diff --git a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java index b8661d72bf41..196afbdc75fe 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerProperties.java @@ -97,37 +97,37 @@ public static class Endpoint { /** * Authorization Server's OAuth 2.0 Authorization Endpoint. */ - private String authorizationUri; + private String authorizationUri = "/oauth2/authorize"; /** * Authorization Server's OAuth 2.0 Device Authorization Endpoint. */ - private String deviceAuthorizationUri; + private String deviceAuthorizationUri = "/oauth2/device_authorization"; /** * Authorization Server's OAuth 2.0 Device Verification Endpoint. */ - private String deviceVerificationUri; + private String deviceVerificationUri = "/oauth2/device_verification"; /** * Authorization Server's OAuth 2.0 Token Endpoint. */ - private String tokenUri; + private String tokenUri = "/oauth2/token"; /** * Authorization Server's JWK Set Endpoint. */ - private String jwkSetUri; + private String jwkSetUri = "/oauth2/jwks"; /** * Authorization Server's OAuth 2.0 Token Revocation Endpoint. */ - private String tokenRevocationUri; + private String tokenRevocationUri = "/oauth2/revoke"; /** * Authorization Server's OAuth 2.0 Token Introspection Endpoint. */ - private String tokenIntrospectionUri; + private String tokenIntrospectionUri = "/oauth2/introspect"; /** * OpenID Connect 1.0 endpoints. @@ -205,17 +205,17 @@ public static class OidcEndpoint { /** * Authorization Server's OpenID Connect 1.0 Logout Endpoint. */ - private String logoutUri; + private String logoutUri = "/connect/logout"; /** * Authorization Server's OpenID Connect 1.0 Client Registration Endpoint. */ - private String clientRegistrationUri; + private String clientRegistrationUri = "/connect/register"; /** * Authorization Server's OpenID Connect 1.0 UserInfo Endpoint. */ - private String userInfoUri; + private String userInfoUri = "/userinfo"; public String getLogoutUri() { return this.logoutUri; @@ -258,12 +258,12 @@ public static class Client { * Whether the client is required to provide a proof key challenge and verifier * when performing the Authorization Code Grant flow. */ - private boolean requireProofKey; + private boolean requireProofKey = false; /** * Whether authorization consent is required when the client requests access. */ - private boolean requireAuthorizationConsent; + private boolean requireAuthorizationConsent = false; /** * URL for the client's JSON Web Key Set. @@ -444,17 +444,17 @@ public static class Token { /** * Time-to-live for an authorization code. */ - private Duration authorizationCodeTimeToLive; + private Duration authorizationCodeTimeToLive = Duration.ofMinutes(5); /** * Time-to-live for an access token. */ - private Duration accessTokenTimeToLive; + private Duration accessTokenTimeToLive = Duration.ofMinutes(5); /** * Token format for an access token. */ - private String accessTokenFormat; + private String accessTokenFormat = "self-contained"; /** * Time-to-live for a device code. @@ -465,17 +465,17 @@ public static class Token { * Whether refresh tokens are reused or a new refresh token is issued when * returning the access token response. */ - private boolean reuseRefreshTokens; + private boolean reuseRefreshTokens = true; /** * Time-to-live for a refresh token. */ - private Duration refreshTokenTimeToLive; + private Duration refreshTokenTimeToLive = Duration.ofMinutes(60); /** * JWS algorithm for signing the ID Token. */ - private String idTokenSignatureAlgorithm; + private String idTokenSignatureAlgorithm = "RS256"; public Duration getAuthorizationCodeTimeToLive() { return this.authorizationCodeTimeToLive; diff --git a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java index 0d4df95b0444..f9fd535b31e1 100644 --- a/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java +++ b/spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/security/oauth2/server/servlet/OAuth2AuthorizationServerPropertiesTests.java @@ -18,6 +18,8 @@ import org.junit.jupiter.api.Test; +import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings; +import org.springframework.security.oauth2.server.authorization.settings.ClientSettings; import org.springframework.security.oauth2.server.authorization.settings.TokenSettings; import static org.assertj.core.api.Assertions.assertThat; @@ -73,9 +75,53 @@ void authorizationGrantTypesEmptyThrowsException() { } @Test - void defaultDeviceCodeTimeToLiveMatchesBuilderDefault() { - assertThat(new OAuth2AuthorizationServerProperties.Client().getToken().getDeviceCodeTimeToLive()) - .isEqualTo(TokenSettings.builder().build().getDeviceCodeTimeToLive()); + void defaultEndpointPropertiesMatchBuilderDefaults() { + OAuth2AuthorizationServerProperties.Endpoint endpoint = new OAuth2AuthorizationServerProperties.Endpoint(); + AuthorizationServerSettings authorizationServerSettings = AuthorizationServerSettings.builder().build(); + assertThat(endpoint.getAuthorizationUri()).isEqualTo(authorizationServerSettings.getAuthorizationEndpoint()); + assertThat(endpoint.getDeviceAuthorizationUri()) + .isEqualTo(authorizationServerSettings.getDeviceAuthorizationEndpoint()); + assertThat(endpoint.getDeviceVerificationUri()) + .isEqualTo(authorizationServerSettings.getDeviceVerificationEndpoint()); + assertThat(endpoint.getTokenUri()).isEqualTo(authorizationServerSettings.getTokenEndpoint()); + assertThat(endpoint.getJwkSetUri()).isEqualTo(authorizationServerSettings.getJwkSetEndpoint()); + assertThat(endpoint.getTokenRevocationUri()) + .isEqualTo(authorizationServerSettings.getTokenRevocationEndpoint()); + assertThat(endpoint.getTokenIntrospectionUri()) + .isEqualTo(authorizationServerSettings.getTokenIntrospectionEndpoint()); + + OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc(); + assertThat(oidc.getLogoutUri()).isEqualTo(authorizationServerSettings.getOidcLogoutEndpoint()); + assertThat(oidc.getClientRegistrationUri()) + .isEqualTo(authorizationServerSettings.getOidcClientRegistrationEndpoint()); + assertThat(oidc.getUserInfoUri()).isEqualTo(authorizationServerSettings.getOidcUserInfoEndpoint()); + } + + @Test + void defaultClientPropertiesMatchBuilderDefaults() { + OAuth2AuthorizationServerProperties.Client client = new OAuth2AuthorizationServerProperties.Client(); + ClientSettings clientSettings = ClientSettings.builder().build(); + assertThat(client.isRequireProofKey()).isEqualTo(clientSettings.isRequireProofKey()); + assertThat(client.isRequireAuthorizationConsent()).isEqualTo(clientSettings.isRequireAuthorizationConsent()); + assertThat(client.getJwkSetUri()).isEqualTo(clientSettings.getJwkSetUrl()); + if (clientSettings.getTokenEndpointAuthenticationSigningAlgorithm() != null) { + assertThat(client.getTokenEndpointAuthenticationSigningAlgorithm()) + .isEqualTo(clientSettings.getTokenEndpointAuthenticationSigningAlgorithm().getName()); + } + } + + @Test + void defaultTokenPropertiesMatchBuilderDefaults() { + OAuth2AuthorizationServerProperties.Token token = new OAuth2AuthorizationServerProperties.Token(); + TokenSettings tokenSettings = TokenSettings.builder().build(); + assertThat(token.getAuthorizationCodeTimeToLive()).isEqualTo(tokenSettings.getAuthorizationCodeTimeToLive()); + assertThat(token.getAccessTokenTimeToLive()).isEqualTo(tokenSettings.getAccessTokenTimeToLive()); + assertThat(token.getAccessTokenFormat()).isEqualTo(tokenSettings.getAccessTokenFormat().getValue()); + assertThat(token.getDeviceCodeTimeToLive()).isEqualTo(tokenSettings.getDeviceCodeTimeToLive()); + assertThat(token.isReuseRefreshTokens()).isEqualTo(tokenSettings.isReuseRefreshTokens()); + assertThat(token.getRefreshTokenTimeToLive()).isEqualTo(tokenSettings.getRefreshTokenTimeToLive()); + assertThat(token.getIdTokenSignatureAlgorithm()) + .isEqualTo(tokenSettings.getIdTokenSignatureAlgorithm().getName()); } }