Preserve manual formatting
Issue gh-1616
This commit is contained in:
@@ -74,7 +74,8 @@ public abstract class AbstractOAuth2AuthorizationServerMetadata implements OAuth
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
protected final B getThis() {
|
||||
return (B) this; // avoid unchecked casts in subclasses by using "getThis()" instead of "(B) this"
|
||||
// avoid unchecked casts in subclasses by using "getThis()" instead of "(B) this"
|
||||
return (B) this;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -150,6 +150,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
|
||||
}
|
||||
|
||||
private static boolean hasToken(OAuth2Authorization authorization, String token, @Nullable OAuth2TokenType tokenType) {
|
||||
// @formatter:off
|
||||
if (tokenType == null) {
|
||||
return matchesState(authorization, token) ||
|
||||
matchesAuthorizationCode(authorization, token) ||
|
||||
@@ -173,6 +174,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
|
||||
} else if (OAuth2ParameterNames.USER_CODE.equals(tokenType.getValue())) {
|
||||
return matchesUserCode(authorization, token);
|
||||
}
|
||||
// @formatter:on
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -88,10 +88,12 @@ public final class ClientSecretAuthenticationProvider implements AuthenticationP
|
||||
OAuth2ClientAuthenticationToken clientAuthentication =
|
||||
(OAuth2ClientAuthenticationToken) authentication;
|
||||
|
||||
// @formatter:off
|
||||
if (!ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientAuthentication.getClientAuthenticationMethod()) &&
|
||||
!ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientAuthentication.getClientAuthenticationMethod())) {
|
||||
return null;
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
String clientId = clientAuthentication.getPrincipal().toString();
|
||||
RegisteredClient registeredClient = this.registeredClientRepository.findByClientId(clientId);
|
||||
|
||||
@@ -125,9 +125,11 @@ final class CodeVerifierAuthenticator {
|
||||
}
|
||||
|
||||
private static boolean authorizationCodeGrant(Map<String, Object> parameters) {
|
||||
// @formatter:off
|
||||
return AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(
|
||||
parameters.get(OAuth2ParameterNames.GRANT_TYPE)) &&
|
||||
parameters.get(OAuth2ParameterNames.CODE) != null;
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
private static boolean codeVerifierValid(String codeVerifier, String codeChallenge, String codeChallengeMethod) {
|
||||
|
||||
@@ -92,10 +92,12 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
|
||||
this.logger.trace("Retrieved registered client");
|
||||
}
|
||||
|
||||
// @formatter:off
|
||||
if (!registeredClient.getClientAuthenticationMethods().contains(ClientAuthenticationMethod.PRIVATE_KEY_JWT) &&
|
||||
!registeredClient.getClientAuthenticationMethods().contains(ClientAuthenticationMethod.CLIENT_SECRET_JWT)) {
|
||||
throwInvalidClient("authentication_method");
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
if (clientAuthentication.getCredentials() == null) {
|
||||
throwInvalidClient("credentials");
|
||||
@@ -116,10 +118,12 @@ public final class JwtClientAssertionAuthenticationProvider implements Authentic
|
||||
// Validate the "code_verifier" parameter for the confidential client, if available
|
||||
this.codeVerifierAuthenticator.authenticateIfAvailable(clientAuthentication, registeredClient);
|
||||
|
||||
// @formatter:off
|
||||
ClientAuthenticationMethod clientAuthenticationMethod =
|
||||
registeredClient.getClientSettings().getTokenEndpointAuthenticationSigningAlgorithm() instanceof SignatureAlgorithm ?
