Add user-info-authentication-method

Closes gh-13865
pull/14190/merge
mhyeon.lee 6 years ago committed by Madhura Bhave
parent 3f095c135b
commit c827530f4b

@ -31,6 +31,7 @@ import org.springframework.util.StringUtils;
* @author Madhura Bhave * @author Madhura Bhave
* @author Phillip Webb * @author Phillip Webb
* @author Artsiom Yudovin * @author Artsiom Yudovin
* @author MyeongHyeon Lee
*/ */
@ConfigurationProperties(prefix = "spring.security.oauth2.client") @ConfigurationProperties(prefix = "spring.security.oauth2.client")
public class OAuth2ClientProperties { public class OAuth2ClientProperties {
@ -195,6 +196,11 @@ public class OAuth2ClientProperties {
*/ */
private String userInfoUri; private String userInfoUri;
/**
* User info authentication method for the provider.
*/
private String userInfoAuthenticationMethod;
/** /**
* Name of the attribute that will be used to extract the username from the call * Name of the attribute that will be used to extract the username from the call
* to 'userInfoUri'. * to 'userInfoUri'.
@ -235,6 +241,14 @@ public class OAuth2ClientProperties {
this.userInfoUri = userInfoUri; this.userInfoUri = userInfoUri;
} }
public String getUserInfoAuthenticationMethod() {
return this.userInfoAuthenticationMethod;
}
public void setUserInfoAuthenticationMethod(String userInfoAuthenticationMethod) {
this.userInfoAuthenticationMethod = userInfoAuthenticationMethod;
}
public String getUserNameAttribute() { public String getUserNameAttribute() {
return this.userNameAttribute; return this.userNameAttribute;
} }

@ -28,6 +28,7 @@ import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder; import org.springframework.security.oauth2.client.registration.ClientRegistration.Builder;
import org.springframework.security.oauth2.client.registration.ClientRegistrations; import org.springframework.security.oauth2.client.registration.ClientRegistrations;
import org.springframework.security.oauth2.core.AuthenticationMethod;
import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
@ -39,6 +40,7 @@ import org.springframework.util.StringUtils;
* @author Phillip Webb * @author Phillip Webb
* @author Thiago Hirata * @author Thiago Hirata
* @author Madhura Bhave * @author Madhura Bhave
* @author MyeongHyeon Lee
* @since 2.1.0 * @since 2.1.0
*/ */
public final class OAuth2ClientPropertiesRegistrationAdapter { public final class OAuth2ClientPropertiesRegistrationAdapter {
@ -131,6 +133,8 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
map.from(provider::getAuthorizationUri).to(builder::authorizationUri); map.from(provider::getAuthorizationUri).to(builder::authorizationUri);
map.from(provider::getTokenUri).to(builder::tokenUri); map.from(provider::getTokenUri).to(builder::tokenUri);
map.from(provider::getUserInfoUri).to(builder::userInfoUri); map.from(provider::getUserInfoUri).to(builder::userInfoUri);
map.from(provider::getUserInfoAuthenticationMethod).as(AuthenticationMethod::new)
.to(builder::userInfoAuthenticationMethod);
map.from(provider::getJwkSetUri).to(builder::jwkSetUri); map.from(provider::getJwkSetUri).to(builder::jwkSetUri);
map.from(provider::getUserNameAttribute).to(builder::userNameAttributeName); map.from(provider::getUserNameAttribute).to(builder::userNameAttributeName);
return builder; return builder;

