Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

DefaultServerOAuth2AuthorizationRequestResolver requireProofKey support

When requireProofKey=true, DefaultServerOAuth2AuthorizationRequestResolver
enables PKCE support.

Issue gh-16382
Rob Winch 7 months ago
parent
8d3e0844c5
commit
0ed7b18f42
2 changed files with 17 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
  2. 15 0
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java

+ 2 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolver.java
View File 

@@ -196,7 +196,8 @@ public class DefaultServerOAuth2AuthorizationRequestResolver implements ServerOA
 
 				// value.
 
 				applyNonce(builder);
 
 			}
 
-			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())) {
 
+			if (ClientAuthenticationMethod.NONE.equals(clientRegistration.getClientAuthenticationMethod())
 
+					|| clientRegistration.getClientSettings().isRequireProofKey()) {
 
 				DEFAULT_PKCE_APPLIER.accept(builder);
 
 			}
 
 			return builder;

+ 15 - 0
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/web/server/DefaultServerOAuth2AuthorizationRequestResolverTests.java
View File 

@@ -27,6 +27,7 @@ import org.springframework.http.HttpStatus;
 
 import org.springframework.mock.http.server.reactive.MockServerHttpRequest;
 
 import org.springframework.mock.web.server.MockServerWebExchange;
 
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 
+import org.springframework.security.oauth2.client.registration.ClientSettings;
 
 import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
 
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
 
@@ -169,6 +170,20 @@ public class DefaultServerOAuth2AuthorizationRequestResolverTests {
 
 		assertPkceNotApplied(request, registration2);
 
 	}
 
 
+	@Test
 
+	void resolveWhenRequireProofKeyTrueThenPkceEnabled() {
 
+		ClientSettings pkceEnabled = ClientSettings.builder().requireProofKey(true).build();
 
+		ClientRegistration clientWithPkceEnabled = TestClientRegistrations.clientRegistration()
 
+			.clientSettings(pkceEnabled)
 
+			.build();
 
+		given(this.clientRegistrationRepository.findByRegistrationId(any()))
 
+			.willReturn(Mono.just(clientWithPkceEnabled));
 
+
 
+		OAuth2AuthorizationRequest request = resolve(
 
+				"/oauth2/authorization/" + clientWithPkceEnabled.getRegistrationId());
 
+		assertPkceApplied(request, clientWithPkceEnabled);
 
+	}
 
+
 
 	private void assertPkceApplied(OAuth2AuthorizationRequest authorizationRequest,
 
 			ClientRegistration clientRegistration) {
 
 		assertThat(authorizationRequest.getAdditionalParameters()).containsKey(PkceParameterNames.CODE_CHALLENGE);