@@ -166,63 +166,6 @@ public void authenticateWhenInvalidCodeThenThrowOAuth2AuthenticationException()
166
166
.isEqualTo (OAuth2ErrorCodes .INVALID_GRANT );
167
167
}
168
168
169
- // gh-296
170
- @ Test
171
- public void authenticateWhenPublicClientThenRefreshTokenIsNotIssued () {
172
- RegisteredClient registeredClient = TestRegisteredClients .registeredPublicClient ()
173
- .authorizationGrantType (AuthorizationGrantType .REFRESH_TOKEN )
174
- .build ();
175
- OAuth2Authorization authorization = TestOAuth2Authorizations .authorization (registeredClient ).build ();
176
- when (this .authorizationService .findByToken (eq (AUTHORIZATION_CODE ), eq (AUTHORIZATION_CODE_TOKEN_TYPE )))
177
- .thenReturn (authorization );
178
-
179
- OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken (registeredClient );
180
- OAuth2AuthorizationRequest authorizationRequest = authorization .getAttribute (
181
- OAuth2AuthorizationRequest .class .getName ());
182
- OAuth2AuthorizationCodeAuthenticationToken authentication =
183
- new OAuth2AuthorizationCodeAuthenticationToken (AUTHORIZATION_CODE , clientPrincipal , authorizationRequest .getRedirectUri (), null );
184
-
185
- when (this .jwtEncoder .encode (any (), any ())).thenReturn (createJwt ());
186
-
187
- OAuth2AccessTokenAuthenticationToken accessTokenAuthentication =
188
- (OAuth2AccessTokenAuthenticationToken ) this .authenticationProvider .authenticate (authentication );
189
-
190
- ArgumentCaptor <JwtEncodingContext > jwtEncodingContextCaptor = ArgumentCaptor .forClass (JwtEncodingContext .class );
191
- verify (this .jwtCustomizer ).customize (jwtEncodingContextCaptor .capture ());
192
- JwtEncodingContext jwtEncodingContext = jwtEncodingContextCaptor .getValue ();
193
- assertThat (jwtEncodingContext .getRegisteredClient ()).isEqualTo (registeredClient );
194
- assertThat (jwtEncodingContext .<Authentication >getPrincipal ()).isEqualTo (authorization .getAttribute (Principal .class .getName ()));
195
- assertThat (jwtEncodingContext .getAuthorization ()).isEqualTo (authorization );
196
- assertThat (jwtEncodingContext .getAuthorizedScopes ())
197
- .isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
198
- assertThat (jwtEncodingContext .getTokenType ()).isEqualTo (OAuth2TokenType .ACCESS_TOKEN );
199
- assertThat (jwtEncodingContext .getAuthorizationGrantType ()).isEqualTo (AuthorizationGrantType .AUTHORIZATION_CODE );
200
- assertThat (jwtEncodingContext .<OAuth2AuthorizationGrantAuthenticationToken >getAuthorizationGrant ()).isEqualTo (authentication );
201
- assertThat (jwtEncodingContext .getHeaders ()).isNotNull ();
202
- assertThat (jwtEncodingContext .getClaims ()).isNotNull ();
203
-
204
- ArgumentCaptor <JwtClaimsSet > jwtClaimsSetCaptor = ArgumentCaptor .forClass (JwtClaimsSet .class );
205
- verify (this .jwtEncoder ).encode (any (), jwtClaimsSetCaptor .capture ());
206
- JwtClaimsSet jwtClaimsSet = jwtClaimsSetCaptor .getValue ();
207
-
208
- Set <String > scopes = jwtClaimsSet .getClaim (OAuth2ParameterNames .SCOPE );
209
- assertThat (scopes ).isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
210
- assertThat (jwtClaimsSet .getSubject ()).isEqualTo (authorization .getPrincipalName ());
211
-
212
- ArgumentCaptor <OAuth2Authorization > authorizationCaptor = ArgumentCaptor .forClass (OAuth2Authorization .class );
213
- verify (this .authorizationService ).save (authorizationCaptor .capture ());
214
- OAuth2Authorization updatedAuthorization = authorizationCaptor .getValue ();
215
-
216
- assertThat (accessTokenAuthentication .getRegisteredClient ().getId ()).isEqualTo (updatedAuthorization .getRegisteredClientId ());
217
- assertThat (accessTokenAuthentication .getPrincipal ()).isEqualTo (clientPrincipal );
218
- assertThat (accessTokenAuthentication .getAccessToken ()).isEqualTo (updatedAuthorization .getAccessToken ().getToken ());
219
- assertThat (accessTokenAuthentication .getAccessToken ().getScopes ())
220
- .isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
221
- assertThat (accessTokenAuthentication .getRefreshToken ()).isNull ();
222
- OAuth2Authorization .Token <OAuth2AuthorizationCode > authorizationCode = updatedAuthorization .getToken (OAuth2AuthorizationCode .class );
223
- assertThat (authorizationCode .isInvalidated ()).isTrue ();
224
- }
225
-
226
169
@ Test
227
170
public void authenticateWhenCodeIssuedToAnotherClientThenThrowOAuth2AuthenticationException () {
228
171
OAuth2Authorization authorization = TestOAuth2Authorizations .authorization ().build ();