@ -69,6 +69,7 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
provider.setAuthorizationUri("http://example.com/auth"); provider.setAuthorizationUri("http://example.com/auth");
provider.setTokenUri("http://example.com/token"); provider.setTokenUri("http://example.com/token");
provider.setUserInfoUri("http://example.com/info"); provider.setUserInfoUri("http://example.com/info");
provider.setUserInfoAuthenticationMethod("form");
provider.setUserNameAttribute("sub"); provider.setUserNameAttribute("sub");
provider.setJwkSetUri("http://example.com/jwk"); provider.setJwkSetUri("http://example.com/jwk");
Registration registration = new Registration(); Registration registration = new Registration();
@ -91,6 +92,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
assertThat(adaptedProvider.getTokenUri()).isEqualTo("http://example.com/token"); assertThat(adaptedProvider.getTokenUri()).isEqualTo("http://example.com/token");
assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) assertThat(adaptedProvider.getUserInfoEndpoint().getUri())
.isEqualTo("http://example.com/info"); .isEqualTo("http://example.com/info");
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
.isEqualTo(
org.springframework.security.oauth2.core.AuthenticationMethod.FORM);
assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName())
.isEqualTo("sub"); .isEqualTo("sub");
assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("http://example.com/jwk"); assertThat(adaptedProvider.getJwkSetUri()).isEqualTo("http://example.com/jwk");
@ -167,6 +171,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName()) assertThat(adaptedProvider.getUserInfoEndpoint().getUserNameAttributeName())
.isEqualTo(IdTokenClaimNames.SUB); .isEqualTo(IdTokenClaimNames.SUB);
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
.isEqualTo(
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
assertThat(adaptedProvider.getJwkSetUri()) assertThat(adaptedProvider.getJwkSetUri())
.isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); .isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
assertThat(adapted.getRegistrationId()).isEqualTo("registration"); assertThat(adapted.getRegistrationId()).isEqualTo("registration");
@ -210,6 +217,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
.isEqualTo("https://www.googleapis.com/oauth2/v4/token"); .isEqualTo("https://www.googleapis.com/oauth2/v4/token");
assertThat(adaptedProvider.getUserInfoEndpoint().getUri()) assertThat(adaptedProvider.getUserInfoEndpoint().getUri())
.isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo"); .isEqualTo("https://www.googleapis.com/oauth2/v3/userinfo");
assertThat(adaptedProvider.getUserInfoEndpoint().getAuthenticationMethod())
.isEqualTo(
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
assertThat(adaptedProvider.getJwkSetUri()) assertThat(adaptedProvider.getJwkSetUri())
.isEqualTo("https://www.googleapis.com/oauth2/v3/certs"); .isEqualTo("https://www.googleapis.com/oauth2/v3/certs");
assertThat(adapted.getRegistrationId()).isEqualTo("google"); assertThat(adapted.getRegistrationId()).isEqualTo("google");
@ -334,6 +344,9 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
.isEqualTo("https://example.com/oauth2/v3/certs"); .isEqualTo("https://example.com/oauth2/v3/certs");
assertThat(providerDetails.getUserInfoEndpoint().getUri()) assertThat(providerDetails.getUserInfoEndpoint().getUri())
.isEqualTo("https://example.com/oauth2/v3/userinfo"); .isEqualTo("https://example.com/oauth2/v3/userinfo");
assertThat(providerDetails.getUserInfoEndpoint().getAuthenticationMethod())
.isEqualTo(
org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
} }
private String cleanIssuerPath(String issuer) { private String cleanIssuerPath(String issuer) {

@ -3252,6 +3252,7 @@ You can register multiple OAuth2 clients and providers under the
spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://my-auth-server/oauth/authorize spring.security.oauth2.client.provider.my-oauth-provider.authorization-uri=http://my-auth-server/oauth/authorize
spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://my-auth-server/oauth/token spring.security.oauth2.client.provider.my-oauth-provider.token-uri=http://my-auth-server/oauth/token
spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://my-auth-server/userinfo spring.security.oauth2.client.provider.my-oauth-provider.user-info-uri=http://my-auth-server/userinfo
spring.security.oauth2.client.provider.my-oauth-provider.user-info-authentication-method=header
spring.security.oauth2.client.provider.my-oauth-provider.jwk-set-uri=http://my-auth-server/token_keys spring.security.oauth2.client.provider.my-oauth-provider.jwk-set-uri=http://my-auth-server/token_keys
spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name spring.security.oauth2.client.provider.my-oauth-provider.user-name-attribute=name
---- ----

Loading…
Cancel
Save