|
||||
ClientAuthenticationMethod.PRIVATE_KEY_JWT :
|
||||
ClientAuthenticationMethod.CLIENT_SECRET_JWT;
|
||||
// @formatter:on
|
||||
|
||||
if (this.logger.isTraceEnabled()) {
|
||||
this.logger.trace("Authenticated client assertion");
|
||||
|
||||
@@ -213,8 +213,8 @@ public final class OAuth2AuthorizationCodeAuthenticationProvider implements Auth
|
||||
|
||||
// ----- Refresh token -----
|
||||
OAuth2RefreshToken refreshToken = null;
|
||||
// Do not issue refresh token to public client
|
||||
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
|
||||
// Do not issue refresh token to public client
|
||||
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
|
||||
|
||||
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
|
||||
|
||||
@@ -306,7 +306,8 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
} else if (AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(authorizationGrantType)) {
|
||||
return AuthorizationGrantType.REFRESH_TOKEN;
|
||||
}
|
||||
return new AuthorizationGrantType(authorizationGrantType); // Custom authorization grant type
|
||||
// Custom authorization grant type
|
||||
return new AuthorizationGrantType(authorizationGrantType);
|
||||
}
|
||||
|
||||
private static ClientAuthenticationMethod resolveClientAuthenticationMethod(String clientAuthenticationMethod) {
|
||||
@@ -317,7 +318,8 @@ public class JdbcRegisteredClientRepository implements RegisteredClientRepositor
|
||||
} else if (ClientAuthenticationMethod.NONE.getValue().equals(clientAuthenticationMethod)) {
|
||||
return ClientAuthenticationMethod.NONE;
|
||||
}
|
||||
return new ClientAuthenticationMethod(clientAuthenticationMethod); // Custom client authentication method
|
||||
// Custom client authentication method
|
||||
return new ClientAuthenticationMethod(clientAuthenticationMethod);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -97,8 +97,8 @@ public final class OidcLogoutAuthenticationProvider implements AuthenticationPro
|
||||
}
|
||||
|
||||
OAuth2Authorization.Token<OidcIdToken> authorizedIdToken = authorization.getToken(OidcIdToken.class);
|
||||
if (authorizedIdToken.isInvalidated() ||
|
||||
authorizedIdToken.isBeforeUse()) { // Expired ID Token should be accepted
|
||||
if (authorizedIdToken.isInvalidated() || authorizedIdToken.isBeforeUse()) {
|
||||
// Expired ID Token should be accepted
|
||||
throwError(OAuth2ErrorCodes.INVALID_TOKEN, "id_token_hint");
|
||||
}
|
||||
|
||||
|
||||
@@ -149,6 +149,7 @@ public final class OidcUserInfoAuthenticationProvider implements AuthenticationP
|
||||
|
||||
private static final class DefaultOidcUserInfoMapper implements Function<OidcUserInfoAuthenticationContext, OidcUserInfo> {
|
||||
|
||||
// @formatter:off
|
||||
private static final List<String> EMAIL_CLAIMS = Arrays.asList(
|
||||
StandardClaimNames.EMAIL,
|
||||
StandardClaimNames.EMAIL_VERIFIED
|
||||
@@ -173,6 +174,7 @@ public final class OidcUserInfoAuthenticationProvider implements AuthenticationP
|
||||
StandardClaimNames.LOCALE,
|
||||
StandardClaimNames.UPDATED_AT
|
||||
);
|
||||
// @formatter:on
|
||||
|
||||
@Override
|
||||
public OidcUserInfo apply(OidcUserInfoAuthenticationContext authenticationContext) {
|
||||
|
||||
@@ -200,7 +200,8 @@ public final class OidcLogoutEndpointFilter extends OncePerRequestFilter {
|
||||
OAuth2ParameterNames.STATE,
|
||||
UriUtils.encode(oidcLogoutAuthentication.getState(), StandardCharsets.UTF_8));
|
||||
}
|
||||
redirectUri = uriBuilder.build(true).toUriString(); // build(true) -> Components are explicitly encoded
|
||||
// build(true) -> Components are explicitly encoded
|
||||
redirectUri = uriBuilder.build(true).toUriString();
|
||||
this.redirectStrategy.sendRedirect(request, response, redirectUri);
|
||||
} else {
|
||||
// Perform default redirect
|
||||
|
||||
@@ -74,6 +74,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
|
||||
@Nullable
|
||||
@Override
|
||||
public Jwt generate(OAuth2TokenContext context) {
|
||||
// @formatter:off
|
||||
if (context.getTokenType() == null ||
|
||||
(!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) &&
|
||||
!OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue()))) {
|
||||
@@ -83,6 +84,7 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
|
||||
!OAuth2TokenFormat.SELF_CONTAINED.equals(context.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
|
||||
return null;
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
String issuer = null;
|
||||
if (context.getAuthorizationServerContext() != null) {
|
||||
|
||||
@@ -55,10 +55,12 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
|
||||
@Nullable
|
||||
@Override
|
||||
public OAuth2AccessToken generate(OAuth2TokenContext context) {
|
||||
// @formatter:off
|
||||
if (!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType()) ||
|
||||
!OAuth2TokenFormat.REFERENCE.equals(context.getRegisteredClient().getTokenSettings().getAccessTokenFormat())) {
|
||||
return null;
|
||||
}
|
||||
// @formatter:on
|
||||
|
||||
String issuer = null;
|
||||
if (context.getAuthorizationServerContext() != null) {
|
||||
|
||||
@@ -56,7 +56,8 @@ class DefaultConsentPage {
|
||||
for (String scope : requestedScopes) {
|
||||
if (authorizedScopes.contains(scope)) {
|
||||
scopesPreviouslyAuthorized.add(scope);
|
||||
} else if (!scope.equals(OidcScopes.OPENID)) { // openid scope does not require consent
|
||||
} else if (!scope.equals(OidcScopes.OPENID)) {
|
||||
// openid scope does not require consent
|
||||
scopesToAuthorize.add(scope);
|
||||
}
|
||||
}
|
||||
@@ -68,8 +69,8 @@ class DefaultConsentPage {
|
||||
// authorizing the correct device.
