Home Explore Help
Register Sign In
github
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch '1.1.x'

Joe Grandja 2 years ago
parent
a74f90d2df 2895169b30
commit
826c550cbf
2 changed files with 47 additions and 2 deletions
Split View Show Diff Stats
  1. 6 2
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java
  2. 41 0
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java

+ 6 - 2
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/JwtGenerator.java
View File 

@@ -134,8 +134,12 @@ public final class JwtGenerator implements OAuth2TokenGenerator<Jwt> {
 
 				}
 
 			} else if (AuthorizationGrantType.REFRESH_TOKEN.equals(context.getAuthorizationGrantType())) {
 
 				OidcIdToken currentIdToken = context.getAuthorization().getToken(OidcIdToken.class).getToken();
 
-				claimsBuilder.claim("sid", currentIdToken.getClaim("sid"));
 
-				claimsBuilder.claim(IdTokenClaimNames.AUTH_TIME, currentIdToken.<Date>getClaim(IdTokenClaimNames.AUTH_TIME));
 
+				if (currentIdToken.hasClaim("sid")) {
 
+					claimsBuilder.claim("sid", currentIdToken.getClaim("sid"));
 
+				}
 
+				if (currentIdToken.hasClaim(IdTokenClaimNames.AUTH_TIME)) {
 
+					claimsBuilder.claim(IdTokenClaimNames.AUTH_TIME, currentIdToken.<Date>getClaim(IdTokenClaimNames.AUTH_TIME));
 
+				}
 
 			}
 
 		}
 
 		// @formatter:on

+ 41 - 0
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/token/JwtGeneratorTests.java
View File 

@@ -236,6 +236,47 @@ public class JwtGeneratorTests {
 
 		assertGeneratedTokenType(tokenContext);
 
 	}
 
 
+	// gh-1283
 
+	@Test
 
+	public void generateWhenIdTokenTypeWithoutSidAndRefreshTokenGrantThenReturnJwt() {
 
+		RegisteredClient registeredClient = TestRegisteredClients.registeredClient()
 
+				.scope(OidcScopes.OPENID)
 
+				.build();
 
+		OidcIdToken idToken =  OidcIdToken.withTokenValue("id-token")
 
+				.issuer("https://provider.com")
 
+				.subject("subject")
 
+				.issuedAt(Instant.now())
 
+				.expiresAt(Instant.now().plusSeconds(60))
 
+				.build();
 
+		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
 
+				.token(idToken)
 
+				.build();
 
+
 
+		OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
 
+		OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
 
+				registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
 
+
 
+		OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken(
 
+				refreshToken.getTokenValue(), clientPrincipal, null, null);
 
+
 
+		Authentication principal = authorization.getAttribute(Principal.class.getName());
 
+
 
+		// @formatter:off
 
+		OAuth2TokenContext tokenContext = DefaultOAuth2TokenContext.builder()
 
+				.registeredClient(registeredClient)
 
+				.principal(principal)
 
+				.authorizationServerContext(this.authorizationServerContext)
 
+				.authorization(authorization)
 
+				.authorizedScopes(authorization.getAuthorizedScopes())
 
+				.tokenType(ID_TOKEN_TOKEN_TYPE)
 
+				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
 
+				.authorizationGrant(authentication)
 
+				.build();
 
+		// @formatter:on
 
+
 
+		assertGeneratedTokenType(tokenContext);
 
+	}
 
+
 
 	private void assertGeneratedTokenType(OAuth2TokenContext tokenContext) {
 
 		this.jwtGenerator.generate(tokenContext);