From 07c4613482390815df9f48bfc663b293b387a98f Mon Sep 17 00:00:00 2001 From: Andre Blanke Date: Sat, 26 Oct 2024 09:21:35 +0200 Subject: [PATCH 1/2] Add OAuth2AuthenticatedPrincipal.getNameAttributeKey PR gh-16003 --- .../ROOT/pages/reactive/test/web/oauth2.adoc | 4 +- .../pages/servlet/test/mockmvc/oauth2.adoc | 4 +- .../jackson2/DefaultOAuth2UserMixin.java | 8 +- .../client/jackson2/DefaultOidcUserMixin.java | 7 ++ .../oidc/userinfo/OidcUserRequestUtils.java | 11 +- .../userinfo/DefaultOAuth2UserService.java | 6 +- .../DefaultReactiveOAuth2UserService.java | 6 +- .../core/oidc/user/DefaultOidcUser.java | 97 +++++++++++++++++ .../oauth2/core/user/DefaultOAuth2User.java | 103 +++++++++++++++--- .../server/SecurityMockServerConfigurers.java | 12 +- .../SecurityMockMvcRequestPostProcessors.java | 12 +- 11 files changed, 242 insertions(+), 28 deletions(-) diff --git a/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc b/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc index 2548d96cf50..0f20a955cdc 100644 --- a/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc +++ b/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc @@ -509,9 +509,9 @@ Java:: [source,java,role="primary"] ---- OAuth2User oauth2User = new DefaultOAuth2User( - AuthorityUtils.createAuthorityList("SCOPE_message:read"), + "foo_user", Collections.singletonMap("user_name", "foo_user"), - "user_name"); + AuthorityUtils.createAuthorityList("SCOPE_message:read")); client .mutateWith(mockOAuth2Login().oauth2User(oauth2User)) diff --git a/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc b/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc index 581f49adefa..696fac7688c 100644 --- a/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc +++ b/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc @@ -514,9 +514,9 @@ Java:: [source,java,role="primary"] ---- OAuth2User oauth2User = new DefaultOAuth2User( - AuthorityUtils.createAuthorityList("SCOPE_message:read"), + "foo_user", Collections.singletonMap("user_name", "foo_user"), - "user_name"); + AuthorityUtils.createAuthorityList("SCOPE_message:read")); mvc .perform(get("/endpoint") diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java index 917062c905c..c5133e541fe 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,10 +42,16 @@ @JsonIgnoreProperties(ignoreUnknown = true) abstract class DefaultOAuth2UserMixin { + @Deprecated @JsonCreator DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection authorities, @JsonProperty("attributes") Map attributes, @JsonProperty("nameAttributeKey") String nameAttributeKey) { } + @JsonCreator + DefaultOAuth2UserMixin(@JsonProperty("name") String name, + @JsonProperty("attributes") Map attributes, + @JsonProperty("authorities") Collection authorities) { + } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java index 5b46dc9396f..8a98e48bee6 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java @@ -43,10 +43,17 @@ @JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true) abstract class DefaultOidcUserMixin { + @Deprecated @JsonCreator DefaultOidcUserMixin(@JsonProperty("authorities") Collection authorities, @JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo, @JsonProperty("nameAttributeKey") String nameAttributeKey) { } + @JsonCreator + DefaultOidcUserMixin(@JsonProperty("name") String name, + @JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo, + @JsonProperty("authorities") Collection authorities) { + } + } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java index a9f3629aae9..29cfec14b37 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java @@ -17,6 +17,7 @@ package org.springframework.security.oauth2.client.oidc.userinfo; import java.util.LinkedHashSet; +import java.util.Map; import java.util.Set; import org.springframework.security.core.GrantedAuthority; @@ -28,6 +29,7 @@ import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; +import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -90,10 +92,15 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) { for (String scope : token.getScopes()) { authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope)); } + DefaultOidcUser.Builder userBuilder = new DefaultOidcUser.Builder(); if (StringUtils.hasText(userNameAttributeName)) { - return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName); + userBuilder.nameAttributeKey(userNameAttributeName); } - return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo); + return userBuilder + .idToken(userRequest.getIdToken()) + .userInfo(userInfo) + .authorities(authorities) + .build(); } private