Skip to content

Commit 3dadfdf

Browse files
MarcialRosalesMarcialRosales
committed
Generate introspected token with scopes from client
when using client_credentials
1 parent 4301251 commit 3dadfdf

File tree

3 files changed

+21
-5
lines changed

3 files changed

+21
-5
lines changed

.github/workflows/authorization-server-make.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ on:
1414

1515
env:
1616
REGISTRY_IMAGE: pivotalrabbitmq/spring-authorization-server
17-
IMAGE_TAG: 0.0.9
17+
IMAGE_TAG: 0.0.10
1818
jobs:
1919
docker:
2020
runs-on: ubuntu-latest

selenium/authorization-server/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
</parent>
1111
<groupId>com.rabbitmq</groupId>
1212
<artifactId>authorization-server</artifactId>
13-
<version>0.0.9</version>
13+
<version>0.0.10</version>
1414
<name>authorization-server</name>
1515
<description>Authorization Server for Selenium</description>
1616
<url/>

selenium/authorization-server/src/main/java/com/rabbitmq/authorization_server/SecurityConfig.java

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@
55
import java.security.interfaces.RSAPrivateKey;
66
import java.security.interfaces.RSAPublicKey;
77
import java.util.UUID;
8+
import java.util.Collection;
9+
import java.util.List;
10+
811
import org.slf4j.Logger;
912
import org.slf4j.LoggerFactory;
1013

@@ -30,6 +33,8 @@
3033
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
3134
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
3235

36+
import org.springframework.security.oauth2.core.AuthorizationGrantType;
37+
3338
import com.nimbusds.jose.jwk.JWKSet;
3439
import com.nimbusds.jose.jwk.RSAKey;
3540
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
@@ -130,9 +135,20 @@ public OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer()
130135
logger.info("authorities : {}", principal.getAuthorities());
131136
logger.info("authorized scopes : {}", context.getAuthorizedScopes());
132137

133-
context.getClaims()
134-
.audience(AudienceAuthority.getAll(principal))
135-
.claim("extra_scope", ScopeAuthority.getAuthorites(principal));
138+
if (AuthorizationGrantType.CLIENT_CREDENTIALS.equals(context.getAuthorizationGrantType())) {
139+
Collection<String> extra_scope = context.getRegisteredClient().getScopes();
140+
logger.info("granting extra_scope: {}", extra_scope);
141+
context.getClaims()
142+
.claim("extra_scope", extra_scope);
143+
} else {
144+
Collection<String> extra_scope = ScopeAuthority.getAuthorites(principal);
145+
List<String> audience = AudienceAuthority.getAll(principal);
146+
logger.info("granting extra_scope: {}", extra_scope);
147+
logger.info("granting audience: {}", audience);
148+
context.getClaims()
149+
.audience(audience)
150+
.claim("extra_scope", extra_scope);
151+
}
136152
};
137153
}
138154
@Bean

0 commit comments

Comments
 (0)