1 mês atrás · d5010b5b30
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java
@@ -215,7 +215,10 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
 
				 		// ----- Refresh token -----
			
 
				 		OAuth2RefreshToken currentRefreshToken = refreshToken.getToken();
			
 
				 		if (!registeredClient.getTokenSettings().isReuseRefreshTokens()) {
			
 
				-			tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
			
 
				+			tokenContext = tokenContextBuilder
			
 
				+					.tokenType(OAuth2TokenType.REFRESH_TOKEN)
			
 
				+					.authorization(authorizationBuilder.build()) // allows refresh token to retrieve access token
			
 
				+					.build();
			
 
				 			OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
			
 
				 			if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
			
 
				 				OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
			
@@ -253,8 +256,8 @@ public final class OAuth2RefreshTokenAuthenticationProvider implements Authentic
 
				 
			
 
				 			idToken = new OidcIdToken(generatedIdToken.getTokenValue(), generatedIdToken.getIssuedAt(),
			
 
				 					generatedIdToken.getExpiresAt(), ((Jwt) generatedIdToken).getClaims());
			
 
				-			authorizationBuilder.token(idToken,
			
 
				-					(metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
			
 
				+			authorizationBuilder.token(idToken, metadata ->
			
 
				+					metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
			
 
				 		}
			
 
				 		else {
			
 
				 			idToken = null;
			
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java
@@ -22,6 +22,7 @@ import java.util.Collections;
 
				 import java.util.Date;
			
 
				 import java.util.HashMap;
			
 
				 import java.util.HashSet;
			
 
				+import java.util.List;
			
 
				 import java.util.Map;
			
 
				 import java.util.Set;
			
 
				 import java.util.UUID;
			
@@ -328,6 +329,14 @@ public class OAuth2RefreshTokenAuthenticationProviderTests {
 
				 		OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider
			
 
				 			.authenticate(authentication);
			
 
				 
			
 
				+		ArgumentCaptor<OAuth2TokenContext> oAuth2TokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
			
 
				+		verify(this.tokenGenerator, times(2)).generate(oAuth2TokenContextCaptor.capture());
			
 
				+		// tokenGenerator is first invoked for generating a new access token and then for generating the refresh token for this access token
			
 
				+		List<OAuth2TokenContext> tokenContexts = oAuth2TokenContextCaptor.getAllValues();
			
 
				+		assertThat(tokenContexts).hasSize(2);
			
 
				+		assertThat(tokenContexts.get(0).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("access-token");
			
 
				+		assertThat(tokenContexts.get(1).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("refreshed-access-token");
			
 
				+
			
 
				 		ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
			
 
				 		verify(this.authorizationService).save(authorizationCaptor.capture());
			
 
				 		OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();