import java.util.Set;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
@ -28,7 +29,6 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JoseHeader; import org.springframework.security.oauth2.jwt.JoseHeader;
import org.springframework.security.oauth2.jwt.JwtClaimsSet; import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
@ -39,6 +39,7 @@ import org.springframework.util.StringUtils;
* @since 0.1.0 * @since 0.1.0
*/ */
final class JwtEncodingContextUtils { final class JwtEncodingContextUtils {
private static final OAuth2TokenType ID_TOKEN_TOKEN_TYPE = new OAuth2TokenType(OidcParameterNames.ID_TOKEN);
private JwtEncodingContextUtils() { private JwtEncodingContextUtils() {
} }
@ -83,7 +84,7 @@ final class JwtEncodingContextUtils {
// @formatter:off // @formatter:off
return JwtEncodingContext.with(headersBuilder, claimsBuilder) return JwtEncodingContext.with(headersBuilder, claimsBuilder)
.registeredClient(registeredClient) .registeredClient(registeredClient)
.tokenType(TokenType.ACCESS_TOKEN); .tokenType(OAuth2TokenType.ACCESS_TOKEN);
// @formatter:on // @formatter:on
} }
@ -115,7 +116,7 @@ final class JwtEncodingContextUtils {
return JwtEncodingContext.with(headersBuilder, claimsBuilder) return JwtEncodingContext.with(headersBuilder, claimsBuilder)
.registeredClient(registeredClient) .registeredClient(registeredClient)
.authorization(authorization) .authorization(authorization)
.tokenType(new TokenType(OidcParameterNames.ID_TOKEN)); .tokenType(ID_TOKEN_TOKEN_TYPE);
// @formatter:on // @formatter:on
} }

View File

@ -29,6 +29,7 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcIdToken;
@ -40,7 +41,6 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder; import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode; import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode;
@ -66,6 +66,7 @@ import static org.springframework.security.oauth2.server.authorization.authentic
* @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a> * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request</a>
*/ */
public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider { public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private final OAuth2AuthorizationService authorizationService; private final OAuth2AuthorizationService authorizationService;
private final JwtEncoder jwtEncoder; private final JwtEncoder jwtEncoder;
private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {}; private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {};
@ -98,7 +99,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient(); RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
authorizationCodeAuthentication.getCode(), TokenType.AUTHORIZATION_CODE); authorizationCodeAuthentication.getCode(), AUTHORIZATION_CODE_TOKEN_TYPE);
if (authorization == null) { if (authorization == null) {
throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT)); throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT));
} }

View File

@ -28,12 +28,12 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.endpoint.PkceParameterNames; import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -53,6 +53,7 @@ import org.springframework.util.StringUtils;
* @see OAuth2AuthorizationService * @see OAuth2AuthorizationService
*/ */
public class OAuth2ClientAuthenticationProvider implements AuthenticationProvider { public class OAuth2ClientAuthenticationProvider implements AuthenticationProvider {
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private final RegisteredClientRepository registeredClientRepository; private final RegisteredClientRepository registeredClientRepository;
private final OAuth2AuthorizationService authorizationService; private final OAuth2AuthorizationService authorizationService;
@ -121,7 +122,7 @@ public class OAuth2ClientAuthenticationProvider implements AuthenticationProvide
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
(String) parameters.get(OAuth2ParameterNames.CODE), (String) parameters.get(OAuth2ParameterNames.CODE),
TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE_TOKEN_TYPE);
if (authorization == null) { if (authorization == null) {
throwInvalidClient(); throwInvalidClient();
} }

View File

@ -40,7 +40,7 @@ import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder; import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.config.TokenSettings; import org.springframework.security.oauth2.server.authorization.config.TokenSettings;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
@ -99,7 +99,7 @@ public class OAuth2RefreshTokenAuthenticationProvider implements AuthenticationP
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient(); RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
refreshTokenAuthentication.getRefreshToken(), TokenType.REFRESH_TOKEN); refreshTokenAuthentication.getRefreshToken(), OAuth2TokenType.REFRESH_TOKEN);
if (authorization == null) { if (authorization == null) {
throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT)); throw new OAuth2AuthenticationException(new OAuth2Error(OAuth2ErrorCodes.INVALID_GRANT));
} }

