From 61720ac90b4bd15817bc0f6103e47b013859f94e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89douard=20Hue?= Date: Thu, 27 Jun 2019 23:19:55 +0200 Subject: [PATCH] Fixed validation in ClientRegistration.Builder ClientRegistration.Builder defaulted to validating as an authorization_code registration, though a custom grant type could be in use. The actual grant_type is now verified for every case. - Fixed validation in ClientRegistration.Builder - New test that fails unless the issue is fixed. Also made OAuth2AuthorizationGrantRequestEntityUtils public to help implementing custom token response clients. Fixes gh-7040 --- .../registration/ClientRegistration.java | 2 +- .../registration/ClientRegistrationTests.java | 23 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java index d99a6a595ec..4313aa7497c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java @@ -486,7 +486,7 @@ public ClientRegistration build() { this.validateClientCredentialsGrantType(); } else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) { this.validateImplicitGrantType(); - } else { + } else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) { this.validateAuthorizationCodeGrantType(); } this.validateScopes(); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java index 09fc9fd9603..0b10d0946e0 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationTests.java @@ -589,4 +589,27 @@ public void buildWhenScopesContainAnInvalidCharacterThenThrowIllegalArgumentExce .build() ).isInstanceOf(IllegalArgumentException.class); } + + @Test + public void buildWhenCustomGrantAllAttributesProvidedThenAllAttributesAreSet() { + AuthorizationGrantType customGrantType = new AuthorizationGrantType("CUSTOM"); + ClientRegistration registration = ClientRegistration.withRegistrationId(REGISTRATION_ID) + .clientId(CLIENT_ID) + .clientSecret(CLIENT_SECRET) + .clientAuthenticationMethod(ClientAuthenticationMethod.BASIC) + .authorizationGrantType(customGrantType) + .scope(SCOPES.toArray(new String[0])) + .tokenUri(TOKEN_URI) + .clientName(CLIENT_NAME) + .build(); + + assertThat(registration.getRegistrationId()).isEqualTo(REGISTRATION_ID); + assertThat(registration.getClientId()).isEqualTo(CLIENT_ID); + assertThat(registration.getClientSecret()).isEqualTo(CLIENT_SECRET); + assertThat(registration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC); + assertThat(registration.getAuthorizationGrantType()).isEqualTo(customGrantType); + assertThat(registration.getScopes()).isEqualTo(SCOPES); + assertThat(registration.getProviderDetails().getTokenUri()).isEqualTo(TOKEN_URI); + assertThat(registration.getClientName()).isEqualTo(CLIENT_NAME); + } }