Use OidcIdToken.Builder

Issue gh-7592

Author: jzheaux

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

@@ -15,7 +15,6 @@
  */
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
-import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -93,6 +92,7 @@
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
+import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 import static org.springframework.security.oauth2.jwt.TestJwts.jwt;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@@ -982,8 +982,7 @@ private static OAuth2UserService<OAuth2UserRequest, OAuth2User> createOauth2User
 	}
 
 	private static OAuth2UserService<OidcUserRequest, OidcUser> createOidcUserService() {
-		OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
-			Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
+		OidcIdToken idToken = idToken().build();
 		return request -> new DefaultOidcUser(
 				Collections.singleton(new OidcUserAuthority(idToken)), idToken);
 	}

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/authentication/OidcAuthorizationCodeReactiveAuthenticationManagerTests.java

@@ -16,12 +16,21 @@
 
 package org.springframework.security.oauth2.client.oidc.authentication;
 
+import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
+import reactor.core.publisher.Mono;
+
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
@@ -42,23 +51,17 @@
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames;
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
-import reactor.core.publisher.Mono;
-
-import java.security.NoSuchAlgorithmException;
-import java.time.Instant;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
 
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.when;
 import static org.springframework.security.oauth2.client.oidc.authentication.OidcAuthorizationCodeReactiveAuthenticationManager.createHash;
@@ -87,8 +90,7 @@ public class OidcAuthorizationCodeReactiveAuthenticationManagerTests {
 			.success("code")
 			.state("state");
 
-	private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
-			Instant.now().plusSeconds(3600), Collections.singletonMap(IdTokenClaimNames.SUB, "sub123"));
+	private OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
 	private OidcAuthorizationCodeReactiveAuthenticationManager manager;
 

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcReactiveOAuth2UserServiceTests.java

@@ -75,9 +75,7 @@ public class OidcReactiveOAuth2UserServiceTests {
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration()
 			.userNameAttributeName(IdTokenClaimNames.SUB);
 
-	private OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
-			Instant.now().plusSeconds(3600), Collections
-			.singletonMap(IdTokenClaimNames.SUB, "sub123"));
+	private OidcIdToken idToken = idToken().build();
 
 	private OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 			"token",
@@ -149,7 +147,7 @@ public void loadUserWhenOAuth2UserSubjectNotEqualThenOAuth2AuthenticationExcepti
 	@Test
 	public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@@ -162,7 +160,7 @@ public void loadUserWhenOAuth2UserThenUserInfoNotNull() {
 	public void loadUserWhenOAuth2UserAndUser() {
 		this.registration.userNameAttributeName("user");
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@@ -174,7 +172,7 @@ public void loadUserWhenOAuth2UserAndUser() {
 	@Test
 	public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
 		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(StandardClaimNames.SUB, "sub123");
+		attributes.put(StandardClaimNames.SUB, "subject");
 		attributes.put("user", "rob");
 		OAuth2User oauth2User = new DefaultOAuth2User(AuthorityUtils.createAuthorityList("ROLE_USER"),
 				attributes, "user");
@@ -195,12 +193,9 @@ public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
 
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
-		Map<String, Object> body = new HashMap<>();
-		body.put("id", "id");
-		body.put("sub", "test-subject");
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
 		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), scopes("message:read", "message:write"), idToken(body));
+				clientRegistration().build(), scopes("message:read", "message:write"), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -212,12 +207,9 @@ public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
-		Map<String, Object> body = new HashMap<>();
-		body.put("id", "id");
-		body.put("sub", "test-subject");
 		OidcReactiveOAuth2UserService userService = new OidcReactiveOAuth2UserService();
 		OidcUserRequest request = new OidcUserRequest(
-				clientRegistration().build(), noScopes(), idToken(body));
+				clientRegistration().build(), noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request).block();
 
 		assertThat(user.getAuthorities()).hasSize(1);

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestTests.java

@@ -15,23 +15,23 @@
  */
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
-import org.junit.Before;
-import org.junit.Test;
-import org.springframework.security.oauth2.client.registration.ClientRegistration;
-import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
-import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-
 import java.time.Instant;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 
+import org.junit.Before;
+import org.junit.Test;
+
+import org.springframework.security.oauth2.client.registration.ClientRegistration;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.springframework.security.oauth2.client.registration.TestClientRegistrations.clientRegistration;
+import static org.springframework.security.oauth2.core.oidc.TestOidcIdTokens.idToken;
 
 /**
  * Tests for {@link OidcUserRequest}.
@@ -46,27 +46,11 @@ public class OidcUserRequestTests {
 
