Added discovery.

Updated spring OAuth version. Changed UserInfo to most minimalistic version. removed .properties (todo: setup config instructions inside the readme).

Added discovery.
Updated spring OAuth version. Changed UserInfo to most minimalistic version. removed .properties (todo: setup config instructions inside the readme).
f6a773f6 · William Loosman · 陈健 · 36f144ba · f6a773f6 · f6a773f6
Commit f6a773f6 authored Aug 21, 2018 by William Loosman Committed by 陈健 Sep 17, 2019
6 changed files
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,7 @@
        <dependency>
            <groupId>org.springframework.security.oauth</groupId>
            <artifactId>spring-security-oauth2</artifactId>
-            <version>2.0.4.RELEASE</version>
+            <version>2.3.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>com.google.guava</groupId>

--- a/src/main/java/com/github/fromi/openidconnect/security/OAuth2Client.java
+++ b/src/main/java/com/github/fromi/openidconnect/security/OAuth2Client.java
 package com.github.fromi.openidconnect.security;

-import static java.util.Arrays.asList;
-import static org.springframework.security.oauth2.common.AuthenticationScheme.form;
-
+import static org.springframework.security.oauth2.common.AuthenticationScheme.header;
 import javax.annotation.Resource;

+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -13,31 +12,45 @@ import org.springframework.context.annotation.ScopedProxyMode;
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestOperations;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
+import org.springframework.security.oauth2.client.discovery.ProviderConfiguration;
+import org.springframework.security.oauth2.client.discovery.ProviderDiscoveryClient;
 import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
 import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
+import java.util.Arrays;

 @Configuration
 @EnableOAuth2Client
 public class OAuth2Client {
-    @Value("${google.oauth2.clientId}")
+    @Value("${onegini.oauth2.clientId}")
    private String clientId;

-    @Value("${google.oauth2.clientSecret}")
+    @Value("${onegini.oauth2.clientSecret}")
    private String clientSecret;

+    @Value("${onegini.oauth2.issuer}")
+    private String issuer;
+
+    public static ProviderConfiguration providerConfiguration = null;
+
    @Bean
-    // TODO retrieve from https://accounts.google.com/.well-known/openid-configuration ?
    public OAuth2ProtectedResourceDetails googleOAuth2Details() {
-        AuthorizationCodeResourceDetails googleOAuth2Details = new AuthorizationCodeResourceDetails();
-        googleOAuth2Details.setAuthenticationScheme(form);
-        googleOAuth2Details.setClientAuthenticationScheme(form);
-        googleOAuth2Details.setClientId(clientId);
-        googleOAuth2Details.setClientSecret(clientSecret);
-        googleOAuth2Details.setUserAuthorizationUri("https://accounts.google.com/o/oauth2/auth");
-        googleOAuth2Details.setAccessTokenUri("https://www.googleapis.com/oauth2/v3/token");
-        googleOAuth2Details.setScope(asList("openid"));
-        return googleOAuth2Details;
+
+        //Discover endpoints
+        ProviderDiscoveryClient dc = new ProviderDiscoveryClient(issuer);
+        providerConfiguration = dc.discover();
+
+        //setup OAuth
+        AuthorizationCodeResourceDetails conf = new AuthorizationCodeResourceDetails();
+        conf.setAuthenticationScheme(header);
+        conf.setClientAuthenticationScheme(header);
+        conf.setClientId(clientId);
+        conf.setClientSecret(clientSecret);
+        conf.setUserAuthorizationUri(providerConfiguration.getAuthorizationEndpoint().toString());
+        conf.setAccessTokenUri(providerConfiguration.getTokenEndpoint().toString());
+        conf.setScope(Arrays.asList("openid", "profile"));
+
+        return conf;
    }

    @SuppressWarnings("SpringJavaAutowiringInspection") // Provided by Spring Boot

--- a/src/main/java/com/github/fromi/openidconnect/security/OpenIDConnectAuthenticationFilter.java
+++ b/src/main/java/com/github/fromi/openidconnect/security/OpenIDConnectAuthenticationFilter.java
 package com.github.fromi.openidconnect.security;

