Polish gh-1106

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationConsentAuthenticationProvider.java

@@ -29,7 +29,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
-import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
 import org.springframework.security.oauth2.core.OAuth2DeviceCode;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
@@ -63,7 +62,7 @@ import org.springframework.util.Assert;
 public final class OAuth2DeviceAuthorizationConsentAuthenticationProvider implements AuthenticationProvider {
 
 	private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
-	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
+	static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
 
 	private final Log logger = LogFactory.getLog(getClass());
 	private final RegisteredClientRepository registeredClientRepository;
@@ -261,7 +260,7 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationProvider implem
 
 	private static void throwError(String errorCode, String parameterName) {
 		OAuth2Error error = new OAuth2Error(errorCode, "OAuth 2.0 Parameter: " + parameterName, DEFAULT_ERROR_URI);
-		throw new OAuth2AuthorizationException(error);
+		throw new OAuth2AuthenticationException(error);
 	}
 
 }

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java

@@ -69,8 +69,8 @@ import static org.springframework.security.oauth2.server.authorization.authentic
 public final class OAuth2DeviceAuthorizationRequestAuthenticationProvider implements AuthenticationProvider {
 
 	private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
-	private static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
-	private static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
+	static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
+	static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
 
 	private final Log logger = LogFactory.getLog(getClass());
 	private final OAuth2AuthorizationService authorizationService;

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationProvider.java

@@ -66,7 +66,9 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
 
 	private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
 	private static final String DEVICE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc8628#section-3.5";
-	private static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
+	static final OAuth2TokenType DEVICE_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.DEVICE_CODE);
+	static final String EXPIRED_TOKEN = "expired_token";
+	static final String AUTHORIZATION_PENDING = "authorization_pending";
 
 	private final Log logger = LogFactory.getLog(getClass());
 	private final OAuth2AuthorizationService authorizationService;
@@ -134,7 +136,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
 		//   access_denied
 		//      The authorization request was denied.
 		if (Boolean.TRUE.equals(deviceCode.getMetadata(OAuth2Authorization.Token.ACCESS_DENIED_METADATA_NAME))) {
-			OAuth2Error error = new OAuth2Error("access_denied", null, DEVICE_ERROR_URI);
+			OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.ACCESS_DENIED, null, DEVICE_ERROR_URI);
 			throw new OAuth2AuthenticationException(error);
 		}
 
@@ -144,7 +146,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
 		//      authorization request but SHOULD wait for user interaction before
 		//      restarting to avoid unnecessary polling.
 		if (deviceCode.isExpired()) {
-			OAuth2Error error = new OAuth2Error("expired_token", null, DEVICE_ERROR_URI);
+			OAuth2Error error = new OAuth2Error(EXPIRED_TOKEN, null, DEVICE_ERROR_URI);
 			throw new OAuth2AuthenticationException(error);
 		}
 
@@ -165,7 +167,7 @@ public final class OAuth2DeviceCodeAuthenticationProvider implements Authenticat
 		//      increase in the polling interval required by the "slow_down"
 		//      error.
 		if (!Boolean.TRUE.equals(deviceCode.getMetadata(OAuth2Authorization.Token.ACCESS_GRANTED_METADATA_NAME))) {
-			OAuth2Error error = new OAuth2Error("authorization_pending", null, DEVICE_ERROR_URI);
+			OAuth2Error error = new OAuth2Error(AUTHORIZATION_PENDING, null, DEVICE_ERROR_URI);
 			throw new OAuth2AuthenticationException(error);
 		}
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceVerificationAuthenticationProvider.java

@@ -62,7 +62,7 @@ import org.springframework.util.Assert;
  */
 public final class OAuth2DeviceVerificationAuthenticationProvider implements AuthenticationProvider {
 
-	private static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
+	static final OAuth2TokenType USER_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.USER_CODE);
 	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =
 			new Base64StringKeyGenerator(Base64.getUrlEncoder());
 
@@ -154,7 +154,7 @@ public final class OAuth2DeviceVerificationAuthenticationProvider implements Aut
 		OAuth2Authorization.Token<OAuth2UserCode> userCode = authorization.getToken(OAuth2UserCode.class);
 		OAuth2Authorization updatedAuthorization = OAuth2Authorization.from(authorization)
 				.principalName(principal.getName())
-				.authorizedScopes(currentAuthorizedScopes)
+				.authorizedScopes(authorizationRequest.getScopes())
 				.token(deviceCode.getToken(), metadata -> metadata
 						.put(OAuth2Authorization.Token.ACCESS_GRANTED_METADATA_NAME, true))
 				.token(userCode.getToken(), metadata -> metadata

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceAuthorizationEndpointFilter.java

@@ -70,7 +70,7 @@ import org.springframework.web.util.UriComponentsBuilder;
  */
 public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerRequestFilter {
 
-	private static final String DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI = "/oauth2/device_authorize";
+	private static final String DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI = "/oauth2/device_authorization";
 
 	private static final String DEFAULT_DEVICE_VERIFICATION_URI = "/oauth2/device_verification";
 
