Rename ClientSettings.requireUserConsent() to requireAuthorizationConsent()
Closes gh-363
This commit is contained in:
Joe Grandja
@@ -341,7 +341,7 @@ public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implemen
|
||||
private static boolean requireAuthorizationConsent(RegisteredClient registeredClient,
|
||||
OAuth2AuthorizationRequest authorizationRequest, OAuth2AuthorizationConsent authorizationConsent) {
|
||||
|
||||
if (!registeredClient.getClientSettings().requireUserConsent()) {
|
||||
if (!registeredClient.getClientSettings().requireAuthorizationConsent()) {
|
||||
return false;
|
||||
}
|
||||
// 'openid' scope does not require consent
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020 the original author or authors.
|
||||
* Copyright 2020-2021 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -28,7 +28,7 @@ import java.util.Map;
|
||||
public class ClientSettings extends Settings {
|
||||
private static final String CLIENT_SETTING_BASE = "setting.client.";
|
||||
public static final String REQUIRE_PROOF_KEY = CLIENT_SETTING_BASE.concat("require-proof-key");
|
||||
public static final String REQUIRE_USER_CONSENT = CLIENT_SETTING_BASE.concat("require-user-consent");
|
||||
public static final String REQUIRE_AUTHORIZATION_CONSENT = CLIENT_SETTING_BASE.concat("require-authorization-consent");
|
||||
|
||||
/**
|
||||
* Constructs a {@code ClientSettings}.
|
||||
@@ -69,31 +69,31 @@ public class ClientSettings extends Settings {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns {@code true} if the user's consent is required when the client requests access.
|
||||
* Returns {@code true} if authorization consent is required when the client requests access.
|
||||
* The default is {@code false}.
|
||||
*
|
||||
* @return {@code true} if the user's consent is required when the client requests access, {@code false} otherwise
|
||||
* @return {@code true} if authorization consent is required when the client requests access, {@code false} otherwise
|
||||
*/
|
||||
public boolean requireUserConsent() {
|
||||
return setting(REQUIRE_USER_CONSENT);
|
||||
public boolean requireAuthorizationConsent() {
|
||||
return setting(REQUIRE_AUTHORIZATION_CONSENT);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set to {@code true} if the user's consent is required when the client requests access.
|
||||
* Set to {@code true} if authorization consent is required when the client requests access.
|
||||
* This applies to all interactive flows (e.g. {@code authorization_code} and {@code device_code}).
|
||||
*
|
||||
* @param requireUserConsent {@code true} if the user's consent is required when the client requests access, {@code false} otherwise
|
||||
* @param requireAuthorizationConsent {@code true} if authorization consent is required when the client requests access, {@code false} otherwise
|
||||
* @return the {@link ClientSettings}
|
||||
*/
|
||||
public ClientSettings requireUserConsent(boolean requireUserConsent) {
|
||||
setting(REQUIRE_USER_CONSENT, requireUserConsent);
|
||||
public ClientSettings requireAuthorizationConsent(boolean requireAuthorizationConsent) {
|
||||
setting(REQUIRE_AUTHORIZATION_CONSENT, requireAuthorizationConsent);
|
||||
return this;
|
||||
}
|
||||
|
||||
protected static Map<String, Object> defaultSettings() {
|
||||
Map<String, Object> settings = new HashMap<>();
|
||||
settings.put(REQUIRE_PROOF_KEY, false);
|
||||
settings.put(REQUIRE_USER_CONSENT, false);
|
||||
settings.put(REQUIRE_AUTHORIZATION_CONSENT, false);
|
||||
return settings;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -172,7 +172,7 @@ public final class OidcClientRegistrationAuthenticationProvider implements Authe
|
||||
.clientSettings(clientSettings ->
|
||||
clientSettings
|
||||
.requireProofKey(true)
|
||||
.requireUserConsent(true))
|
||||
.requireAuthorizationConsent(true))
|
||||
.tokenSettings(tokenSettings ->
|
||||
tokenSettings
|
||||
.idTokenSignatureAlgorithm(SignatureAlgorithm.RS256));
|
||||
|
||||
@@ -389,7 +389,7 @@ public class OAuth2AuthorizationCodeGrantTests {
|
||||
scopes.add("message.read");
|
||||
scopes.add("message.write");
|
||||
})
|
||||
.clientSettings(settings -> settings.requireUserConsent(true))
|
||||
.clientSettings(settings -> settings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
this.registeredClientRepository.save(registeredClient);
|
||||
|
||||
@@ -416,7 +416,7 @@ public class OAuth2AuthorizationCodeGrantTests {
|
||||
scopes.add("message.read");
|
||||
scopes.add("message.write");
|
||||
})
|
||||
.clientSettings(settings -> settings.requireUserConsent(true))
|
||||
.clientSettings(settings -> settings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
this.registeredClientRepository.save(registeredClient);
|
||||
|
||||
@@ -464,7 +464,7 @@ public class OAuth2AuthorizationCodeGrantTests {
|
||||
scopes.add("message.read");
|
||||
scopes.add("message.write");
|
||||
})
|
||||
.clientSettings(settings -> settings.requireUserConsent(true))
|
||||
.clientSettings(settings -> settings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
this.registeredClientRepository.save(registeredClient);
|
||||
|
||||
|
||||
@@ -365,7 +365,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
|
||||
@Test
|
||||
public void authenticateWhenRequireAuthorizationConsentThenReturnAuthorizationConsent() {
|
||||
RegisteredClient registeredClient = TestRegisteredClients.registeredClient()
|
||||
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
|
||||
.clientSettings(clientSettings -> clientSettings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
|
||||
.thenReturn(registeredClient);
|
||||
@@ -412,7 +412,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
|
||||
@Test
|
||||
public void authenticateWhenRequireAuthorizationConsentAndOnlyOpenidScopeRequestedThenAuthorizationConsentNotRequired() {
|
||||
RegisteredClient registeredClient = TestRegisteredClients.registeredClient()
|
||||
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
|
||||
.clientSettings(clientSettings -> clientSettings.requireAuthorizationConsent(true))
|
||||
.scopes(scopes -> {
|
||||
scopes.clear();
|
||||
scopes.add(OidcScopes.OPENID);
|
||||
@@ -434,7 +434,7 @@ public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
|
||||
@Test
|
||||
public void authenticateWhenRequireAuthorizationConsentAndAllPreviouslyApprovedThenAuthorizationConsentNotRequired() {
|
||||
RegisteredClient registeredClient = TestRegisteredClients.registeredClient()
|
||||
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
|
||||
.clientSettings(clientSettings -> clientSettings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
when(this.registeredClientRepository.findByClientId(eq(registeredClient.getClientId())))
|
||||
.thenReturn(registeredClient);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2020 the original author or authors.