View File

@ -24,7 +24,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.context.Context; import org.springframework.security.oauth2.core.context.Context;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -49,8 +49,8 @@ public interface OAuth2TokenContext extends Context {
return get(OAuth2Authorization.class); return get(OAuth2Authorization.class);
} }
default TokenType getTokenType() { default OAuth2TokenType getTokenType() {
return get(TokenType.class); return get(OAuth2TokenType.class);
} }
default AuthorizationGrantType getAuthorizationGrantType() { default AuthorizationGrantType getAuthorizationGrantType() {
@ -80,8 +80,8 @@ public interface OAuth2TokenContext extends Context {
return put(OAuth2Authorization.class, authorization); return put(OAuth2Authorization.class, authorization);
} }
public B tokenType(TokenType tokenType) { public B tokenType(OAuth2TokenType tokenType) {
return put(TokenType.class, tokenType); return put(OAuth2TokenType.class, tokenType);
} }
public B authorizationGrantType(AuthorizationGrantType authorizationGrantType) { public B authorizationGrantType(AuthorizationGrantType authorizationGrantType) {

View File

@ -43,6 +43,7 @@ import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -50,7 +51,6 @@ import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
import org.springframework.security.oauth2.core.oidc.OidcScopes; import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode; import org.springframework.security.oauth2.server.authorization.token.OAuth2AuthorizationCode;
@ -89,6 +89,7 @@ public class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilter {
*/ */
public static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize"; public static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
private static final String PKCE_ERROR_URI = "https://tools.ietf.org/html/rfc7636#section-4.4.1"; private static final String PKCE_ERROR_URI = "https://tools.ietf.org/html/rfc7636#section-4.4.1";
private final RegisteredClientRepository registeredClientRepository; private final RegisteredClientRepository registeredClientRepository;
@ -376,7 +377,7 @@ public class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilter {
return; return;
} }
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
userConsentRequestContext.getState(), new TokenType(OAuth2ParameterNames.STATE)); userConsentRequestContext.getState(), STATE_TOKEN_TYPE);
if (authorization == null) { if (authorization == null) {
userConsentRequestContext.setError( userConsentRequestContext.setError(
createError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.STATE)); createError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.STATE));

View File

@ -46,6 +46,7 @@ import org.springframework.security.config.test.SpringTestRule;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -60,7 +61,6 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -105,6 +105,7 @@ public class OAuth2AuthorizationCodeGrantTests {
private static final String S256_CODE_VERIFIER = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk"; private static final String S256_CODE_VERIFIER = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";
private static final String S256_CODE_CHALLENGE = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"; private static final String S256_CODE_CHALLENGE = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM";
private static final String AUTHORITIES_CLAIM = "authorities"; private static final String AUTHORITIES_CLAIM = "authorities";
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private static RegisteredClientRepository registeredClientRepository; private static RegisteredClientRepository registeredClientRepository;
private static OAuth2AuthorizationService authorizationService; private static OAuth2AuthorizationService authorizationService;
@ -199,7 +200,7 @@ public class OAuth2AuthorizationCodeGrantTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE))) eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2AccessTokenResponse accessTokenResponse = assertTokenRequestReturnsAccessTokenResponse( OAuth2AccessTokenResponse accessTokenResponse = assertTokenRequestReturnsAccessTokenResponse(
@ -226,7 +227,7 @@ public class OAuth2AuthorizationCodeGrantTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE))) eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
assertTokenRequestReturnsAccessTokenResponse( assertTokenRequestReturnsAccessTokenResponse(
@ -253,7 +254,7 @@ public class OAuth2AuthorizationCodeGrantTests {
verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId())); verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService).findByToken( verify(authorizationService).findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE)); eq(AUTHORIZATION_CODE_TOKEN_TYPE));
verify(authorizationService).save(any()); verify(authorizationService).save(any());
MockHttpServletResponse servletResponse = mvcResult.getResponse(); MockHttpServletResponse servletResponse = mvcResult.getResponse();
@ -287,7 +288,7 @@ public class OAuth2AuthorizationCodeGrantTests {
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE))) eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI) this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
@ -304,7 +305,7 @@ public class OAuth2AuthorizationCodeGrantTests {
verify(registeredClientRepository, times(2)).findByClientId(eq(registeredClient.getClientId())); verify(registeredClientRepository, times(2)).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService, times(2)).findByToken( verify(authorizationService, times(2)).findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE)); eq(AUTHORIZATION_CODE_TOKEN_TYPE));
verify(authorizationService, times(2)).save(any()); verify(authorizationService, times(2)).save(any());
} }
@ -319,7 +320,7 @@ public class OAuth2AuthorizationCodeGrantTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE))) eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI) this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
@ -379,7 +380,7 @@ public class OAuth2AuthorizationCodeGrantTests {
OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() { OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
return context -> { return context -> {
if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getAuthorizationGrantType()) && if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(context.getAuthorizationGrantType()) &&
TokenType.ACCESS_TOKEN.equals(context.getTokenType())) { OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
Authentication principal = context.getPrincipal(); Authentication principal = context.getPrincipal();
Set<String> authorities = principal.getAuthorities().stream() Set<String> authorities = principal.getAuthorities().stream()
.map(GrantedAuthority::getAuthority) .map(GrantedAuthority::getAuthority)

