Add builders for DefaultOAuth2User and DefaultOidcUser

Author: andreblanke

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java

@@ -29,6 +29,7 @@
 import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUser;
 import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -91,12 +92,15 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) {
 		for (String scope : token.getScopes()) {
 			authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 		}
+		DefaultOidcUser.Builder userBuilder = new DefaultOidcUser.Builder();
 		if (StringUtils.hasText(userNameAttributeName)) {
-			Map<String, Object> attributes =  OidcUserAuthority.collectClaims(userRequest.getIdToken(), userInfo);
-			String name = (String) attributes.get(userNameAttributeName);
-			return new DefaultOidcUser(name, userRequest.getIdToken(), userInfo, authorities);
+			userBuilder.nameAttributeKey(userNameAttributeName);
 		}
-		return new DefaultOidcUser(userRequest.getIdToken(), userInfo, authorities);
+		return userBuilder
+			.idToken(userRequest.getIdToken())
+			.userInfo(userInfo)
+			.authorities(authorities)
+			.build();
 	}
 
 	private OidcUserRequestUtils() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java

@@ -96,7 +96,11 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic
 		OAuth2AccessToken token = userRequest.getAccessToken();
 		Map<String, Object> attributes = this.attributesConverter.convert(userRequest).convert(response.getBody());
 		Collection<GrantedAuthority> authorities = getAuthorities(token, attributes, userNameAttributeName);
-		return new DefaultOAuth2User(attributes.get(userNameAttributeName).toString(), attributes, authorities);
+		return new DefaultOAuth2User.Builder()
+			.nameAttributeKey(userNameAttributeName)
+			.attributes(attributes)
+			.authorities(authorities)
+			.build();
 	}
 
 	/**

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java

@@ -138,7 +138,11 @@ public Mono<OAuth2User> loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut
 					authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope));
 				}
 
-				return new DefaultOAuth2User(attrs.get(userNameAttributeName).toString(), attrs, authorities);
+				return new DefaultOAuth2User.Builder()
+					.nameAttributeKey(userNameAttributeName)
+					.attributes(attrs)
+					.authorities(authorities)
+					.build();
 			})
 			.onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException ||
 					ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java

@@ -56,15 +56,6 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 		this(authorities, idToken, IdTokenClaimNames.SUB);
 	}
 
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param authorities the authorities granted to the user
-	 */
-	public DefaultOidcUser(OidcIdToken idToken, Collection<? extends GrantedAuthority> authorities) {
-		this(null, idToken, authorities);
-	}
-
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -78,16 +69,6 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 		this(authorities, idToken, null, nameAttributeKey);
 	}
 
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 * @param name the name of the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param authorities the authorities granted to the user
-	 */
-	public DefaultOidcUser(String name, OidcIdToken idToken, Collection<? extends GrantedAuthority> authorities) {
-		this(name, idToken, null, authorities);
-	}
-
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -101,18 +82,6 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 		this(authorities, idToken, userInfo, IdTokenClaimNames.SUB);
 	}
 
-	/**
-	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
-	 * @param authorities the authorities granted to the user
-	 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user
-	 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user,
-	 * may be {@code null}
-	 */
-	public DefaultOidcUser(OidcIdToken idToken, OidcUserInfo userInfo,
-			Collection<? extends GrantedAuthority> authorities) {
-		this(null, idToken, userInfo, authorities);
-	}
-
 	/**
 	 * Constructs a {@code DefaultOidcUser} using the provided parameters.
 	 * @param authorities the authorities granted to the user
@@ -160,4 +129,82 @@ public OidcUserInfo getUserInfo() {
 		return this.userInfo;
 	}
 
+	public static class Builder {
+
+		private String name;
+
+		private String nameAttributeKey;
+
+		private OidcIdToken idToken;
+
+		private OidcUserInfo userInfo;
+
+		private Collection<? extends GrantedAuthority> authorities;
+
+		/**
+		 * Sets the name of the user.
+		 * @param name the name of the user
+		 * @return the {@link Builder}
+		 */
+		public Builder name(String name) {
+			this.name = name;
+			return this;
+		}
+
+		/**
+		 * Sets the key used to access the user's &quot;name&quot; from the user attributes if no &quot;name&quot; is
+		 * provided.
+		 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from the user attributes.
+		 * @return the {@link Builder}
+		 */
+		public Builder nameAttributeKey(String nameAttributeKey) {
+			this.nameAttributeKey = nameAttributeKey;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link OidcIdToken ID Token} containing claims about the user.
+		 * @param idToken the {@link OidcIdToken ID Token} containing claims about the user.
+		 * @return the {@link Builder}
+		 */
+		public Builder idToken(OidcIdToken idToken) {
+			this.idToken = idToken;
+			return this;
+		}
+
+		/**
+		 * Sets the {@link OidcUserInfo UserInfo} containing claims about the user.
+		 * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user.
+		 * @return the {@link Builder}
+		 */
+		public Builder userInfo(OidcUserInfo userInfo) {
+			this.userInfo = userInfo;
+			return this;
+		}
+
+		/**
+		 * Sets the authorities granted to the user.
+		 * @param authorities the authorities granted to the user
+		 * @return the {@link Builder}
+		 */
+		public Builder authorities(Collection<? extends GrantedAuthority> authorities) {
+			this.authorities = authorities;
+			return this;
+		}
+
+		/**
+		 * Builds a new {@link DefaultOidcUser}.
+		 * @return a {@link DefaultOidcUser}
+		 */
+		public DefaultOidcUser build() {
+			String name = this.name;
+			if (name == null) {
+				Map<String, Object> attributes = OidcUserAuthority.collectClaims(this.idToken, userInfo);
+				name = getNameFromAttributes(attributes, this.nameAttributeKey);
+			}
+			return new DefaultOidcUser(name, idToken, userInfo, authorities);
+		}
+
+	}
+
 }

