Change the OAuth 2 / OIDC endpoint URLs.

A decision was made to not deploy as a drop-in replacement but rather migrate applications to the new authorzitanion server. This means it is no longer necessary to maintain backwards-compatible URLs and can instead use more "standard" URLs. Not super-critical since they should be discovered via metadata but still nice that the URLs map closer to what the endpoint is called in the various specifications.
2025-04-15 14:32:56 +02:00 · 2025-04-15 14:32:56 +02:00 · 3822f1229c
commit 3822f1229c
parent 09f2fe9430
3 changed files with 9 additions and 10 deletions
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -7,11 +7,11 @@ spring:
    oauth2:
      authorizationserver:
        endpoint:
-          authorization-uri: /authorize
-          token-uri: /exchange
-          token-introspection-uri: /introspect
+          authorization-uri: /oauth2/authorize
+          token-uri: /oauth2/token
+          token-introspection-uri: /oauth2/introspect
          oidc:
-            user-info-uri: /verify
+            user-info-uri: /oidc/userinfo
  flyway:
    baseline-on-migrate: true
 gg:
--- a/src/test/java/se/su/dsv/oauth2/AuthorizationCodeFlowTest.java
+++ b/src/test/java/se/su/dsv/oauth2/AuthorizationCodeFlowTest.java
@ -39,7 +39,7 @@ public class AuthorizationCodeFlowTest {
        String principal = "user";

        // 1. Authorize
-        MvcResult authorizationResult = mockMvc.perform(get("/authorize")
+        MvcResult authorizationResult = mockMvc.perform(get("/oauth2/authorize")
                        .with(remoteUser(principal))
                        .queryParam("response_type", "code")
                        .queryParam("client_id", CLIENT_ID)
@ -57,7 +57,7 @@ public class AuthorizationCodeFlowTest {
        String code = matcher.group("code");

        // 2. Code exchange
-        MvcResult codeExchangeResult = mockMvc.perform(post("/exchange")
+        MvcResult codeExchangeResult = mockMvc.perform(post("/oauth2/token")
                        .header("Authorization", "Basic " + CLIENT_AUTHORIZATION)
                        .param("grant_type", "authorization_code")
                        .param("code", code)
@ -75,7 +75,7 @@ public class AuthorizationCodeFlowTest {
        String accessToken = jsonNode.get("access_token").asText();

        // 3. Introspect
-        mockMvc.perform(post("/introspect")
+        mockMvc.perform(post("/oauth2/introspect")
                        .header("Authorization", "Basic " + CLIENT_AUTHORIZATION)
                        .param("token", accessToken))
                .andExpect(status().isOk())
--- a/src/test/java/se/su/dsv/oauth2/UserInfoEndpointTest.java
+++ b/src/test/java/se/su/dsv/oauth2/UserInfoEndpointTest.java
@ -13,9 +13,8 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.

@SpringBootTest(classes = TestRegisteredClientConfiguration.class)
 public class UserInfoEndpointTest extends AbstractMetadataCodeFlowTest {
-    // Checks for URL compatibility with the old OAuth 2.0 authorization server
    @Test
-    public void user_info_endpoint_url_compatibility() throws Exception {
+    public void user_info_endpoint_url() throws Exception {
        MvcResult mvcResult = mockMvc.perform(get("/.well-known/openid-configuration"))
                .andExpect(status().isOk())
                .andReturn();
@ -25,6 +24,6 @@ public class UserInfoEndpointTest extends AbstractMetadataCodeFlowTest {
        String userinfoEndpoint = openidConfiguration.required("userinfo_endpoint").asText();
        URI userInfoUri = URI.create(userinfoEndpoint);

-        assertEquals("/verify", userInfoUri.getPath());
+        assertEquals("/oidc/userinfo", userInfoUri.getPath());
    }
 }