Skip to content

Commit

Permalink
Spring Authorization Server Metadata Endpoint not compatible. fixes #…
Browse files Browse the repository at this point in the history 
…2606
  • Loading branch information
@bnasslahsen
bnasslahsen committed Jun 16, 2024
1 parent 497bfae commit 6c24eb6
Show file tree
Hide file tree
Showing 4 changed files with 400 additions and 208 deletions.
19 changes: 17 additions & 2 deletions ...mon/src/main/java/org/springdoc/core/configuration/SpringDocSecurityOAuth2Customizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@

import io.swagger.v3.core.util.AnnotationsUtils;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
import io.swagger.v3.oas.annotations.security.SecurityRequirements;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
Expand All @@ -18,9 +20,14 @@
import io.swagger.v3.oas.models.media.StringSchema;
import io.swagger.v3.oas.models.parameters.HeaderParameter;
import io.swagger.v3.oas.models.parameters.Parameter;
import io.swagger.v3.oas.models.parameters.PathParameter;
import io.swagger.v3.oas.models.parameters.RequestBody;
import io.swagger.v3.oas.models.responses.ApiResponse;
import io.swagger.v3.oas.models.responses.ApiResponses;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.security.SecurityScheme.In;
import io.swagger.v3.oas.models.security.SecurityScheme.Type;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -182,6 +189,10 @@ private void getOAuth2AuthorizationServerMetadataEndpoint(OpenAPI openAPI, Secur
ReflectionUtils.makeAccessible(field);
String defaultOauth2MetadataUri = (String) ReflectionUtils.getField(field, null);
openAPI.getPaths().addPathItem(defaultOauth2MetadataUri , new PathItem().get(operation));
operation = buildOperation(apiResponses);
operation.addParametersItem(new PathParameter().name("subpath").schema(new StringSchema()));
operation.summary("Valid when multiple issuers are allowed");
openAPI.getPaths().addPathItem(defaultOauth2MetadataUri+"/{subpath}" , new PathItem().get(operation));
}
}
}
Expand Down Expand Up @@ -252,7 +263,7 @@ private void getOAuth2TokenEndpoint(OpenAPI openAPI, SecurityFilterChain securit
String mediaType = org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
RequestBody requestBody = new RequestBody().content(new Content().addMediaType(mediaType, new MediaType().schema(requestSchema)));
operation.setRequestBody(requestBody);
operation.addParametersItem(new HeaderParameter().name("Authorization"));
operation.addParametersItem(new HeaderParameter().name("Authorization").schema(new StringSchema()));

buildPath(oAuth2EndpointFilter, "tokenEndpointMatcher", openAPI, operation, HttpMethod.POST);
}
Expand Down Expand Up @@ -310,6 +321,10 @@ private void getOidcProviderConfigurationEndpoint(OpenAPI openAPI, SecurityFilte
ReflectionUtils.makeAccessible(field);
String defaultOidcConfigUri = (String) ReflectionUtils.getField(field, null);
openAPI.getPaths().addPathItem(defaultOidcConfigUri , new PathItem().get(operation));
operation = buildOperation(apiResponses);
operation.addParametersItem(new PathParameter().name("subpath").schema(new StringSchema()));
operation.summary("Valid when multiple issuers are allowed");
openAPI.getPaths().addPathItem("/{subpath}"+defaultOidcConfigUri , new PathItem().get(operation));
}
}
}
Expand Down Expand Up @@ -360,7 +375,7 @@ private void getOidcClientRegistrationEndpoint(OpenAPI openAPI, SecurityFilterCh
String mediaType = APPLICATION_JSON_VALUE;
RequestBody requestBody = new RequestBody().content(new Content().addMediaType(mediaType, new MediaType().schema(schema)));
operation.setRequestBody(requestBody);
operation.addParametersItem(new HeaderParameter().name("Authorization"));
operation.addParametersItem(new HeaderParameter().name("Authorization").schema(new StringSchema()));

