Skip to content

Commit

Permalink
minor refactorings and update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@andifalk
andifalk committed Mar 2, 2024
1 parent e0cd7bf commit 6f9332a
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 42 deletions.
12 changes: 6 additions & 6 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@ These are the most important configuration settings:

This server comes with predefined registered OAuth2/OIDC clients:

| Client ID | Client-Secret | PKCE | Access Token Format |
|-------------------------|---------------|------|---------------------|
| demo-client | secret | -- | JWT |
| demo-client-pkce | secret | X | JWT |
| demo-client-opaque | secret | -- | Opaque |
| demo-client-pkce-opaque | secret | X | Opaque |
| Client ID | Client-Secret | PKCE | Client-Credentials Grant | Access Token Format |
|-------------------------|---------------|------|--------------------------|---------------------|
| demo-client | secret | -- | X | JWT |
| demo-client-pkce | -- | X | -- | JWT |
| demo-client-opaque | secret | -- | X | Opaque |
| demo-client-pkce-opaque | -- | X | -- | Opaque |

All clients have configured the following redirect URIs (including a special one for postman):

Expand Down
59 changes: 23 additions & 36 deletions ...n/java/com/example/spring/authorizationserver/config/ClientRegistrationConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,14 @@
import java.util.Set;
import java.util.UUID;

import static org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat.SELF_CONTAINED;

@Configuration
public class ClientRegistrationConfiguration {

private static final Logger LOGGER = LoggerFactory.getLogger(ClientRegistrationConfiguration.class);
private static final String SCOPE_OFFLINE_ACCESS = "offline_access";
private static final String CLIENT_SECRET = "secret";

/*
* Repository with all registered OAuth/OIDC clients.
Expand All @@ -40,95 +44,78 @@ public RegisteredClientRepository registeredClientRepository(JdbcTemplate jdbcTe

RegisteredClient demoClient = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("demo-client")
.clientSecret(passwordEncoder.encode("secret"))
.clientSecret(passwordEncoder.encode(CLIENT_SECRET))
.clientAuthenticationMethods(methods -> methods.addAll(
List.of(
ClientAuthenticationMethod.CLIENT_SECRET_BASIC,
ClientAuthenticationMethod.CLIENT_SECRET_POST,
ClientAuthenticationMethod.NONE
ClientAuthenticationMethod.CLIENT_SECRET_POST
)))
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
.tokenSettings(TokenSettings.builder().accessTokenFormat(SELF_CONTAINED)
.accessTokenTimeToLive(Duration.ofMinutes(15))
.authorizationCodeTimeToLive(Duration.ofMinutes(2)).build())
.redirectUris(uris -> {
uris.addAll(redirectUris);
})
.redirectUris(uris -> uris.addAll(redirectUris))
.scopes(scopes -> scopes.addAll(List.of(
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, SCOPE_OFFLINE_ACCESS
)))
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
.build();

RegisteredClient demoClientPkce = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("demo-client-pkce")
.clientAuthenticationMethods(methods -> methods.addAll(
List.of(
ClientAuthenticationMethod.CLIENT_SECRET_BASIC,
ClientAuthenticationMethod.CLIENT_SECRET_POST,
ClientAuthenticationMethod.NONE
)))
.clientAuthenticationMethods(methods -> methods.add(
ClientAuthenticationMethod.NONE
))
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
.tokenSettings(TokenSettings.builder().accessTokenFormat(SELF_CONTAINED)
.accessTokenTimeToLive(Duration.ofMinutes(15))
.authorizationCodeTimeToLive(Duration.ofMinutes(2)).build())
.redirectUris(uris -> {
uris.addAll(redirectUris);
})
.redirectUris(uris -> uris.addAll(redirectUris))
.scopes(scopes -> scopes.addAll(List.of(
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, SCOPE_OFFLINE_ACCESS
)))
.clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build())
.build();

RegisteredClient demoClientOpaque = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("demo-client-opaque")
.clientSecret(passwordEncoder.encode("secret"))
.clientSecret(passwordEncoder.encode(CLIENT_SECRET))
.clientAuthenticationMethods(methods -> methods.addAll(
List.of(
ClientAuthenticationMethod.CLIENT_SECRET_BASIC,
ClientAuthenticationMethod.CLIENT_SECRET_POST,
ClientAuthenticationMethod.NONE
ClientAuthenticationMethod.CLIENT_SECRET_POST
)))
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE)
.accessTokenTimeToLive(Duration.ofMinutes(15))
.authorizationCodeTimeToLive(Duration.ofMinutes(2)).build())
.redirectUris(uris -> {
uris.addAll(redirectUris);
})
.redirectUris(uris -> uris.addAll(redirectUris))
.scopes(scopes -> scopes.addAll(List.of(
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, SCOPE_OFFLINE_ACCESS
)))
.clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).build())
.build();

RegisteredClient demoClientPkceOpaque = RegisteredClient.withId(UUID.randomUUID().toString())
.clientId("demo-client-pkce-opaque")
.clientSecret(passwordEncoder.encode("secret"))
.clientAuthenticationMethods(methods -> methods.addAll(
List.of(
ClientAuthenticationMethod.CLIENT_SECRET_BASIC,
ClientAuthenticationMethod.CLIENT_SECRET_POST,
ClientAuthenticationMethod.NONE
)))
.clientAuthenticationMethods(methods -> methods.add(
ClientAuthenticationMethod.NONE
))
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
.authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
.tokenSettings(TokenSettings.builder().accessTokenFormat(OAuth2TokenFormat.REFERENCE)
.accessTokenTimeToLive(Duration.ofMinutes(15))
.authorizationCodeTimeToLive(Duration.ofMinutes(2)).build())
.redirectUris(uris -> {
uris.addAll(redirectUris);
})
.scopes(scopes -> scopes.addAll(List.of(
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, "offline_access"
OidcScopes.OPENID, OidcScopes.PROFILE, OidcScopes.EMAIL, SCOPE_OFFLINE_ACCESS
)))
.clientSettings(ClientSettings.builder().requireProofKey(true).requireAuthorizationConsent(false).build())
.build();
Expand Down

0 comments on commit 6f9332a

Please sign in to comment.