View File

@ -55,7 +55,7 @@ import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -127,7 +127,7 @@ public class OAuth2RefreshTokenGrantTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
MvcResult mvcResult = this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI) MvcResult mvcResult = this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
@ -147,7 +147,7 @@ public class OAuth2RefreshTokenGrantTests {
verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId())); verify(registeredClientRepository).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService).findByToken( verify(authorizationService).findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN)); eq(OAuth2TokenType.REFRESH_TOKEN));
verify(authorizationService).save(any()); verify(authorizationService).save(any());
MockHttpServletResponse servletResponse = mvcResult.getResponse(); MockHttpServletResponse servletResponse = mvcResult.getResponse();

View File

@ -43,7 +43,7 @@ import org.springframework.security.oauth2.jose.TestJwks;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -105,7 +105,7 @@ public class OAuth2TokenRevocationTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
OAuth2RefreshToken token = authorization.getRefreshToken().getToken(); OAuth2RefreshToken token = authorization.getRefreshToken().getToken();
TokenType tokenType = TokenType.REFRESH_TOKEN; OAuth2TokenType tokenType = OAuth2TokenType.REFRESH_TOKEN;
when(authorizationService.findByToken(eq(token.getTokenValue()), isNull())).thenReturn(authorization); when(authorizationService.findByToken(eq(token.getTokenValue()), isNull())).thenReturn(authorization);
this.mvc.perform(post(OAuth2TokenRevocationEndpointFilter.DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI) this.mvc.perform(post(OAuth2TokenRevocationEndpointFilter.DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI)
@ -148,7 +148,7 @@ public class OAuth2TokenRevocationTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
OAuth2AccessToken token = authorization.getAccessToken().getToken(); OAuth2AccessToken token = authorization.getAccessToken().getToken();
TokenType tokenType = TokenType.ACCESS_TOKEN; OAuth2TokenType tokenType = OAuth2TokenType.ACCESS_TOKEN;
when(authorizationService.findByToken(eq(token.getTokenValue()), isNull())).thenReturn(authorization); when(authorizationService.findByToken(eq(token.getTokenValue()), isNull())).thenReturn(authorization);
this.mvc.perform(post(tokenRevocationEndpointUri) this.mvc.perform(post(tokenRevocationEndpointUri)
@ -170,7 +170,7 @@ public class OAuth2TokenRevocationTests {
assertThat(refreshToken.isInvalidated()).isFalse(); assertThat(refreshToken.isInvalidated()).isFalse();
} }
private static MultiValueMap<String, String> getTokenRevocationRequestParameters(AbstractOAuth2Token token, TokenType tokenType) { private static MultiValueMap<String, String> getTokenRevocationRequestParameters(AbstractOAuth2Token token, OAuth2TokenType tokenType) {
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(); MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
parameters.set(OAuth2ParameterNames2.TOKEN, token.getTokenValue()); parameters.set(OAuth2ParameterNames2.TOKEN, token.getTokenValue());
parameters.set(OAuth2ParameterNames2.TOKEN_TYPE_HINT, tokenType.getValue()); parameters.set(OAuth2ParameterNames2.TOKEN_TYPE_HINT, tokenType.getValue());

View File

@ -46,6 +46,7 @@ import org.springframework.security.config.test.SpringTestRule;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -58,7 +59,6 @@ import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -100,6 +100,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class OidcTests { public class OidcTests {
private static final String ISSUER_URL = "https://example.com/issuer1"; private static final String ISSUER_URL = "https://example.com/issuer1";
private static final String AUTHORITIES_CLAIM = "authorities"; private static final String AUTHORITIES_CLAIM = "authorities";
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private static RegisteredClientRepository registeredClientRepository; private static RegisteredClientRepository registeredClientRepository;
private static OAuth2AuthorizationService authorizationService; private static OAuth2AuthorizationService authorizationService;
private static JWKSource<SecurityContext> jwkSource; private static JWKSource<SecurityContext> jwkSource;
@ -184,7 +185,7 @@ public class OidcTests {
when(authorizationService.findByToken( when(authorizationService.findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE))) eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
mvcResult = this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI) mvcResult = this.mvc.perform(post(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI)
@ -205,7 +206,7 @@ public class OidcTests {
verify(registeredClientRepository, times(2)).findByClientId(eq(registeredClient.getClientId())); verify(registeredClientRepository, times(2)).findByClientId(eq(registeredClient.getClientId()));
verify(authorizationService).findByToken( verify(authorizationService).findByToken(
eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()), eq(authorization.getToken(OAuth2AuthorizationCode.class).getToken().getTokenValue()),
eq(TokenType.AUTHORIZATION_CODE)); eq(AUTHORIZATION_CODE_TOKEN_TYPE));
verify(authorizationService, times(2)).save(any()); verify(authorizationService, times(2)).save(any());
MockHttpServletResponse servletResponse = mvcResult.getResponse(); MockHttpServletResponse servletResponse = mvcResult.getResponse();

