Home Explore Help
Register Sign In
github
/
spring-authorization-server
mirror of https://github.com/spring-projects/spring-authorization-server
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add token revocation endpoint to OIDC Provider Configuration endpoint

Closes gh-687
Gyeongwon, Do 3 years ago
parent
c75b8a1cb9
commit
d6ff0f3fc7
2 changed files with 6 additions and 0 deletions
Unified View Show Diff Stats
  1. 2 0
      oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java
  2. 4 0
      oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java

+ 2 - 0
oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java
View File 

@@ -93,6 +93,8 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
 
 				.grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())
 
 				.grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())
 
 				.grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
 
 				.grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())
 
 				.grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue())
 
 				.grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue())
 
+				.tokenRevocationEndpoint(asUrl(issuer, this.providerSettings.getTokenRevocationEndpoint()))
 
+				.tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods())
 
 				.subjectType("public")
 
 				.subjectType("public")
 
 				.idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName())
 
 				.idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName())
 
 				.scope(OidcScopes.OPENID)
 
 				.scope(OidcScopes.OPENID)

+ 4 - 0
oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java
View File 

@@ -95,6 +95,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
 
 		String tokenEndpoint = "/oauth2/v1/token";
 
 		String tokenEndpoint = "/oauth2/v1/token";
 
 		String jwkSetEndpoint = "/oauth2/v1/jwks";
 
 		String jwkSetEndpoint = "/oauth2/v1/jwks";
 
 		String userInfoEndpoint = "/userinfo";
 
 		String userInfoEndpoint = "/userinfo";
 
+		String tokenRevocationEndpoint = "/oauth2/v1/revoke";
 
 
 
 		ProviderSettings providerSettings = ProviderSettings.builder()
 
 		ProviderSettings providerSettings = ProviderSettings.builder()
 
 				.issuer(issuer)
 
 				.issuer(issuer)
 
@@ -102,6 +103,7 @@ public class OidcProviderConfigurationEndpointFilterTests {
 
 				.tokenEndpoint(tokenEndpoint)
 
 				.tokenEndpoint(tokenEndpoint)
 
 				.jwkSetEndpoint(jwkSetEndpoint)
 
 				.jwkSetEndpoint(jwkSetEndpoint)
 
 				.oidcUserInfoEndpoint(userInfoEndpoint)
 
 				.oidcUserInfoEndpoint(userInfoEndpoint)
 
+				.tokenRevocationEndpoint(tokenRevocationEndpoint)
 
 				.build();
 
 				.build();
 
 		ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null));
 
 		ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null));
 
 		OidcProviderConfigurationEndpointFilter filter =
 
 		OidcProviderConfigurationEndpointFilter filter =
 
@@ -126,6 +128,8 @@ public class OidcProviderConfigurationEndpointFilterTests {
 
 		assertThat(providerConfigurationResponse).contains("\"scopes_supported\":[\"openid\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"scopes_supported\":[\"openid\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"response_types_supported\":[\"code\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"response_types_supported\":[\"code\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]");
 
+		assertThat(providerConfigurationResponse).contains("\"revocation_endpoint\":\"https://example.com/issuer1/oauth2/v1/revoke\"");
 
+		assertThat(providerConfigurationResponse).contains("\"revocation_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"subject_types_supported\":[\"public\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"subject_types_supported\":[\"public\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"id_token_signing_alg_values_supported\":[\"RS256\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"id_token_signing_alg_values_supported\":[\"RS256\"]");
 
 		assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/issuer1/userinfo\"");
 
 		assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/issuer1/userinfo\"");