@Override public int hashCode() { return this.getValue().hashCode(); } }
private void validateImplicitGrantType() { Assert.isTrue(AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType), () -> "authorizationGrantType must be " + AuthorizationGrantType.IMPLICIT.getValue()); Assert.hasText(this.registrationId, "registrationId cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); }
private void validateClientCredentialsGrantType() { Assert.isTrue(AuthorizationGrantType.CLIENT_CREDENTIALS.equals(this.authorizationGrantType), () -> "authorizationGrantType must be " + AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); Assert.hasText(this.registrationId, "registrationId cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); Assert.hasText(this.tokenUri, "tokenUri cannot be empty"); }
private void validateAuthorizationCodeGrantType() { Assert.isTrue(AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType), () -> "authorizationGrantType must be " + AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); Assert.hasText(this.registrationId, "registrationId cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); Assert.hasText(this.tokenUri, "tokenUri cannot be empty"); }
private static BodyInserters.FormInserter<String> refreshTokenBody(String refreshToken) { return BodyInserters .fromFormData("grant_type", AuthorizationGrantType.REFRESH_TOKEN.getValue()) .with("refresh_token", refreshToken); }
private static BodyInserters.FormInserter<String> refreshTokenBody(String refreshToken) { return BodyInserters .fromFormData("grant_type", AuthorizationGrantType.REFRESH_TOKEN.getValue()) .with("refresh_token", refreshToken); } }
@Test public void getValueWhenRefreshTokenGrantTypeThenReturnRefreshToken() { assertThat(AuthorizationGrantType.REFRESH_TOKEN.getValue()).isEqualTo("refresh_token"); } }
@Test public void getValueWhenImplicitGrantTypeThenReturnImplicit() { assertThat(AuthorizationGrantType.IMPLICIT.getValue()).isEqualTo("implicit"); }
@Test public void getValueWhenAuthorizationCodeGrantTypeThenReturnAuthorizationCode() { assertThat(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()).isEqualTo("authorization_code"); }
/** * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body. * * @param clientCredentialsGrantRequest the client credentials grant request * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body */ private MultiValueMap<String, String> buildFormParameters(OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest) { ClientRegistration clientRegistration = clientCredentialsGrantRequest.getClientRegistration(); MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>(); formParameters.add(OAuth2ParameterNames.GRANT_TYPE, clientCredentialsGrantRequest.getGrantType().getValue()); if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) { formParameters.add(OAuth2ParameterNames.SCOPE, StringUtils.collectionToDelimitedString(clientRegistration.getScopes(), " ")); } if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) { formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId()); formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret()); } return formParameters; } }
/** * Returns a {@link MultiValueMap} of the form parameters used for the Access Token Request body. * * @param authorizationCodeGrantRequest the authorization code grant request * @return a {@link MultiValueMap} of the form parameters used for the Access Token Request body */ private MultiValueMap<String, String> buildFormParameters(OAuth2AuthorizationCodeGrantRequest authorizationCodeGrantRequest) { ClientRegistration clientRegistration = authorizationCodeGrantRequest.getClientRegistration(); OAuth2AuthorizationExchange authorizationExchange = authorizationCodeGrantRequest.getAuthorizationExchange(); MultiValueMap<String, String> formParameters = new LinkedMultiValueMap<>(); formParameters.add(OAuth2ParameterNames.GRANT_TYPE, authorizationCodeGrantRequest.getGrantType().getValue()); formParameters.add(OAuth2ParameterNames.CODE, authorizationExchange.getAuthorizationResponse().getCode()); formParameters.add(OAuth2ParameterNames.REDIRECT_URI, authorizationExchange.getAuthorizationRequest().getRedirectUri()); if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) { formParameters.add(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId()); formParameters.add(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret()); } return formParameters; } }
private static BodyInserters.FormInserter<String> body(OAuth2AuthorizationExchange authorizationExchange) { OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse(); String redirectUri = authorizationExchange.getAuthorizationRequest().getRedirectUri(); BodyInserters.FormInserter<String> body = BodyInserters .fromFormData("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .with("code", authorizationResponse.getCode()); if (redirectUri != null) { body.with("redirect_uri", redirectUri); } return body; } }
