diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java index 2a1627ea530..47cd7303a21 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java @@ -33,6 +33,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails; +import org.springframework.security.oauth2.client.registration.ClientRegistration.ProviderDetails.UserInfoEndpoint; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames; @@ -61,21 +62,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { @Test public void getClientRegistrationsWhenUsingDefinedProviderShouldAdapt() { OAuth2ClientProperties properties = new OAuth2ClientProperties(); - Provider provider = new Provider(); - provider.setAuthorizationUri("http://example.com/auth"); - provider.setTokenUri("http://example.com/token"); - provider.setUserInfoUri("http://example.com/info"); + Provider provider = createProvider(); provider.setUserInfoAuthenticationMethod("form"); - provider.setUserNameAttribute("sub"); - provider.setJwkSetUri("http://example.com/jwk"); - OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration(); - registration.setProvider("provider"); - registration.setClientId("clientId"); - registration.setClientSecret("clientSecret"); - registration.setClientAuthenticationMethod("post"); - registration.setAuthorizationGrantType("authorization_code"); - registration.setRedirectUri("http://example.com/redirect"); - registration.setScope(Collections.singleton("scope")); + OAuth2ClientProperties.Registration registration = createRegistration("provider"); registration.setClientName("clientName"); properties.getRegistration().put("registration", registration); properties.getProvider().put("provider", provider); @@ -86,13 +75,11 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adaptedProvider.getAuthorizationUri()) .isEqualTo("http://example.com/auth"); assertThat(adaptedProvider.getTokenUri()).isEqualTo("http://example.com/token"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) - .isEqualTo("http://example.com/info"); - assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo( - org.springframework.security.oauth2.core.AuthenticationMethod.FORM); - assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) - .isEqualTo("sub"); + UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()).isEqualTo("http://example.com/info"); + assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.FORM); + assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo("sub"); assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("http://example.com/jwk"); assertThat(adapted.getRegistrationId()).isEqualTo("registration"); assertThat(adapted.getClientId()).isEqualTo("clientId"); @@ -103,7 +90,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUriTemplate()) .isEqualTo("http://example.com/redirect"); - assertThat(adapted.getScopes()).containsExactly("scope"); + assertThat(adapted.getScopes()).containsExactly("user"); assertThat(adapted.getClientName()).isEqualTo("clientName"); } @@ -123,9 +110,10 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); assertThat(adaptedProvider.getTokenUri()) .isEqualTo("https://www.googleapis.com/oauth2/v4/token"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) + UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) + assertThat(userInfoEndpoint.getUserNameAttributeName()) .isEqualTo(IdTokenClaimNames.SUB); assertThat(adaptedProvider.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); @@ -145,14 +133,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { @Test public void getClientRegistrationsWhenUsingCommonProviderWithOverrideShouldAdapt() { OAuth2ClientProperties properties = new OAuth2ClientProperties(); - OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration(); - registration.setProvider("google"); - registration.setClientId("clientId"); - registration.setClientSecret("clientSecret"); - registration.setClientAuthenticationMethod("post"); - registration.setAuthorizationGrantType("authorization_code"); - registration.setRedirectUri("http://example.com/redirect"); - registration.setScope(Collections.singleton("scope")); + OAuth2ClientProperties.Registration registration = createRegistration("google"); registration.setClientName("clientName"); properties.getRegistration().put("registration", registration); Map registrations = OAuth2ClientPropertiesRegistrationAdapter @@ -163,13 +144,13 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); assertThat(adaptedProvider.getTokenUri()) .isEqualTo("https://www.googleapis.com/oauth2/v4/token"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) + UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) + assertThat(userInfoEndpoint.getUserNameAttributeName()) .isEqualTo(IdTokenClaimNames.SUB); - assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo( - org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); + assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); assertThat(adaptedProvider.