diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java index c20d0a0a2..df3ff81a9 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/CodeVerifierAuthenticator.java @@ -137,15 +137,13 @@ private boolean authenticate(OAuth2ClientAuthenticationToken clientAuthenticatio } private static boolean authorizationCodeGrant(Map parameters) { - - if (!AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(parameters.get(OAuth2ParameterNames.GRANT_TYPE))) { + if (!AuthorizationGrantType.AUTHORIZATION_CODE.getValue() + .equals(parameters.get(OAuth2ParameterNames.GRANT_TYPE))) { return false; } - if (!StringUtils.hasText((String) parameters.get(OAuth2ParameterNames.CODE))) { throwInvalidGrant(OAuth2ParameterNames.CODE); } - return true; } diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProviderTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProviderTests.java index a91eeb4c7..4d41cf99f 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProviderTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/ClientSecretAuthenticationProviderTests.java @@ -46,7 +46,6 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; /** diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index ca5573e98..fd0a59108 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -25,7 +25,6 @@ import java.time.temporal.ChronoUnit; import java.util.Arrays; import java.util.Base64; -import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Map; @@ -72,7 +71,6 @@ import org.springframework.security.crypto.password.NoOpPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.core.AuthorizationGrantType; -import org.springframework.security.oauth2.core.ClientAuthenticationMethod; import org.springframework.security.oauth2.core.OAuth2RefreshToken; import org.springframework.security.oauth2.core.OAuth2Token; import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse; @@ -100,7 +98,6 @@ import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationContext; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationProvider; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken; -import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; @@ -518,6 +515,7 @@ public void requestWhenPublicClientWithPkceAndCustomRefreshTokenGeneratorThenRet .isEqualTo(true); } + // gh-1680 @Test public void requestWhenPublicClientWithPkceAndEmptyCodeThenBadRequest() throws Exception { this.spring.register(AuthorizationServerConfiguration.class).autowire(); @@ -526,18 +524,17 @@ public void requestWhenPublicClientWithPkceAndEmptyCodeThenBadRequest() throws E this.registeredClientRepository.save(registeredClient); MultiValueMap tokenRequestParameters = new LinkedMultiValueMap<>(); - tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE, AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); + tokenRequestParameters.set(OAuth2ParameterNames.GRANT_TYPE, + AuthorizationGrantType.AUTHORIZATION_CODE.getValue()); tokenRequestParameters.set(OAuth2ParameterNames.CODE, ""); - tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI, registeredClient.getRedirectUris().iterator().next()); + tokenRequestParameters.set(OAuth2ParameterNames.REDIRECT_URI, + registeredClient.getRedirectUris().iterator().next()); this.mvc - .perform(post(DEFAULT_TOKEN_ENDPOINT_URI) - .params(tokenRequestParameters) - .param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) - .param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER)) - .andExpect(header().string(HttpHeaders.CACHE_CONTROL, containsString("no-store"))) - .andExpect(header().string(HttpHeaders.PRAGMA, containsString("no-cache"))) - .andExpect(status().isBadRequest()); + .perform(post(DEFAULT_TOKEN_ENDPOINT_URI).params(tokenRequestParameters) + .param(OAuth2ParameterNames.CLIENT_ID, registeredClient.getClientId()) + .param(PkceParameterNames.CODE_VERIFIER, S256_CODE_VERIFIER)) + .andExpect(status().isBadRequest()); } @Test