Merge branch '1.1.x'
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -38,43 +38,43 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
// @formatter:off
|
||||
private final Builder minimalBuilder =
|
||||
OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer("https://example.com/issuer1")
|
||||
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
|
||||
.issuer("https://example.com")
|
||||
.authorizationEndpoint("https://example.com/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/oauth2/token")
|
||||
.responseType("code");
|
||||
// @formatter:on
|
||||
|
||||
@Test
|
||||
public void buildWhenAllClaimsProvidedThenCreated() {
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer("https://example.com/issuer1")
|
||||
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
|
||||
.issuer("https://example.com")
|
||||
.authorizationEndpoint("https://example.com/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/oauth2/token")
|
||||
.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
|
||||
.jwkSetUrl("https://example.com/oauth2/jwks")
|
||||
.scope("openid")
|
||||
.responseType("code")
|
||||
.grantType("authorization_code")
|
||||
.grantType("client_credentials")
|
||||
.tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke")
|
||||
.tokenRevocationEndpoint("https://example.com/oauth2/revoke")
|
||||
.tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect")
|
||||
.tokenIntrospectionEndpoint("https://example.com/oauth2/introspect")
|
||||
.tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.codeChallengeMethod("S256")
|
||||
.claim("a-claim", "a-value")
|
||||
.build();
|
||||
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
|
||||
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
|
||||
assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials");
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256");
|
||||
assertThat(authorizationServerMetadata.getClaimAsString("a-claim")).isEqualTo("a-value");
|
||||
@@ -83,15 +83,15 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
@Test
|
||||
public void buildWhenOnlyRequiredClaimsProvidedThenCreated() {
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer("https://example.com/issuer1")
|
||||
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
|
||||
.issuer("https://example.com")
|
||||
.authorizationEndpoint("https://example.com/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/oauth2/token")
|
||||
.responseType("code")
|
||||
.build();
|
||||
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull();
|
||||
assertThat(authorizationServerMetadata.getScopes()).isNull();
|
||||
@@ -107,29 +107,29 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
@Test
|
||||
public void withClaimsWhenClaimsProvidedThenCreated() {
|
||||
HashMap<String, Object> claims = new HashMap<>();
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com/issuer1");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/issuer1/oauth2/authorize");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/issuer1/oauth2/token");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/issuer1/oauth2/jwks");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, "https://example.com");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, "https://example.com/oauth2/authorize");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, "https://example.com/oauth2/token");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, "https://example.com/oauth2/jwks");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED, Collections.singletonList("openid"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/issuer1/oauth2/revoke");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/issuer1/oauth2/introspect");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, "https://example.com/oauth2/revoke");
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, "https://example.com/oauth2/introspect");
|
||||
claims.put("some-claim", "some-value");
|
||||
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build();
|
||||
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
|
||||
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
|
||||
assertThat(authorizationServerMetadata.getGrantTypes()).isNull();
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value");
|
||||
@@ -138,28 +138,28 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
@Test
|
||||
public void withClaimsWhenClaimsWithUrlsProvidedThenCreated() {
|
||||
HashMap<String, Object> claims = new HashMap<>();
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com/issuer1"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/issuer1/oauth2/authorize"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/issuer1/oauth2/token"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/issuer1/oauth2/jwks"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.ISSUER, url("https://example.com"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT, url("https://example.com/oauth2/authorize"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT, url("https://example.com/oauth2/token"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI, url("https://example.com/oauth2/jwks"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED, Collections.singletonList("code"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/issuer1/oauth2/revoke"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/issuer1/oauth2/introspect"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT, url("https://example.com/oauth2/revoke"));
|
||||
claims.put(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT, url("https://example.com/oauth2/introspect"));
|
||||
claims.put("some-claim", "some-value");
|
||||
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.withClaims(claims).build();
|
||||
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(url("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(url("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(url("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/issuer1/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(url("https://example.com/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getScopes()).isNull();
|
||||
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
|
||||
