Skip to content

Commit

Permalink
Merge pull request #41355 from opcooc
Browse files Browse the repository at this point in the history
* gh-41355:
  Polish "Add configuration property to allow multiple issuers"
  Add configuration property to allow multiple issuers

Closes gh-41355
  • Loading branch information
wilkinsona committed Jul 17, 2024
2 parents f7780b4 + 1a6760e commit b7ff40e
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -42,6 +42,13 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
*/
private String issuer;

/**
* Whether multiple issuers are allowed per host. Using path components in the URL of
* the issuer identifier enables supporting multiple issuers per host in a
* multi-tenant hosting configuration.
*/
private boolean multipleIssuersAllowed = false;

/**
* Registered clients of the Authorization Server.
*/
Expand All @@ -52,6 +59,14 @@ public class OAuth2AuthorizationServerProperties implements InitializingBean {
*/
private final Endpoint endpoint = new Endpoint();

public boolean isMultipleIssuersAllowed() {
return this.multipleIssuersAllowed;
}

public void setMultipleIssuersAllowed(boolean multipleIssuersAllowed) {
this.multipleIssuersAllowed = multipleIssuersAllowed;
}

public String getIssuer() {
return this.issuer;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -52,6 +52,7 @@ AuthorizationServerSettings asAuthorizationServerSettings() {
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoint.getOidc();
AuthorizationServerSettings.Builder builder = AuthorizationServerSettings.builder();
map.from(this.properties::getIssuer).to(builder::issuer);
map.from(this.properties::isMultipleIssuersAllowed).to(builder::multipleIssuersAllowed);
map.from(endpoint::getAuthorizationUri).to(builder::authorizationEndpoint);
map.from(endpoint::getDeviceAuthorizationUri).to(builder::deviceAuthorizationEndpoint);
map.from(endpoint::getDeviceVerificationUri).to(builder::deviceVerificationEndpoint);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2023 the original author or authors.
* Copyright 2012-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -113,6 +113,37 @@ void getAuthorizationServerSettingsWhenValidParametersShouldAdapt() {
oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isEqualTo("https://example.com");
assertThat(settings.isMultipleIssuersAllowed()).isFalse();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
assertThat(settings.getTokenEndpoint()).isEqualTo("/token");
assertThat(settings.getJwkSetEndpoint()).isEqualTo("/jwks");
assertThat(settings.getTokenRevocationEndpoint()).isEqualTo("/revoke");
assertThat(settings.getTokenIntrospectionEndpoint()).isEqualTo("/introspect");
assertThat(settings.getOidcLogoutEndpoint()).isEqualTo("/logout");
assertThat(settings.getOidcClientRegistrationEndpoint()).isEqualTo("/register");
assertThat(settings.getOidcUserInfoEndpoint()).isEqualTo("/user");
}

@Test
void getAuthorizationServerSettingsWhenMultipleIssuersAllowedShouldAdapt() {
this.properties.setMultipleIssuersAllowed(true);
OAuth2AuthorizationServerProperties.Endpoint endpoints = this.properties.getEndpoint();
endpoints.setAuthorizationUri("/authorize");
endpoints.setDeviceAuthorizationUri("/device_authorization");
endpoints.setDeviceVerificationUri("/device_verification");
endpoints.setTokenUri("/token");
endpoints.setJwkSetUri("/jwks");
endpoints.setTokenRevocationUri("/revoke");
endpoints.setTokenIntrospectionUri("/introspect");
OAuth2AuthorizationServerProperties.OidcEndpoint oidc = endpoints.getOidc();
oidc.setLogoutUri("/logout");
oidc.setClientRegistrationUri("/register");
oidc.setUserInfoUri("/user");
AuthorizationServerSettings settings = this.mapper.asAuthorizationServerSettings();
assertThat(settings.getIssuer()).isNull();
assertThat(settings.isMultipleIssuersAllowed()).isTrue();
assertThat(settings.getAuthorizationEndpoint()).isEqualTo("/authorize");
assertThat(settings.getDeviceAuthorizationEndpoint()).isEqualTo("/device_authorization");
assertThat(settings.getDeviceVerificationEndpoint()).isEqualTo("/device_verification");
Expand Down

0 comments on commit b7ff40e

Please sign in to comment.