diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java index 36ca11d0a7..5879c46cec 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapter.java @@ -56,14 +56,11 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { private static ClientRegistration getClientRegistration(String registrationId, Registration properties, Map providers) { - String issuer = getIssuerIfPossible(registrationId, properties.getProvider(), - providers); - if (issuer != null) { - return OidcConfigurationProvider.issuer(issuer).registrationId(registrationId) - .clientId(properties.getClientId()) - .clientSecret(properties.getClientSecret()).build(); + Builder builder = getBuilderFromIssuerIfPossible(registrationId, + properties.getProvider(), providers); + if (builder == null) { + builder = getBuilder(registrationId, properties.getProvider(), providers); } - Builder builder = getBuilder(registrationId, properties.getProvider(), providers); PropertyMapper map = PropertyMapper.get().alwaysApplyingWhenNonNull(); map.from(properties::getClientId).to(builder::clientId); map.from(properties::getClientSecret).to(builder::clientSecret); @@ -79,7 +76,7 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { return builder.build(); } - private static String getIssuerIfPossible(String registrationId, + private static Builder getBuilderFromIssuerIfPossible(String registrationId, String configuredProviderId, Map providers) { String providerId = (configuredProviderId != null ? configuredProviderId : registrationId); @@ -87,7 +84,10 @@ public final class OAuth2ClientPropertiesRegistrationAdapter { Provider provider = providers.get(providerId); String issuer = provider.getIssuerUri(); if (issuer != null) { - return cleanIssuerPath(issuer); + String cleanedIssuer = cleanIssuerPath(issuer); + Builder builder = OidcConfigurationProvider.issuer(cleanedIssuer) + .registrationId(registrationId); + return getBuilder(builder, provider); } } return null; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java index 4a6f6eb41c..7bbe6caf53 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/client/OAuth2ClientPropertiesRegistrationAdapterTests.java @@ -255,6 +255,54 @@ public class OAuth2ClientPropertiesRegistrationAdapterTests { testOidcConfiguration(registration, "okta-oidc"); } + @Test + public void oidcProviderConfigurationWithCustomConfigurationOverridesProviderDefaults() + throws Exception { + this.server = new MockWebServer(); + this.server.start(); + String issuer = this.server.url("").toString(); + String cleanIssuerPath = cleanIssuerPath(issuer); + setupMockResponse(cleanIssuerPath); + Registration registration = new Registration(); + registration.setProvider("okta-oidc"); + registration.setClientId("clientId"); + registration.setClientSecret("clientSecret"); + registration.setClientAuthenticationMethod("post"); + registration.setRedirectUriTemplate("http://example.com/redirect"); + registration.setScope(Collections.singleton("user")); + Provider provider = new Provider(); + provider.setIssuerUri(issuer); + provider.setAuthorizationUri("http://example.com/auth"); + provider.setTokenUri("http://example.com/token"); + provider.setUserInfoUri("http://example.com/info"); + provider.setUserNameAttribute("sub"); + provider.setJwkSetUri("http://example.com/jwk"); + OAuth2ClientProperties properties = new OAuth2ClientProperties(); + properties.getProvider().put("okta-oidc", provider); + properties.getRegistration().put("okta", registration); + Map registrations = OAuth2ClientPropertiesRegistrationAdapter + .getClientRegistrations(properties); + ClientRegistration adapted = registrations.get("okta"); + ProviderDetails providerDetails = adapted.getProviderDetails(); + assertThat(adapted.getClientAuthenticationMethod()) + .isEqualTo(ClientAuthenticationMethod.POST); + assertThat(adapted.getAuthorizationGrantType()) + .isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE); + assertThat(adapted.getRegistrationId()).isEqualTo("okta"); + assertThat(adapted.getClientName()).isEqualTo(cleanIssuerPath); + assertThat(adapted.getScopes()).containsOnly("user"); + assertThat(adapted.getRedirectUriTemplate()) + .isEqualTo("http://example.com/redirect"); + assertThat(providerDetails.getAuthorizationUri()) + .isEqualTo("http://example.com/auth"); + assertThat(providerDetails.getTokenUri()).isEqualTo("http://example.com/token"); + assertThat(providerDetails.getJwkSetUri()).isEqualTo("http://example.com/jwk"); + assertThat(providerDetails.getUserInfoEndpoint().getUri()) + .isEqualTo("http://example.com/info"); + assertThat(providerDetails.getUserInfoEndpoint().getUserNameAttributeName()) + .isEqualTo("sub"); + } + private void testOidcConfiguration(Registration registration, String providerId) throws Exception { this.server = new MockWebServer();