|
||||
* Copyright 2020-2021 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -32,7 +32,7 @@ public class ClientSettingsTests {
|
||||
ClientSettings clientSettings = new ClientSettings();
|
||||
assertThat(clientSettings.settings()).hasSize(2);
|
||||
assertThat(clientSettings.requireProofKey()).isFalse();
|
||||
assertThat(clientSettings.requireUserConsent()).isFalse();
|
||||
assertThat(clientSettings.requireAuthorizationConsent()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -49,9 +49,9 @@ public class ClientSettingsTests {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requireUserConsentWhenTrueThenSet() {
|
||||
ClientSettings clientSettings = new ClientSettings().requireUserConsent(true);
|
||||
assertThat(clientSettings.requireUserConsent()).isTrue();
|
||||
public void requireAuthorizationConsentWhenTrueThenSet() {
|
||||
ClientSettings clientSettings = new ClientSettings().requireAuthorizationConsent(true);
|
||||
assertThat(clientSettings.requireAuthorizationConsent()).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -60,10 +60,10 @@ public class ClientSettingsTests {
|
||||
.<ClientSettings>setting("name1", "value1")
|
||||
.requireProofKey(true)
|
||||
.<ClientSettings>settings(settings -> settings.put("name2", "value2"))
|
||||
.requireUserConsent(true);
|
||||
.requireAuthorizationConsent(true);
|
||||
assertThat(clientSettings.settings()).hasSize(4);
|
||||
assertThat(clientSettings.requireProofKey()).isTrue();
|
||||
assertThat(clientSettings.requireUserConsent()).isTrue();
|
||||
assertThat(clientSettings.requireAuthorizationConsent()).isTrue();
|
||||
assertThat(clientSettings.<String>setting("name1")).isEqualTo("value1");
|
||||
assertThat(clientSettings.<String>setting("name2")).isEqualTo("value2");
|
||||
}
|
||||
|
||||
@@ -265,7 +265,7 @@ public class OidcClientRegistrationAuthenticationProviderTests {
|
||||
.containsExactlyInAnyOrder(AuthorizationGrantType.AUTHORIZATION_CODE, AuthorizationGrantType.CLIENT_CREDENTIALS);
|
||||
assertThat(registeredClientResult.getScopes()).containsExactlyInAnyOrder("scope1", "scope2");
|
||||
assertThat(registeredClientResult.getClientSettings().requireProofKey()).isTrue();
|
||||
assertThat(registeredClientResult.getClientSettings().requireUserConsent()).isTrue();
|
||||
assertThat(registeredClientResult.getClientSettings().requireAuthorizationConsent()).isTrue();
|
||||
assertThat(registeredClientResult.getTokenSettings().idTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
|
||||
|
||||
OidcClientRegistration clientRegistrationResult = authenticationResult.getClientRegistration();
|
||||
|
||||
@@ -86,7 +86,7 @@ public class AuthorizationServerConfig {
|
||||
.scope(OidcScopes.OPENID)
|
||||
.scope("message.read")
|
||||
.scope("message.write")
|
||||
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
|
||||
.clientSettings(clientSettings -> clientSettings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
return new InMemoryRegisteredClientRepository(registeredClient);
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ public class AuthorizationServerConfig {
|
||||
.scope(OidcScopes.OPENID)
|
||||
.scope("message.read")
|
||||
.scope("message.write")
|
||||
.clientSettings(clientSettings -> clientSettings.requireUserConsent(true))
|
||||
.clientSettings(clientSettings -> clientSettings.requireAuthorizationConsent(true))
|
||||
.build();
|
||||
|
||||
// Save registered client in db as if in-memory
|
||||
|
||||
Reference in New Issue
Block a user