DMC/oauth2-authorization-server
0
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Implement support for user consent #4

Manually merged
ansv7779 merged 13 commits from user-consent into main 2025-04-25 10:22:44 +02:00
Conversation 0 Commits 13 Files Changed 31 +14 -4
2 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 119e27f5da - Show all commits

1
src/main/java/se/su/dsv/oauth2/web/oauth2/ConsentController.java
View File

@ -81,6 +81,7 @@ public class ConsentController {
}
return Arrays.stream(scopeString.split(" "))
.filter(s -> !s.isBlank())
.filter(scope -> !scope.equals("openid"))
.collect(Collectors.toSet());
}

17
src/test/java/se/su/dsv/oauth2/ConsentFlowTest.java
View File

@ -22,6 +22,7 @@ import java.nio.charset.StandardCharsets;
import java.util.Set;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@ -84,13 +85,20 @@ public class ConsentFlowTest extends AbstractMetadataTest {
@Test
public void shows_requested_scopes() throws Exception {
attemptAuthorizationWithConsentResponseUsingScopes("some-other-end-user", Set.of("openid", "profile"))
attemptAuthorizationWithConsentResponseUsingScopes("some-other-end-user", Set.of("openid", "email", "profile"))
.andExpect(status().isOk())
.andExpectAll(
content().string(containsString("openid")),
content().string(containsString("email")),
content().string(containsString("profile")));
}
@Test
public void does_not_ask_for_consent_for_openid_scope() throws Exception {
attemptAuthorizationWithConsentResponseUsingScopes("some-other-end-user", Set.of("openid", "profile"))
.andExpect(status().isOk())
.andExpect(content().string(not(containsString("openid"))));
}
private ResultActions attemptAuthorizationWithConsentResponse(String principal) throws Exception {
Set<String> scopes = Set.of();
return attemptAuthorizationWithConsentResponseUsingScopes(principal, scopes);
@ -109,8 +117,9 @@ public class ConsentFlowTest extends AbstractMetadataTest {
.andExpect(redirectedUrlPattern("**/oauth2/consent?**"))
.andReturn();
String consentUrl = result.getResponse().getRedirectedUrl();
assertNotNull(consentUrl, "Should have redirected to the consent page");
String redirectedUrl = result.getResponse().getRedirectedUrl();
assertNotNull(redirectedUrl, "Should have redirected to the consent page");
String consentUrl = URLDecoder.decode(redirectedUrl, StandardCharsets.UTF_8);
return mockMvc.perform(get(consentUrl)
.with(remoteUser(principal)));