assertThat(authorizationServerMetadata.getGrantTypes()).isNull();
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(url("https://example.com/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/issuer1/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(url("https://example.com/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getClaimAsString("some-claim")).isEqualTo("some-value");
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -65,7 +65,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
@ExtendWith(SpringTestContextExtension.class)
|
||||
public class OAuth2AuthorizationServerMetadataTests {
|
||||
private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server";
|
||||
private static final String issuerUrl = "https://example.com/issuer1";
|
||||
private static final String ISSUER_URL = "https://example.com";
|
||||
private static EmbeddedDatabase db;
|
||||
private static JWKSource<SecurityContext> jwkSource;
|
||||
|
||||
@@ -105,9 +105,9 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndIssuerSetThenUsed() throws Exception {
|
||||
this.spring.register(AuthorizationServerConfiguration.class).autowire();
|
||||
|
||||
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
|
||||
this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andExpect(jsonPath("issuer").value(issuerUrl))
|
||||
.andExpect(jsonPath("issuer").value(ISSUER_URL))
|
||||
.andReturn();
|
||||
}
|
||||
|
||||
@@ -115,7 +115,7 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndIssuerNotSetThenResolveFromRequest() throws Exception {
|
||||
this.spring.register(AuthorizationServerConfigurationWithIssuerNotSet.class).autowire();
|
||||
|
||||
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
|
||||
this.mvc.perform(get("http://localhost".concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andExpect(jsonPath("issuer").value("http://localhost"))
|
||||
.andReturn();
|
||||
@@ -126,7 +126,7 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
public void requestWhenAuthorizationServerMetadataRequestAndMetadataCustomizerSetThenReturnCustomMetadataResponse() throws Exception {
|
||||
this.spring.register(AuthorizationServerConfigurationWithMetadataCustomizer.class).autowire();
|
||||
|
||||
this.mvc.perform(get(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI))
|
||||
this.mvc.perform(get(ISSUER_URL.concat(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI)))
|
||||
.andExpect(status().is2xxSuccessful())
|
||||
.andExpect(jsonPath(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED,
|
||||
hasItems("scope1", "scope2")));
|
||||
@@ -156,7 +156,7 @@ public class OAuth2AuthorizationServerMetadataTests {
|
||||
|
||||
@Bean
|
||||
AuthorizationServerSettings authorizationServerSettings() {
|
||||
return AuthorizationServerSettings.builder().issuer(issuerUrl).build();
|
||||
return AuthorizationServerSettings.builder().issuer(ISSUER_URL).build();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -62,9 +62,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
public void readInternalWhenRequiredParametersThenSuccess() throws Exception {
|
||||
// @formatter:off
|
||||
String authorizationServerMetadataResponse = "{\n"
|
||||
+ " \"issuer\": \"https://example.com/issuer1\",\n"
|
||||
+ " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
|
||||
+ " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"
|
||||
+ " \"issuer\": \"https://example.com\",\n"
|
||||
+ " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n"
|
||||
+ " \"token_endpoint\": \"https://example.com/oauth2/token\",\n"
|
||||
+ " \"response_types_supported\": [\"code\"]\n"
|
||||
+ "}\n";
|
||||
// @formatter:on
|
||||
@@ -72,9 +72,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata = this.messageConverter
|
||||
.readInternal(OAuth2AuthorizationServerMetadata.class, response);
|
||||
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull();
|
||||
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
|
||||
@@ -91,17 +91,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
public void readInternalWhenValidParametersThenSuccess() throws Exception {
|
||||
// @formatter:off
|
||||
String authorizationServerMetadataResponse = "{\n"
|
||||
+ " \"issuer\": \"https://example.com/issuer1\",\n"
|
||||
+ " \"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
|
||||
+ " \"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"
|
||||
+ " \"issuer\": \"https://example.com\",\n"
|
||||
+ " \"authorization_endpoint\": \"https://example.com/oauth2/authorize\",\n"
|
||||
+ " \"token_endpoint\": \"https://example.com/oauth2/token\",\n"
|
||||
+ " \"token_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
|
||||
+ " \"jwks_uri\": \"https://example.com/issuer1/oauth2/jwks\",\n"
|
||||
+ " \"jwks_uri\": \"https://example.com/oauth2/jwks\",\n"
|
||||
+ " \"scopes_supported\": [\"openid\"],\n"
|
||||
+ " \"response_types_supported\": [\"code\"],\n"
|
||||
+ " \"grant_types_supported\": [\"authorization_code\", \"client_credentials\"],\n"
|
||||
+ " \"revocation_endpoint\": \"https://example.com/issuer1/oauth2/revoke\",\n"
|
||||
+ " \"revocation_endpoint\": \"https://example.com/oauth2/revoke\",\n"
|
||||
+ " \"revocation_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
|
||||
+ " \"introspection_endpoint\": \"https://example.com/issuer1/oauth2/introspect\",\n"
|
||||
+ " \"introspection_endpoint\": \"https://example.com/oauth2/introspect\",\n"
|
||||
+ " \"introspection_endpoint_auth_methods_supported\": [\"client_secret_basic\"],\n"
|
||||
+ " \"code_challenge_methods_supported\": [\"S256\"],\n"
|
||||
+ " \"custom_claim\": \"value\",\n"
|
||||
@@ -113,17 +113,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
.readInternal(OAuth2AuthorizationServerMetadata.class, response);
|
||||
|
||||
assertThat(authorizationServerMetadata.getClaims()).hasSize(15);
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com"));
|
||||
assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/authorize"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/oauth2/token"));
|
||||
assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/issuer1/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getJwkSetUrl()).isEqualTo(new URL("https://example.com/oauth2/jwks"));
|
||||