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(adapted.getRegistrationId()).isEqualTo("registration"); @@ -181,7 +162,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE); assertThat(adapted.getRedirectUriTemplate()) .isEqualTo("http://example.com/redirect"); - assertThat(adapted.getScopes()).containsExactly("scope"); + assertThat(adapted.getScopes()).containsExactly("user"); assertThat(adapted.getClientName()).isEqualTo("clientName"); } @@ -212,11 +193,11 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://accounts.google.com/o/oauth2/v2/auth"); assertThat(adaptedProvider.getTokenUri()) .isEqualTo("https://www.googleapis.com/oauth2/v4/token"); - assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) + UserInfoEndpoint userInfoEndpoint = adaptedProvider.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); - assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo( - org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); + assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); assertThat(adaptedProvider.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(adapted.getRegistrationId()).isEqualTo("google"); @@ -270,20 +251,10 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { this.server.start(); String issuer = this.server.url("").toString(); setupMockResponse(issuer); - OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration(); - registration.setProvider("okta-oidc"); - registration.setClientId("clientId"); - registration.setClientSecret("clientSecret"); - registration.setClientAuthenticationMethod("post"); - registration.setRedirectUri("http://example.com/redirect"); - registration.setScope(Collections.singleton("user")); - Provider provider = new Provider(); + OAuth2ClientProperties.Registration registration = createRegistration( + "okta-oidc"); + Provider provider = createProvider(); provider.setIssuerUri(issuer); - provider.setAuthorizationUri("http://example.com/auth"); - provider.setTokenUri("http://example.com/token"); - provider.setUserInfoUri("http://example.com/info"); - provider.setUserNameAttribute("sub"); - provider.setJwkSetUri("http://example.com/jwk"); OAuth2ClientProperties properties = new OAuth2ClientProperties(); properties.getProvider().put("okta-oidc", provider); properties.getRegistration().put("okta", registration); @@ -304,10 +275,31 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("http://example.com/auth"); assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token"); assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwk"); - assertThat(providerDetails.getUserInfoEndpoint().getUri()) - .isEqualTo("http://example.com/info"); - assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()) - .isEqualTo("sub"); + UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()).isEqualTo("http://example.com/info"); + assertThat(userInfoEndpoint.getUserNameAttributeName()).isEqualTo("sub"); + } + + private Provider createProvider() { + Provider provider = new Provider(); + provider.setAuthorizationUri("http://example.com/auth"); + provider.setTokenUri("http://example.com/token"); + provider.setUserInfoUri("http://example.com/info"); + provider.setUserNameAttribute("sub"); + provider.setJwkSetUri("http://example.com/jwk"); + return provider; + } + + private OAuth2ClientProperties.Registration createRegistration(String provider) { + OAuth2ClientProperties.Registration registration = new OAuth2ClientProperties.Registration(); + registration.setProvider(provider); + registration.setClientId("clientId"); + registration.setClientSecret("clientSecret"); + registration.setClientAuthenticationMethod("post"); + registration.setRedirectUri("http://example.com/redirect"); + registration.setScope(Collections.singleton("user")); + registration.setAuthorizationGrantType("authorization_code"); + return registration; } private void testOidcConfiguration(OAuth2ClientProperties.Registration registration, @@ -338,18 +330,11 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://example.com/oauth2/v4/token"); assertThat(providerDetails.getJwkSetUri()) .isEqualTo("https://example.com/oauth2/v3/certs"); - assertThat(providerDetails.getUserInfoEndpoint().getUri()) + UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint(); + assertThat(userInfoEndpoint.getUri()) .isEqualTo("https://example.com/oauth2/v3/userinfo"); - assertThat(providerDetails.getUserInfoEndpoint().getAuthenticationMethod()) - .isEqualTo( - org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); - } - - private String cleanIssuerPath(String issuer) { - if (issuer.endsWith("/")) { - return issuer.substring(0, issuer.length() - 1); - } - return issuer; + assertThat(userInfoEndpoint.getAuthenticationMethod()).isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); } private void setupMockResponse(String issuer) throws Exception {