@Test public void constructorWhenAccessTokenResponseClientIsNullThenThrowIllegalArgumentException() { assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(null)) .isInstanceOf(IllegalArgumentException.class); }
@Test public void supportsWhenTypeOAuth2AuthorizationCodeAuthenticationTokenThenReturnTrue() { assertThat(this.authenticationProvider.supports(OAuth2AuthorizationCodeAuthenticationToken.class)).isTrue(); }
@Test public void authenticateWhenAuthorizationSuccessResponseThenExchangedForAccessToken() { OAuth2AccessTokenResponse accessTokenResponse = accessTokenResponse().refreshToken("refresh").build(); when(this.accessTokenResponseClient.getTokenResponse(any())).thenReturn(accessTokenResponse); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange( this.authorizationRequest, success().build()); OAuth2AuthorizationCodeAuthenticationToken authenticationResult = (OAuth2AuthorizationCodeAuthenticationToken) this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken(this.clientRegistration, authorizationExchange)); assertThat(authenticationResult.isAuthenticated()).isTrue(); assertThat(authenticationResult.getPrincipal()).isEqualTo(this.clientRegistration.getClientId()); assertThat(authenticationResult.getCredentials()) .isEqualTo(accessTokenResponse.getAccessToken().getTokenValue()); assertThat(authenticationResult.getAuthorities()).isEqualTo(Collections.emptyList()); assertThat(authenticationResult.getClientRegistration()).isEqualTo(this.clientRegistration); assertThat(authenticationResult.getAuthorizationExchange()).isEqualTo(authorizationExchange); assertThat(authenticationResult.getAccessToken()).isEqualTo(accessTokenResponse.getAccessToken()); assertThat(authenticationResult.getRefreshToken()).isEqualTo(accessTokenResponse.getRefreshToken()); } }
@Test public void authenticateWhenAuthorizationResponseStateNotEqualAuthorizationRequestStateThenThrowOAuth2AuthorizationException() { OAuth2AuthorizationResponse authorizationResponse = success().state("67890").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange( this.authorizationRequest, authorizationResponse); assertThatThrownBy(() -> { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, authorizationExchange)); }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_state_parameter"); }
@Test public void authenticateWhenAuthorizationErrorResponseThenThrowOAuth2AuthorizationException() { OAuth2AuthorizationResponse authorizationResponse = error().errorCode(OAuth2ErrorCodes.INVALID_REQUEST).build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange( this.authorizationRequest, authorizationResponse); assertThatThrownBy(() -> { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, authorizationExchange)); }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining(OAuth2ErrorCodes.INVALID_REQUEST); }
@Before @SuppressWarnings("unchecked") public void setUp() { this.clientRegistration = clientRegistration().build(); this.authorizationRequest = request().build(); this.accessTokenResponseClient = mock(OAuth2AccessTokenResponseClient.class); this.authenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(this.accessTokenResponseClient); }
@Test public void authenticateWhenAuthorizationResponseRedirectUriNotEqualAuthorizationRequestRedirectUriThenThrowOAuth2AuthorizationException() { OAuth2AuthorizationResponse authorizationResponse = success().redirectUri("http://example2.com").build(); OAuth2AuthorizationExchange authorizationExchange = new OAuth2AuthorizationExchange( this.authorizationRequest, authorizationResponse); assertThatThrownBy(() -> { this.authenticationProvider.authenticate( new OAuth2AuthorizationCodeAuthenticationToken( this.clientRegistration, authorizationExchange)); }).isInstanceOf(OAuth2AuthorizationException.class).hasMessageContaining("invalid_redirect_uri_parameter"); }