View File

@ -24,6 +24,7 @@ import org.junit.Test;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -44,6 +45,8 @@ public class InMemoryOAuth2AuthorizationServiceTests {
private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE; private static final AuthorizationGrantType AUTHORIZATION_GRANT_TYPE = AuthorizationGrantType.AUTHORIZATION_CODE;
private static final OAuth2AuthorizationCode AUTHORIZATION_CODE = new OAuth2AuthorizationCode( private static final OAuth2AuthorizationCode AUTHORIZATION_CODE = new OAuth2AuthorizationCode(
"code", Instant.now(), Instant.now().plus(5, ChronoUnit.MINUTES)); "code", Instant.now(), Instant.now().plus(5, ChronoUnit.MINUTES));
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
private InMemoryOAuth2AuthorizationService authorizationService; private InMemoryOAuth2AuthorizationService authorizationService;
@Before @Before
@ -68,7 +71,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(expectedAuthorization); this.authorizationService.save(expectedAuthorization);
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
AUTHORIZATION_CODE.getTokenValue(), TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE.getTokenValue(), AUTHORIZATION_CODE_TOKEN_TYPE);
assertThat(authorization).isEqualTo(expectedAuthorization); assertThat(authorization).isEqualTo(expectedAuthorization);
} }
@ -89,18 +92,18 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(expectedAuthorization); this.authorizationService.save(expectedAuthorization);
OAuth2Authorization authorization = this.authorizationService.findByToken( OAuth2Authorization authorization = this.authorizationService.findByToken(
AUTHORIZATION_CODE.getTokenValue(), TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE.getTokenValue(), AUTHORIZATION_CODE_TOKEN_TYPE);
assertThat(authorization).isEqualTo(expectedAuthorization); assertThat(authorization).isEqualTo(expectedAuthorization);
this.authorizationService.remove(expectedAuthorization); this.authorizationService.remove(expectedAuthorization);
authorization = this.authorizationService.findByToken( authorization = this.authorizationService.findByToken(
AUTHORIZATION_CODE.getTokenValue(), TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE.getTokenValue(), AUTHORIZATION_CODE_TOKEN_TYPE);
assertThat(authorization).isNull(); assertThat(authorization).isNull();
} }
@Test @Test
public void findByTokenWhenTokenNullThenThrowIllegalArgumentException() { public void findByTokenWhenTokenNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> this.authorizationService.findByToken(null, TokenType.AUTHORIZATION_CODE)) assertThatThrownBy(() -> this.authorizationService.findByToken(null, AUTHORIZATION_CODE_TOKEN_TYPE))
.isInstanceOf(IllegalArgumentException.class) .isInstanceOf(IllegalArgumentException.class)
.hasMessage("token cannot be empty"); .hasMessage("token cannot be empty");
} }
@ -116,7 +119,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(authorization); this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByToken( OAuth2Authorization result = this.authorizationService.findByToken(
state, new TokenType(OAuth2ParameterNames.STATE)); state, STATE_TOKEN_TYPE);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
result = this.authorizationService.findByToken(state, null); result = this.authorizationService.findByToken(state, null);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
@ -132,7 +135,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(authorization); this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByToken( OAuth2Authorization result = this.authorizationService.findByToken(
AUTHORIZATION_CODE.getTokenValue(), TokenType.AUTHORIZATION_CODE); AUTHORIZATION_CODE.getTokenValue(), AUTHORIZATION_CODE_TOKEN_TYPE);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
result = this.authorizationService.findByToken(AUTHORIZATION_CODE.getTokenValue(), null); result = this.authorizationService.findByToken(AUTHORIZATION_CODE.getTokenValue(), null);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
@ -151,7 +154,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(authorization); this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByToken( OAuth2Authorization result = this.authorizationService.findByToken(
accessToken.getTokenValue(), TokenType.ACCESS_TOKEN); accessToken.getTokenValue(), OAuth2TokenType.ACCESS_TOKEN);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
result = this.authorizationService.findByToken(accessToken.getTokenValue(), null); result = this.authorizationService.findByToken(accessToken.getTokenValue(), null);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
@ -168,7 +171,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
this.authorizationService.save(authorization); this.authorizationService.save(authorization);
OAuth2Authorization result = this.authorizationService.findByToken( OAuth2Authorization result = this.authorizationService.findByToken(
refreshToken.getTokenValue(), TokenType.REFRESH_TOKEN); refreshToken.getTokenValue(), OAuth2TokenType.REFRESH_TOKEN);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
result = this.authorizationService.findByToken(refreshToken.getTokenValue(), null); result = this.authorizationService.findByToken(refreshToken.getTokenValue(), null);
assertThat(authorization).isEqualTo(result); assertThat(authorization).isEqualTo(result);
@ -177,7 +180,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
@Test @Test
public void findByTokenWhenTokenDoesNotExistThenNull() { public void findByTokenWhenTokenDoesNotExistThenNull() {
OAuth2Authorization result = this.authorizationService.findByToken( OAuth2Authorization result = this.authorizationService.findByToken(
"access-token", TokenType.ACCESS_TOKEN); "access-token", OAuth2TokenType.ACCESS_TOKEN);
assertThat(result).isNull(); assertThat(result).isNull();
} }
} }