OidcUserRequestUtils() { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java index 02930047b16..cfda3944e24 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java @@ -96,7 +96,11 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic OAuth2AccessToken token = userRequest.getAccessToken(); Map attributes = this.attributesConverter.convert(userRequest).convert(response.getBody()); Collection authorities = getAuthorities(token, attributes, userNameAttributeName); - return new DefaultOAuth2User(authorities, attributes, userNameAttributeName); + return new DefaultOAuth2User.Builder() + .nameAttributeKey(userNameAttributeName) + .attributes(attributes) + .authorities(authorities) + .build(); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java index ae3a65b52c0..c3cf83b26cd 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java @@ -138,7 +138,11 @@ public Mono loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope)); } - return new DefaultOAuth2User(authorities, attrs, userNameAttributeName); + return new DefaultOAuth2User.Builder() + .nameAttributeKey(userNameAttributeName) + .attributes(attrs) + .authorities(authorities) + .build(); }) .onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException || ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java index 09bf6929f55..486287a2bf1 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java @@ -55,6 +55,7 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { * @param authorities the authorities granted to the user * @param idToken the {@link OidcIdToken ID Token} containing claims about the user */ + @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken) { this(authorities, idToken, IdTokenClaimNames.SUB); } @@ -66,6 +67,7 @@ public DefaultOidcUser(Collection authorities, OidcI * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ + @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, String nameAttributeKey) { this(authorities, idToken, null, nameAttributeKey); @@ -78,6 +80,7 @@ public DefaultOidcUser(Collection authorities, OidcI * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, * may be {@code null} */ + @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, OidcUserInfo userInfo) { this(authorities, idToken, userInfo, IdTokenClaimNames.SUB); @@ -92,6 +95,7 @@ public DefaultOidcUser(Collection authorities, OidcI * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ + @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, OidcUserInfo userInfo, String nameAttributeKey) { super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey); @@ -99,6 +103,21 @@ public DefaultOidcUser(Collection authorities, OidcI this.userInfo = userInfo; } + /** + * Constructs a {@code DefaultOidcUser} using the provided parameters. + * @param name the name of the user + * @param idToken the {@link OidcIdToken ID Token} containing claims about the user + * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, + * may be {@code null} + * @param authorities the authorities granted to the user + */ + public DefaultOidcUser(String name, OidcIdToken idToken, OidcUserInfo userInfo, + Collection authorities) { + super(name, OidcUserAuthority.collectClaims(idToken, userInfo), authorities); + this.idToken = idToken; + this.userInfo = userInfo; + } + @Override public Map getClaims() { return this.getAttributes(); @@ -114,4 +133,82 @@ public OidcUserInfo getUserInfo() { return this.userInfo; } + public static class Builder { + + private String name; + + private String nameAttributeKey; + + private OidcIdToken idToken; + + private OidcUserInfo userInfo; + + private Collection authorities; + + /** + * Sets the name of the user. + * @param name the name of the user + * @return the {@link Builder} + */ + public Builder name(String name) { + this.name = name; + return this; + } + + /** + * Sets the key used to access the user's "name" from the user attributes if no "name" is + * provided. + * @param nameAttributeKey the key used to access the user's "name" from the user attributes. + * @return the {@link Builder} + */ + public Builder nameAttributeKey(String nameAttributeKey) { + this.nameAttributeKey = nameAttributeKey; + return this; + } + + /** + * Sets the {@link OidcIdToken ID Token} containing claims about the user. + * @param idToken the {@link OidcIdToken ID Token} containing claims about the user. + * @return the {@link Builder} + */ + public Builder idToken(OidcIdToken idToken) { + this.idToken = idToken; + return this; + } + + /** + * Sets