From 2e2c9ea2867f0c44edf13aefdbd333358d869ea2 Mon Sep 17 00:00:00 2001 From: Ovidiu Popa Date: Tue, 16 Nov 2021 16:00:25 +0200 Subject: [PATCH] Fix registration access token cannot be deserialized Change the authorized scopes Set from SingletonSet to UnmodifiableSet as there is no mixin registered for SingletonSet Closes gh-495 --- .../OidcClientRegistrationAuthenticationProvider.java | 5 ++++- .../server/authorization/OidcClientRegistrationTests.java | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java index b80347cc..f3478d4b 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java @@ -21,6 +21,7 @@ import java.time.Instant; import java.util.Base64; import java.util.Collection; import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.UUID; @@ -218,7 +219,9 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe private OAuth2Authorization registerAccessToken(RegisteredClient registeredClient) { JoseHeader headers = JwtUtils.headers().build(); - Set authorizedScopes = Collections.singleton(DEFAULT_CLIENT_CONFIGURATION_AUTHORIZED_SCOPE); + Set authorizedScopes = new HashSet<>(); + authorizedScopes.add(DEFAULT_CLIENT_CONFIGURATION_AUTHORIZED_SCOPE); + authorizedScopes = Collections.unmodifiableSet(authorizedScopes); JwtClaimsSet claims = JwtUtils.accessTokenClaims( registeredClient, this.providerSettings.getIssuer(), registeredClient.getClientId(), authorizedScopes) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java index 92d1ade0..59e759f2 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java @@ -62,6 +62,8 @@ import org.springframework.security.oauth2.core.oidc.http.converter.OidcClientRe import org.springframework.security.oauth2.jose.TestJwks; import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm; import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService; +import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper; import org.springframework.security.oauth2.server.authorization.client.RegisteredClient; @@ -323,6 +325,11 @@ public class OidcClientRegistrationTests { return registeredClientRepository; } + @Bean + OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, RegisteredClientRepository registeredClientRepository) { + return new JdbcOAuth2AuthorizationService(jdbcOperations, registeredClientRepository); + } + @Bean JdbcOperations jdbcOperations() { return new JdbcTemplate(db);