View File

@ -106,7 +106,7 @@ public class OAuth2AuthorizationTests {
public void attributeWhenValueNullThenThrowIllegalArgumentException() { public void attributeWhenValueNullThenThrowIllegalArgumentException() {
assertThatThrownBy(() -> assertThatThrownBy(() ->
OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT) OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
.attribute(TokenType.AUTHORIZATION_CODE.getValue(), null)) .attribute("name", null))
.isInstanceOf(IllegalArgumentException.class) .isInstanceOf(IllegalArgumentException.class)
.hasMessage("value cannot be null"); .hasMessage("value cannot be null");
} }

View File

@ -31,6 +31,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcIdToken;
@ -44,7 +45,6 @@ import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
@ -69,6 +69,7 @@ import static org.mockito.Mockito.when;
*/ */
public class OAuth2AuthorizationCodeAuthenticationProviderTests { public class OAuth2AuthorizationCodeAuthenticationProviderTests {
private static final String AUTHORIZATION_CODE = "code"; private static final String AUTHORIZATION_CODE = "code";
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private OAuth2AuthorizationService authorizationService; private OAuth2AuthorizationService authorizationService;
private JwtEncoder jwtEncoder; private JwtEncoder jwtEncoder;
private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer; private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
@ -154,7 +155,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
@Test @Test
public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException() { public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException() {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization().build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
@ -179,7 +180,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
public void authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException() { public void authenticateWhenInvalidRedirectUriThenThrowOAuth2AuthenticationException() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -202,7 +203,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.token(authorizationCode, (metadata) -> metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true)) .token(authorizationCode, (metadata) -> metadata.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true))
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -222,7 +223,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
public void authenticateWhenValidCodeThenReturnAccessToken() { public void authenticateWhenValidCodeThenReturnAccessToken() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -242,7 +243,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient); assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName())); assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization); assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(TokenType.ACCESS_TOKEN); assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication); assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
assertThat(jwtEncodingContext.getHeaders()).isNotNull(); assertThat(jwtEncodingContext.getHeaders()).isNotNull();
@ -273,7 +274,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
public void authenticateWhenValidCodeAndAuthenticationRequestThenReturnIdToken() { public void authenticateWhenValidCodeAndAuthenticationRequestThenReturnIdToken() {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build(); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -294,7 +295,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
assertThat(accessTokenContext.getRegisteredClient()).isEqualTo(registeredClient); assertThat(accessTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(accessTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName())); assertThat(accessTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
assertThat(accessTokenContext.getAuthorization()).isEqualTo(authorization); assertThat(accessTokenContext.getAuthorization()).isEqualTo(authorization);
assertThat(accessTokenContext.getTokenType()).isEqualTo(TokenType.ACCESS_TOKEN); assertThat(accessTokenContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(accessTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(accessTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(accessTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication); assertThat(accessTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
assertThat(accessTokenContext.getHeaders()).isNotNull(); assertThat(accessTokenContext.getHeaders()).isNotNull();
@ -339,7 +340,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
.build(); .build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -377,7 +378,7 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
.build(); .build();
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);