the {@link OidcUserInfo UserInfo} containing claims about the user. + * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user. + * @return the {@link Builder} + */ + public Builder userInfo(OidcUserInfo userInfo) { + this.userInfo = userInfo; + return this; + } + + /** + * Sets the authorities granted to the user. + * @param authorities the authorities granted to the user + * @return the {@link Builder} + */ + public Builder authorities(Collection authorities) { + this.authorities = authorities; + return this; + } + + /** + * Builds a new {@link DefaultOidcUser}. + * @return a {@link DefaultOidcUser} + */ + public DefaultOidcUser build() { + String name = this.name; + if (name == null) { + Map attributes = OidcUserAuthority.collectClaims(this.idToken, userInfo); + name = getNameFromAttributes(attributes, this.nameAttributeKey); + } + return new DefaultOidcUser(name, idToken, userInfo, authorities); + } + + } + } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java index 6c80d7b64a2..03618a7fa96 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java @@ -35,13 +35,6 @@ /** * The default implementation of an {@link OAuth2User}. * - *

- * User attribute names are not standardized between providers and therefore it is - * required to supply the key for the user's "name" attribute to one of - * the constructors. The key will be used for accessing the "name" of the - * {@code Principal} (user) via {@link #getAttributes()} and returning it from - * {@link #getName()}. - * * @author Joe Grandja * @author Eddú Meléndez * @author Park Hyojong @@ -56,7 +49,7 @@ public class DefaultOAuth2User implements OAuth2User, Serializable { private final Map attributes; - private final String nameAttributeKey; + private final String name; /** * Constructs a {@code DefaultOAuth2User} using the provided parameters. @@ -65,23 +58,31 @@ public class DefaultOAuth2User implements OAuth2User, Serializable { * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ + @Deprecated public DefaultOAuth2User(Collection authorities, Map attributes, String nameAttributeKey) { - Assert.notEmpty(attributes, "attributes cannot be empty"); - Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty"); - Assert.notNull(attributes.get(nameAttributeKey), - "Attribute value for '" + nameAttributeKey + "' cannot be null"); + this(getNameFromAttributes(attributes, nameAttributeKey), attributes, authorities); + } + /** + * Constructs a {@code DefaultOAuth2User} using the provided parameters. + * @param name the name of the user + * @param authorities the authorities granted to the user + * @param attributes the attributes about the user + */ + public DefaultOAuth2User(String name, Map attributes, + Collection authorities) { + Assert.notEmpty(attributes, "attributes cannot be empty"); + this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes)); this.authorities = (authorities != null) ? Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities))) : Collections.unmodifiableSet(new LinkedHashSet<>(AuthorityUtils.NO_AUTHORITIES)); - this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes)); - this.nameAttributeKey = nameAttributeKey; + this.name = (name != null) ? name : (String) this.attributes.get("sub"); } @Override public String getName() { - return this.getAttribute(this.nameAttributeKey).toString(); + return this.name; } @Override @@ -140,4 +141,76 @@ public String toString() { return sb.toString(); } + protected static String getNameFromAttributes(Map attributes, String nameAttributeKey) { + Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty"); + Assert.notNull(attributes.get(nameAttributeKey), + "Attribute value for '" + nameAttributeKey + "' cannot be null"); + return attributes.get(nameAttributeKey).toString(); + } + + /** + * A builder for {@link DefaultOAuth2User}. + */ + public static class Builder { + + private String name; + + private String nameAttributeKey; + + private Map attributes; + + private Collection authorities; + + /** + * Sets the name of the user. + * @param name the name of the user + * @return the {@link Builder} + */ + public Builder name(String name) { + this.name = name; + return this; + } + + /** + * Sets the key used to access the user's "name" from the user attributes if no "name" is + * provided. + * @param nameAttributeKey the key used to access the user's "name" from the user attributes. + * @return the {@link Builder} + */ + public Builder nameAttributeKey(String nameAttributeKey) { + this.nameAttributeKey = nameAttributeKey; + return this; + } + + /** + * Sets