6 yıl önce · d878dbf30e
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidator.java
@@ -55,10 +55,10 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 
				 	public OAuth2TokenValidatorResult validate(Jwt idToken) {
			
 
				 		// 3.1.3.7  ID Token Validation
			
 
				 		// http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
			
 
				-		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
			
 
				 
			
 
				-		if (!invalidClaims.isEmpty()){
			
 
				-			return  OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
			
 
				+		Map<String, Object> invalidClaims = validateRequiredClaims(idToken);
			
 
				+		if (!invalidClaims.isEmpty()) {
			
 
				+			return OAuth2TokenValidatorResult.failure(invalidIdToken(invalidClaims));
			
 
				 		}
			
 
				 
			
 
				 		// 2. The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery)
			
@@ -121,13 +121,14 @@ public final class OidcIdTokenValidator implements OAuth2TokenValidator<Jwt> {
 
				 
			
 
				 	private static OAuth2Error invalidIdToken(Map<String, Object> invalidClaims) {
			
 
				 		String claimsDetail = invalidClaims.entrySet().stream()
			
 
				-				.map(it -> it.getKey()+ "("+it.getValue()+")")
			
 
				+				.map(it -> it.getKey() + " (" + it.getValue() + ")")
			
 
				 				.collect(Collectors.joining(", "));
			
 
				-
			
 
				-		return new OAuth2Error("invalid_id_token", "The ID Token contains invalid claims: "+claimsDetail, null);
			
 
				+		return new OAuth2Error("invalid_id_token",
			
 
				+				"The ID Token contains invalid claims: " + claimsDetail,
			
 
				+				"https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation");
			
 
				 	}
			
 
				 
			
 
				-	private static Map<String, Object>  validateRequiredClaims(Jwt idToken){
			
 
				+	private static Map<String, Object> validateRequiredClaims(Jwt idToken) {
			
 
				 		Map<String, Object> requiredClaims = new HashMap<>();
			
 
				 
			
 
				 		URL issuer = idToken.getIssuer();
			
--- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
+++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenValidatorTests.java
@@ -66,7 +66,6 @@ public class OidcIdTokenValidatorTests {
 
				 				.hasSize(1)
			
 
				 				.extracting(OAuth2Error::getDescription)
			
 
				 				.allMatch(msg -> msg.contains(IdTokenClaimNames.ISS));
			
 
				-
			
 
				 	}
			
 
				 
			
 
				 	@Test
			
@@ -194,17 +193,6 @@ public class OidcIdTokenValidatorTests {
 
				 				.allMatch(msg -> msg.contains(IdTokenClaimNames.EXP));
			
 
				 	}
			
 
				 
			
 
				-	@Test(expected = IllegalArgumentException.class)
			
 
				-	public void validateIdTokenWhenNoClaimsThenHasErrors() {
			
 
				-		this.claims.remove(IdTokenClaimNames.ISS);
			
 
				-		this.claims.remove(IdTokenClaimNames.SUB);
			
 
				-		this.claims.remove(IdTokenClaimNames.AUD);
			
 
				-		this.issuedAt = null;
			
 
				-		this.expiresAt = null;
			
 
				-		assertThat(this.validateIdToken())
			
 
				-				.hasSize(1);
			
 
				-	}
			
 
				-
			
 
				 	private Collection<OAuth2Error> validateIdToken() {
			
 
				 		Jwt idToken = new Jwt("token123", this.issuedAt, this.expiresAt, this.headers, this.claims);
			
 
				 		OidcIdTokenValidator validator = new OidcIdTokenValidator(this.registration.build());