View File

@ -15,25 +15,26 @@
*/ */
package org.springframework.security.oauth2.server.authorization.authentication; package org.springframework.security.oauth2.server.authorization.authentication;
import java.util.HashMap;
import java.util.Map;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.endpoint.PkceParameterNames; import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import java.util.HashMap;
import java.util.Map;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatThrownBy; import static org.assertj.core.api.Assertions.assertThatThrownBy;
import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.eq;
@ -58,6 +59,7 @@ public class OAuth2ClientAuthenticationProviderTests {
private static final String S256_CODE_CHALLENGE = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM"; private static final String S256_CODE_CHALLENGE = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM";
private static final String AUTHORIZATION_CODE = "code"; private static final String AUTHORIZATION_CODE = "code";
private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
private RegisteredClientRepository registeredClientRepository; private RegisteredClientRepository registeredClientRepository;
private OAuth2AuthorizationService authorizationService; private OAuth2AuthorizationService authorizationService;
@ -160,7 +162,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersPlain()) .authorization(registeredClient, createPkceAuthorizationParametersPlain())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);
@ -187,7 +189,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient) .authorization(registeredClient)
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);
@ -211,7 +213,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersPlain()) .authorization(registeredClient, createPkceAuthorizationParametersPlain())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);
@ -236,7 +238,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersPlain()) .authorization(registeredClient, createPkceAuthorizationParametersPlain())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters("invalid-code-verifier"); Map<String, Object> parameters = createPkceTokenParameters("invalid-code-verifier");
@ -260,7 +262,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersS256()) .authorization(registeredClient, createPkceAuthorizationParametersS256())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters("invalid-code-verifier"); Map<String, Object> parameters = createPkceTokenParameters("invalid-code-verifier");
@ -284,7 +286,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersPlain()) .authorization(registeredClient, createPkceAuthorizationParametersPlain())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);
@ -311,7 +313,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, authorizationRequestAdditionalParameters) .authorization(registeredClient, authorizationRequestAdditionalParameters)
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);
@ -336,7 +338,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, createPkceAuthorizationParametersS256()) .authorization(registeredClient, createPkceAuthorizationParametersS256())
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(S256_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(S256_CODE_VERIFIER);
@ -364,7 +366,7 @@ public class OAuth2ClientAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations OAuth2Authorization authorization = TestOAuth2Authorizations
.authorization(registeredClient, authorizationRequestAdditionalParameters) .authorization(registeredClient, authorizationRequestAdditionalParameters)
.build(); .build();
when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(TokenType.AUTHORIZATION_CODE))) when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER); Map<String, Object> parameters = createPkceTokenParameters(PLAIN_CODE_VERIFIER);

View File

@ -37,7 +37,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtEncoder; import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
@ -192,7 +192,7 @@ public class OAuth2ClientCredentialsAuthenticationProviderTests {
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient); assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(clientPrincipal); assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(clientPrincipal);
assertThat(jwtEncodingContext.getAuthorization()).isNull(); assertThat(jwtEncodingContext.getAuthorization()).isNull();
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(TokenType.ACCESS_TOKEN); assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS); assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication); assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
assertThat(jwtEncodingContext.getHeaders()).isNotNull(); assertThat(jwtEncodingContext.getHeaders()).isNotNull();

View File

@ -42,7 +42,7 @@ import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext; import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
@ -119,7 +119,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -135,7 +135,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient); assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName())); assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization); assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(TokenType.ACCESS_TOKEN); assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN); assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN);
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication); assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
assertThat(jwtEncodingContext.getHeaders()).isNotNull(); assertThat(jwtEncodingContext.getHeaders()).isNotNull();
@ -162,7 +162,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -186,7 +186,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -208,7 +208,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -275,7 +275,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
@ -298,7 +298,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -321,7 +321,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
authorization = OAuth2Authorization.from(authorization).token(expiredRefreshToken).build(); authorization = OAuth2Authorization.from(authorization).token(expiredRefreshToken).build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
@ -345,7 +345,7 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
.build(); .build();
when(this.authorizationService.findByToken( when(this.authorizationService.findByToken(
eq(authorization.getRefreshToken().getToken().getTokenValue()), eq(authorization.getRefreshToken().getToken().getTokenValue()),
eq(TokenType.REFRESH_TOKEN))) eq(OAuth2TokenType.REFRESH_TOKEN)))
.thenReturn(authorization); .thenReturn(authorization);
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);