the attributes about the user. + * @param attributes the attributes about the user + * @return the {@link Builder} + */ + public Builder attributes(Map attributes) { + this.attributes = attributes; + return this; + } + + /** + * Sets the authorities granted to the user. + * @param authorities the authorities granted to the user + * @return the {@link Builder} + */ + public Builder authorities(Collection authorities) { + this.authorities = authorities; + return this; + } + + /** + * Builds a new {@link DefaultOAuth2User}. + * @return a {@link DefaultOAuth2User} + */ + public DefaultOAuth2User build() { + String name = this.name != null ? this.name : getNameFromAttributes(this.attributes, this.nameAttributeKey); + return new DefaultOAuth2User(name, this.attributes, this.authorities); + } + + } + } diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java index 360b7a22982..430e6c71844 100644 --- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java +++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java @@ -848,7 +848,11 @@ private Map defaultAttributes() { } private OAuth2User defaultPrincipal() { - return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey); + return new DefaultOAuth2User.Builder() + .nameAttributeKey(this.nameAttributeKey) + .attributes(this.attributes.get()) + .authorities(this.authorities.get()) + .build(); } } @@ -1023,7 +1027,11 @@ private OidcUserInfo getOidcUserInfo() { } private OidcUser defaultPrincipal() { - return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo); + return new DefaultOidcUser.Builder() + .idToken(getOidcIdToken()) + .userInfo(this.userInfo) + .authorities(getAuthorities()) + .build(); } } diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java index 8d0aac3e696..7e6631443e7 100644 --- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java +++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java @@ -1390,7 +1390,11 @@ private Map defaultAttributes() { } private OAuth2User defaultPrincipal() { - return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey); + return new DefaultOAuth2User.Builder() + .nameAttributeKey(this.nameAttributeKey) + .attributes(this.attributes.get()) + .authorities(this.authorities.get()) + .build(); } } @@ -1533,7 +1537,11 @@ private OidcUserInfo getOidcUserInfo() { } private OidcUser defaultPrincipal() { - return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo); + return new DefaultOidcUser.Builder() + .idToken(getOidcIdToken()) + .userInfo(this.userInfo) + .authorities(getAuthorities()) + .build(); } } From 798e9b4b7c973ac30fe4dd2343fab491fcf7236e Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Thu, 13 Feb 2025 15:20:16 -0700 Subject: [PATCH 2/2] Add Copy Method Closes gh-16003 --- .../ROOT/pages/reactive/test/web/oauth2.adoc | 4 +- .../pages/servlet/test/mockmvc/oauth2.adoc | 4 +- .../jackson2/DefaultOAuth2UserMixin.java | 8 +- .../client/jackson2/DefaultOidcUserMixin.java | 7 - .../oidc/userinfo/OidcUserRequestUtils.java | 11 +- .../userinfo/DefaultOAuth2UserService.java | 6 +- .../DefaultReactiveOAuth2UserService.java | 6 +- .../core/oidc/user/DefaultOidcUser.java | 108 ++-------------- .../oauth2/core/user/DefaultOAuth2User.java | 121 +++++------------- .../core/oidc/user/DefaultOidcUserTests.java | 16 ++- .../core/user/DefaultOAuth2UserTests.java | 15 ++- .../server/SecurityMockServerConfigurers.java | 12 +- .../SecurityMockMvcRequestPostProcessors.java | 12 +- 13 files changed, 88 insertions(+), 242 deletions(-) diff --git a/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc b/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc index 0f20a955cdc..2548d96cf50 100644 --- a/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc +++ b/docs/modules/ROOT/pages/reactive/test/web/oauth2.adoc @@ -509,9 +509,9 @@ Java:: [source,java,role="primary"] ---- OAuth2User oauth2User = new DefaultOAuth2User( - "foo_user", + AuthorityUtils.createAuthorityList("SCOPE_message:read"), Collections.singletonMap("user_name", "foo_user"), - AuthorityUtils.createAuthorityList("SCOPE_message:read")); + "user_name"); client .mutateWith(mockOAuth2Login().oauth2User(oauth2User)) diff --git a/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc b/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc index 696fac7688c..581f49adefa 100644 --- a/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc +++ b/docs/modules/ROOT/pages/servlet/test/mockmvc/oauth2.adoc @@ -514,9 +514,9 @@ Java:: [source,java,role="primary"] ---- OAuth2User oauth2User = new