Use OAuth2ParameterNames.TOKEN

Issue gh-83

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilter.java

@@ -26,6 +26,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationProvider;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
@@ -53,9 +54,6 @@ import java.io.IOException;
  * @since 0.0.3
  */
 public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
-	static final String TOKEN_PARAM_NAME = "token";
-	static final String TOKEN_TYPE_HINT_PARAM_NAME = "token_type_hint";
-
 	/**
 	 * The default endpoint {@code URI} for token revocation requests.
 	 */
@@ -133,17 +131,17 @@ public class OAuth2TokenRevocationEndpointFilter extends OncePerRequestFilter {
 			MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);
 
 			// token (REQUIRED)
-			String token = parameters.getFirst(TOKEN_PARAM_NAME);
+			String token = parameters.getFirst(OAuth2ParameterNames.TOKEN);
 			if (!StringUtils.hasText(token) ||
-					parameters.get(TOKEN_PARAM_NAME).size() != 1) {
+					parameters.get(OAuth2ParameterNames.TOKEN).size() != 1) {
-				throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_PARAM_NAME);
+				throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN);
 			}
 
 			// token_type_hint (OPTIONAL)
-			String tokenTypeHint = parameters.getFirst(TOKEN_TYPE_HINT_PARAM_NAME);
+			String tokenTypeHint = parameters.getFirst(OAuth2ParameterNames.TOKEN_TYPE_HINT);
 			if (StringUtils.hasText(tokenTypeHint) &&
-					parameters.get(TOKEN_TYPE_HINT_PARAM_NAME).size() != 1) {
+					parameters.get(OAuth2ParameterNames.TOKEN_TYPE_HINT).size() != 1) {
-				throwError(OAuth2ErrorCodes.INVALID_REQUEST, TOKEN_TYPE_HINT_PARAM_NAME);
+				throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.TOKEN_TYPE_HINT);
 			}
 
 			return new OAuth2TokenRevocationAuthenticationToken(token, clientPrincipal, tokenTypeHint);

oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2TokenRevocationTests.java

@@ -32,6 +32,7 @@ import org.springframework.security.crypto.keys.StaticKeyGeneratingKeyManager;
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
@@ -152,9 +153,8 @@ public class OAuth2TokenRevocationTests {
 
 	private static MultiValueMap<String, String> getTokenRevocationRequestParameters(AbstractOAuth2Token token, TokenType tokenType) {
 		MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
-		// TODO Use OAuth2ParameterNames
+		parameters.set(OAuth2ParameterNames.TOKEN, token.getTokenValue());
-		parameters.set("token", token.getTokenValue());
+		parameters.set(OAuth2ParameterNames.TOKEN_TYPE_HINT, tokenType.getValue());
-		parameters.set("token_type_hint", tokenType.getValue());
 		return parameters;
 	}
 

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/web/OAuth2TokenRevocationEndpointFilterTests.java

@@ -30,6 +30,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
 import org.springframework.security.oauth2.server.authorization.TokenType;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
@@ -53,8 +54,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.when;
-import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_PARAM_NAME;
-import static org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter.TOKEN_TYPE_HINT_PARAM_NAME;
 
 /**
  * Tests for {@link OAuth2TokenRevocationEndpointFilter}.
@@ -122,25 +121,25 @@ public class OAuth2TokenRevocationEndpointFilterTests {
 	@Test
 	public void doFilterWhenTokenRevocationRequestMissingTokenThenInvalidRequestError() throws Exception {
 		doFilterWhenTokenRevocationRequestInvalidParameterThenError(
-				TOKEN_PARAM_NAME,
+				OAuth2ParameterNames.TOKEN,
 				OAuth2ErrorCodes.INVALID_REQUEST,
-				request -> request.removeParameter(TOKEN_PARAM_NAME));
+				request -> request.removeParameter(OAuth2ParameterNames.TOKEN));
 	}
 
 	@Test
 	public void doFilterWhenTokenRevocationRequestMultipleTokenThenInvalidRequestError() throws Exception {
 		doFilterWhenTokenRevocationRequestInvalidParameterThenError(
-				TOKEN_PARAM_NAME,
+				OAuth2ParameterNames.TOKEN,
 				OAuth2ErrorCodes.INVALID_REQUEST,
-				request -> request.addParameter(TOKEN_PARAM_NAME, "token-2"));
+				request -> request.addParameter(OAuth2ParameterNames.TOKEN, "token-2"));
 	}
 
 	@Test
 	public void doFilterWhenTokenRevocationRequestMultipleTokenTypeHintThenInvalidRequestError() throws Exception {
 		doFilterWhenTokenRevocationRequestInvalidParameterThenError(
-				TOKEN_TYPE_HINT_PARAM_NAME,
+				OAuth2ParameterNames.TOKEN_TYPE_HINT,
 				OAuth2ErrorCodes.INVALID_REQUEST,
-				request -> request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue()));
+				request -> request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue()));
 	}
 
 	@Test
@@ -202,8 +201,8 @@ public class OAuth2TokenRevocationEndpointFilterTests {
 		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
 		request.setServletPath(requestUri);
 
-		request.addParameter(TOKEN_PARAM_NAME, "token");
+		request.addParameter(OAuth2ParameterNames.TOKEN, "token");
-		request.addParameter(TOKEN_TYPE_HINT_PARAM_NAME, TokenType.ACCESS_TOKEN.getValue());
+		request.addParameter(OAuth2ParameterNames.TOKEN_TYPE_HINT, TokenType.ACCESS_TOKEN.getValue());
 
 		return request;
 	}