diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java index 57201ed569c..a97bd09c9ae 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,9 +16,6 @@ package org.springframework.security.oauth2.client.endpoint; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; import java.util.Collections; import java.util.Set; @@ -99,19 +96,7 @@ private void populateTokenRequestHeaders(T grantRequest, HttpHeaders headers) { headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) { - String clientId = encodeClientCredential(clientRegistration.getClientId()); - String clientSecret = encodeClientCredential(clientRegistration.getClientSecret()); - headers.setBasicAuth(clientId, clientSecret); - } - } - - private static String encodeClientCredential(String clientCredential) { - try { - return URLEncoder.encode(clientCredential, StandardCharsets.UTF_8.toString()); - } - catch (UnsupportedEncodingException ex) { - // Will not happen since UTF-8 is a standard charset - throw new IllegalArgumentException(ex); + headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret()); } } diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java index 82c6b325b93..1ca61bf69ea 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/endpoint/OAuth2AuthorizationGrantRequestEntityUtils.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,9 +16,6 @@ package org.springframework.security.oauth2.client.endpoint; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; import java.util.Collections; import org.springframework.core.convert.converter.Converter; @@ -50,23 +47,11 @@ static HttpHeaders getTokenRequestHeaders(ClientRegistration clientRegistration) HttpHeaders headers = new HttpHeaders(); headers.addAll(DEFAULT_TOKEN_REQUEST_HEADERS); if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) { - String clientId = encodeClientCredential(clientRegistration.getClientId()); - String clientSecret = encodeClientCredential(clientRegistration.getClientSecret()); - headers.setBasicAuth(clientId, clientSecret); + headers.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret()); } return headers; } - private static String encodeClientCredential(String clientCredential) { - try { - return URLEncoder.encode(clientCredential, StandardCharsets.UTF_8.toString()); - } - catch (UnsupportedEncodingException ex) { - // Will not happen since UTF-8 is a standard charset - throw new IllegalArgumentException(ex); - } - } - private static HttpHeaders getDefaultTokenRequestHeaders() { HttpHeaders headers = new HttpHeaders(); headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8)); diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java index eba469d592a..9f1a9b11fc1 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/OAuth2ClientCredentialsGrantRequestEntityConverterTests.java @@ -16,11 +16,6 @@ package org.springframework.security.oauth2.client.endpoint; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.util.Base64; - import org.junit.Before; import org.junit.Test; @@ -29,7 +24,6 @@ import org.springframework.http.MediaType; import org.springframework.http.RequestEntity; import org.springframework.security.oauth2.client.registration.ClientRegistration; -import org.springframework.security.oauth2.client.registration.TestClientRegistrations; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; @@ -82,37 +76,4 @@ public void convertWhenGrantRequestValidThenConverts() { assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).isEqualTo("read write"); } - // gh-9610 - @SuppressWarnings("unchecked") - @Test - public void convertWhenSpecialCharactersThenConvertsWithEncodedClientCredentials() - throws UnsupportedEncodingException { - String clientCredentialWithAnsiKeyboardSpecialCharacters = "~!@#$%^&*()_+{}|:\"<>?`-=[]\\;',./ "; - // @formatter:off - ClientRegistration clientRegistration = TestClientRegistrations.clientCredentials() - .clientId(clientCredentialWithAnsiKeyboardSpecialCharacters) - .clientSecret(clientCredentialWithAnsiKeyboardSpecialCharacters) - .build(); - // @formatter:on - OAuth2ClientCredentialsGrantRequest clientCredentialsGrantRequest = new OAuth2ClientCredentialsGrantRequest( - clientRegistration); - RequestEntity requestEntity = this.converter.convert(clientCredentialsGrantRequest); - assertThat(requestEntity.getMethod()).isEqualTo(HttpMethod.POST); - assertThat(requestEntity.getUrl().toASCIIString()) - .isEqualTo(clientRegistration.getProviderDetails().getTokenUri()); - HttpHeaders headers = requestEntity.getHeaders(); - assertThat(headers.getAccept()).contains(MediaType.APPLICATION_JSON_UTF8); - assertThat(headers.getContentType()) - .isEqualTo(MediaType.valueOf(MediaType.APPLICATION_FORM_URLENCODED_VALUE + ";charset=UTF-8")); - String urlEncodedClientCredential = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters, - StandardCharsets.UTF_8.toString()); - String clientCredentials = Base64.getEncoder().encodeToString( - (urlEncodedClientCredential + ":" + urlEncodedClientCredential).getBytes(StandardCharsets.UTF_8)); - assertThat(headers.getFirst(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic " + clientCredentials); - MultiValueMap formParameters = (MultiValueMap) requestEntity.getBody(); - assertThat(formParameters.getFirst(OAuth2ParameterNames.GRANT_TYPE)) - .isEqualTo(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue()); - assertThat(formParameters.getFirst(OAuth2ParameterNames.SCOPE)).contains(clientRegistration.getScopes()); - } - } diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java index 80c4b61fe0e..5021c34d600 100644 --- a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java +++ b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/endpoint/WebClientReactiveClientCredentialsTokenResponseClientTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2020 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,10 +16,6 @@ package org.springframework.security.oauth2.client.endpoint; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.util.Base64; - import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.RecordedRequest; @@ -93,35 +89,6 @@ public void getTokenResponseWhenHeaderThenSuccess() throws Exception { assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser"); } - // gh-9610 - @Test - public void getTokenResponseWhenSpecialCharactersThenSuccessWithEncodedClientCredentials() throws Exception { - // @formatter:off - enqueueJson("{\n" - + " \"access_token\":\"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3\",\n" - + " \"token_type\":\"bearer\",\n" - + " \"expires_in\":3600,\n" - + " \"refresh_token\":\"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk\",\n" - + " \"scope\":\"create\"\n" - + "}"); - // @formatter:on - String clientCredentialWithAnsiKeyboardSpecialCharacters = "~!@#$%^&*()_+{}|:\"<>?`-=[]\\;',./ "; - OAuth2ClientCredentialsGrantRequest request = new OAuth2ClientCredentialsGrantRequest( - this.clientRegistration.clientId(clientCredentialWithAnsiKeyboardSpecialCharacters) - .clientSecret(clientCredentialWithAnsiKeyboardSpecialCharacters).build()); - OAuth2AccessTokenResponse response = this.client.getTokenResponse(request).block(); - RecordedRequest actualRequest = this.server.takeRequest(); - String body = actualRequest.getBody().readUtf8(); - assertThat(response.getAccessToken()).isNotNull(); - String urlEncodedClientCredentialecret = URLEncoder.encode(clientCredentialWithAnsiKeyboardSpecialCharacters, - StandardCharsets.UTF_8.toString()); - String clientCredentials = Base64.getEncoder() - .encodeToString((urlEncodedClientCredentialecret + ":" + urlEncodedClientCredentialecret) - .getBytes(StandardCharsets.UTF_8)); - assertThat(actualRequest.getHeader(HttpHeaders.AUTHORIZATION)).isEqualTo("Basic " + clientCredentials); - assertThat(body).isEqualTo("grant_type=client_credentials&scope=read%3Auser"); - } - @Test public void getTokenResponseWhenPostThenSuccess() throws Exception { ClientRegistration registration = this.clientRegistration