Fixed validation in ClientRegistration.Builder

edouardhue · rwinch · commit e7588fb32fc7 · 2019-07-03T16:19:57.000-05:00
ClientRegistration.Builder defaulted to validating as an authorization_code registration, though a custom grant type could be in use. The actual grant_type is now verified for every case. - Fixed validation in ClientRegistration.Builder - New test that fails unless the issue is fixed. Also made OAuth2AuthorizationGrantRequestEntityUtils public to help implementing custom token response clients. Fixes gh-7040
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -486,7 +486,7 @@ public ClientRegistration build() {
 				this.validateClientCredentialsGrantType();
 			} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 				this.validateImplicitGrantType();
-			} else {
+			} else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
 			return this.create();
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java
@@ -535,4 +535,27 @@ public void buildWhenClientCredentialsGrantTokenUriIsNullThenThrowIllegalArgumen
 						.build()
 		).isInstanceOf(IllegalArgumentException.class);
 	}
+
+	@Test
+	public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() {
+		AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM");
+		ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID)
+				.clientId(CLIENT_ID)
+				.clientSecret(CLIENT_SECRET)
+				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
+				.authorizationGrantType(customGrantType)
+				.scope(SCOPES.toArray(new String[0]))
+				.tokenUri(TOKEN_URI)
+				.clientName(CLIENT_NAME)
+				.build();
+
+		assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID);
+		assertThat(registration.getClientId()).isEqualTo(CLIENT_ID);
+		assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET);
+		assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
+		assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType);
+		assertThat(registration.getScopes()).isEqualTo(SCOPES);
+		assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI);
+		assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME);
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -486,7 +486,7 @@ public ClientRegistration build() {`
`486`	`486`	`this.validateClientCredentialsGrantType();`
`487`	`487`	`} else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {`
`488`	`488`	`this.validateImplicitGrantType();`
`489`		`- } else {`
	`489`	`+ } else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {`
`490`	`490`	`this.validateAuthorizationCodeGrantType();`
`491`	`491`	`}`
`492`	`492`	`return this.create();`