Add property defaults for Spring Authorization Server
See gh-35460
This commit is contained in:
Steve Riesenberg
Phillip Webb
parent
3b1f4e6296
commit
42c3cba18e
|
|
@ -97,37 +97,37 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
|
|||
/**
|
||||
* Authorization Server's OAuth 2.0 Authorization Endpoint.
|
||||
*/
|
||||
private String authorizationUri;
|
||||
private String authorizationUri = "/oauth2/authorize";
|
||||
|
||||
/**
|
||||
* Authorization Server's OAuth 2.0 Device Authorization Endpoint.
|
||||
*/
|
||||
private String deviceAuthorizationUri;
|
||||
private String deviceAuthorizationUri = "/oauth2/device_authorization";
|
||||
|
||||
/**
|
||||
* Authorization Server's OAuth 2.0 Device Verification Endpoint.
|
||||
*/
|
||||
private String deviceVerificationUri;
|
||||
private String deviceVerificationUri = "/oauth2/device_verification";
|
||||
|
||||
/**
|
||||
* Authorization Server's OAuth 2.0 Token Endpoint.
|
||||
*/
|
||||
private String tokenUri;
|
||||
private String tokenUri = "/oauth2/token";
|
||||
|
||||
/**
|
||||
* Authorization Server's JWK Set Endpoint.
|
||||
*/
|
||||
private String jwkSetUri;
|
||||
private String jwkSetUri = "/oauth2/jwks";
|
||||
|
||||
/**
|
||||
* Authorization Server's OAuth 2.0 Token Revocation Endpoint.
|
||||
*/
|
||||
private String tokenRevocationUri;
|
||||
private String tokenRevocationUri = "/oauth2/revoke";
|
||||
|
||||
/**
|
||||
* Authorization Server's OAuth 2.0 Token Introspection Endpoint.
|
||||
*/
|
||||
private String tokenIntrospectionUri;
|
||||
private String tokenIntrospectionUri = "/oauth2/introspect";
|
||||
|
||||
/**
|
||||
* OpenID Connect 1.0 endpoints.
|
||||
|
|
@ -205,17 +205,17 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
|
|||
/**
|
||||
* Authorization Server's OpenID Connect 1.0 Logout Endpoint.
|
||||
*/
|
||||
private String logoutUri;
|
||||
private String logoutUri = "/connect/logout";
|
||||
|
||||
/**
|
||||
* Authorization Server's OpenID Connect 1.0 Client Registration Endpoint.
|
||||
*/
|
||||
private String clientRegistrationUri;
|
||||
private String clientRegistrationUri = "/connect/register";
|
||||
|
||||
/**
|
||||
* Authorization Server's OpenID Connect 1.0 UserInfo Endpoint.
|
||||
*/
|
||||
private String userInfoUri;
|
||||
private String userInfoUri = "/userinfo";
|
||||
|
||||
public String getLogoutUri() {
|
||||
return this.logoutUri;
|
||||
|
|
@ -258,12 +258,12 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
|
|||
* Whether the client is required to provide a proof key challenge and verifier
|
||||
* when performing the Authorization Code Grant flow.
|
||||
*/
|
||||
private boolean requireProofKey;
|
||||
private boolean requireProofKey = false;
|
||||
|
||||
/**
|
||||
* Whether authorization consent is required when the client requests access.
|
||||
*/
|
||||
private boolean requireAuthorizationConsent;
|
||||
private boolean requireAuthorizationConsent = false;
|
||||
|
||||
/**
|
||||
* URL for the client's JSON Web Key Set.
|
||||
|
|
@ -444,17 +444,17 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
|
|||
/**
|
||||
* Time-to-live for an authorization code.
|
||||
*/
|
||||
private Duration authorizationCodeTimeToLive;
|
||||
private Duration authorizationCodeTimeToLive = Duration.ofMinutes(5);
|
||||
|
||||
/**
|
||||
* Time-to-live for an access token.
|
||||
*/
|
||||
private Duration accessTokenTimeToLive;
|
||||
private Duration accessTokenTimeToLive = Duration.ofMinutes(5);
|
||||
|
||||
/**
|
||||
* Token format for an access token.
|
||||
*/
|
||||
private String accessTokenFormat;
|
||||
private String accessTokenFormat = "self-contained";
|
||||
|
||||
/**
|
||||
* Time-to-live for a device code.
|
||||
|
|
@ -465,17 +465,17 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
|
|||
* Whether refresh tokens are reused or a new refresh token is issued when
|
||||
* returning the access token response.
|
||||
*/
|
||||
private boolean reuseRefreshTokens;
|
||||
private boolean reuseRefreshTokens = true;
|
||||
|
||||
/**
|
||||
* Time-to-live for a refresh token.
|
||||
*/
|
||||
private Duration refreshTokenTimeToLive;
|
||||
private Duration refreshTokenTimeToLive = Duration.ofMinutes(60);
|
||||
|
||||
/**
|
||||
* JWS algorithm for signing the ID Token.
