diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java index 6db2153424..42f98ae73c 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientProperties.java @@ -31,6 +31,7 @@ import org.springframework.util.StringUtils; * @author Madhura Bhave * @author Phillip Webb * @author Artsiom Yudovin + * @author MyeongHyeon Lee */ @ConfigurationProperties(prefix = "spring.security.oauth2.client") public class OAuth2ClientProperties { @@ -195,6 +196,11 @@ public class OAuth2ClientProperties { */ private String userInfoUri; + /** + * User info authentication method for the provider. + */ + private String userInfoAuthenticationMethod; + /** * Name of the attribute that will be used to extract the username from the call * to 'userInfoUri'. @@ -235,6 +241,14 @@ public class OAuth2ClientProperties { this.userInfoUri = userInfoUri; } + public String getUserInfoAuthenticationMethod() { + return this.userInfoAuthenticationMethod; + } + + public void setUserInfoAuthenticationMethod(String userInfoAuthenticationMethod) { + this.userInfoAuthenticationMethod = userInfoAuthenticationMethod; + } + public String getUserNameAttribute() { return this.userNameAttribute; } diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java index e8454add79..d1ce147a3f 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java @@ -28,6 +28,7 @@ import org.springframework.security.config.oauth2.client.CommonOAuth2Provider; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder; import org.springframework.security.oauth2.client.registration.ClientRegistrations; +import org.springframework.security.oauth2.core.AuthenticationMethod; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.util.StringUtils; @@ -39,6 +40,7 @@ import org.springframework.util.StringUtils; * @author Phillip Webb * @author Thiago Hirata * @author Madhura Bhave + * @author MyeongHyeon Lee * @since 2.1.0 */ public final class OAuth2ClientPropertiesRegistrationAdapter { @@ -131,6 +133,8 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { map.from(provider::getAuthorizationUri).to(builder::authorizationUri); map.from(provider::getTokenUri).to(builder::tokenUri); map.from(provider::getUserInfoUri).to(builder::userInfoUri); + map.from(provider::getUserInfoAuthenticationMethod).as(AuthenticationMethod::new) + .to(builder::userInfoAuthenticationMethod); map.from(provider::getJwkSetUri).to(builder::jwkSetUri); map.from(provider::getUserNameAttribute).to(builder::userNameAttributeName); return builder; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java index 7bbe6caf53..8e16a767fd 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java @@ -69,6 +69,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { provider.setAuthorizationUri("http://example.com/auth"); provider.setTokenUri("http://example.com/token"); provider.setUserInfoUri("http://example.com/info"); + provider.setUserInfoAuthenticationMethod("form"); provider.setUserNameAttribute("sub"); provider.setJwkSetUri("http://example.com/jwk"); Registration registration = new Registration(); @@ -91,6 +92,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { assertThat(adaptedProvider.getTokenUri()).isEqualTo("http://example.com/token"); assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) .isEqualTo("http://example.com/info"); + assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.FORM); assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) .isEqualTo("sub"); assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("http://example.com/jwk"); @@ -167,6 +171,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) .isEqualTo(IdTokenClaimNames.SUB); + assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); assertThat(adaptedProvider.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(adapted.getRegistrationId()).isEqualTo("registration"); @@ -210,6 +217,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://www.googleapis.com/oauth2/v4/token"); assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); + assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); assertThat(adaptedProvider.getJwkSetUri()) .isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); assertThat(adapted.getRegistrationId()).isEqualTo("google"); @@ -334,6 +344,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { .isEqualTo("https://example.com/oauth2/v3/certs"); assertThat(providerDetails.getUserInfoEndpoint().getUri()) .isEqualTo("https://example.com/oauth2/v3/userinfo"); + assertThat(providerDetails.getUserInfoEndpoint().getAuthenticationMethod()) + .isEqualTo( + org.springframework.security.oauth2.core.AuthenticationMethod.HEADER); } private String cleanIssuerPath(String issuer) { diff --git a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index a7e7bc0d7d..22292f2ec8 100644 --- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -3252,6 +3252,7 @@ You can register multiple OAuth2 clients and providers under the spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://my-auth-server/oauth/authorize spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://my-auth-server/oauth/token spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://my-auth-server/userinfo + spring.security.oauth2.client.provider.my-oauth-provider.user-info-authentication-method=header spring.security.oauth2.client.provider.my-oauth-provider.jwk-set-uri=http://my-auth-server/token_keys spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name ----