+import static com.github.fromi.openidconnect.security.OAuth2Client.providerConfiguration;
 import static java.util.Optional.empty;
 import static org.springframework.security.core.authority.AuthorityUtils.NO_AUTHORITIES;

@@ -30,7 +31,8 @@ public class OpenIDConnectAuthenticationFilter extends AbstractAuthenticationPro
    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
            throws AuthenticationException, IOException, ServletException {
-        final ResponseEntity<UserInfo> userInfoResponseEntity = restTemplate.getForEntity("https://www.googleapis.com/oauth2/v2/userinfo", UserInfo.class);
+        //todo: use id token for user info instead of endpoint
+        final ResponseEntity<UserInfo> userInfoResponseEntity = restTemplate.getForEntity(providerConfiguration.getUserInfoEndpoint().toString(), UserInfo.class);
        return new PreAuthenticatedAuthenticationToken(userInfoResponseEntity.getBody(), empty(), NO_AUTHORITIES);
    }
 }
--- a/src/main/java/com/github/fromi/openidconnect/security/UserInfo.java
+++ b/src/main/java/com/github/fromi/openidconnect/security/UserInfo.java
 package com.github.fromi.openidconnect.security;

 import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;

+@JsonIgnoreProperties(ignoreUnknown = true)
 public class UserInfo {
    private final String id;
    private final String name;
-    private final String givenName;
-    private final String familyName;
-    private final String gender;
-    private final String picture;
-    private final String link;
+//    private final String givenName;
+//    private final String familyName;
+//    private final String locale;
+//    private final String preferred_username;

    @JsonCreator
-    public UserInfo(@JsonProperty("id") String id,
-                    @JsonProperty("name") String name,
-                    @JsonProperty("given_name") String givenName,
-                    @JsonProperty("family_name") String familyName,
-                    @JsonProperty("gender") String gender,
-                    @JsonProperty("picture") String picture,
-                    @JsonProperty("link") String link) {
+    public UserInfo(@JsonProperty("sub") String id//,
+                    //@JsonProperty("name") String name,
+                    //@JsonProperty("given_name") String givenName,
+                    //@JsonProperty("family_name") String familyName,
+                    //@JsonProperty("locale") String locale,
+                    //@JsonProperty("preferred_username") String preferred_username
+    ){
        this.id = id;
-        this.name = name;
-        this.givenName = givenName;
-        this.familyName = familyName;
-        this.gender = gender;
-        this.picture = picture;
-        this.link = link;
+        this.name = id;
+        //this.name = name;
+        //this.givenName = givenName;
+        //this.familyName = familyName;
+        //this.locale = locale;
+        //this.preferred_username = preferred_username;
    }

    public String getId() {
@@ -37,23 +38,19 @@ public class UserInfo {
        return name;
    }

-    public String getGivenName() {
-        return givenName;
-    }
-
-    public String getFamilyName() {
-        return familyName;
-    }
-
-    public String getGender() {
-        return gender;
-    }
-
-    public String getPicture() {
-        return picture;
-    }
-
-    public String getLink() {
-        return link;
-    }
+//    public String getGivenName() {
+//        return givenName;
+//    }
+//
+//    public String getFamilyName() {
+//        return familyName;
+//    }
+//
+//    public String getLocale() {
+//        return locale;
+//    }
+//
+//    public String getPreferred_username() {
+//        return preferred_username;
+//    }
 }
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
-google.oauth2.clientId=<client_id>
-google.oauth2.clientSecret=<client_secret>
\ No newline at end of file
--- a/src/test/java/com/github/fromi/openidconnect/SecurityIT.java
+++ b/src/test/java/com/github/fromi/openidconnect/SecurityIT.java
@@ -46,6 +46,6 @@ public class SecurityIT {
    public void loginPageRedirectsToGoogle() {
        given().redirects().follow(false).when().get("/login").then()
                .statusCode(HttpStatus.SC_MOVED_TEMPORARILY)
-                .header("Location", startsWith("https://accounts.google.com/o/oauth2/auth"));
+                .header("Location", startsWith("https://dev-514378.oktapreview.com/oauth2/default/v1/authorize"));
    }
 }