DefaultOAuth2User( - "foo_user", + AuthorityUtils.createAuthorityList("SCOPE_message:read"), Collections.singletonMap("user_name", "foo_user"), - AuthorityUtils.createAuthorityList("SCOPE_message:read")); + "user_name"); mvc .perform(get("/endpoint") diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java index c5133e541fe..917062c905c 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,16 +42,10 @@ @JsonIgnoreProperties(ignoreUnknown = true) abstract class DefaultOAuth2UserMixin { - @Deprecated @JsonCreator DefaultOAuth2UserMixin(@JsonProperty("authorities") Collection authorities, @JsonProperty("attributes") Map attributes, @JsonProperty("nameAttributeKey") String nameAttributeKey) { } - @JsonCreator - DefaultOAuth2UserMixin(@JsonProperty("name") String name, - @JsonProperty("attributes") Map attributes, - @JsonProperty("authorities") Collection authorities) { - } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java index 8a98e48bee6..5b46dc9396f 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java @@ -43,17 +43,10 @@ @JsonIgnoreProperties(value = { "attributes" }, ignoreUnknown = true) abstract class DefaultOidcUserMixin { - @Deprecated @JsonCreator DefaultOidcUserMixin(@JsonProperty("authorities") Collection authorities, @JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo, @JsonProperty("nameAttributeKey") String nameAttributeKey) { } - @JsonCreator - DefaultOidcUserMixin(@JsonProperty("name") String name, - @JsonProperty("idToken") OidcIdToken idToken, @JsonProperty("userInfo") OidcUserInfo userInfo, - @JsonProperty("authorities") Collection authorities) { - } - } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java index 29cfec14b37..a9f3629aae9 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/userinfo/OidcUserRequestUtils.java @@ -17,7 +17,6 @@ package org.springframework.security.oauth2.client.oidc.userinfo; import java.util.LinkedHashSet; -import java.util.Map; import java.util.Set; import org.springframework.security.core.GrantedAuthority; @@ -29,7 +28,6 @@ import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUser; import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; -import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; @@ -92,15 +90,10 @@ static OidcUser getUser(OidcUserRequest userRequest, OidcUserInfo userInfo) { for (String scope : token.getScopes()) { authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope)); } - DefaultOidcUser.Builder userBuilder = new DefaultOidcUser.Builder(); if (StringUtils.hasText(userNameAttributeName)) { - userBuilder.nameAttributeKey(userNameAttributeName); + return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo, userNameAttributeName); } - return userBuilder - .idToken(userRequest.getIdToken()) - .userInfo(userInfo) - .authorities(authorities) - .build(); + return new DefaultOidcUser(authorities, userRequest.getIdToken(), userInfo); } private OidcUserRequestUtils() { diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java index cfda3944e24..02930047b16 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.java @@ -96,11 +96,7 @@ public OAuth2User loadUser(OAuth2UserRequest userRequest) throws OAuth2Authentic OAuth2AccessToken token = userRequest.getAccessToken(); Map attributes = this.attributesConverter.convert(userRequest).convert(response.getBody()); Collection authorities = getAuthorities(token, attributes, userNameAttributeName); - return new DefaultOAuth2User.Builder() - .nameAttributeKey(userNameAttributeName) - .attributes(attributes) - .authorities(authorities) - .build(); + return new DefaultOAuth2User(authorities, attributes, userNameAttributeName); } /** diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java index c3cf83b26cd..ae3a65b52c0 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.java @@ -138,11 +138,7 @@ public Mono loadUser(OAuth2UserRequest userRequest) throws OAuth2Aut authorities.add(new SimpleGrantedAuthority("SCOPE_" + scope)); } - return new DefaultOAuth2User.Builder() - .nameAttributeKey(userNameAttributeName) - .attributes(attrs) - .authorities(authorities) - .build(); + return new DefaultOAuth2User(authorities, attrs, userNameAttributeName); }) .onErrorMap((ex) -> (ex instanceof UnsupportedMediaTypeException || ex.getCause() instanceof UnsupportedMediaTypeException), (ex) -> { diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java index 486287a2bf1..49420e00542 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -55,7 +55,6 @@ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { * @param authorities