buildPath(oAuth2EndpointFilter, "clientRegistrationEndpointMatcher", openAPI, operation, HttpMethod.POST);
}
Expand Down
134 changes: 85 additions & 49 deletions ...gdoc-openapi-tests/springdoc-openapi-security-tests/src/test/resources/results/app10.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@
}
}
},
"500": {
"description": "Internal Server Error"
},
"400": {
"description": "Bad Request",
"content": {
Expand All @@ -65,18 +68,48 @@
}
}
}
}
}
}
},
"/.well-known/oauth-authorization-server": {
"get": {
"tags": [
"authorization-server-endpoints"
],
"responses": {
"200": {
"description": "OK",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/OAuth2AuthorizationServerMetadata"
}
}
}
},
"500": {
"description": "Internal Server Error"
}
}
}
},
"/.well-known/oauth-authorization-server": {
"/.well-known/oauth-authorization-server/{subpath}": {
"get": {
"tags": [
"authorization-server-endpoints"
],
"summary": "Valid when multiple issuers are allowed",
"parameters": [
{
"name": "subpath",
"in": "path",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "OK",
Expand All @@ -101,8 +134,11 @@
],
"parameters": [
{
"name": "Authorization",
"in": "header",
"name": "Authorization"
"schema": {
"type": "string"
}
}
],
"requestBody": {
Expand Down Expand Up @@ -165,6 +201,9 @@
}
}
},
"500": {
"description": "Internal Server Error"
},
"400": {
"description": "Bad Request",
"content": {
Expand All @@ -184,9 +223,6 @@
}
}
}
},
"500": {
"description": "Internal Server Error"
}
}
}
Expand Down Expand Up @@ -215,15 +251,8 @@
"text/html": {}
}
},
"302": {
"description": "Moved Temporarily",
"headers": {
"Location": {
"schema": {
"type": "string"
}
}
}
"500": {
"description": "Internal Server Error"
},
"400": {
"description": "Bad Request",
Expand All @@ -235,8 +264,15 @@
}
}
},
"500": {
"description": "Internal Server Error"
"302": {
"description": "Moved Temporarily",
"headers": {
"Location": {
"schema": {
"type": "string"
}
}
}
}
}
}
Expand Down Expand Up @@ -280,6 +316,9 @@
}
}
},
"500": {
"description": "Internal Server Error"
},
"400": {
"description": "Bad Request",
"content": {
Expand All @@ -289,9 +328,6 @@
}
}
}
},
"500": {
"description": "Internal Server Error"
}
}
}
Expand Down Expand Up @@ -322,6 +358,9 @@
"200": {
"description": "OK"
},
"500": {
"description": "Internal Server Error"
},
"400": {
"description": "Bad Request",
"content": {
Expand All @@ -331,9 +370,6 @@
}
}
}
},
"500": {
"description": "Internal Server Error"
}
}
}
Expand All @@ -358,9 +394,6 @@
"OAuth2AuthorizationServerMetadata": {
"type": "object",
"properties": {
"issuer": {
"type": "string"
},
"token_endpoint_auth_methods_supported": {
"type": "array",
"items": {
Expand Down Expand Up @@ -397,16 +430,19 @@
"type": "string"
}
},
"introspection_endpoint": {
"type": "string"
},
"revocation_endpoint": {
"type": "string"
},
"grant_types_supported": {
"type": "array",
"items": {
"type": "string"
}
},
"revocation_endpoint": {
"type": "string"
},
"introspection_endpoint": {
"issuer": {
"type": "string"
},
"jwks_uri": {
Expand All @@ -424,40 +460,35 @@
"type": "integer",
"format": "int64"
},
"access_token": {
"token_type": {
"type": "string"
},
"refresh_token": {
"access_token": {
"type": "string"
},
"token_type": {
"refresh_token": {
"type": "string"
}
}
},
"OAuth2TokenIntrospection": {
"type": "object",
"properties": {
"nbf": {
"type": "integer",
"format": "int64"
},
"scope": {
"type": "string"
},
"jti": {
"type": "string"
},
"client_id": {
"type": "string"
},
"username": {
"type": "string"
"exp": {
"type": "integer",
"format": "int64"
},
"active": {
"type": "boolean"
"nbf": {
"type": "integer",
"format": "int64"
},
"iss": {
"token_type": {
"type": "string"
},
"aud": {
Expand All @@ -466,19 +497,24 @@
"type": "string"
}
},
"token_type": {
"client_id": {
"type": "string"
},
"exp": {
"type": "integer",
"format": "int64"
"username": {
"type": "string"
},
"sub": {
"iss": {
"type": "string"
},
"active": {
"type": "boolean"
},
"iat": {
"type": "integer",
"format": "int64"
},
"sub": {
"type": "string"
}
}
}
Expand Down
Loading

0 comments on commit 6c24eb6

Please sign in to comment.