|
|
@@ -45,14 +45,14 @@ import org.springframework.security.oauth2.jwt.JoseHeaderNames;
|
|
|
import org.springframework.security.oauth2.jwt.Jwt;
|
|
|
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
|
|
|
import org.springframework.security.oauth2.jwt.JwtEncoder;
|
|
|
+import org.springframework.security.oauth2.server.authorization.JwtEncodingContext;
|
|
|
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
|
|
|
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
|
|
|
+import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer;
|
|
|
import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
|
|
|
import org.springframework.security.oauth2.server.authorization.client.TestRegisteredClients;
|
|
|
-import org.springframework.security.oauth2.server.authorization.JwtEncodingContext;
|
|
|
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
|
|
|
-import org.springframework.security.oauth2.server.authorization.OAuth2TokenCustomizer;
|
|
|
|
|
|
import static org.assertj.core.api.Assertions.assertThat;
|
|
|
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
|
|
@@ -222,6 +222,31 @@ public class OAuth2AuthorizationCodeAuthenticationProviderTests {
|
|
|
.isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
|
|
|
}
|
|
|
|
|
|
+ // gh-290
|
|
|
+ @Test
|
|
|
+ public void authenticateWhenExpiredCodeThenThrowOAuth2AuthenticationException() {
|
|
|
+ RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
|
|
|
+ OAuth2AuthorizationCode authorizationCode = new OAuth2AuthorizationCode(
|
|
|
+ AUTHORIZATION_CODE, Instant.now().minusSeconds(300), Instant.now().minusSeconds(60));
|
|
|
+ OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
|
|
|
+ .token(authorizationCode)
|
|
|
+ .build();
|
|
|
+ when(this.authorizationService.findByToken(eq(AUTHORIZATION_CODE), eq(AUTHORIZATION_CODE_TOKEN_TYPE)))
|
|
|
+ .thenReturn(authorization);
|
|
|
+
|
|
|
+ OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient);
|
|
|
+ OAuth2AuthorizationRequest authorizationRequest = authorization.getAttribute(
|
|
|
+ OAuth2AuthorizationRequest.class.getName());
|
|
|
+ OAuth2AuthorizationCodeAuthenticationToken authentication =
|
|
|
+ new OAuth2AuthorizationCodeAuthenticationToken(AUTHORIZATION_CODE, clientPrincipal, authorizationRequest.getRedirectUri(), null);
|
|
|
+
|
|
|
+ assertThatThrownBy(() -> this.authenticationProvider.authenticate(authentication))
|
|
|
+ .isInstanceOf(OAuth2AuthenticationException.class)
|
|
|
+ .extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
|
|
|
+ .extracting("errorCode")
|
|
|
+ .isEqualTo(OAuth2ErrorCodes.INVALID_GRANT);
|
|
|
+ }
|
|
|
+
|
|
|
@Test
|
|
|
public void authenticateWhenValidCodeThenReturnAccessToken() {
|
|
|
RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
|
Steve Riesenberg