|
|
@@ -25,7 +25,6 @@ import java.time.Instant;
|
|
|
import java.time.temporal.ChronoUnit;
|
|
|
import java.util.Arrays;
|
|
|
import java.util.Base64;
|
|
|
-import java.util.Collections;
|
|
|
import java.util.HashSet;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
@@ -72,7 +71,6 @@ import org.springframework.security.crypto.keygen.StringKeyGenerator;
|
|
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
|
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
|
|
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
|
|
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
|
|
|
import org.springframework.security.oauth2.core.OAuth2Token;
|
|
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
|
|
@@ -100,7 +98,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationContext;
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider;
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
|
|
|
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
|
|
@@ -518,6 +515,7 @@ public class OAuth2AuthorizationCodeGrantTests {
|
|
|
.isEqualTo(true);
|
|
|
}
|
|
|
|
|
|
+ // gh-1680
|
|
|
@Test
|
|
|
public void requestWhenPublicClientWithPkceAndEmptyCodeThenBadRequest() throws Exception {
|
|
|
this.spring.register(AuthorizationServerConfiguration.class).autowire();
|
|
|
@@ -526,18 +524,17 @@ public class OAuth2AuthorizationCodeGrantTests {
|
|
|
this.registeredClientRepository.save(registeredClient);
|
|
|
|
|
|
MultiValueMap<String, String> tokenRequestParameters = new LinkedMultiValueMap<>();
|
|
|
- tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
|
|
|
+ tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE,
|
|
|
+ AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
|
|
|
tokenRequestParameters.set(OAuth2ParameterNames.CODE, "");
|
|
|
- tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI, registeredClient.getRedirectUris().iterator().next());
|
|
|
+ tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI,
|
|
|
+ registeredClient.getRedirectUris().iterator().next());
|
|
|
|
|
|
this.mvc
|
|
|
- .perform(post(DEFAULT_TOKEN_ENDPOINT_URI)
|
|
|
- .params(tokenRequestParameters)
|
|
|
- .param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
|
|
|
- .param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER))
|
|
|
- .andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store")))
|
|
|
- .andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache")))
|
|
|
- .andExpect(status().isBadRequest());
|
|
|
+ .perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(tokenRequestParameters)
|
|
|
+ .param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
|
|
|
+ .param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER))
|
|
|
+ .andExpect(status().isBadRequest());
|
|
|
}
|
|
|
|
|
|
@Test
|
Joe Grandja