|
|
@@ -25,6 +25,7 @@ import java.time.Instant;
|
|
|
import java.time.temporal.ChronoUnit;
|
|
|
import java.util.Arrays;
|
|
|
import java.util.Base64;
|
|
|
+import java.util.Collections;
|
|
|
import java.util.HashSet;
|
|
|
import java.util.List;
|
|
|
import java.util.Map;
|
|
|
@@ -71,6 +72,7 @@ import org.springframework.security.crypto.keygen.StringKeyGenerator;
|
|
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
|
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
|
import org.springframework.security.oauth2.core.AuthorizationGrantType;
|
|
|
+import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
|
|
|
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
|
|
|
import org.springframework.security.oauth2.core.OAuth2Token;
|
|
|
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
|
|
|
@@ -98,6 +100,7 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationContext;
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider;
|
|
|
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
|
|
|
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
|
|
@@ -515,6 +518,28 @@ public class OAuth2AuthorizationCodeGrantTests {
|
|
|
.isEqualTo(true);
|
|
|
}
|
|
|
|
|
|
+ @Test
|
|
|
+ public void requestWhenPublicClientWithPkceAndEmptyCodeThenBadRequest() throws Exception {
|
|
|
+ this.spring.register(AuthorizationServerConfiguration.class).autowire();
|
|
|
+
|
|
|
+ RegisteredClient registeredClient = TestRegisteredClients.registeredPublicClient().build();
|
|
|
+ this.registeredClientRepository.save(registeredClient);
|
|
|
+
|
|
|
+ MultiValueMap<String, String> tokenRequestParameters = new LinkedMultiValueMap<>();
|
|
|
+ tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
|
|
|
+ tokenRequestParameters.set(OAuth2ParameterNames.CODE, "");
|
|
|
+ tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI, registeredClient.getRedirectUris().iterator().next());
|
|
|
+
|
|
|
+ this.mvc
|
|
|
+ .perform(post(DEFAULT_TOKEN_ENDPOINT_URI)
|
|
|
+ .params(tokenRequestParameters)
|
|
|
+ .param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId())
|
|
|
+ .param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER))
|
|
|
+ .andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store")))
|
|
|
+ .andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache")))
|
|
|
+ .andExpect(status().isBadRequest());
|
|
|
+ }
|
|
|
+
|
|
|
@Test
|
|
|
public void requestWhenConfidentialClientWithPkceAndMissingCodeVerifierThenBadRequest() throws Exception {
|
|
|
this.spring.register(AuthorizationServerConfiguration.class).autowire();
|
aijaz2