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java

@@ -145,7 +145,7 @@ public int hashCode() {
 		return result;
 	}
 
-	public static Map<String, Object> collectClaims(OidcIdToken idToken, OidcUserInfo userInfo) {
+	static Map<String, Object> collectClaims(OidcIdToken idToken, OidcUserInfo userInfo) {
 		Assert.notNull(idToken, "idToken cannot be null");
 		Map<String, Object> claims = new HashMap<>();
 		if (userInfo != null) {

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java

@@ -35,11 +35,6 @@
 /**
  * The default implementation of an {@link OAuth2User}.
  *
- * <p>
- * User attribute names are <b>not</b> standardized between providers, and therefore it is
- * required to supply the user's &quot;name&quot; or &quot;name&quot; attribute to one of
- * the constructors.
- *
  * @author Joe Grandja
  * @author Eddú Meléndez
  * @author Park Hyojong
@@ -146,11 +141,76 @@ public String toString() {
 		return sb.toString();
 	}
 
-	private static String getNameFromAttributes(Map<String, Object> attributes, String nameAttributeKey) {
+	protected static String getNameFromAttributes(Map<String, Object> attributes, String nameAttributeKey) {
 		Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty");
 		Assert.notNull(attributes.get(nameAttributeKey),
 				"Attribute value for '" + nameAttributeKey + "' cannot be null");
 		return attributes.get(nameAttributeKey).toString();
 	}
 
+	/**
+	 * A builder for {@link DefaultOAuth2User}.
+	 */
+	public static class Builder {
+
+		private String name;
+
+		private String nameAttributeKey;
+
+		private Map<String, Object> attributes;
+
+		private Collection<? extends GrantedAuthority> authorities;
+
+		/**
+		 * Sets the name of the user.
+		 * @param name the name of the user
+		 * @return the {@link Builder}
+		 */
+		public Builder name(String name) {
+			this.name = name;
+			return this;
+		}
+
+		/**
+		 * Sets the key used to access the user's &quot;name&quot; from the user attributes if no &quot;name&quot; is
+		 * provided.
+		 * @param nameAttributeKey the key used to access the user's &quot;name&quot; from the user attributes.
+		 * @return the {@link Builder}
+		 */
+		public Builder nameAttributeKey(String nameAttributeKey) {
+			this.nameAttributeKey = nameAttributeKey;
+			return this;
+		}
+
+		/**
+		 * Sets the attributes about the user.
+		 * @param attributes the attributes about the user
+		 * @return the {@link Builder}
+		 */
+		public Builder attributes(Map<String, Object> attributes) {
+			this.attributes = attributes;
+			return this;
+		}
+
+		/**
+		 * Sets the authorities granted to the user.
+		 * @param authorities the authorities granted to the user
+		 * @return the {@link Builder}
+		 */
+		public Builder authorities(Collection<? extends GrantedAuthority> authorities) {
+			this.authorities = authorities;
+			return this;
+		}
+
+		/**
+		 * Builds a new {@link DefaultOAuth2User}.
+		 * @return a {@link DefaultOAuth2User}
+		 */
+		public DefaultOAuth2User build() {
+			String name = this.name != null ? this.name : getNameFromAttributes(this.attributes, this.nameAttributeKey);
+			return new DefaultOAuth2User(name, this.attributes, this.authorities);
+		}
+
+	}
+
 }

test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java

@@ -848,8 +848,11 @@ private Map<String, Object> defaultAttributes() {
 		}
 
 		private OAuth2User defaultPrincipal() {
-			String name = this.attributes.get().get(this.nameAttributeKey).toString();
-			return new DefaultOAuth2User(name, this.attributes.get(), this.authorities.get());
+			return new DefaultOAuth2User.Builder()
+				.nameAttributeKey(this.nameAttributeKey)
+				.attributes(this.attributes.get())
+				.authorities(this.authorities.get())
+				.build();
 		}
 
 	}
@@ -1024,7 +1027,11 @@ private OidcUserInfo getOidcUserInfo() {
 		}
 
 		private OidcUser defaultPrincipal() {
-			return new DefaultOidcUser(getOidcIdToken(), this.userInfo, getAuthorities());
+			return new DefaultOidcUser.Builder()
+				.idToken(getOidcIdToken())
+				.userInfo(this.userInfo)
+				.authorities(getAuthorities())
+				.build();
 		}
 
 	}

test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java

@@ -1390,8 +1390,11 @@ private Map<String, Object> defaultAttributes() {
 		}
 
 		private OAuth2User defaultPrincipal() {
-			String name = this.attributes.get().get(this.nameAttributeKey).toString();
-			return new DefaultOAuth2User(name, this.attributes.get(), this.authorities.get());
+			return new DefaultOAuth2User.Builder()
+				.nameAttributeKey(this.nameAttributeKey)
+				.attributes(this.attributes.get())
+				.authorities(this.authorities.get())
+				.build();
 		}
 
 	}
@@ -1534,7 +1537,11 @@ private OidcUserInfo getOidcUserInfo() {
 		}
 
 		private OidcUser defaultPrincipal() {
-			return new DefaultOidcUser(getOidcIdToken(), this.userInfo, getAuthorities());
+			return new DefaultOidcUser.Builder()
+				.idToken(getOidcIdToken())
+				.userInfo(this.userInfo)
+				.authorities(getAuthorities())
+				.build();
 		}
 
 	}