|
||||
*/
|
||||
private String idTokenSignatureAlgorithm;
|
||||
private String idTokenSignatureAlgorithm = "RS256";
|
||||
|
||||
public Duration getAuthorizationCodeTimeToLive() {
|
||||
return this.authorizationCodeTimeToLive;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@ package org.springframework.boot.autoconfigure.security.oauth2.server.servlet;
|
|||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
|
||||
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
|
@ -73,9 +75,53 @@ class OAuth2AuthorizationServerPropertiesTests {
|
|||
}
|
||||
|
||||
@Test
|
||||
void defaultDeviceCodeTimeToLiveMatchesBuilderDefault() {
|
||||
assertThat(new OAuth2AuthorizationServerProperties.Client().getToken().getDeviceCodeTimeToLive())
|
||||
.isEqualTo(TokenSettings.builder().build().getDeviceCodeTimeToLive());
|
||||
void defaultEndpointPropertiesMatchBuilderDefaults() {
|
||||
OAuth2AuthorizationServerProperties.Endpoint endpoint = new OAuth2AuthorizationServerProperties.Endpoint();
|
||||
AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build();
|
||||
assertThat(endpoint.getAuthorizationUri()).isEqualTo(authorizationServerSettings.getAuthorizationEndpoint());
|
||||
assertThat(endpoint.getDeviceAuthorizationUri())
|
||||
.isEqualTo(authorizationServerSettings.getDeviceAuthorizationEndpoint());
|
||||
assertThat(endpoint.getDeviceVerificationUri())
|
||||
.isEqualTo(authorizationServerSettings.getDeviceVerificationEndpoint());
|
||||
assertThat(endpoint.getTokenUri()).isEqualTo(authorizationServerSettings.getTokenEndpoint());
|
||||
assertThat(endpoint.getJwkSetUri()).isEqualTo(authorizationServerSettings.getJwkSetEndpoint());
|
||||
assertThat(endpoint.getTokenRevocationUri())
|
||||
.isEqualTo(authorizationServerSettings.getTokenRevocationEndpoint());
|
||||
assertThat(endpoint.getTokenIntrospectionUri())
|
||||
.isEqualTo(authorizationServerSettings.getTokenIntrospectionEndpoint());
|
||||
|
||||
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
|
||||
assertThat(oidc.getLogoutUri()).isEqualTo(authorizationServerSettings.getOidcLogoutEndpoint());
|
||||
assertThat(oidc.getClientRegistrationUri())
|
||||
.isEqualTo(authorizationServerSettings.getOidcClientRegistrationEndpoint());
|
||||
assertThat(oidc.getUserInfoUri()).isEqualTo(authorizationServerSettings.getOidcUserInfoEndpoint());
|
||||
}
|
||||
|
||||
@Test
|
||||
void defaultClientPropertiesMatchBuilderDefaults() {
|
||||
OAuth2AuthorizationServerProperties.Client client = new OAuth2AuthorizationServerProperties.Client();
|
||||
ClientSettings clientSettings = ClientSettings.builder().build();
|
||||
assertThat(client.isRequireProofKey()).isEqualTo(clientSettings.isRequireProofKey());
|
||||
assertThat(client.isRequireAuthorizationConsent()).isEqualTo(clientSettings.isRequireAuthorizationConsent());
|
||||
assertThat(client.getJwkSetUri()).isEqualTo(clientSettings.getJwkSetUrl());
|
||||
if (clientSettings.getTokenEndpointAuthenticationSigningAlgorithm() != null) {
|
||||
assertThat(client.getTokenEndpointAuthenticationSigningAlgorithm())
|
||||
.isEqualTo(clientSettings.getTokenEndpointAuthenticationSigningAlgorithm().getName());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void defaultTokenPropertiesMatchBuilderDefaults() {
|
||||
OAuth2AuthorizationServerProperties.Token token = new OAuth2AuthorizationServerProperties.Token();
|
||||
TokenSettings tokenSettings = TokenSettings.builder().build();
|
||||
assertThat(token.getAuthorizationCodeTimeToLive()).isEqualTo(tokenSettings.getAuthorizationCodeTimeToLive());
|
||||
assertThat(token.getAccessTokenTimeToLive()).isEqualTo(tokenSettings.getAccessTokenTimeToLive());
|
||||
assertThat(token.getAccessTokenFormat()).isEqualTo(tokenSettings.getAccessTokenFormat().getValue());
|
||||
assertThat(token.getDeviceCodeTimeToLive()).isEqualTo(tokenSettings.getDeviceCodeTimeToLive());
|
||||
assertThat(token.isReuseRefreshTokens()).isEqualTo(tokenSettings.isReuseRefreshTokens());
|
||||
assertThat(token.getRefreshTokenTimeToLive()).isEqualTo(tokenSettings.getRefreshTokenTimeToLive());
|
||||
assertThat(token.getIdTokenSignatureAlgorithm())
|
||||
.isEqualTo(tokenSettings.getIdTokenSignatureAlgorithm().getName());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue