Add OAuth2AuthenticatedPrincipal.getNameAttributeKey

PR gh-16003

Author: andreblanke

docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc

@@ -509,9 +509,9 @@ Java::
 [source,java,role="primary"]
 ----
 OAuth2User oauth2User = new DefaultOAuth2User(
-        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
+        "foo_user",
         Collections.singletonMap("user_name", "foo_user"),
-        "user_name");
+        AuthorityUtils.createAuthorityList("SCOPE_message:read"));
 
 client
     .mutateWith(mockOAuth2Login().oauth2User(oauth2User))

docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc

@@ -514,9 +514,9 @@ Java::
 [source,java,role="primary"]
 ----
 OAuth2User oauth2User = new DefaultOAuth2User(
-        AuthorityUtils.createAuthorityList("SCOPE_message:read"),
+        "foo_user",
         Collections.singletonMap("user_name", "foo_user"),
-        "user_name");
+        AuthorityUtils.createAuthorityList("SCOPE_message:read"));
 
 mvc
     .perform(get("/endpoint")

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,10 +42,16 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 abstract class DefaultOAuth2UserMixin {
 
+	@Deprecated
 	@JsonCreator
 	DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("attributes") Map<String, Object> attributes,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
 
+	@JsonCreator
+	DefaultOAuth2UserMixin(@JsonProperty("name") String name,
+			@JsonProperty("attributes") Map<String, Object> attributes,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
+	}
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java

@@ -43,10 +43,17 @@
 @JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true)
 abstract class DefaultOidcUserMixin {
 
+	@Deprecated
 	@JsonCreator
 	DefaultOidcUserMixin(@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities,
 			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
 			@JsonProperty("nameAttributeKey") String nameAttributeKey) {
 	}
 
+	@JsonCreator
+	DefaultOidcUserMixin(@JsonProperty("name") String name,
+			@JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo,
+			@JsonProperty("authorities") Collection<? extends GrantedAuthority> authorities) {
+	}
+
 }

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java

@@ -17,6 +17,7 @@
 package org.springframework.security.oauth2.client.oidc.userinfo;
 
 import java.util.LinkedHashSet;
+import java.util.Map;
 import java.util.Set;
 
 import org.springframework.security.core.GrantedAuthority;
@@ -28,6 +29,7 @@
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -90,10 +92,15 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) {
 		for (String scope : token.getScopes()) {
 			authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 		}
+		DefaultOidcUser.Builder userBuilder = new DefaultOidcUser.Builder();
 		if (StringUtils.hasText(userNameAttributeName)) {
-			return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName);
+			userBuilder.nameAttributeKey(userNameAttributeName);
 		}
-		return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo);
+		return userBuilder
+			.idToken(userRequest.getIdToken())
+			.userInfo(userInfo)
+			.authorities(authorities)
+			.build();
 	}
 
 	private OidcUserRequestUtils() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java

@@ -96,7 +96,11 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
 		OAuth2AccessToken token = userRequest.getAccessToken();
 		Map<String, Object> attributes = this.attributesConverter.convert(userRequest).convert(response.getBody());
 		Collection<GrantedAuthority> authorities = getAuthorities(token, attributes, userNameAttributeName);
-		return new DefaultOAuth2User(authorities, attributes, userNameAttributeName);
+		return new DefaultOAuth2User.Builder()
+			.nameAttributeKey(userNameAttributeName)
+			.attributes(attributes)
+			.authorities(authorities)
+			.build();
 	}
 
 	/**

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -138,7 +138,11 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut
 					authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 				}
 
-				return new DefaultOAuth2User(authorities, attrs, userNameAttributeName);
+				return new DefaultOAuth2User.Builder()
+					.nameAttributeKey(userNameAttributeName)
+					.attributes(attrs)
+					.authorities(authorities)
+					.build();
 			})
 			.onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException ||
 					ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java

@@ -55,6 +55,7 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 	 * @param authorities the authorities granted to the user
 	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken) {
 		this(authorities, idToken, IdTokenClaimNames.SUB);
 	}
@@ -66,6 +67,7 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			String nameAttributeKey) {
 		this(authorities, idToken, null, nameAttributeKey);
@@ -78,6 +80,7 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
 	 * may be {@code null}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo) {
 		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
@@ -92,13 +95,29 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 	 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from
 	 * {@link #getAttributes()}
 	 */
+	@Deprecated
 	public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcIdToken idToken,
 			OidcUserInfo userInfo, String nameAttributeKey) {
 		super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey);
 		this.idToken = idToken;
 		this.userInfo = userInfo;
 	}
 
+	/**
+	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
+	 * @param name the name of the user
+	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
+	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
+	 * may be {@code null}
+	 * @param authorities the authorities granted to the user
+	 */
+	public DefaultOidcUser(String name, OidcIdToken idToken, OidcUserInfo userInfo,
+			Collection<? extends GrantedAuthority> authorities) {
+		super(name, OidcUserAuthority.collectClaims(idToken, userInfo), authorities);
+		this.idToken = idToken;
+		this.userInfo = userInfo;
+	}
+
 	@Override
 	public Map<String, Object> getClaims() {
 		return this.getAttributes();
@@ -114,4 +133,82 @@ public OidcUserInfo getUserInfo() {
 		return this.userInfo;
 	}
 
+	public static class Builder {
+
+		private String name;
+
+		private String nameAttributeKey;
+
+		private OidcIdToken idToken;
+
+		private OidcUserInfo userInfo;
+
+		private Collection<? extends GrantedAuthority> authorities;
+
+		/**
+		 * Sets the name of the user.
+		 * @param name the name of the user
+		 * @return the {@link Builder}
+		 */
+		public Builder name(String name) {
+			this.name = name;
+			return this;
+		}
+
+		/**
+		 * Sets the key used to access the user's &quot;name&quot; from the user attributes if no &quot;name&quot; is
+		 * provided.
+		 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from the user attributes.
+		 * @return the {@link Builder}
+		 */
+		public Builder nameAttributeKey(String nameAttributeKey) {
+			this.nameAttributeKey = nameAttributeKey;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link OidcIdToken ID Token} containing claims about the user.
+		 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user.
+		 * @return the {@link Builder}
+		 */
+		public Builder idToken(OidcIdToken idToken) {
+			this.idToken = idToken;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link OidcUserInfo UserInfo} containing claims about the user.
+		 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user.
+		 * @return the {@link Builder}
+		 */
+		public Builder userInfo(OidcUserInfo userInfo) {
+			this.userInfo = userInfo;
+			return this;
+		}
+
+		/**
+		 * Sets the authorities granted to the user.
+		 * @param authorities the authorities granted to the user
+		 * @return the {@link Builder}
+		 */
+		public Builder authorities(Collection<? extends GrantedAuthority> authorities) {
+			this.authorities = authorities;
+			return this;
+		}
+
+		/**
+		 * Builds a new {@link DefaultOidcUser}.
+		 * @return a {@link DefaultOidcUser}
+		 */
+		public DefaultOidcUser build() {
+			String name = this.name;
+			if (name == null) {
+				Map<String, Object> attributes = OidcUserAuthority.collectClaims(this.idToken, userInfo);
+				name = getNameFromAttributes(attributes, this.nameAttributeKey);
+			}
+			return new DefaultOidcUser(name, idToken, userInfo, authorities);
+		}
+
+	}
+
 }