Skip to content

Commit

Permalink
Polish "Add configuration property to allow multiple issuers"
Browse files Browse the repository at this point in the history
  • Loading branch information
wilkinsona committed Jul 17, 2024
1 parent b0b97fb commit 1a6760e
Show file tree
Hide file tree
Showing 3 changed files with 46 additions and 24 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -43,26 +43,9 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
private String issuer;

/**
* Set to {@code true} if multiple issuers are allowed per host. Using path
* components in the URL of the issuer identifier enables supporting multiple
* issuers per host in a multi-tenant hosting configuration.
*
* <p>
* For example:
* <ul>
* <li>{@code https://example.com/issuer1}</li>
* <li>{@code https://example.com/authz/issuer2}</li>
* </ul>
*
* <p>
* <b>NOTE:</b> Explicitly configuring the issuer identifier via
* {@link #issuer(String)} forces to a single-tenant configuration. Avoid
* configuring the issuer identifier when using a multi-tenant hosting
* configuration, allowing the issuer identifier to be resolved from the
* <i>"current"</i> request.
* @param multipleIssuersAllowed {@code true} if multiple issuers are allowed per
* host, {@code false} otherwise
* @return the {@link Builder} for further configuration
* Whether multiple issuers are allowed per host. Using path components in the URL of
* the issuer identifier enables supporting multiple issuers per host in a
* multi-tenant hosting configuration.
*/
private boolean multipleIssuersAllowed = false;

Expand All @@ -76,6 +59,14 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
*/
private final Endpoint endpoint = new Endpoint();

public boolean isMultipleIssuersAllowed() {
return this.multipleIssuersAllowed;
}

public void setMultipleIssuersAllowed(boolean multipleIssuersAllowed) {
this.multipleIssuersAllowed = multipleIssuersAllowed;
}

public String getIssuer() {
return this.issuer;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -51,7 +51,7 @@ AuthorizationServerSettings asAuthorizationServerSettings() {
OAuth2AuthorizationServerProperties.Endpoint endpoint = this.properties.getEndpoint();
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
map.from(this.properties::getIssuer).whenHasText().to(builder::issuer);
map.from(this.properties::getIssuer).to(builder::issuer);
map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed);
map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -113,6 +113,37 @@ void getAuthorizationServerSettingsWhenValidParametersShouldAdapt() {
oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isEqualTo("https://example.com");
assertThat(settings.isMultipleIssuersAllowed()).isFalse();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
assertThat(settings.getTokenEndpoint()).isEqualTo("/token");
assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks");
assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke");
assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect");
assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout");
assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register");
assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user");
}

@Test
void getAuthorizationServerSettingsWhenMultipleIssuersAllowedShouldAdapt() {
this.properties.setMultipleIssuersAllowed(true);
OAuth2AuthorizationServerProperties.Endpoint endpoints = this.properties.getEndpoint();
endpoints.setAuthorizationUri("/authorize");
endpoints.setDeviceAuthorizationUri("/device_authorization");
endpoints.setDeviceVerificationUri("/device_verification");
endpoints.setTokenUri("/token");
endpoints.setJwkSetUri("/jwks");
endpoints.setTokenRevocationUri("/revoke");
endpoints.setTokenIntrospectionUri("/introspect");
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc();
oidc.setLogoutUri("/logout");
oidc.setClientRegistrationUri("/register");
oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isNull();
assertThat(settings.isMultipleIssuersAllowed()).isTrue();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
Expand Down

0 comments on commit 1a6760e

Please sign in to comment.