Home Esplora Aiuto
Registrati Accedi
github
/
spring-security
mirror da https://github.com/spring-projects/spring-security
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Fixed validation in ClientRegistration.Builder

ClientRegistration.Builder defaulted to validating as an
authorization_code registration, though a custom grant type could be in
use. The actual grant_type is now verified for every case.
 - Fixed validation in ClientRegistration.Builder
 - New test that fails unless the issue is fixed.

Also made OAuth2AuthorizationGrantRequestEntityUtils public to help
implementing custom token response clients.

Fixes gh-7040
Édouard Hue 6 anni fa
parent
57bc456ad6
commit
e7588fb32f
2 ha cambiato i file con 24 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
  2. 23 0
      oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java

+ 1 - 1
oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
Vedi File 

@@ -486,7 +486,7 @@ public final class ClientRegistration implements Serializable {
 
 				this.validateClientCredentialsGrantType();
 
 			} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 
 				this.validateImplicitGrantType();
 
-			} else {
 
+			} else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 
 				this.validateAuthorizationCodeGrantType();
 
 			}
 
 			return this.create();

+ 23 - 0
oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
Vedi File 

@@ -535,4 +535,27 @@ public class ClientRegistrationTests {
 
 						.build()
 
 		).isInstanceOf(IllegalArgumentException.class);
 
 	}
 
+
 
+	@Test
 
+	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
 
+		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
 
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
 
+				.clientId(CLIENT_ID)
 
+				.clientSecret(CLIENT_SECRET)
 
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
 
+				.authorizationGrantType(customGrantType)
 
+				.scope(SCOPES.toArray(new String[0]))
 
+				.tokenUri(TOKEN_URI)
 
+				.clientName(CLIENT_NAME)
 
+				.build();
 
+
 
+		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
 
+		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
 
+		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
 
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType);
 
+		assertThat(registration.getScopes()).isEqualTo(SCOPES);
 
+		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
 
+		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
 
+	}
 
 }