Rename AuthorizationGrantTokenExchanger -> OAuth2AccessTokenResponseClient

Fixes gh-4741

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -62,7 +62,7 @@ import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
 import org.springframework.security.web.DefaultSecurityFilterChain;
 import org.springframework.security.web.PortMapper;
@@ -945,8 +945,8 @@ public final class HttpSecurity extends
 	 *
 	 * <p>
 	 * At this point in the <i>&quot;authentication flow&quot;</i>, the configured
-	 * {@link AuthorizationGrantTokenExchanger}
-	 * will exchange the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
+	 * {@link OAuth2AccessTokenResponseClient}
+	 * will getTokenResponse the <i>Authorization Code</i> for an <i>Access Token</i> and then use it to access the protected resource
 	 * at the <i>UserInfo Endpoint</i> (via {@link org.springframework.security.oauth2.client.user.OAuth2UserService})
 	 * in order to retrieve the details of the <i>Resource Owner</i> (end-user) and establish the <i>&quot;authenticated&quot;</i> session.
 	 *
@@ -992,7 +992,7 @@ public final class HttpSecurity extends
 	 * 			.oauth2Login()
 	 * 				.clients(this.clientRegistrationRepository())
 	 * 				.authorizationRequestUriBuilder(this.authorizationRequestUriBuilder())
-	 * 				.authorizationCodeTokenExchanger(this.authorizationCodeTokenExchanger())
+	 * 				.accessTokenResponseClient(this.accessTokenResponseClient())
 	 * 				.userInfoEndpoint()
 	 * 					.userInfoService(this.userInfoService())
 	 * 				.userInfoEndpoint()
@@ -1014,7 +1014,7 @@ public final class HttpSecurity extends
 	 * 	}
 	 *
 	 * 	&#064;Bean
-	 * 	public AuthorizationGrantTokenExchanger&lt;OAuth2LoginAuthenticationToken&gt; authorizationCodeTokenExchanger() {
+	 * 	public OAuth2AccessTokenResponseClient&lt;OAuth2LoginAuthenticationToken&gt; accessTokenResponseClient() {
 	 * 		// Custom implementation that exchanges an &quot;Authorization Code Grant&quot; for an &quot;Access Token&quot;
 	 * 		return new AuthorizationCodeTokenExchangerImpl();
 	 * 	}
@@ -1041,7 +1041,7 @@ public final class HttpSecurity extends
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 	 * @see AuthorizationRequestUriBuilder
-	 * @see AuthorizationGrantTokenExchanger
+	 * @see OAuth2AccessTokenResponseClient
 	 * @see org.springframework.security.oauth2.client.user.OAuth2UserService
 	 *
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -23,9 +23,9 @@ import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMap
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationProvider;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.AuthorizationRequestUriBuilder;
-import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
 import org.springframework.security.oauth2.client.jwt.NimbusJwtDecoderRegistry;
@@ -131,17 +131,17 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 	}
 
 	public class TokenEndpointConfig {
-		private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
+		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 		private JwtDecoderRegistry jwtDecoderRegistry;
 
 		private TokenEndpointConfig() {
 		}
 
-		public TokenEndpointConfig authorizationCodeTokenExchanger(
-			AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger) {
+		public TokenEndpointConfig accessTokenResponseClient(
+			OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient) {
 
-			Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
-			this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+			Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
+			this.accessTokenResponseClient = accessTokenResponseClient;
 			return this;
 		}
 
@@ -225,10 +225,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 
 		super.init(http);
 
-		AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger =
-			this.tokenEndpointConfig.authorizationCodeTokenExchanger;
-		if (authorizationCodeTokenExchanger == null) {
-			authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
+		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient =
+			this.tokenEndpointConfig.accessTokenResponseClient;
+		if (accessTokenResponseClient == null) {
+			accessTokenResponseClient = new NimbusAuthorizationCodeTokenResponseClient();
 		}
 
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> oauth2UserService = this.userInfoEndpointConfig.userService;
@@ -249,7 +249,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		}
 