@SuppressWarnings("unchecked") @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity<?> requestEntity = this.converter.convert(this.authorizationCodeGrantRequest); ClientRegistration clientRegistration = this.authorizationCodeGrantRequest.getClientRegistration(); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo( clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()).isEqualTo( MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo( AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.CODE)).isEqualTo("code-1234"); assertThat(formParameters.getFirst(OAuth2ParameterNames.REDIRECT_URI)).isEqualTo( clientRegistration.getRedirectUriTemplate()); } }
private static BodyInserters.FormInserter<String> body(OAuth2ClientCredentialsGrantRequest authorizationGrantRequest) { ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration(); BodyInserters.FormInserter<String> body = BodyInserters .fromFormData(OAuth2ParameterNames.GRANT_TYPE, authorizationGrantRequest.getGrantType().getValue()); Set<String> scopes = clientRegistration.getScopes(); if (!CollectionUtils.isEmpty(scopes)) { String scope = StringUtils.collectionToDelimitedString(scopes, " "); body.with(OAuth2ParameterNames.SCOPE, scope); } if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) { body.with(OAuth2ParameterNames.CLIENT_ID, clientRegistration.getClientId()); body.with(OAuth2ParameterNames.CLIENT_SECRET, clientRegistration.getClientSecret()); } return body; }
@SuppressWarnings("unchecked") @Test public void convertWhenGrantRequestValidThenConverts() { RequestEntity<?> requestEntity = this.converter.convert(this.clientCredentialsGrantRequest); ClientRegistration clientRegistration = this.clientCredentialsGrantRequest.getClientRegistration(); assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); assertThat(requestEntity.getUrl().toASCIIString()).isEqualTo( clientRegistration.getProviderDetails().getTokenUri()); HttpHeaders headers = requestEntity.getHeaders(); assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); assertThat(headers.getContentType()).isEqualTo( MediaType.valueOf(APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).startsWith("Basic "); MultiValueMap<String, String> formParameters = (MultiValueMap<String, String>) requestEntity.getBody(); assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)).isEqualTo( AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write"); } }
} else { throw new IllegalArgumentException("Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue() + ") for Client Registration with Id: " + clientRegistration.getRegistrationId());
private OAuth2AuthorizationRequest authorizationRequest(ServerWebExchange exchange, ClientRegistration clientRegistration) { String redirectUriStr = this .expandRedirectUri(exchange.getRequest(), clientRegistration); Map<String, Object> additionalParameters = new HashMap<>(); additionalParameters.put(OAuth2ParameterNames.REGISTRATION_ID, clientRegistration.getRegistrationId()); OAuth2AuthorizationRequest.Builder builder; if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) { builder = OAuth2AuthorizationRequest.authorizationCode(); } else if (AuthorizationGrantType.IMPLICIT.equals(clientRegistration.getAuthorizationGrantType())) { builder = OAuth2AuthorizationRequest.implicit(); } else { throw new IllegalArgumentException( "Invalid Authorization Grant Type (" + clientRegistration.getAuthorizationGrantType().getValue() + ") for Client Registration with Id: " + clientRegistration.getRegistrationId()); } return builder .clientId(clientRegistration.getClientId()) .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri()) .redirectUri(redirectUriStr).scopes(clientRegistration.getScopes()) .state(this.stateGenerator.generateKey()) .additionalParameters(additionalParameters) .build(); }
private void validateImplicitGrantType() { Assert.isTrue(AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType), () -> "authorizationGrantType must be " + AuthorizationGrantType.IMPLICIT.getValue()); Assert.hasText(this.registrationId, "registrationId cannot be empty"); Assert.hasText(this.clientId, "clientId cannot be empty"); Assert.hasText(this.redirectUriTemplate, "redirectUriTemplate cannot be empty"); Assert.hasText(this.authorizationUri, "authorizationUri cannot be empty"); }
private static BodyInserters.FormInserter<String> body(OAuth2AuthorizationExchange authorizationExchange) { OAuth2AuthorizationResponse authorizationResponse = authorizationExchange.getAuthorizationResponse(); String redirectUri = authorizationExchange.getAuthorizationRequest().getRedirectUri(); BodyInserters.FormInserter<String> body = BodyInserters .fromFormData("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue()) .with("code", authorizationResponse.getCode()); if (redirectUri != null) { body.with("redirect_uri", redirectUri); } return body; } }