|
||||
String userCode = additionalParameters.get(OAuth2ParameterNames.USER_CODE);
|
||||
|
||||
// @formatter:off
|
||||
StringBuilder builder = new StringBuilder();
|
||||
|
||||
builder.append("<!DOCTYPE html>");
|
||||
builder.append("<html lang=\"en\">");
|
||||
builder.append("<head>");
|
||||
@@ -149,6 +150,7 @@ class DefaultConsentPage {
|
||||
builder.append("</div>");
|
||||
builder.append("</body>");
|
||||
builder.append("</html>");
|
||||
// @formatter:on
|
||||
|
||||
return builder.toString();
|
||||
}
|
||||
|
||||
@@ -121,10 +121,12 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
|
||||
Assert.hasText(authorizationEndpointUri, "authorizationEndpointUri cannot be empty");
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.authorizationEndpointMatcher = createDefaultRequestMatcher(authorizationEndpointUri);
|
||||
// @formatter:off
|
||||
this.authenticationConverter = new DelegatingAuthenticationConverter(
|
||||
Arrays.asList(
|
||||
new OAuth2AuthorizationCodeRequestAuthenticationConverter(),
|
||||
new OAuth2AuthorizationConsentAuthenticationConverter()));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
private static RequestMatcher createDefaultRequestMatcher(String authorizationEndpointUri) {
|
||||
@@ -167,9 +169,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
|
||||
Authentication authenticationResult = this.authenticationManager.authenticate(authentication);
|
||||
|
||||
if (!authenticationResult.isAuthenticated()) {
|
||||
// If the Principal (Resource Owner) is not authenticated then
|
||||
// pass through the chain with the expectation that the authentication process
|
||||
// will commence via AuthenticationEntryPoint
|
||||
// If the Principal (Resource Owner) is not authenticated then pass through the chain
|
||||
// with the expectation that the authentication process will commence via AuthenticationEntryPoint
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
@@ -321,7 +322,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
|
||||
OAuth2ParameterNames.STATE,
|
||||
UriUtils.encode(authorizationCodeRequestAuthentication.getState(), StandardCharsets.UTF_8));
|
||||
}
|
||||
String redirectUri = uriBuilder.build(true).toUriString(); // build(true) -> Components are explicitly encoded
|
||||
// build(true) -> Components are explicitly encoded
|
||||
String redirectUri = uriBuilder.build(true).toUriString();
|
||||
this.redirectStrategy.sendRedirect(request, response, redirectUri);
|
||||
}
|
||||
|
||||
@@ -362,7 +364,8 @@ public final class OAuth2AuthorizationEndpointFilter extends OncePerRequestFilte
|
||||
OAuth2ParameterNames.STATE,
|
||||
UriUtils.encode(authorizationCodeRequestAuthentication.getState(), StandardCharsets.UTF_8));
|
||||
}
|
||||
String redirectUri = uriBuilder.build(true).toUriString(); // build(true) -> Components are explicitly encoded
|
||||
// build(true) -> Components are explicitly encoded
|
||||
String redirectUri = uriBuilder.build(true).toUriString();
|
||||
this.redirectStrategy.sendRedirect(request, response, redirectUri);
|
||||
}
|
||||
|
||||
|
||||
@@ -94,12 +94,14 @@ public final class OAuth2ClientAuthenticationFilter extends OncePerRequestFilter
|
||||
Assert.notNull(requestMatcher, "requestMatcher cannot be null");
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.requestMatcher = requestMatcher;
|
||||
// @formatter:off
|
||||
this.authenticationConverter = new DelegatingAuthenticationConverter(
|
||||
Arrays.asList(
|
||||
new JwtClientAssertionAuthenticationConverter(),
|
||||
new ClientSecretBasicAuthenticationConverter(),
|
||||
new ClientSecretPostAuthenticationConverter(),
|
||||
new PublicClientAuthenticationConverter()));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -112,10 +112,12 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
|
||||
Assert.hasText(deviceVerificationEndpointUri, "deviceVerificationEndpointUri cannot be empty");
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.deviceVerificationEndpointMatcher = createDefaultRequestMatcher(deviceVerificationEndpointUri);
|
||||
// @formatter:off
|
||||
this.authenticationConverter = new DelegatingAuthenticationConverter(
