Expose getter for nameAttributeKey in OAuth2AuthenticatedPrincipal

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -99,6 +99,23 @@ public DefaultOidcUser(Collection<? extends GrantedAuthority> authorities, OidcI
 		this.userInfo = userInfo;
 	}
 
+	DefaultOidcUser(DefaultOidcUser user, Collection<GrantedAuthority> authorities) {
+		super(user, authorities);
+		this.idToken = user.idToken;
+		this.userInfo = user.userInfo;
+	}
+
+	/**
+	 * Copy this {@code DefaultOAuth2User}, using the provided {@code authorities}
+	 * @param authorities the authorities to use
+	 * @return a new {@code DefaultOAuth2User}
+	 * @since 6.5
+	 */
+	@Override
+	public DefaultOidcUser withAuthorities(Collection<GrantedAuthority> authorities) {
+		return new DefaultOidcUser(this, authorities);
+	}
+
 	@Override
 	public Map<String, Object> getClaims() {
 		return this.getAttributes();

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -79,6 +79,12 @@ public DefaultOAuth2User(Collection<? extends GrantedAuthority> authorities, Map
 		this.nameAttributeKey = nameAttributeKey;
 	}
 
+	protected DefaultOAuth2User(DefaultOAuth2User copy, Collection<GrantedAuthority> authorities) {
+		this.nameAttributeKey = copy.nameAttributeKey;
+		this.attributes = copy.attributes;
+		this.authorities = sortAuthorities(authorities);
+	}
+
 	@Override
 	public String getName() {
 		return this.getAttribute(this.nameAttributeKey).toString();
@@ -94,6 +100,16 @@ public Map<String, Object> getAttributes() {
 		return this.attributes;
 	}
 
+	/**
+	 * Copy this {@code DefaultOAuth2User}, using the provided {@code authorities}
+	 * @param authorities the authorities to use
+	 * @return a new {@code DefaultOAuth2User}
+	 * @since 6.5
+	 */
+	public DefaultOAuth2User withAuthorities(Collection<GrantedAuthority> authorities) {
+		return new DefaultOAuth2User(this, authorities);
+	}
+
 	private Set<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
 		SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(
 				Comparator.comparing(GrantedAuthority::getAuthority));

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUserTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,6 +17,8 @@
 package org.springframework.security.oauth2.core.oidc.user;
 
 import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -31,6 +33,7 @@
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
 import org.springframework.security.oauth2.core.oidc.StandardClaimNames;
+import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@@ -147,4 +150,15 @@ public void constructorWhenAllParametersProvidedAndValidThenCreated() {
 				StandardClaimNames.NAME, StandardClaimNames.EMAIL);
 	}
 
+	@Test
+	public void constructorWhenWithAuthoritiesThenReplaces() {
+		DefaultOidcUser user = new DefaultOidcUser(AUTHORITIES, ID_TOKEN, USER_INFO);
+		Collection<GrantedAuthority> additional = new ArrayList<>(AUTHORITIES);
+		additional.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+		DefaultOAuth2User copy = user.withAuthorities(additional);
+		assertThat((Set<GrantedAuthority>) user.getAuthorities()).containsAll(AUTHORITIES);
+		assertThat((Set<GrantedAuthority>) copy.getAuthorities()).containsAll(additional);
+		assertThat(copy.getAttributes()).isEqualTo(user.getAttributes());
+	}
+
 }

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/user/DefaultOAuth2UserTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.core.user;
 
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
@@ -109,4 +111,15 @@ public void constructorWhenCreatedThenIsSerializable() {
 		SerializationUtils.serialize(user);
 	}
 
+	@Test
+	public void constructorWhenWithAuthoritiesThenReplaces() {
+		DefaultOAuth2User user = new DefaultOAuth2User(AUTHORITIES, ATTRIBUTES, ATTRIBUTE_NAME_KEY);
+		Collection<GrantedAuthority> additional = new ArrayList<>(AUTHORITIES);
+		additional.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
+		DefaultOAuth2User copy = user.withAuthorities(additional);
+		assertThat((Set<GrantedAuthority>) user.getAuthorities()).containsAll(AUTHORITIES);
+		assertThat((Set<GrantedAuthority>) copy.getAuthorities()).containsAll(additional);
+		assertThat(copy.getAttributes()).isEqualTo(user.getAttributes());
+	}
+
 }