the authorities granted to the user * @param idToken the {@link OidcIdToken ID Token} containing claims about the user */ - @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken) { this(authorities, idToken, IdTokenClaimNames.SUB); } @@ -67,7 +66,6 @@ public DefaultOidcUser(Collection authorities, OidcI * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ - @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, String nameAttributeKey) { this(authorities, idToken, null, nameAttributeKey); @@ -80,7 +78,6 @@ public DefaultOidcUser(Collection authorities, OidcI * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, * may be {@code null} */ - @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, OidcUserInfo userInfo) { this(authorities, idToken, userInfo, IdTokenClaimNames.SUB); @@ -95,7 +92,6 @@ public DefaultOidcUser(Collection authorities, OidcI * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ - @Deprecated public DefaultOidcUser(Collection authorities, OidcIdToken idToken, OidcUserInfo userInfo, String nameAttributeKey) { super(authorities, OidcUserAuthority.collectClaims(idToken, userInfo), nameAttributeKey); @@ -103,19 +99,21 @@ public DefaultOidcUser(Collection authorities, OidcI this.userInfo = userInfo; } + DefaultOidcUser(DefaultOidcUser user, Collection authorities) { + super(user, authorities); + this.idToken = user.idToken; + this.userInfo = user.userInfo; + } + /** - * Constructs a {@code DefaultOidcUser} using the provided parameters. - * @param name the name of the user - * @param idToken the {@link OidcIdToken ID Token} containing claims about the user - * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user, - * may be {@code null} - * @param authorities the authorities granted to the user + * Copy this {@code DefaultOAuth2User}, using the provided {@code authorities} + * @param authorities the authorities to use + * @return a new {@code DefaultOAuth2User} + * @since 6.5 */ - public DefaultOidcUser(String name, OidcIdToken idToken, OidcUserInfo userInfo, - Collection authorities) { - super(name, OidcUserAuthority.collectClaims(idToken, userInfo), authorities); - this.idToken = idToken; - this.userInfo = userInfo; + @Override + public DefaultOidcUser withAuthorities(Collection authorities) { + return new DefaultOidcUser(this, authorities); } @Override @@ -133,82 +131,4 @@ public OidcUserInfo getUserInfo() { return this.userInfo; } - public static class Builder { - - private String name; - - private String nameAttributeKey; - - private OidcIdToken idToken; - - private OidcUserInfo userInfo; - - private Collection authorities; - - /** - * Sets the name of the user. - * @param name the name of the user - * @return the {@link Builder} - */ - public Builder name(String name) { - this.name = name; - return this; - } - - /** - * Sets the key used to access the user's "name" from the user attributes if no "name" is - * provided. - * @param nameAttributeKey the key used to access the user's "name" from the user attributes. - * @return the {@link Builder} - */ - public Builder nameAttributeKey(String nameAttributeKey) { - this.nameAttributeKey = nameAttributeKey; - return this; - } - - /** - * Sets the {@link OidcIdToken ID Token} containing claims about the user. - * @param idToken the {@link OidcIdToken ID Token} containing claims about the user. - * @return the {@link Builder} - */ - public Builder idToken(OidcIdToken idToken) { - this.idToken = idToken; - return this; - } - - /** - * Sets the {@link OidcUserInfo UserInfo} containing claims about the user. - * @param userInfo the {@link OidcUserInfo UserInfo} containing claims about the user. - * @return the {@link Builder} - */ - public Builder userInfo(OidcUserInfo userInfo) { - this.userInfo = userInfo; - return this; - } - - /** - * Sets the authorities granted to the user. - * @param authorities the authorities granted to the user - * @return the {@link Builder} - */ - public Builder authorities(Collection authorities) { - this.authorities = authorities; - return this; - } - - /** - * Builds a new {@link DefaultOidcUser}. - * @return a {@link DefaultOidcUser} - */ - public DefaultOidcUser build() { - String name = this.name; - if (name == null) { - Map attributes = OidcUserAuthority.collectClaims(this.idToken, userInfo); - name = getNameFromAttributes(attributes, this.nameAttributeKey); - } - return new DefaultOidcUser(name, idToken, userInfo, authorities); - } - - } - } diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java index 03618a7fa96..9677ec8b565 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,6 +35,13 @@ /** * The default implementation of an {@link OAuth2User}. * + *