|
||||
Arrays.asList(
|
||||
new OAuth2DeviceVerificationAuthenticationConverter(),
|
||||
new OAuth2DeviceAuthorizationConsentAuthenticationConverter()));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
private RequestMatcher createDefaultRequestMatcher(String deviceVerificationEndpointUri) {
|
||||
@@ -149,9 +151,8 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
|
||||
|
||||
Authentication authenticationResult = this.authenticationManager.authenticate(authentication);
|
||||
if (!authenticationResult.isAuthenticated()) {
|
||||
// If the Principal (Resource Owner) is not authenticated then
|
||||
// pass through the chain with the expectation that the authentication process
|
||||
// will commence via AuthenticationEntryPoint
|
||||
// If the Principal (Resource Owner) is not authenticated then pass through the chain
|
||||
// with the expectation that the authentication process will commence via AuthenticationEntryPoint
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -135,12 +135,14 @@ public final class OAuth2TokenEndpointFilter extends OncePerRequestFilter {
|
||||
Assert.hasText(tokenEndpointUri, "tokenEndpointUri cannot be empty");
|
||||
this.authenticationManager = authenticationManager;
|
||||
this.tokenEndpointMatcher = new AntPathRequestMatcher(tokenEndpointUri, HttpMethod.POST.name());
|
||||
// @formatter:off
|
||||
this.authenticationConverter = new DelegatingAuthenticationConverter(
|
||||
Arrays.asList(
|
||||
new OAuth2AuthorizationCodeAuthenticationConverter(),
|
||||
new OAuth2RefreshTokenAuthenticationConverter(),
|
||||
new OAuth2ClientCredentialsAuthenticationConverter(),
|
||||
new OAuth2DeviceCodeAuthenticationConverter()));
|
||||
// @formatter:on
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -218,7 +218,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
|
||||
assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
|
||||
assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
|
||||
assertThat(authenticationResult.getDeviceCode().getTokenValue()).hasSize(128);
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
|
||||
// 8 chars + 1 dash
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
|
||||
|
||||
ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
|
||||
verify(this.authorizationService).save(authorizationCaptor.capture());
|
||||
@@ -244,7 +245,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
|
||||
assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
|
||||
assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
|
||||
assertThat(authenticationResult.getDeviceCode().getTokenValue()).hasSize(128);
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
|
||||
// 8 chars + 1 dash
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
|
||||
|
||||
ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
|
||||
verify(this.authorizationService).save(authorizationCaptor.capture());
|
||||
@@ -275,7 +277,8 @@ public class OAuth2DeviceAuthorizationRequestAuthenticationProviderTests {
|
||||
assertThat(authenticationResult.getPrincipal()).isEqualTo(authentication.getPrincipal());
|
||||
assertThat(authenticationResult.getScopes()).hasSameElementsAs(registeredClient.getScopes());
|
||||
assertThat(authenticationResult.getDeviceCode().getTokenValue()).isEqualTo(DEVICE_CODE);
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9); // 8 chars + 1 dash
|
||||
// 8 chars + 1 dash
|
||||
assertThat(authenticationResult.getUserCode().getTokenValue()).hasSize(9);
|
||||
|
||||
ArgumentCaptor<OAuth2TokenContext> tokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
|
||||
verify(deviceCodeGenerator).generate(tokenContextCaptor.capture());
|
||||
|
||||
@@ -400,7 +400,8 @@ public class JdbcRegisteredClientRepositoryTests {
|
||||
} else if (AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(authorizationGrantType)) {
|
||||
return AuthorizationGrantType.REFRESH_TOKEN;
|
||||
}
|
||||
return new AuthorizationGrantType(authorizationGrantType); // Custom authorization grant type
|
||||
// Custom authorization grant type
|
||||
return new AuthorizationGrantType(authorizationGrantType);
|
||||
}
|
||||
|
||||
