Skip to content

Commit 5eff090

Browse files
committed
Polish gh-2131
1 parent d5010b5 commit 5eff090

File tree

2 files changed

+16
-11
lines changed

2 files changed

+16
-11
lines changed

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -215,10 +215,12 @@ public Authentication authenticate(Authentication authentication) throws Authent
215215
// ----- Refresh token -----
216216
OAuth2RefreshToken currentRefreshToken = refreshToken.getToken();
217217
if (!registeredClient.getTokenSettings().isReuseRefreshTokens()) {
218+
// @formatter:off
218219
tokenContext = tokenContextBuilder
219220
.tokenType(OAuth2TokenType.REFRESH_TOKEN)
220-
.authorization(authorizationBuilder.build()) // allows refresh token to retrieve access token
221+
.authorization(authorizationBuilder.build()) // Refresh token generator/customizer may need access to the access token
221222
.build();
223+
// @formatter:on
222224
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
223225
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
224226
OAuth2Error error = new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR,
@@ -256,8 +258,8 @@ public Authentication authenticate(Authentication authentication) throws Authent
256258

257259
idToken = new OidcIdToken(generatedIdToken.getTokenValue(), generatedIdToken.getIssuedAt(),
258260
generatedIdToken.getExpiresAt(), ((Jwt) generatedIdToken).getClaims());
259-
authorizationBuilder.token(idToken, metadata ->
260-
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
261+
authorizationBuilder.token(idToken,
262+
(metadata) -> metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, idToken.getClaims()));
261263
}
262264
else {
263265
idToken = null;

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -329,21 +329,24 @@ public void authenticateWhenReuseRefreshTokensFalseThenReturnNewRefreshToken() {
329329
OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider
330330
.authenticate(authentication);
331331

332-
ArgumentCaptor<OAuth2TokenContext> oAuth2TokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
333-
verify(this.tokenGenerator, times(2)).generate(oAuth2TokenContextCaptor.capture());
334-
// tokenGenerator is first invoked for generating a new access token and then for generating the refresh token for this access token
335-
List<OAuth2TokenContext> tokenContexts = oAuth2TokenContextCaptor.getAllValues();
336-
assertThat(tokenContexts).hasSize(2);
337-
assertThat(tokenContexts.get(0).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("access-token");
338-
assertThat(tokenContexts.get(1).getAuthorization().getAccessToken().getToken().getTokenValue()).isEqualTo("refreshed-access-token");
339-
340332
ArgumentCaptor<OAuth2Authorization> authorizationCaptor = ArgumentCaptor.forClass(OAuth2Authorization.class);
341333
verify(this.authorizationService).save(authorizationCaptor.capture());
342334
OAuth2Authorization updatedAuthorization = authorizationCaptor.getValue();
343335

344336
assertThat(accessTokenAuthentication.getRefreshToken())
345337
.isEqualTo(updatedAuthorization.getRefreshToken().getToken());
346338
assertThat(updatedAuthorization.getRefreshToken()).isNotEqualTo(authorization.getRefreshToken());
339+
340+
ArgumentCaptor<OAuth2TokenContext> tokenContextCaptor = ArgumentCaptor.forClass(OAuth2TokenContext.class);
341+
verify(this.tokenGenerator, times(2)).generate(tokenContextCaptor.capture());
342+
// tokenGenerator is first invoked for generating a new access token and then for
343+
// generating the refresh token
344+
List<OAuth2TokenContext> tokenContexts = tokenContextCaptor.getAllValues();
345+
assertThat(tokenContexts).hasSize(2);
346+
assertThat(tokenContexts.get(0).getAuthorization().getAccessToken().getToken().getTokenValue())
347+
.isEqualTo("access-token");
348+
assertThat(tokenContexts.get(1).getAuthorization().getAccessToken().getToken().getTokenValue())
349+
.isEqualTo("refreshed-access-token");
347350
}
348351

349352
@Test

0 commit comments

Comments
 (0)