+ * User attribute names are not standardized between providers and therefore it is + * required to supply the key for the user's "name" attribute to one of + * the constructors. The key will be used for accessing the "name" of the + * {@code Principal} (user) via {@link #getAttributes()} and returning it from + * {@link #getName()}. + * * @author Joe Grandja * @author Eddú Meléndez * @author Park Hyojong @@ -49,7 +56,7 @@ public class DefaultOAuth2User implements OAuth2User, Serializable { private final Map attributes; - private final String name; + private final String nameAttributeKey; /** * Constructs a {@code DefaultOAuth2User} using the provided parameters. @@ -58,31 +65,29 @@ public class DefaultOAuth2User implements OAuth2User, Serializable { * @param nameAttributeKey the key used to access the user's "name" from * {@link #getAttributes()} */ - @Deprecated public DefaultOAuth2User(Collection authorities, Map attributes, String nameAttributeKey) { - this(getNameFromAttributes(attributes, nameAttributeKey), attributes, authorities); - } - - /** - * Constructs a {@code DefaultOAuth2User} using the provided parameters. - * @param name the name of the user - * @param authorities the authorities granted to the user - * @param attributes the attributes about the user - */ - public DefaultOAuth2User(String name, Map attributes, - Collection authorities) { Assert.notEmpty(attributes, "attributes cannot be empty"); - this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes)); + Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty"); + Assert.notNull(attributes.get(nameAttributeKey), + "Attribute value for '" + nameAttributeKey + "' cannot be null"); + this.authorities = (authorities != null) ? Collections.unmodifiableSet(new LinkedHashSet<>(this.sortAuthorities(authorities))) : Collections.unmodifiableSet(new LinkedHashSet<>(AuthorityUtils.NO_AUTHORITIES)); - this.name = (name != null) ? name : (String) this.attributes.get("sub"); + this.attributes = Collections.unmodifiableMap(new LinkedHashMap<>(attributes)); + this.nameAttributeKey = nameAttributeKey; + } + + protected DefaultOAuth2User(DefaultOAuth2User copy, Collection authorities) { + this.nameAttributeKey = copy.nameAttributeKey; + this.attributes = copy.attributes; + this.authorities = sortAuthorities(authorities); } @Override public String getName() { - return this.name; + return this.getAttribute(this.nameAttributeKey).toString(); } @Override @@ -95,6 +100,16 @@ public Map getAttributes() { return this.attributes; } + /** + * Copy this {@code DefaultOAuth2User}, using the provided {@code authorities} + * @param authorities the authorities to use + * @return a new {@code DefaultOAuth2User} + * @since 6.5 + */ + public DefaultOAuth2User withAuthorities(Collection authorities) { + return new DefaultOAuth2User(this, authorities); + } + private Set sortAuthorities(Collection authorities) { SortedSet sortedAuthorities = new TreeSet<>( Comparator.comparing(GrantedAuthority::getAuthority)); @@ -141,76 +156,4 @@ public String toString() { return sb.toString(); } - protected static String getNameFromAttributes(Map attributes, String nameAttributeKey) { - Assert.hasText(nameAttributeKey, "nameAttributeKey cannot be empty"); - Assert.notNull(attributes.get(nameAttributeKey), - "Attribute value for '" + nameAttributeKey + "' cannot be null"); - return attributes.get(nameAttributeKey).toString(); - } - - /** - * A builder for {@link DefaultOAuth2User}. - */ - public static class Builder { - - private String name; - - private String nameAttributeKey; - - private Map attributes; - - private Collection authorities; - - /** - * Sets the name of the user. - * @param name the name of the user - * @return the {@link Builder} - */ - public Builder name(String name) { - this.name = name; - return this; - } - - /** - * Sets the key used to access the user's "name" from the user attributes if no "name" is - * provided. - * @param nameAttributeKey the key used to access the user's "name" from the user attributes. - * @return the {@link Builder} - */ - public Builder nameAttributeKey(String nameAttributeKey) { - this.nameAttributeKey = nameAttributeKey; - return this; - } - - /** - * Sets the attributes about the user. - * @param attributes the attributes about the user - * @return the {@link Builder} - */ - public Builder attributes(Map attributes) { - this.attributes = attributes; - return