|
@@ -218,7 +218,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
|
|
|
|
|
|
|
|
Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
|
|
Spring Security does the necessary work to make sure that the `OidcUser` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
|
|
|
|
|
|
|
|
-Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into an `WebSessionOAuth2ServerAuthorizedClientRepository`.
|
|
|
|
|
|
|
+Further, it also links that `OidcUser` to a simple instance of `OAuth2AuthorizedClient` that it deposits into a mock `ServerOAuth2AuthorizedClientRepository`.
|
|
|
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..
|
|
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>..
|
|
|
|
|
|
|
|
[[webflux-testing-oidc-login-authorities]]
|
|
[[webflux-testing-oidc-login-authorities]]
|
|
@@ -339,7 +339,7 @@ assertThat(user.getAuthorities()).containsExactly(new SimpleGrantedAuthority("SC
|
|
|
|
|
|
|
|
Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
|
|
Spring Security does the necessary work to make sure that the `OAuth2User` instance is available for <<mvc-authentication-principal,the `@AuthenticationPrincipal` annotation>>.
|
|
|
|
|
|
|
|
-Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in an `WebSessionOAuth2ServerAuthorizedClientRepository`.
|
|
|
|
|
|
|
+Further, it also links that `OAuth2User` to a simple instance of `OAuth2AuthorizedClient` that it deposits in a mock `ServerOAuth2AuthorizedClientRepository`.
|
|
|
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.
|
|
This can be handy if your tests <<webflux-testing-oauth2-client,use the `@RegisteredOAuth2AuthorizedClient` annotation>>.
|
|
|
|
|
|
|
|
[[webflux-testing-oauth2-login-authorities]]
|
|
[[webflux-testing-oauth2-login-authorities]]
|
|
@@ -431,7 +431,7 @@ public Mono<String> foo(@RegisteredOAuth2AuthorizedClient("my-app") OAuth2Author
|
|
|
----
|
|
----
|
|
|
|
|
|
|
|
Simulating this handshake with the authorization server could be cumbersome.
|
|
Simulating this handshake with the authorization server could be cumbersome.
|
|
|
-Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into an `WebSessionOAuth2ServerAuthorizedClientRepository`:
|
|
|
|
|
|
|
+Instead, you can use `SecurityMockServerConfigurers#oauth2Client` to add a `OAuth2AuthorizedClient` into a mock `ServerOAuth2AuthorizedClientRepository`:
|
|
|
|
|
|
|
|
[source,java]
|
|
[source,java]
|
|
|
----
|
|
----
|
|
@@ -440,19 +440,6 @@ client
|
|
|
.get().uri("/endpoint").exchange();
|
|
.get().uri("/endpoint").exchange();
|
|
|
----
|
|
----
|
|
|
|
|
|
|
|
-If your application isn't already using an `WebSessionOAuth2ServerAuthorizedClientRepository`, then you can supply one as a `@TestConfiguration`:
|
|
|
|
|
-
|
|
|
|
|
-[source,java]
|
|
|
|
|
-----
|
|
|
|
|
-@TestConfiguration
|
|
|
|
|
-static class AuthorizedClientConfig {
|
|
|
|
|
- @Bean
|
|
|
|
|
- OAuth2ServerAuthorizedClientRepository authorizedClientRepository() {
|
|
|
|
|
- return new WebSessionOAuth2ServerAuthorizedClientRepository();
|
|
|
|
|
- }
|
|
|
|
|
-}
|
|
|
|
|
-----
|
|
|
|
|
-
|
|
|
|
|
What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.
|
|
What this will do is create an `OAuth2AuthorizedClient` that has a simple `ClientRegistration`, `OAuth2AccessToken`, and resource owner name.
|
|
|
|
|
|
|
|
Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
|
|
Specifically, it will include a `ClientRegistration` with a client id of "test-client" and client secret of "test-secret":
|
|
@@ -478,8 +465,7 @@ assertThat(authorizedClient.getAccessToken().getScopes()).hasSize(1);
|
|
|
assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
|
|
assertThat(authorizedClient.getAccessToken().getScopes()).containsExactly("read");
|
|
|
----
|
|
----
|
|
|
|
|
|
|
|
-Spring Security does the necessary work to make sure that the `OAuth2AuthorizedClient` instance is available in the associated `HttpSession`.
|
|
|
|
|
-That means that it can be retrieved from an `WebSessionOAuth2ServerAuthorizedClientRepository`.
|
|
|
|
|
|
|
+The client can then be retrieved as normal using `@RegisteredOAuth2AuthorizedClient` in a controller method.
|
|
|
|
|
|
|
|
[[webflux-testing-oauth2-client-scopes]]
|
|
[[webflux-testing-oauth2-client-scopes]]
|
|
|
==== Configuring Scopes
|
|
==== Configuring Scopes
|
Josh Cummings