 		OAuth2LoginAuthenticationProvider oauth2LoginAuthenticationProvider =
-			new OAuth2LoginAuthenticationProvider(authorizationCodeTokenExchanger, oauth2UserService);
+			new OAuth2LoginAuthenticationProvider(accessTokenResponseClient, oauth2UserService);
 		if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
 			oauth2LoginAuthenticationProvider.setAuthoritiesMapper(
 				this.userInfoEndpointConfig.userAuthoritiesMapper);
@@ -259,7 +259,7 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>> exten
 		OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService = new OidcUserService();
 		OidcAuthorizationCodeAuthenticationProvider oidcAuthorizationCodeAuthenticationProvider =
 			new OidcAuthorizationCodeAuthenticationProvider(
-				authorizationCodeTokenExchanger, oidcUserService, jwtDecoderRegistry);
+				accessTokenResponseClient, oidcUserService, jwtDecoderRegistry);
 		if (this.userInfoEndpointConfig.userAuthoritiesMapper != null) {
 			oidcAuthorizationCodeAuthenticationProvider.setAuthoritiesMapper(
 				this.userInfoEndpointConfig.userAuthoritiesMapper);

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationProvider.java

@@ -20,7 +20,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
 import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
@@ -50,7 +50,7 @@ import java.util.Collection;
  * @author Joe Grandja
  * @since 5.0
  * @see OAuth2LoginAuthenticationToken
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
  * @see OAuth2UserService
  * @see OAuth2User
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code Grant Flow</a>
@@ -60,17 +60,17 @@ import java.util.Collection;
 public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider {
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
 	private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
-	private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
+	private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 	private final OAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
 	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
 
 	public OAuth2LoginAuthenticationProvider(
-		AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger,
+		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
 		OAuth2UserService<OAuth2UserRequest, OAuth2User> userService) {
 
-		Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
+		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		Assert.notNull(userService, "userService cannot be null");
-		this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+		this.accessTokenResponseClient = accessTokenResponseClient;
 		this.userService = userService;
 	}
 
@@ -110,7 +110,7 @@ public class OAuth2LoginAuthenticationProvider implements AuthenticationProvider
 		}
 
 		OAuth2AccessTokenResponse accessTokenResponse =
-			this.authorizationCodeTokenExchanger.exchange(
+			this.accessTokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(
 					authorizationCodeAuthentication.getClientRegistration(),
 					authorizationCodeAuthentication.getAuthorizationExchange()));

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.java

@@ -48,7 +48,7 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * An implementation of an {@link AuthorizationGrantTokenExchanger} that <i>&quot;exchanges&quot;</i>
+ * An implementation of an {@link OAuth2AccessTokenResponseClient} that <i>&quot;exchanges&quot;</i>
  * an <i>Authorization Code</i> credential for an <i>Access Token</i> credential
  * at the Authorization Server's <i>Token Endpoint</i>.
  *
@@ -57,18 +57,18 @@ import java.util.Set;
  *
  * @author Joe Grandja
  * @since 5.0
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
  * @see OAuth2AuthorizationCodeGrantRequest
  * @see OAuth2AccessTokenResponse
  * @see <a target="_blank" href="https://connect2id.com/products/nimbus-oauth-openid-connect-sdk">Nimbus OAuth 2.0 SDK</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
  */
-public class NimbusAuthorizationCodeTokenExchanger implements AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> {
+public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
 	private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
 
 	@Override
-	public OAuth2AccessTokenResponse exchange(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
+	public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest authorizationGrantRequest)
 			throws OAuth2AuthenticationException {
 
 		ClientRegistration clientRegistration = authorizationGrantRequest.getClientRegistration();

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AuthorizationGrantTokenExchanger.java → oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AccessTokenResponseClient.java

@@ -34,8 +34,8 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenRespon
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.3">Section 4.1.3 Access Token Request (Authorization Code Grant)</a>
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.1.4">Section 4.1.4 Access Token Response (Authorization Code Grant)</a>
  */
-public interface AuthorizationGrantTokenExchanger<T extends AbstractOAuth2AuthorizationGrantRequest>  {
+public interface OAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest>  {
 