private static ClientAuthenticationMethod resolveClientAuthenticationMethod(String clientAuthenticationMethod) {
|
||||
@@ -411,7 +412,8 @@ public class JdbcRegisteredClientRepositoryTests {
|
||||
} else if (ClientAuthenticationMethod.NONE.getValue().equals(clientAuthenticationMethod)) {
|
||||
return ClientAuthenticationMethod.NONE;
|
||||
}
|
||||
return new ClientAuthenticationMethod(clientAuthenticationMethod); // Custom client authentication method
|
||||
// Custom client authentication method
|
||||
return new ClientAuthenticationMethod(clientAuthenticationMethod);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -203,8 +203,9 @@ public class OidcProviderConfigurationTests {
|
||||
@Bean
|
||||
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||
// Enable OpenID Connect 1.0
|
||||
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
|
||||
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||
.oidc(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
||||
@@ -482,8 +482,9 @@ public class OidcTests {
|
||||
@Bean
|
||||
SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
|
||||
// Enable OpenID Connect 1.0
|
||||
http.getConfigurer(OAuth2AuthorizationServerConfigurer.class)
|
||||
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||
.oidc(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
@@ -578,9 +579,10 @@ public class OidcTests {
|
||||
new OAuth2AuthorizationServerConfigurer();
|
||||
http.apply(authorizationServerConfigurer);
|
||||
|
||||
// Enable OpenID Connect 1.0
|
||||
authorizationServerConfigurer
|
||||
.tokenGenerator(tokenGenerator())
|
||||
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||
.oidc(Customizer.withDefaults());
|
||||
|
||||
RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher();
|
||||
|
||||
|
||||
@@ -430,8 +430,9 @@ public class OidcUserInfoTests {
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
|
||||
new OAuth2AuthorizationServerConfigurer();
|
||||
// Enable OpenID Connect 1.0
|
||||
authorizationServerConfigurer
|
||||
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||
.oidc(Customizer.withDefaults());
|
||||
RequestMatcher endpointsMatcher = authorizationServerConfigurer
|
||||
.getEndpointsMatcher();
|
||||
|
||||
@@ -462,8 +463,9 @@ public class OidcUserInfoTests {
|
||||
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
|
||||
new OAuth2AuthorizationServerConfigurer();
|
||||
// Enable OpenID Connect 1.0
|
||||
authorizationServerConfigurer
|
||||
.oidc(Customizer.withDefaults()); // Enable OpenID Connect 1.0
|
||||
.oidc(Customizer.withDefaults());
|
||||
RequestMatcher endpointsMatcher = authorizationServerConfigurer
|
||||
.getEndpointsMatcher();
|
||||
|
||||
|
||||
@@ -507,10 +507,11 @@ public class OAuth2AuthorizationEndpointFilterTests {
|
||||
scopes.addAll(requestedScopes);
|
||||
})
|
||||
.build();
|
||||
// No scopes previously approved
|
||||
OAuth2AuthorizationConsentAuthenticationToken authorizationConsentAuthenticationResult =
|
||||
new OAuth2AuthorizationConsentAuthenticationToken(
|
||||
AUTHORIZATION_URI, registeredClient.getClientId(), principal,
|
||||
STATE, new HashSet<>(), null); // No scopes previously approved
|
||||
STATE, new HashSet<>(), null);
|
||||
authorizationConsentAuthenticationResult.setAuthenticated(true);
|
||||
when(this.authenticationManager.authenticate(any()))
|
||||
.thenReturn(authorizationConsentAuthenticationResult);
|
||||
@@ -538,10 +539,11 @@ public class OAuth2AuthorizationEndpointFilterTests {
|
||||
scopes.addAll(requestedScopes);
|
||||
})
|
||||
.build();
|
||||
// No scopes previously approved
|
||||
OAuth2AuthorizationConsentAuthenticationToken authorizationConsentAuthenticationResult =
|
||||
new OAuth2AuthorizationConsentAuthenticationToken(
|
||||
AUTHORIZATION_URI, registeredClient.getClientId(), principal,
|
||||
STATE, new HashSet<>(), null); // No scopes previously approved
|
||||
STATE, new HashSet<>(), null);
|
||||
authorizationConsentAuthenticationResult.setAuthenticated(true);
|
||||
when(this.authenticationManager.authenticate(any()))
|
||||
.thenReturn(authorizationConsentAuthenticationResult);
|
||||
|
||||
Reference in New Issue
Block a user