this; - } - - /** - * Sets the authorities granted to the user. - * @param authorities the authorities granted to the user - * @return the {@link Builder} - */ - public Builder authorities(Collection authorities) { - this.authorities = authorities; - return this; - } - - /** - * Builds a new {@link DefaultOAuth2User}. - * @return a {@link DefaultOAuth2User} - */ - public DefaultOAuth2User build() { - String name = this.name != null ? this.name : getNameFromAttributes(this.attributes, this.nameAttributeKey); - return new DefaultOAuth2User(name, this.attributes, this.authorities); - } - - } - } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java index 4c4ae825005..57cd2d0e50b 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,6 +17,8 @@ package org.springframework.security.oauth2.core.oidc.user; import java.time.Instant; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; import java.util.HashMap; import java.util.Map; @@ -31,6 +33,7 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcUserInfo; import org.springframework.security.oauth2.core.oidc.StandardClaimNames; +import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; @@ -147,4 +150,15 @@ public void constructorWhenAllParametersProvidedAndValidThenCreated() { StandardClaimNames.NAME, StandardClaimNames.EMAIL); } + @Test + public void constructorWhenWithAuthoritiesThenReplaces() { + DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO); + Collection additional = new ArrayList<>(AUTHORITIES); + additional.add(new SimpleGrantedAuthority("ROLE_ADMIN")); + DefaultOAuth2User copy = user.withAuthorities(additional); + assertThat((Set) user.getAuthorities()).containsAll(AUTHORITIES); + assertThat((Set) copy.getAuthorities()).containsAll(additional); + assertThat(copy.getAttributes()).isEqualTo(user.getAttributes()); + } + } diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java index a56c5bcf6a2..0f322ff78cb 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.oauth2.core.user; +import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; import java.util.Map; import java.util.Set; @@ -109,4 +111,15 @@ public void constructorWhenCreatedThenIsSerializable() { SerializationUtils.serialize(user); } + @Test + public void constructorWhenWithAuthoritiesThenReplaces() { + DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY); + Collection additional = new ArrayList<>(AUTHORITIES); + additional.add(new SimpleGrantedAuthority("ROLE_ADMIN")); + DefaultOAuth2User copy = user.withAuthorities(additional); + assertThat((Set) user.getAuthorities()).containsAll(AUTHORITIES); + assertThat((Set) copy.getAuthorities()).containsAll(additional); + assertThat(copy.getAttributes()).isEqualTo(user.getAttributes()); + } + } diff --git a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java index 430e6c71844..360b7a22982 100644 --- a/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java +++ b/test/src/main/java/org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.java @@ -848,11 +848,7 @@ private Map defaultAttributes() { } private OAuth2User defaultPrincipal() { - return new DefaultOAuth2User.Builder() - .nameAttributeKey(this.nameAttributeKey) - .attributes(this.attributes.get()) - .authorities(this.authorities.get()) - .build(); + return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey); } } @@ -1027,11 +1023,7 @@ private OidcUserInfo getOidcUserInfo() { } private OidcUser defaultPrincipal() { - return new DefaultOidcUser.Builder() - .idToken(getOidcIdToken()) - .userInfo(this.userInfo) - .authorities(getAuthorities()) - .build(); + return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo); } } diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java index 7e6631443e7..8d0aac3e696 100644 --- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java +++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java @@ -1390,11 +1390,7 @@ private Map defaultAttributes() { } private OAuth2User defaultPrincipal() { - return new DefaultOAuth2User.Builder() - .nameAttributeKey(this.nameAttributeKey) - .attributes(this.attributes.get()) - .authorities(this.authorities.get()) - .build(); + return new DefaultOAuth2User(this.authorities.get(), this.attributes.get(), this.nameAttributeKey); } } @@ -1537,11 +1533,7 @@ private OidcUserInfo getOidcUserInfo() { } private OidcUser defaultPrincipal() { - return new DefaultOidcUser.Builder() - .idToken(getOidcIdToken()) - .userInfo(this.userInfo) - .authorities(getAuthorities()) - .build(); + return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo); } }