 	@Before
 	public void setUp() {
-		this.clientRegistration = ClientRegistration.withRegistrationId("registration-1")
-				.clientId("client-1")
-				.clientSecret("secret")
-				.clientAuthenticationMethod(ClientAuthenticationMethod.BASIC)
-				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
-				.redirectUriTemplate("https://client.com")
-				.scope(new LinkedHashSet<>(Arrays.asList("openid", "profile")))
-				.authorizationUri("https://provider.com/oauth2/authorization")
-				.tokenUri("https://provider.com/oauth2/token")
-				.jwkSetUri("https://provider.com/keys")
-				.clientName("Client 1")
-				.build();
+		this.clientRegistration = clientRegistration().build();
 		this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 				"access-token-1234", Instant.now(), Instant.now().plusSeconds(60),
 				new LinkedHashSet<>(Arrays.asList("scope1", "scope2")));
-		Map<String, Object> claims = new HashMap<>();
-		claims.put(IdTokenClaimNames.ISS, "https://provider.com");
-		claims.put(IdTokenClaimNames.SUB, "subject1");
-		claims.put(IdTokenClaimNames.AZP, "client-1");
-		this.idToken = new OidcIdToken("id-token-1234", Instant.now(),
-				Instant.now().plusSeconds(3600), claims);
+		this.idToken = idToken().authorizedParty(this.clientRegistration.getClientId()).build();
 		this.additionalParameters = new HashMap<>();
 		this.additionalParameters.put("param1", "value1");
 		this.additionalParameters.put("param2", "value2");

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtilsTests.java

@@ -16,19 +16,20 @@
 
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Collections;
+
 import org.junit.Test;
+
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
-import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
 
-import java.time.Duration;
-import java.time.Instant;
-import java.util.Collections;
-
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
 
 /**
  * @author Rob Winch
@@ -37,9 +38,7 @@
 public class OidcUserRequestUtilsTests {
 	private ClientRegistration.Builder registration = TestClientRegistrations.clientRegistration();
 
-	OidcIdToken idToken = new OidcIdToken("token123", Instant.now(),
-			Instant.now().plusSeconds(3600), Collections
-			.singletonMap(IdTokenClaimNames.SUB, "sub123"));
+	OidcIdToken idToken = TestOidcIdTokens.idToken().build();
 
 	OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
 			"token",

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserServiceTests.java

@@ -492,12 +492,9 @@ public void loadUserWhenCustomClaimTypeConverterFactorySetThenApplied() {
 
 	@Test
 	public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
-		Map<String, Object> body = new HashMap<>();
-		body.put("id", "id");
-		body.put("sub", "test-subject");
 		OidcUserService userService = new OidcUserService();
 		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				scopes("message:read", "message:write"), idToken(body));
+				scopes("message:read", "message:write"), idToken().build());
 		OidcUser user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(3);
@@ -509,12 +506,9 @@ public void loadUserWhenTokenContainsScopesThenIndividualScopeAuthorities() {
 
 	@Test
 	public void loadUserWhenTokenDoesNotContainScopesThenNoScopeAuthorities() {
-		Map<String, Object> body = new HashMap<>();
-		body.put("id", "id");
-		body.put("sub", "test-subject");
 		OidcUserService userService = new OidcUserService();
 		OidcUserRequest request = new OidcUserRequest(clientRegistration().build(),
-				noScopes(), idToken(body));
+				noScopes(), idToken().build());
 		OidcUser user = userService.loadUser(request);
 
 		assertThat(user.getAuthorities()).hasSize(1);

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/TestOidcIdTokens.java

@@ -17,23 +17,21 @@
 package org.springframework.security.oauth2.core.oidc;
 
 import java.time.Instant;
-import java.util.Collections;
-import java.util.Map;
+
+import static org.springframework.security.oauth2.core.oidc.OidcIdToken.withTokenValue;
 
 /**
  * Test {@link OidcIdToken}s
  *
  * @author Josh Cummings
  */
 public class TestOidcIdTokens {
-	public static OidcIdToken idToken() {
-		return idToken(Collections.singletonMap("id", "id"));
-	}
-
-	public static OidcIdToken idToken(Map<String, Object> claims) {
-		return new OidcIdToken("token",
-				Instant.now(),
-				Instant.now().plusSeconds(86400),
-				claims);
+	public static OidcIdToken.Builder idToken() {
+		return withTokenValue("id-token")
+				.issuer("https://example.com")
+				.subject("subject")
+				.issuedAt(Instant.now())
+				.expiresAt(Instant.now().plusSeconds(86400))
+				.claim("id", "id");
 	}
 }