|
|
|
@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
|
|
|
|
|
* @author Phillip Webb
|
|
|
|
|
* @author Madhura Bhave
|
|
|
|
|
* @author Thiago Hirata
|
|
|
|
|
* @author HaiTao Zhang
|
|
|
|
|
*/
|
|
|
|
|
class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
|
|
|
|
@ -209,23 +210,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
Registration login = new OAuth2ClientProperties.Registration();
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOidcConfiguration(login, "okta");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
void oidcRfc8414ProviderConfigurationWhenProviderNotSpecifiedOnRegistration() throws Exception {
|
|
|
|
|
OAuth2ClientProperties.Registration login = new Registration();
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOidcRfc8414Configuration(login, "okta");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
void oAuthProviderConfigurationWhenProviderNotSpecifiedOnRegistration() throws Exception {
|
|
|
|
|
OAuth2ClientProperties.Registration login = new Registration();
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOAuthConfiguration(login, "okta");
|
|
|
|
|
testIssuerConfiguration(login, "okta", 0, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@ -234,25 +219,23 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
login.setProvider("okta-oidc");
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOidcConfiguration(login, "okta-oidc");
|
|
|
|
|
testIssuerConfiguration(login, "okta-oidc", 0, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
void oidcRfc8414ProviderConfigurationWhenProviderSpecifiedOnRegistration() throws Exception {
|
|
|
|
|
void issuerUriConfigurationTriesOidcRfc8414UriSecond() throws Exception {
|
|
|
|
|
OAuth2ClientProperties.Registration login = new Registration();
|
|
|
|
|
login.setProvider("okta-oidcRfc8414");
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOidcRfc8414Configuration(login, "okta-oidcRfc8414");
|
|
|
|
|
testIssuerConfiguration(login, "okta", 1, 2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
void oAuthProviderConfigurationWhenProviderSpecifiedOnRegistration() throws Exception {
|
|
|
|
|
void issuerUriConfigurationTriesOAuthMetadataUriThird() throws Exception {
|
|
|
|
|
OAuth2ClientProperties.Registration login = new Registration();
|
|
|
|
|
login.setProvider("okta-oauth");
|
|
|
|
|
login.setClientId("clientId");
|
|
|
|
|
login.setClientSecret("clientSecret");
|
|
|
|
|
testOAuthConfiguration(login, "okta-oauth");
|
|
|
|
|
testIssuerConfiguration(login, "okta", 2, 3);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
@ -307,75 +290,12 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
return registration;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void testOidcConfiguration(OAuth2ClientProperties.Registration registration, String providerId)
|
|
|
|
|
throws Exception {
|
|
|
|
|
private void testIssuerConfiguration(OAuth2ClientProperties.Registration registration, String providerId,
|
|
|
|
|
int errorResponseCount, int numberOfRequests) throws Exception {
|
|
|
|
|
this.server = new MockWebServer();
|
|
|
|
|
this.server.start();
|
|
|
|
|
String issuer = this.server.url("").toString();
|
|
|
|
|
setupMockResponse(issuer);
|
|
|
|
|
OAuth2ClientProperties properties = new OAuth2ClientProperties();
|
|
|
|
|
Provider provider = new Provider();
|
|
|
|
|
provider.setIssuerUri(issuer);
|
|
|
|
|
properties.getProvider().put(providerId, provider);
|
|
|
|
|
properties.getRegistration().put("okta", registration);
|
|
|
|
|
Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter
|
|
|
|
|
.getClientRegistrations(properties);
|
|
|
|
|
ClientRegistration adapted = registrations.get("okta");
|
|
|
|
|
ProviderDetails providerDetails = adapted.getProviderDetails();
|
|
|
|
|
assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
|
|
|
|
assertThat(adapted.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
|
|
|
|
assertThat(adapted.getRegistrationId()).isEqualTo("okta");
|
|
|
|
|
assertThat(adapted.getClientName()).isEqualTo(issuer);
|
|
|
|
|
assertThat(adapted.getScopes()).containsOnly("openid");
|
|
|
|
|
assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth");
|
|
|
|
|
assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/oauth2/v4/token");
|
|
|
|
|
assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/oauth2/v3/certs");
|
|
|
|
|
UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
|
|
|
|
|
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/oauth2/v3/userinfo");
|
|
|
|
|
assertThat(userInfoEndpoint.getAuthenticationMethod())
|
|
|
|
|
.isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
|
|
|
|
assertThat(this.server.getRequestCount()).isEqualTo(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void testOidcRfc8414Configuration(OAuth2ClientProperties.Registration registration, String providerId)
|
|
|
|
|
throws Exception {
|
|
|
|
|
this.server = new MockWebServer();
|
|
|
|
|
this.server.start();
|
|
|
|
|
String path = "test";
|
|
|
|
|
String issuer = this.server.url(path).toString();
|
|
|
|
|
setupMockResponseWithEmptyResponses(issuer, 1);
|
|
|
|
|
OAuth2ClientProperties properties = new OAuth2ClientProperties();
|
|
|
|
|
Provider provider = new Provider();
|
|
|
|
|
provider.setIssuerUri(issuer);
|
|
|
|
|
properties.getProvider().put(providerId, provider);
|
|
|
|
|
properties.getRegistration().put("okta", registration);
|
|
|
|
|
Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter
|
|
|
|
|
.getClientRegistrations(properties);
|
|
|
|
|
ClientRegistration adapted = registrations.get("okta");
|
|
|
|
|
ProviderDetails providerDetails = adapted.getProviderDetails();
|
|
|
|
|
assertThat(adapted.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
|
|
|
|
|
assertThat(adapted.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
|
|
|
|
|
assertThat(adapted.getRegistrationId()).isEqualTo("okta");
|
|
|
|
|
assertThat(adapted.getClientName()).isEqualTo(issuer);
|
|
|
|
|
assertThat(adapted.getScopes()).containsOnly("openid");
|
|
|
|
|
assertThat(providerDetails.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth");
|
|
|
|
|
assertThat(providerDetails.getTokenUri()).isEqualTo("https://example.com/oauth2/v4/token");
|
|
|
|
|
assertThat(providerDetails.getJwkSetUri()).isEqualTo("https://example.com/oauth2/v3/certs");
|
|
|
|
|
UserInfoEndpoint userInfoEndpoint = providerDetails.getUserInfoEndpoint();
|
|
|
|
|
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/oauth2/v3/userinfo");
|
|
|
|
|
assertThat(userInfoEndpoint.getAuthenticationMethod())
|
|
|
|
|
.isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
|
|
|
|
assertThat(this.server.getRequestCount()).isEqualTo(2);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void testOAuthConfiguration(OAuth2ClientProperties.Registration registration, String providerId)
|
|
|
|
|
throws Exception {
|
|
|
|
|
this.server = new MockWebServer();
|
|
|
|
|
this.server.start();
|
|
|
|
|
String path = "test";
|
|
|
|
|
String issuer = this.server.url(path).toString();
|
|
|
|
|
setupMockResponseWithEmptyResponses(issuer, 2);
|
|
|
|
|
setupMockResponsesWithErrors(issuer, errorResponseCount);
|
|
|
|
|
OAuth2ClientProperties properties = new OAuth2ClientProperties();
|
|
|
|
|
Provider provider = new Provider();
|
|
|
|
|
provider.setIssuerUri(issuer);
|
|
|
|
@ -397,7 +317,7 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
assertThat(userInfoEndpoint.getUri()).isEqualTo("https://example.com/oauth2/v3/userinfo");
|
|
|
|
|
assertThat(userInfoEndpoint.getAuthenticationMethod())
|
|
|
|
|
.isEqualTo(org.springframework.security.oauth2.core.AuthenticationMethod.HEADER);
|
|
|
|
|
assertThat(this.server.getRequestCount()).isEqualTo(3);
|
|
|
|
|
assertThat(this.server.getRequestCount()).isEqualTo(numberOfRequests);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void setupMockResponse(String issuer) throws JsonProcessingException {
|
|
|
|
@ -407,9 +327,8 @@ class OAuth2ClientPropertiesRegistrationAdapterTests {
|
|
|
|
|
this.server.enqueue(mockResponse);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void setupMockResponseWithEmptyResponses(String issuer, int amountOfEmptyResponse)
|
|
|
|
|
throws JsonProcessingException {
|
|
|
|
|
for (int i = 0; i < amountOfEmptyResponse; i++) {
|
|
|
|
|
private void setupMockResponsesWithErrors(String issuer, int errorResponseCount) throws JsonProcessingException {
|
|
|
|
|
for (int i = 0; i < errorResponseCount; i++) {
|
|
|
|
|
MockResponse emptyResponse = new MockResponse().setResponseCode(HttpStatus.NOT_FOUND.value());
|
|
|
|
|
this.server.enqueue(emptyResponse);
|
|
|
|
|
}
|
|
|
|
|