@@ -88,10 +88,10 @@ public final class OAuth2DeviceAuthorizationEndpointFilter extends OncePerReques
 	private String verificationUri = DEFAULT_DEVICE_VERIFICATION_URI;
 
 	/**
-     * Constructs an {@code OAuth2DeviceAuthorizationEndpointFilter} using the provided parameters.
-     *
-     * @param authenticationManager the authentication manager
-     */
+	 * Constructs an {@code OAuth2DeviceAuthorizationEndpointFilter} using the provided parameters.
+	 *
+	 * @param authenticationManager the authentication manager
+	 */
 	public OAuth2DeviceAuthorizationEndpointFilter(AuthenticationManager authenticationManager) {
 		this(authenticationManager, DEFAULT_DEVICE_AUTHORIZATION_ENDPOINT_URI);
 	}

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/OAuth2DeviceVerificationEndpointFilter.java

@@ -79,6 +79,8 @@ import org.springframework.web.util.UriComponentsBuilder;
  */
 public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequestFilter {
 
+	private static final String DEFAULT_DEVICE_VERIFICATION_URI = "/oauth2/device_verification";
+
 	private final AuthenticationManager authenticationManager;
 	private final RequestMatcher deviceVerificationEndpointMatcher;
 	private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@@ -90,7 +92,24 @@ public final class OAuth2DeviceVerificationEndpointFilter extends OncePerRequest
 	private AuthenticationFailureHandler authenticationFailureHandler = this::sendErrorResponse;
 	private String consentPage;
 
+	/**
+	 * Construct an {@code OAuth2DeviceVerificationEndpointFilter} using the provided parameters.
+	 *
+	 * @param authenticationManager the authentication manager
+	 */
+	public OAuth2DeviceVerificationEndpointFilter(AuthenticationManager authenticationManager) {
+		this(authenticationManager, DEFAULT_DEVICE_VERIFICATION_URI);
+	}
+
+	/**
+	 * Construct an {@code OAuth2DeviceVerificationEndpointFilter} using the provided parameters.
+	 *
+	 * @param authenticationManager the authentication manager
+	 * @param deviceVerificationEndpointUri the endpoint {@code URI} for device verification requests
+	 */
 	public OAuth2DeviceVerificationEndpointFilter(AuthenticationManager authenticationManager, String deviceVerificationEndpointUri) {
+		Assert.notNull(authenticationManager, "authenticationManager cannot be null");
+		Assert.hasText(deviceVerificationEndpointUri, "deviceVerificationEndpointUri cannot be empty");
 		this.authenticationManager = authenticationManager;
 		this.deviceVerificationEndpointMatcher = createDefaultRequestMatcher(deviceVerificationEndpointUri);
 		this.authenticationConverter = new DelegatingAuthenticationConverter(

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationConsentAuthenticationConverter.java

@@ -75,7 +75,10 @@ public final class OAuth2DeviceAuthorizationConsentAuthenticationConverter imple
 		// client_id (REQUIRED)
 		String clientId = parameters.getFirst(OAuth2ParameterNames.CLIENT_ID);
 		if (!StringUtils.hasText(clientId) || parameters.get(OAuth2ParameterNames.CLIENT_ID).size() != 1) {
-			OAuth2EndpointUtils.throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.CLIENT_ID, DEFAULT_ERROR_URI);
+			OAuth2EndpointUtils.throwError(
+					OAuth2ErrorCodes.INVALID_REQUEST,
+					OAuth2ParameterNames.CLIENT_ID,
+					DEFAULT_ERROR_URI);
 		}
 
 		Authentication principal = SecurityContextHolder.getContext().getAuthentication();

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceAuthorizationRequestAuthenticationConverter.java

@@ -28,6 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationRequestAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceAuthorizationEndpointFilter;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
@@ -40,6 +41,9 @@ import org.springframework.util.StringUtils;
  *
  * @author Steve Riesenberg
  * @since 1.1
+ * @see AuthenticationConverter
+ * @see OAuth2DeviceAuthorizationRequestAuthenticationToken
+ * @see OAuth2DeviceAuthorizationEndpointFilter
  */
 public final class OAuth2DeviceAuthorizationRequestAuthenticationConverter implements AuthenticationConverter {
 

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceCodeAuthenticationConverter.java

@@ -26,7 +26,7 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken;
-import org.springframework.security.oauth2.server.authorization.web.OAuth2DeviceAuthorizationEndpointFilter;
+import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
 import org.springframework.security.web.authentication.AuthenticationConverter;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
@@ -41,7 +41,7 @@ import org.springframework.util.StringUtils;
  * @since 1.1
  * @see AuthenticationConverter
  * @see OAuth2DeviceCodeAuthenticationToken
- * @see OAuth2DeviceAuthorizationEndpointFilter
+ * @see OAuth2TokenEndpointFilter
  */
 public final class OAuth2DeviceCodeAuthenticationConverter implements AuthenticationConverter {