Skip to content

Commit ece5f2b

Browse files
jgrandjajgrandja
committed
Add JwtEncodingContext.getAuthorizedScopes()
Issue gh-199
1 parent c00226d commit ece5f2b

File tree

7 files changed

+28
-1
lines changed

7 files changed

+28
-1
lines changed

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProvider.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
152152
.registeredClient(registeredClient)
153153
.principal(authorization.getAttribute(Principal.class.getName()))
154154
.authorization(authorization)
155+
.authorizedScopes(authorizedScopes)
155156
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
156157
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
157158
.authorizationGrant(authorizationCodeAuthentication)
@@ -187,6 +188,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
187188
.registeredClient(registeredClient)
188189
.principal(authorization.getAttribute(Principal.class.getName()))
189190
.authorization(authorization)
191+
.authorizedScopes(authorizedScopes)
190192
.tokenType(ID_TOKEN_TOKEN_TYPE)
191193
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
192194
.authorizationGrant(authorizationCodeAuthentication)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProvider.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -123,6 +123,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
123123
JwtEncodingContext context = JwtEncodingContext.with(headersBuilder, claimsBuilder)
124124
.registeredClient(registeredClient)
125125
.principal(clientPrincipal)
126+
.authorizedScopes(authorizedScopes)
126127
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
127128
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
128129
.authorizationGrant(clientCredentialsAuthentication)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -155,6 +155,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
155155
.registeredClient(registeredClient)
156156
.principal(authorization.getAttribute(Principal.class.getName()))
157157
.authorization(authorization)
158+
.authorizedScopes(authorizedScopes)
158159
.tokenType(OAuth2TokenType.ACCESS_TOKEN)
159160
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
160161
.authorizationGrant(refreshTokenAuthentication)

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2TokenContext.java

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,18 @@
1515
*/
1616
package org.springframework.security.oauth2.server.authorization.token;
1717

18+
import java.util.Collections;
1819
import java.util.HashMap;
1920
import java.util.Map;
21+
import java.util.Set;
2022
import java.util.function.Consumer;
2123

2224
import org.springframework.lang.Nullable;
2325
import org.springframework.security.core.Authentication;
2426
import org.springframework.security.oauth2.core.AuthorizationGrantType;
27+
import org.springframework.security.oauth2.core.OAuth2TokenType;
2528
import org.springframework.security.oauth2.core.context.Context;
2629
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
27-
import org.springframework.security.oauth2.core.OAuth2TokenType;
2830
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
2931
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
3032
import org.springframework.util.Assert;
@@ -49,6 +51,12 @@ default OAuth2Authorization getAuthorization() {
4951
return get(OAuth2Authorization.class);
5052
}
5153

54+
default Set<String> getAuthorizedScopes() {
55+
return hasKey(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME) ?
56+
get(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME) :
57+
Collections.emptySet();
58+
}
59+
5260
default OAuth2TokenType getTokenType() {
5361
return get(OAuth2TokenType.class);
5462
}
@@ -80,6 +88,10 @@ public B authorization(OAuth2Authorization authorization) {
8088
return put(OAuth2Authorization.class, authorization);
8189
}
8290

91+
public B authorizedScopes(Set<String> authorizedScopes) {
92+
return put(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME, authorizedScopes);
93+
}
94+
8395
public B tokenType(OAuth2TokenType tokenType) {
8496
return put(OAuth2TokenType.class, tokenType);
8597
}

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationProviderTests.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,8 @@ public void authenticateWhenValidCodeThenReturnAccessToken() {
243243
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
244244
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
245245
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
246+
assertThat(jwtEncodingContext.getAuthorizedScopes())
247+
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
246248
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
247249
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
248250
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
@@ -297,6 +299,8 @@ public void authenticateWhenValidCodeAndAuthenticationRequestThenReturnIdToken()
297299
assertThat(accessTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
298300
assertThat(accessTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
299301
assertThat(accessTokenContext.getAuthorization()).isEqualTo(authorization);
302+
assertThat(accessTokenContext.getAuthorizedScopes())
303+
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
300304
assertThat(accessTokenContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
301305
assertThat(accessTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
302306
assertThat(accessTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);
@@ -307,6 +311,8 @@ public void authenticateWhenValidCodeAndAuthenticationRequestThenReturnIdToken()
307311
assertThat(idTokenContext.getRegisteredClient()).isEqualTo(registeredClient);
308312
assertThat(idTokenContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
309313
assertThat(idTokenContext.getAuthorization()).isEqualTo(authorization);
314+
assertThat(idTokenContext.getAuthorizedScopes())
315+
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
310316
assertThat(idTokenContext.getTokenType().getValue()).isEqualTo(OidcParameterNames.ID_TOKEN);
311317
assertThat(idTokenContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
312318
assertThat(idTokenContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationProviderTests.java

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,6 +203,9 @@ public void authenticateWhenValidAuthenticationThenReturnAccessToken() {
203203
verify(this.authorizationService).save(authorizationCaptor.capture());
204204
OAuth2Authorization authorization = authorizationCaptor.getValue();
205205

206+
assertThat(jwtEncodingContext.getAuthorizedScopes())
207+
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
208+
206209
assertThat(authorization.getRegisteredClientId()).isEqualTo(clientPrincipal.getRegisteredClient().getId());
207210
assertThat(authorization.getPrincipalName()).isEqualTo(clientPrincipal.getName());
208211
assertThat(authorization.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS);

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,8 @@ public void authenticateWhenValidRefreshTokenThenReturnAccessToken() {
135135
assertThat(jwtEncodingContext.getRegisteredClient()).isEqualTo(registeredClient);
136136
assertThat(jwtEncodingContext.<Authentication>getPrincipal()).isEqualTo(authorization.getAttribute(Principal.class.getName()));
137137
assertThat(jwtEncodingContext.getAuthorization()).isEqualTo(authorization);
138+
assertThat(jwtEncodingContext.getAuthorizedScopes())
139+
.isEqualTo(authorization.getAttribute(OAuth2Authorization.AUTHORIZED_SCOPE_ATTRIBUTE_NAME));
138140
assertThat(jwtEncodingContext.getTokenType()).isEqualTo(OAuth2TokenType.ACCESS_TOKEN);
139141
assertThat(jwtEncodingContext.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.REFRESH_TOKEN);
140142
assertThat(jwtEncodingContext.<OAuth2AuthorizationGrantAuthenticationToken>getAuthorizationGrant()).isEqualTo(authentication);

0 commit comments

Comments
 (0)