View File

@ -28,7 +28,7 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -76,7 +76,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
TestingAuthenticationToken clientPrincipal = new TestingAuthenticationToken( TestingAuthenticationToken clientPrincipal = new TestingAuthenticationToken(
registeredClient.getClientId(), registeredClient.getClientSecret()); registeredClient.getClientId(), registeredClient.getClientSecret());
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
"token", clientPrincipal, TokenType.ACCESS_TOKEN.getValue()); "token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication))
.isInstanceOf(OAuth2AuthenticationException.class) .isInstanceOf(OAuth2AuthenticationException.class)
.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
@ -90,7 +90,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
registeredClient.getClientId(), registeredClient.getClientSecret(), ClientAuthenticationMethod.BASIC, null); registeredClient.getClientId(), registeredClient.getClientSecret(), ClientAuthenticationMethod.BASIC, null);
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
"token", clientPrincipal, TokenType.ACCESS_TOKEN.getValue()); "token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication))
.isInstanceOf(OAuth2AuthenticationException.class) .isInstanceOf(OAuth2AuthenticationException.class)
.extracting(ex -> ((OAuth2AuthenticationException) ex).getError()) .extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
@ -103,7 +103,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build(); RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
"token", clientPrincipal, TokenType.ACCESS_TOKEN.getValue()); "token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
OAuth2TokenRevocationAuthenticationToken authenticationResult = OAuth2TokenRevocationAuthenticationToken authenticationResult =
(OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication); (OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
assertThat(authenticationResult.isAuthenticated()).isFalse(); assertThat(authenticationResult.isAuthenticated()).isFalse();
@ -122,7 +122,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
"token", clientPrincipal, TokenType.ACCESS_TOKEN.getValue()); "token", clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication)) assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication))
.isInstanceOf(OAuth2AuthenticationException.class) .isInstanceOf(OAuth2AuthenticationException.class)
@ -143,7 +143,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, TokenType.REFRESH_TOKEN.getValue()); authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, OAuth2TokenType.REFRESH_TOKEN.getValue());
OAuth2TokenRevocationAuthenticationToken authenticationResult = OAuth2TokenRevocationAuthenticationToken authenticationResult =
(OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication); (OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication);
@ -171,7 +171,7 @@ public class OAuth2TokenRevocationAuthenticationProviderTests {
OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient); OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken( OAuth2TokenRevocationAuthenticationToken authentication = new OAuth2TokenRevocationAuthenticationToken(
authorization.getAccessToken().getToken().getTokenValue(), clientPrincipal, TokenType.ACCESS_TOKEN.getValue()); authorization.getAccessToken().getToken().getTokenValue(), clientPrincipal, OAuth2TokenType.ACCESS_TOKEN.getValue());
OAuth2TokenRevocationAuthenticationToken authenticationResult = OAuth2TokenRevocationAuthenticationToken authenticationResult =
(OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication); (OAuth2TokenRevocationAuthenticationToken) this.authenticationProvider.authenticate(authentication);

View File

@ -17,7 +17,7 @@ package org.springframework.security.oauth2.server.authorization.authentication;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.oauth2.core.OAuth2AccessToken; import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
import java.time.Duration; import java.time.Duration;
@ -36,7 +36,7 @@ public class OAuth2TokenRevocationAuthenticationTokenTests {
private String token = "token"; private String token = "token";
private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken( private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
TestRegisteredClients.registeredClient().build()); TestRegisteredClients.registeredClient().build());
private String tokenTypeHint = TokenType.ACCESS_TOKEN.getValue(); private String tokenTypeHint = OAuth2TokenType.ACCESS_TOKEN.getValue();
private OAuth2AccessToken accessToken = new OAuth2AccessToken( private OAuth2AccessToken accessToken = new OAuth2AccessToken(
OAuth2AccessToken.TokenType.BEARER, this.token, OAuth2AccessToken.TokenType.BEARER, this.token,
Instant.now(), Instant.now().plus(Duration.ofHours(1))); Instant.now(), Instant.now().plus(Duration.ofHours(1)));

View File

@ -27,7 +27,7 @@ import org.springframework.security.oauth2.jwt.TestJoseHeaders;
import org.springframework.security.oauth2.jwt.TestJwtClaimsSets; import org.springframework.security.oauth2.jwt.TestJwtClaimsSets;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
@ -96,7 +96,7 @@ public class JwtEncodingContextTests {
.registeredClient(registeredClient) .registeredClient(registeredClient)
.principal(principal) .principal(principal)
.authorization(authorization) .authorization(authorization)
.tokenType(TokenType.ACCESS_TOKEN) .tokenType(OAuth2TokenType.ACCESS_TOKEN)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrant(authorizationGrant) .authorizationGrant(authorizationGrant)
.put("custom-key-1", "custom-value-1") .put("custom-key-1", "custom-value-1")
@ -108,7 +108,7 @@ public class JwtEncodingContextTests {
assertThat(context.getRegisteredClient()).isEqualTo(registeredClient); assertThat(context.getRegisteredClient()).isEqualTo(registeredClient);
assertThat(context.<Authentication>getPrincipal()).isEqualTo(principal); assertThat(context.<Authentication>getPrincipal()).isEqualTo(principal);
assertThat(context.getAuthorization()).isEqualTo(authorization); assertThat(context.getAuthorization()).isEqualTo(authorization);
assertThat(context.getTokenType()).isEqualTo(TokenType.ACCESS_TOKEN); assertThat(context.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(context.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
assertThat(context.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authorizationGrant); assertThat(context.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authorizationGrant);
assertThat(context.<String>get("custom-key-1")).isEqualTo("custom-value-1"); assertThat(context.<String>get("custom-key-1")).isEqualTo("custom-value-1");

