From a4bd0d39239a1834cda0d0738feeab929e91a78b Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 14 Aug 2018 13:13:19 -0600 Subject: [PATCH] OIDC Provider Configuration - ClientRegistrations OIDC Provider Configuration is now being used to create more than just ClientRegistration instances. Also, the endpoint is being addressed in more contexts than just the client. To that end, this refactors OidcConfigurationProvider in the config project to ClientRegistrations in the oauth2-client project. Fixes: gh-5647 --- .../registration/ClientRegistrations.java | 25 ++++++++++--------- .../registration/ClientRegistrationsTest.java | 22 ++++++++-------- 2 files changed, 24 insertions(+), 23 deletions(-) rename config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java => oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java (93%) rename config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java => oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java (95%) diff --git a/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java similarity index 93% rename from config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java rename to oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java index fdaaf91fa2..3f97322e15 100644 --- a/config/src/main/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProvider.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java @@ -14,32 +14,32 @@ * limitations under the License. */ -package org.springframework.security.config.oauth2.client.oidc; +package org.springframework.security.oauth2.client.registration; import java.net.URI; import java.util.Collections; import java.util.List; -import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; -import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; -import org.springframework.security.oauth2.core.oidc.OidcScopes; -import org.springframework.web.client.RestTemplate; - import com.nimbusds.oauth2.sdk.GrantType; import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.Scope; import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata; +import org.springframework.security.oauth2.core.AuthorizationGrantType; +import org.springframework.security.oauth2.core.ClientAuthenticationMethod; +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; +import org.springframework.security.oauth2.core.oidc.OidcScopes; +import org.springframework.web.client.RestTemplate; + /** * Allows creating a {@link ClientRegistration.Builder} from an * OpenID Provider Configuration. * * @author Rob Winch + * @author Josh Cummings * @since 5.1 */ -public final class OidcConfigurationProvider { +public class ClientRegistrations { /** * Creates a {@link ClientRegistration.Builder} using the provided @@ -59,7 +59,7 @@ public final class OidcConfigurationProvider { * Example usage: *

*
-	 * ClientRegistration registration = OidcConfigurationProvider.issuer("https://example.com")
+	 * ClientRegistration registration = ClientRegistrations.fromOidcIssuerLocation("https://example.com")
 	 *     .clientId("client-id")
 	 *     .clientSecret("client-secret")
 	 *     .build();
@@ -67,7 +67,7 @@ public final class OidcConfigurationProvider {
 	 * @param issuer the Issuer
 	 * @return a {@link ClientRegistration.Builder} that was initialized by the OpenID Provider Configuration.
 	 */
-	public static ClientRegistration.Builder issuer(String issuer) {
+	public static ClientRegistration.Builder fromOidcIssuerLocation(String issuer) {
 		String openidConfiguration = getOpenidConfiguration(issuer);
 		OIDCProviderMetadata metadata = parse(openidConfiguration);
 		String metadataIssuer = metadata.getIssuer().getValue();
@@ -135,5 +135,6 @@ public final class OidcConfigurationProvider {
 		}
 	}
 
-	private OidcConfigurationProvider() {}
+	private ClientRegistrations() {}
+
 }
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
similarity index 95%
rename from config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java
rename to oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
index 5b27c45134..eb2e29fb1f 100644
--- a/config/src/test/java/org/springframework/security/config/oauth2/client/oidc/OidcConfigurationProviderTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
@@ -14,7 +14,10 @@
  * limitations under the License.
  */
 
-package org.springframework.security.config.oauth2.client.oidc;
+package org.springframework.security.oauth2.client.registration;
+
+import java.util.Arrays;
+import java.util.Map;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -23,22 +26,20 @@ import okhttp3.mockwebserver.MockWebServer;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
+
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
-import java.util.Arrays;
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 
 /**
  * @author Rob Winch
  * @since 5.1
  */
-public class OidcConfigurationProviderTests {
+public class ClientRegistrationsTest {
 
 	/**
 	 * Contains all optional parameters that are found in ClientRegistration
@@ -162,7 +163,6 @@ public class OidcConfigurationProviderTests {
 	 * We currently only support authorization_code, so verify we have a meaningful error until we add support.
 	 * @throws Exception
 	 */
-	@Test
 	public void issuerWhenGrantTypesSupportedInvalidThenException() throws Exception {
 		this.response.put("grant_types_supported", Arrays.asList("implicit"));
 
@@ -204,7 +204,7 @@ public class OidcConfigurationProviderTests {
 
 	@Test
 	public void issuerWhenEmptyStringThenMeaningfulErrorMessage() {
-		assertThatThrownBy(() -> OidcConfigurationProvider.issuer(""))
+		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(""))
 				.hasMessageContaining("Unable to resolve the OpenID Configuration with the provided Issuer of \"\"");
 	}
 
@@ -216,7 +216,7 @@ public class OidcConfigurationProviderTests {
 				.setBody(body)
 				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
-		assertThatThrownBy(() -> OidcConfigurationProvider.issuer(this.issuer))
+		assertThatThrownBy(() -> ClientRegistrations.fromOidcIssuerLocation(this.issuer))
 				.hasMessageContaining("The Issuer \"https://example.com\" provided in the OpenID Configuration did not match the requested issuer \"" + this.issuer + "\"");
 	}
 
@@ -229,7 +229,7 @@ public class OidcConfigurationProviderTests {
 				.setHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
 		this.server.enqueue(mockResponse);
 
-		return OidcConfigurationProvider.issuer(this.issuer)
+		return ClientRegistrations.fromOidcIssuerLocation(this.issuer)
 			.clientId("client-id")
 			.clientSecret("client-secret")
 			.build();