gh-63 Don't hit UserInfo UAA endpoint for Client Credential Grants

spring-cloud · Sep 12, 2019 · eeb5f5c · eeb5f5c
1 parent f3ac641
commit eeb5f5c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/...in/java/org/springframework/cloud/common/security/support/DataflowPrincipalExtractor.java b/...in/java/org/springframework/cloud/common/security/support/DataflowPrincipalExtractor.java
@@ -30,7 +30,7 @@
 public class DataflowPrincipalExtractor implements PrincipalExtractor {
 
 	private static final String[] PRINCIPAL_KEYS = new String[] { "user_name", "user", "username",
-			"userid", "user_id", "login", "id", "name" };
+			"userid", "user_id", "login", "id", "name", "cid", "client_id" };
 
 	@Override
 	public Object extractPrincipal(Map<String, Object> map) {

diff --git a/...g/springframework/cloud/common/security/support/TokenValidatingUserInfoTokenServices.java b/...g/springframework/cloud/common/security/support/TokenValidatingUserInfoTokenServices.java
@@ -18,6 +18,7 @@
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -211,14 +212,22 @@ private OAuth2Authentication retrieveOAuth2AuthenticationFromOAuthServer(String
 		final OAuth2AccessToken remoteOAuth2AccessToken = retrieveAccessTokenFromOAuthServer(accessTokenValue);
 		this.restTemplate.getOAuth2ClientContext().setAccessToken(remoteOAuth2AccessToken);
 
-		// Now let's update the User Information
-		final Map<String, Object> map = getUserInfoMap(this.userInfoEndpointUrl);
-		if (map.containsKey("error")) {
-			if (this.logger.isDebugEnabled()) {
-				this.logger.debug("userinfo returned error: " + map.get("error"));
+		final Map<String, Object> map;
+		if (remoteOAuth2AccessToken.getScope().contains("openid")) {
+
+			// Now let's update the User Information
+			map = getUserInfoMap(this.userInfoEndpointUrl);
+			if (map.containsKey("error")) {
+				if (this.logger.isDebugEnabled()) {
+					this.logger.debug("userinfo returned error: " + map.get("error"));
+				}
+				throw new InvalidTokenException(accessTokenValue);
 			}
-			throw new InvalidTokenException(accessTokenValue);
 		}
+		else {
+			map = remoteOAuth2AccessToken.getAdditionalInformation();
+		}
+
 		final OAuth2Authentication authentication = extractAuthentication(map);
 		this.tokenStore.storeAccessToken(remoteOAuth2AccessToken, authentication);
 		return authentication;