View File

@ -39,6 +39,7 @@ import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
@ -47,7 +48,6 @@ import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations; import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
import org.springframework.security.oauth2.server.authorization.TokenType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients; import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
@ -72,6 +72,7 @@ import static org.mockito.Mockito.when;
* @since 0.0.1 * @since 0.0.1
*/ */
public class OAuth2AuthorizationEndpointFilterTests { public class OAuth2AuthorizationEndpointFilterTests {
private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
private static final String DEFAULT_ERROR_URI = "https://tools.ietf.org/html/rfc6749%23section-4.1.2.1"; private static final String DEFAULT_ERROR_URI = "https://tools.ietf.org/html/rfc6749%23section-4.1.2.1";
private static final String PKCE_ERROR_URI = "https://tools.ietf.org/html/rfc7636%23section-4.4.1"; private static final String PKCE_ERROR_URI = "https://tools.ietf.org/html/rfc7636%23section-4.4.1";
private RegisteredClientRepository registeredClientRepository; private RegisteredClientRepository registeredClientRepository;
@ -620,7 +621,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))) when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient); .thenReturn(registeredClient);
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
this.authentication.setAuthenticated(false); this.authentication.setAuthenticated(false);
@ -638,7 +639,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId()))) when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
.thenReturn(registeredClient); .thenReturn(registeredClient);
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build(); OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
this.authentication = new TestingAuthenticationToken("other-principal", "password"); this.authentication = new TestingAuthenticationToken("other-principal", "password");
@ -662,7 +663,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenError( doFilterWhenUserConsentRequestInvalidParameterThenError(
@ -680,7 +681,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenError( doFilterWhenUserConsentRequestInvalidParameterThenError(
@ -698,7 +699,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenError( doFilterWhenUserConsentRequestInvalidParameterThenError(
@ -717,7 +718,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(otherRegisteredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(otherRegisteredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenError( doFilterWhenUserConsentRequestInvalidParameterThenError(
@ -735,7 +736,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenRedirect( doFilterWhenUserConsentRequestInvalidParameterThenRedirect(
@ -756,7 +757,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
doFilterWhenUserConsentRequestInvalidParameterThenRedirect( doFilterWhenUserConsentRequestInvalidParameterThenRedirect(
@ -777,7 +778,7 @@ public class OAuth2AuthorizationEndpointFilterTests {
OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient) OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
.principalName(this.authentication.getName()) .principalName(this.authentication.getName())
.build(); .build();
when(this.authorizationService.findByToken(eq("state"), eq(new TokenType(OAuth2ParameterNames.STATE)))) when(this.authorizationService.findByToken(eq("state"), eq(STATE_TOKEN_TYPE)))
.thenReturn(authorization); .thenReturn(authorization);
MockHttpServletRequest request = createUserConsentRequest(registeredClient); MockHttpServletRequest request = createUserConsentRequest(registeredClient);

View File

@ -32,7 +32,7 @@ import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes; import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames2; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames2;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter; import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.TokenType; import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
@ -139,7 +139,7 @@ public class OAuth2TokenRevocationEndpointFilterTests {
doFilterWhenTokenRevocationRequestInvalidParameterThenError( doFilterWhenTokenRevocationRequestInvalidParameterThenError(
OAuth2ParameterNames2.TOKEN_TYPE_HINT, OAuth2ParameterNames2.TOKEN_TYPE_HINT,
OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ErrorCodes.INVALID_REQUEST,
request -> request.addParameter(OAuth2ParameterNames2.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue())); request -> request.addParameter(OAuth2ParameterNames2.TOKEN_TYPE_HINT, OAuth2TokenType.ACCESS_TOKEN.getValue()));
} }
@Test @Test
@ -202,7 +202,7 @@ public class OAuth2TokenRevocationEndpointFilterTests {
request.setServletPath(requestUri); request.setServletPath(requestUri);
request.addParameter(OAuth2ParameterNames2.TOKEN, "token"); request.addParameter(OAuth2ParameterNames2.TOKEN, "token");
request.addParameter(OAuth2ParameterNames2.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue()); request.addParameter(OAuth2ParameterNames2.TOKEN_TYPE_HINT, OAuth2TokenType.ACCESS_TOKEN.getValue());
return request; return request;
} }