Remove httpSecurity.oauth2Login().userInfoEndpoint().userNameAttributeName()

Related gh-4580

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeAuthenticationFilterConfigurer.java

@@ -65,7 +65,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 	private SecurityTokenRepository<AccessToken> accessTokenRepository;
 	private OAuth2UserService userInfoService;
 	private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap<>();
-	private Map<URI, String> userNameAttributeNames = new HashMap<>();
 	private GrantedAuthoritiesMapper userAuthoritiesMapper;
 
 	AuthorizationCodeAuthenticationFilterConfigurer() {
@@ -105,13 +104,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 		return this;
 	}
 
-	AuthorizationCodeAuthenticationFilterConfigurer<H, R> userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
-		Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
-		Assert.notNull(userInfoUri, "userInfoUri cannot be null");
-		this.userNameAttributeNames.put(userInfoUri, userNameAttributeName);
-		return this;
-	}
-
 	AuthorizationCodeAuthenticationFilterConfigurer<H, R> userAuthoritiesMapper(GrantedAuthoritiesMapper userAuthoritiesMapper) {
 		Assert.notNull(userAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
 		this.userAuthoritiesMapper = userAuthoritiesMapper;
@@ -135,7 +127,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 
 	@Override
 	public void init(H http) throws Exception {
-		this.initUserNameAttributeNames();
 		AuthorizationCodeAuthenticationProvider authenticationProvider = new AuthorizationCodeAuthenticationProvider(
 			this.getAuthorizationCodeTokenExchanger(), this.getAccessTokenRepository(),
 			this.getProviderJwtDecoderRegistry(), this.getUserInfoService());
@@ -163,20 +154,6 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 			this.authorizationResponseMatcher : this.getAuthenticationFilter().getAuthorizationResponseMatcher());
 	}
 
-	private void initUserNameAttributeNames() {
-		OAuth2LoginConfigurer.getClientRegistrationRepository(this.getBuilder()).getRegistrations().forEach(registration -> {
-			if (StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUri()) &&
-				StringUtils.hasText(registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName())) {
-
-				URI userInfoUri = URI.create(registration.getProviderDetails().getUserInfoEndpoint().getUri());
-				if (!this.userNameAttributeNames.containsKey(userInfoUri)) {
-					this.userNameAttributeNames.put(
-						userInfoUri, registration.getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName());
-				}
-			}
-		});
-	}
-
 	private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
 		if (this.authorizationCodeTokenExchanger == null) {
 			this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
@@ -229,9 +206,7 @@ final class AuthorizationCodeAuthenticationFilterConfigurer<H extends HttpSecuri
 	private OAuth2UserService getUserInfoService() {
 		if (this.userInfoService == null) {
 			List<OAuth2UserService> oauth2UserServices = new ArrayList<>();
-			if (!this.userNameAttributeNames.isEmpty()) {
-				oauth2UserServices.add(new DefaultOAuth2UserService(this.userNameAttributeNames));
-			}
+			oauth2UserServices.add(new DefaultOAuth2UserService());
 			if (this.isOidcClientRegistered()) {
 				oauth2UserServices.add(new OidcUserService());
 			}

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -20,14 +20,14 @@ import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
-import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
-import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
-import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
 import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
 import org.springframework.security.oauth2.client.user.OAuth2UserService;
+import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
 import org.springframework.security.oauth2.core.AccessToken;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
@@ -194,13 +194,6 @@ public final class OAuth2LoginConfigurer<H extends HttpSecurityBuilder<H>> exten
 			return this;
 		}
 
-		public UserInfoEndpointConfig userNameAttributeName(String userNameAttributeName, URI userInfoUri) {
-			Assert.hasText(userNameAttributeName, "userNameAttributeName cannot be empty");
-			Assert.notNull(userInfoUri, "userInfoUri cannot be null");
-			OAuth2LoginConfigurer.this.authorizationCodeAuthenticationFilterConfigurer.userNameAttributeName(userNameAttributeName, userInfoUri);
-			return this;
-		}
-
 		public OAuth2LoginConfigurer<H> and() {
 			return OAuth2LoginConfigurer.this;
 		}

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/user/DefaultOAuth2UserService.java

@@ -18,17 +18,16 @@ package org.springframework.security.oauth2.client.user;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 
-import java.net.URI;
-import java.util.Collections;
 import java.util.HashSet;
-import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
 
@@ -36,8 +35,8 @@ import java.util.Set;
  * An implementation of an {@link OAuth2UserService} that supports standard <i>OAuth 2.0 Provider's</i>.
  * <p>
  * For standard <i>OAuth 2.0 Provider's</i>, the attribute name (from the <i>UserInfo Response</i>)
- * for the <i>&quot;user's name&quot;</i> is required. This is supplied via the constructor,
- * mapped by <code>URI</code>, which represents the <i>UserInfo Endpoint</i> address.
+ * for the <i>&quot;user's name&quot;</i> is required and therefore must be supplied via
+ * {@link ClientRegistration.ProviderDetails.UserInfoEndpoint#getUserNameAttributeName()}.
  * <p>
  * <b>NOTE:</b> Attribute names are <b><i>not</i></b> standardized between providers and therefore will vary.
  * Please consult the provider's API documentation for the set of supported user attribute names.
@@ -52,12 +51,9 @@ import java.util.Set;
  * @see UserInfoRetriever
  */
 public class DefaultOAuth2UserService implements OAuth2UserService {
-	private final Map<URI, String> userNameAttributeNames;
 	private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
 
-	public DefaultOAuth2UserService(Map<URI, String> userNameAttributeNames) {
-		Assert.notEmpty(userNameAttributeNames, "userNameAttributeNames cannot be empty");
-		this.userNameAttributeNames = Collections.unmodifiableMap(new LinkedHashMap<>(userNameAttributeNames));
+	public DefaultOAuth2UserService() {
 	}
 
 	@Override
@@ -66,12 +62,12 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
 			return null;
 		}
 
-		URI userInfoUri = URI.create(clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
-		if (!this.getUserNameAttributeNames().containsKey(userInfoUri)) {
+		String userNameAttributeName = clientAuthentication.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
+		if (!StringUtils.hasText(userNameAttributeName)) {
 			throw new IllegalArgumentException(
-				"Missing required \"user name\" attribute name for UserInfo Endpoint: " + userInfoUri.toString());
+				"Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " +
+					clientAuthentication.getClientRegistration().getRegistrationId());
 		}
-		String userNameAttributeName = this.getUserNameAttributeNames().get(userInfoUri);
 
 		Map<String, Object> userAttributes = this.getUserInfoRetriever().retrieve(clientAuthentication);
 		GrantedAuthority authority = new OAuth2UserAuthority(userAttributes);
@@ -81,10 +77,6 @@ public class DefaultOAuth2UserService implements OAuth2UserService {
 		return new DefaultOAuth2User(authorities, userAttributes, userNameAttributeName);
 	}
 
-	protected Map<URI, String> getUserNameAttributeNames() {
-		return this.userNameAttributeNames;
-	}
-
 	protected UserInfoRetriever getUserInfoRetriever() {
 		return this.userInfoRetriever;
 	}