assertThat(authorizationServerMetadata.getScopes()).containsExactly("openid");
|
||||
assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");
|
||||
assertThat(authorizationServerMetadata.getGrantTypes()).containsExactlyInAnyOrder("authorization_code", "client_credentials");
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpoint()).isEqualTo(new URL("https://example.com/oauth2/revoke"));
|
||||
assertThat(authorizationServerMetadata.getTokenRevocationEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpoint()).isEqualTo(new URL("https://example.com/oauth2/introspect"));
|
||||
assertThat(authorizationServerMetadata.getTokenIntrospectionEndpointAuthenticationMethods()).containsExactly(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
|
||||
assertThat(authorizationServerMetadata.getCodeChallengeMethods()).containsExactly("S256");
|
||||
assertThat(authorizationServerMetadata.getClaimAsString("custom_claim")).isEqualTo("value");
|
||||
@@ -159,18 +159,18 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
public void writeInternalWhenOAuth2AuthorizationServerMetadataThenSuccess() {
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata =
|
||||
OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer("https://example.com/issuer1")
|
||||
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
|
||||
.issuer("https://example.com")
|
||||
.authorizationEndpoint("https://example.com/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/oauth2/token")
|
||||
.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
|
||||
.jwkSetUrl("https://example.com/oauth2/jwks")
|
||||
.scope("openid")
|
||||
.responseType("code")
|
||||
.grantType("authorization_code")
|
||||
.grantType("client_credentials")
|
||||
.tokenRevocationEndpoint("https://example.com/issuer1/oauth2/revoke")
|
||||
.tokenRevocationEndpoint("https://example.com/oauth2/revoke")
|
||||
.tokenRevocationEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.tokenIntrospectionEndpoint("https://example.com/issuer1/oauth2/introspect")
|
||||
.tokenIntrospectionEndpoint("https://example.com/oauth2/introspect")
|
||||
.tokenIntrospectionEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
|
||||
.codeChallengeMethod("S256")
|
||||
.claim("custom_claim", "value")
|
||||
@@ -181,17 +181,17 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
this.messageConverter.writeInternal(authorizationServerMetadata, outputMessage);
|
||||
|
||||
String authorizationServerMetadataResponse = outputMessage.getBodyAsString();
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/authorize\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/token\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/authorize\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/token\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/jwks\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/jwks\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"scopes_supported\":[\"openid\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/revoke\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/revoke\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/introspect\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/introspect\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"custom_claim\":\"value\"");
|
||||
@@ -210,9 +210,9 @@ public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
|
||||
MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
|
||||
OAuth2AuthorizationServerMetadata authorizationServerMetadata =
|
||||
OAuth2AuthorizationServerMetadata.builder()
|
||||
.issuer("https://example.com/issuer1")
|
||||
.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/issuer1/oauth2/token")
|
||||
.issuer("https://example.com")
|
||||
.authorizationEndpoint("https://example.com/oauth2/authorize")
|
||||
.tokenEndpoint("https://example.com/oauth2/token")
|
||||
.responseType("code")
|
||||
.build();
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020-2022 the original author or authors.
|
||||
* Copyright 2020-2023 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -87,7 +87,7 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
|
||||
|
||||
@Test
|
||||
public void doFilterWhenAuthorizationServerMetadataRequestThenMetadataResponse() throws Exception {
|
||||
String issuer = "https://example.com/issuer1";
|
||||
String issuer = "https://example.com";
|
||||
String authorizationEndpoint = "/oauth2/v1/authorize";
|
||||
String tokenEndpoint = "/oauth2/v1/token";
|
||||
String jwkSetEndpoint = "/oauth2/v1/jwks";
|
||||
@@ -116,16 +116,16 @@ public class OAuth2AuthorizationServerMetadataEndpointFilterTests {
|
||||
|
||||
assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
|
||||
String authorizationServerMetadataResponse = response.getContentAsString();
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com/issuer1\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/v1/authorize\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/v1/token\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"issuer\":\"https://example.com\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"authorization_endpoint\":\"https://example.com/oauth2/v1/authorize\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint\":\"https://example.com/oauth2/v1/token\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/v1/jwks\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"jwks_uri\":\"https://example.com/oauth2/v1/jwks\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"response_types_supported\":[\"code\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\",\"urn:ietf:params:oauth:grant-type:device_code\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/v1/revoke\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint\":\"https://example.com/oauth2/v1/revoke\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/issuer1/oauth2/v1/introspect\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint\":\"https://example.com/oauth2/v1/introspect\"");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"introspection_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
|
||||
assertThat(authorizationServerMetadataResponse).contains("\"code_challenge_methods_supported\":[\"S256\"]");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user