首页 发现 帮助
注册 登录
github
/
spring-authorization-server
镜像自地址 https://github.com/spring-projects/spring-authorization-server
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Scope "openid" should be in access token response scope

- Still does not require user consent

Closes gh-252
Joshua Casey 4 年之前
父节点
1962b9c5b7
当前提交
3b0938883b
共有 2 个文件被更改,包括 4 次插入14 次删除
分列视图 显示文件统计
  1. 2 12
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
  2. 2 2
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java

+ 2 - 12
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java
查看文件 

@@ -18,7 +18,6 @@ package org.springframework.security.oauth2.server.authorization.authentication;
 
 import java.security.Principal;
 
 import java.util.Collections;
 
 import java.util.HashMap;
 
-import java.util.HashSet;
 
 import java.util.Map;
 
 import java.util.Set;
 
 
@@ -147,7 +146,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 
 		JoseHeader.Builder headersBuilder = JwtUtils.headers();
 
 		JwtClaimsSet.Builder claimsBuilder = JwtUtils.accessTokenClaims(
 
 				registeredClient, issuer, authorization.getPrincipalName(),
 
-				excludeOpenidIfNecessary(authorizedScopes));
 
+				authorizedScopes);
 
 
 		// @formatter:off
 
 		JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
 
@@ -169,7 +168,7 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 
 
 		OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 
 				jwtAccessToken.getTokenValue(), jwtAccessToken.getIssuedAt(),
 
-				jwtAccessToken.getExpiresAt(), excludeOpenidIfNecessary(authorizedScopes));
 
+				jwtAccessToken.getExpiresAt(), authorizedScopes);
 
 
 		OAuth2RefreshToken refreshToken = null;
 
 		if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN)) {
 
@@ -245,15 +244,6 @@ public class OAuth2AuthorizationCodeAuthenticationProvider implements Authentica
 
 				registeredClient, clientPrincipal, accessToken, refreshToken, additionalParameters);
 
 	}
 
 
-	private static Set<String> excludeOpenidIfNecessary(Set<String> scopes) {
 
-		if (!scopes.contains(OidcScopes.OPENID)) {
 
-			return scopes;
 
-		}
 
-		scopes = new HashSet<>(scopes);
 
-		scopes.remove(OidcScopes.OPENID);
 
-		return scopes;
 
-	}
 
-
 
 	@Override
 
 	public boolean supports(Class<?> authentication) {
 
 		return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(authentication);

+ 2 - 2
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java
查看文件 

@@ -311,7 +311,8 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 		assertThat(accessTokenContext.getClaims()).isNotNull();
 
 		Map<String, Object> claims = new HashMap<>();
 
 		accessTokenContext.getClaims().claims(claims::putAll);
 
-		assertThat(claims.containsKey(OidcScopes.OPENID)).isFalse();
 
+		assertThat(claims).flatExtracting(OAuth2ParameterNames.SCOPE)
 
+				.containsExactlyInAnyOrder(OidcScopes.OPENID, "scope1");
 
 		// ID Token context
 
 		JwtEncodingContext idTokenContext = jwtEncodingContextCaptor.getAllValues().get(1);
 
 		assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
 
@@ -335,7 +336,6 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
 
 		assertThat(accessTokenAuthentication.getPrincipal()).isEqualTo(clientPrincipal);
 
 		assertThat(accessTokenAuthentication.getAccessToken()).isEqualTo(updatedAuthorization.getAccessToken().getToken());
 
 		Set<String> accessTokenScopes = new HashSet<>(updatedAuthorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
 
-		accessTokenScopes.remove(OidcScopes.OPENID);
 
 		assertThat(accessTokenAuthentication.getAccessToken().getScopes()).isEqualTo(accessTokenScopes);
 
 		assertThat(accessTokenAuthentication.getRefreshToken()).isNotNull();
 
 		assertThat(accessTokenAuthentication.getRefreshToken()).isEqualTo(updatedAuthorization.getRefreshToken().getToken());