Allow property overrides for OIDC Configuration Provider

Closes gh-13869
6 years ago · eefa0ada9f
parent 5011bc6451
commit eefa0ada9f
2 changed files with 57 additions and 9 deletions
--- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java
@ -56,14 +56,11 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {

 	private static ClientRegistration getClientRegistration(String registrationId,
 			Registration properties, Map<String, Provider> providers) {
-		String issuer = getIssuerIfPossible(registrationId, properties.getProvider(),
-				providers);
-		if (issuer != null) {
-			return OidcConfigurationProvider.issuer(issuer).registrationId(registrationId)
-					.clientId(properties.getClientId())
-					.clientSecret(properties.getClientSecret()).build();
+		Builder builder = getBuilderFromIssuerIfPossible(registrationId,
+				properties.getProvider(), providers);
+		if (builder == null) {
+			builder = getBuilder(registrationId, properties.getProvider(), providers);
 		}
-		Builder builder = getBuilder(registrationId, properties.getProvider(), providers);
 		PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull();
 		map.from(properties::getClientId).to(builder::clientId);
 		map.from(properties::getClientSecret).to(builder::clientSecret);
@ -79,7 +76,7 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
 		return builder.build();
 	}

-	private static String getIssuerIfPossible(String registrationId,
+	private static Builder getBuilderFromIssuerIfPossible(String registrationId,
 			String configuredProviderId, Map<String, Provider> providers) {
 		String providerId = (configuredProviderId != null ? configuredProviderId
 				: registrationId);
@ -87,7 +84,10 @@ public final class OAuth2ClientPropertiesRegistrationAdapter {
 			Provider provider = providers.get(providerId);
 			String issuer = provider.getIssuerUri();
 			if (issuer != null) {
-				return cleanIssuerPath(issuer);
+				String cleanedIssuer = cleanIssuerPath(issuer);
+				Builder builder = OidcConfigurationProvider.issuer(cleanedIssuer)
+						.registrationId(registrationId);
+				return getBuilder(builder, provider);
 			}
 		}
 		return null;
--- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
+++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java
@ -255,6 +255,54 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests {
 		testOidcConfiguration(registration, "okta-oidc");
 	}

+	@Test
+	public void oidcProviderConfigurationWithCustomConfigurationOverridesProviderDefaults()
+			throws Exception {
+		this.server = new MockWebServer();
+		this.server.start();
+		String issuer = this.server.url("").toString();
+		String cleanIssuerPath = cleanIssuerPath(issuer);
+		setupMockResponse(cleanIssuerPath);
+		Registration registration = new Registration();
+		registration.setProvider("okta-oidc");
+		registration.setClientId("clientId");
+		registration.setClientSecret("clientSecret");
+		registration.setClientAuthenticationMethod("post");
+		registration.setRedirectUriTemplate("http://example.com/redirect");
+		registration.setScope(Collections.singleton("user"));
+		Provider provider = new Provider();
+		provider.setIssuerUri(issuer);
+		provider.setAuthorizationUri("http://example.com/auth");
+		provider.setTokenUri("http://example.com/token");
+		provider.setUserInfoUri("http://example.com/info");
+		provider.setUserNameAttribute("sub");
+		provider.setJwkSetUri("http://example.com/jwk");
+		OAuth2ClientProperties properties = new OAuth2ClientProperties();
+		properties.getProvider().put("okta-oidc", provider);
+		properties.getRegistration().put("okta", registration);
+		Map<String, ClientRegistration> registrations = OAuth2ClientPropertiesRegistrationAdapter
+				.getClientRegistrations(properties);
+		ClientRegistration adapted = registrations.get("okta");
+		ProviderDetails providerDetails = adapted.getProviderDetails();
+		assertThat(adapted.getClientAuthenticationMethod())
+				.isEqualTo(ClientAuthenticationMethod.POST);
+		assertThat(adapted.getAuthorizationGrantType())
+				.isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
+		assertThat(adapted.getRegistrationId()).isEqualTo("okta");
+		assertThat(adapted.getClientName()).isEqualTo(cleanIssuerPath);
+		assertThat(adapted.getScopes()).containsOnly("user");
+		assertThat(adapted.getRedirectUriTemplate())
+				.isEqualTo("http://example.com/redirect");
+		assertThat(providerDetails.getAuthorizationUri())
+				.isEqualTo("http://example.com/auth");
+		assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token");
+		assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwk");
+		assertThat(providerDetails.getUserInfoEndpoint().getUri())
+				.isEqualTo("http://example.com/info");
+		assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName())
+				.isEqualTo("sub");
+	}
+
 	private void testOidcConfiguration(Registration registration, String providerId)
 			throws Exception {
 		this.server = new MockWebServer();