@@ -446,6 +389,64 @@ public void authenticateWhenValidCodeAndAuthenticationRequestThenReturnIdToken()
446
389
.containsExactly (entry (OidcParameterNames .ID_TOKEN , idToken .getToken ().getTokenValue ()));
447
390
}
448
391
392
+ // gh-296
393
+ @ Test
394
+ public void authenticateWhenPublicClientThenRefreshTokenNotIssued () {
395
+ RegisteredClient registeredClient = TestRegisteredClients .registeredPublicClient ()
396
+ .authorizationGrantType (AuthorizationGrantType .REFRESH_TOKEN )
397
+ .build ();
398
+ OAuth2Authorization authorization = TestOAuth2Authorizations .authorization (registeredClient ).build ();
399
+ when (this .authorizationService .findByToken (eq (AUTHORIZATION_CODE ), eq (AUTHORIZATION_CODE_TOKEN_TYPE )))
400
+ .thenReturn (authorization );
401
+
402
+ OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken (
403
+ registeredClient , ClientAuthenticationMethod .NONE , null );
404
+ OAuth2AuthorizationRequest authorizationRequest = authorization .getAttribute (
405
+ OAuth2AuthorizationRequest .class .getName ());
406
+ OAuth2AuthorizationCodeAuthenticationToken authentication =
407
+ new OAuth2AuthorizationCodeAuthenticationToken (AUTHORIZATION_CODE , clientPrincipal , authorizationRequest .getRedirectUri (), null );
408
+
409
+ when (this .jwtEncoder .encode (any (), any ())).thenReturn (createJwt ());
410
+
411
+ OAuth2AccessTokenAuthenticationToken accessTokenAuthentication =
412
+ (OAuth2AccessTokenAuthenticationToken ) this .authenticationProvider .authenticate (authentication );
413
+
414
+ ArgumentCaptor <JwtEncodingContext > jwtEncodingContextCaptor = ArgumentCaptor .forClass (JwtEncodingContext .class );
415
+ verify (this .jwtCustomizer ).customize (jwtEncodingContextCaptor .capture ());
416
+ JwtEncodingContext jwtEncodingContext = jwtEncodingContextCaptor .getValue ();
417
+ assertThat (jwtEncodingContext .getRegisteredClient ()).isEqualTo (registeredClient );
418
+ assertThat (jwtEncodingContext .<Authentication >getPrincipal ()).isEqualTo (authorization .getAttribute (Principal .class .getName ()));
419
+ assertThat (jwtEncodingContext .getAuthorization ()).isEqualTo (authorization );
420
+ assertThat (jwtEncodingContext .getAuthorizedScopes ())
421
+ .isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
422
+ assertThat (jwtEncodingContext .getTokenType ()).isEqualTo (OAuth2TokenType .ACCESS_TOKEN );
423
+ assertThat (jwtEncodingContext .getAuthorizationGrantType ()).isEqualTo (AuthorizationGrantType .AUTHORIZATION_CODE );
424
+ assertThat (jwtEncodingContext .<OAuth2AuthorizationGrantAuthenticationToken >getAuthorizationGrant ()).isEqualTo (authentication );
425
+ assertThat (jwtEncodingContext .getHeaders ()).isNotNull ();
426
+ assertThat (jwtEncodingContext .getClaims ()).isNotNull ();
427
+
428
+ ArgumentCaptor <JwtClaimsSet > jwtClaimsSetCaptor = ArgumentCaptor .forClass (JwtClaimsSet .class );
429
+ verify (this .jwtEncoder ).encode (any (), jwtClaimsSetCaptor .capture ());
430
+ JwtClaimsSet jwtClaimsSet = jwtClaimsSetCaptor .getValue ();
431
+
432
+ Set <String > scopes = jwtClaimsSet .getClaim (OAuth2ParameterNames .SCOPE );
433
+ assertThat (scopes ).isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
434
+ assertThat (jwtClaimsSet .getSubject ()).isEqualTo (authorization .getPrincipalName ());
435
+
436
+ ArgumentCaptor <OAuth2Authorization > authorizationCaptor = ArgumentCaptor .forClass (OAuth2Authorization .class );
437
+ verify (this .authorizationService ).save (authorizationCaptor .capture ());
438
+ OAuth2Authorization updatedAuthorization = authorizationCaptor .getValue ();
439
+
440
+ assertThat (accessTokenAuthentication .getRegisteredClient ().getId ()).isEqualTo (updatedAuthorization .getRegisteredClientId ());
441
+ assertThat (accessTokenAuthentication .getPrincipal ()).isEqualTo (clientPrincipal );
442
+ assertThat (accessTokenAuthentication .getAccessToken ()).isEqualTo (updatedAuthorization .getAccessToken ().getToken ());
443
+ assertThat (accessTokenAuthentication .getAccessToken ().getScopes ())
444
+ .isEqualTo (authorization .getAttribute (OAuth2Authorization .AUTHORIZED_SCOPE_ATTRIBUTE_NAME ));
445
+ assertThat (accessTokenAuthentication .getRefreshToken ()).isNull ();
446
+ OAuth2Authorization .Token <OAuth2AuthorizationCode > authorizationCode = updatedAuthorization .getToken (OAuth2AuthorizationCode .class );
447
+ assertThat (authorizationCode .isInvalidated ()).isTrue ();
448
+ }
449
+
449
450
@ Test
450
451
public void authenticateWhenTokenTimeToLiveConfiguredThenTokenExpirySet () {
451
452
Duration accessTokenTTL = Duration .ofHours (2 );
0 commit comments