-	OAuth2AccessTokenResponse exchange(T authorizationGrantRequest) throws OAuth2AuthenticationException;
+	OAuth2AccessTokenResponse getTokenResponse(T authorizationGrantRequest) throws OAuth2AuthenticationException;
 
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeAuthenticationProvider.java

@@ -21,7 +21,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
 import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.jwt.JwtDecoderRegistry;
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
@@ -63,7 +63,7 @@ import java.util.List;
  * @author Joe Grandja
  * @since 5.0
  * @see OidcAuthorizationCodeAuthenticationToken
- * @see AuthorizationGrantTokenExchanger
+ * @see OAuth2AccessTokenResponseClient
  * @see OidcUserService
  * @see OidcUser
  * @see <a target="_blank" href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">Section 3.1 Authorization Code Grant Flow</a>
@@ -74,20 +74,20 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 	private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
 	private static final String INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE = "invalid_redirect_uri_parameter";
 	private static final String INVALID_ID_TOKEN_ERROR_CODE = "invalid_id_token";
-	private final AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger;
+	private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;
 	private final OAuth2UserService<OidcUserRequest, OidcUser> userService;
 	private final JwtDecoderRegistry jwtDecoderRegistry;
 	private GrantedAuthoritiesMapper authoritiesMapper = (authorities -> authorities);
 
 	public OidcAuthorizationCodeAuthenticationProvider(
-		AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> authorizationCodeTokenExchanger,
+		OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient,
 		OAuth2UserService<OidcUserRequest, OidcUser> userService,
 		JwtDecoderRegistry jwtDecoderRegistry) {
 
-		Assert.notNull(authorizationCodeTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
+		Assert.notNull(accessTokenResponseClient, "accessTokenResponseClient cannot be null");
 		Assert.notNull(userService, "userService cannot be null");
 		Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
-		this.authorizationCodeTokenExchanger = authorizationCodeTokenExchanger;
+		this.accessTokenResponseClient = accessTokenResponseClient;
 		this.userService = userService;
 		this.jwtDecoderRegistry = jwtDecoderRegistry;
 	}
@@ -128,7 +128,7 @@ public class OidcAuthorizationCodeAuthenticationProvider implements Authenticati
 		}
 
 		OAuth2AccessTokenResponse accessTokenResponse =
-			this.authorizationCodeTokenExchanger.exchange(
+			this.accessTokenResponseClient.getTokenResponse(
 				new OAuth2AuthorizationCodeGrantRequest(
 					authorizationCodeAuthentication.getClientRegistration(),
 					authorizationCodeAuthentication.getAuthorizationExchange()));

samples/boot/oauth2login/src/integration-test/java/org/springframework/security/samples/OAuth2LoginApplicationTests.java

@@ -40,7 +40,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
-import org.springframework.security.oauth2.client.endpoint.AuthorizationGrantTokenExchanger;
+import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
@@ -351,21 +351,21 @@ public class OAuth2LoginApplicationTests {
 					.and()
 				.oauth2Login()
 					.tokenEndpoint()
-						.authorizationCodeTokenExchanger(this.mockAuthorizationCodeTokenExchanger())
+						.accessTokenResponseClient(this.mockAccessTokenResponseClient())
 						.and()
 					.userInfoEndpoint()
 						.userService(this.mockUserInfoService());
 		}
 		// @formatter:on
 
-		private AuthorizationGrantTokenExchanger<OAuth2AuthorizationCodeGrantRequest> mockAuthorizationCodeTokenExchanger() {
+		private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> mockAccessTokenResponseClient() {
 			OAuth2AccessTokenResponse accessTokenResponse = OAuth2AccessTokenResponse.withToken("access-token-1234")
 				.tokenType(OAuth2AccessToken.TokenType.BEARER)
 				.expiresIn(60 * 1000)
 				.build();
 
-			AuthorizationGrantTokenExchanger mock = mock(AuthorizationGrantTokenExchanger.class);
-			when(mock.exchange(any())).thenReturn(accessTokenResponse);
+			OAuth2AccessTokenResponseClient mock = mock(OAuth2AccessTokenResponseClient.class);
+			when(mock.getTokenResponse(any())).thenReturn(accessTokenResponse);
 			return mock;
 		}