Merge pull request #2124 from uc4w6c/oauth2-endpoint-response-schema-changes

fix spring authorization server response. Fixes #2123

Author: bnasslahsen

springdoc-openapi-starter-common/src/main/java/org/springdoc/core/configuration/SpringDocSecurityOAuth2Customizer.java

@@ -2,13 +2,14 @@
 
 import java.lang.reflect.Field;
 
-import com.nimbusds.jose.jwk.JWKSet;
 import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.models.OpenAPI;
 import io.swagger.v3.oas.models.Operation;
 import io.swagger.v3.oas.models.PathItem;
 import io.swagger.v3.oas.models.headers.Header;
+import io.swagger.v3.oas.models.media.ArraySchema;
 import io.swagger.v3.oas.models.media.Content;
+import io.swagger.v3.oas.models.media.MapSchema;
 import io.swagger.v3.oas.models.media.MediaType;
 import io.swagger.v3.oas.models.media.ObjectSchema;
 import io.swagger.v3.oas.models.media.Schema;
@@ -21,6 +22,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springdoc.core.configuration.oauth2.SpringDocOAuth2AuthorizationServerMetadata;
+import org.springdoc.core.configuration.oauth2.SpringDocOAuth2Token;
 import org.springdoc.core.configuration.oauth2.SpringDocOAuth2TokenIntrospection;
 import org.springdoc.core.customizers.GlobalOpenApiCustomizer;
 import org.springdoc.core.utils.SpringDocAnnotationsUtils;
@@ -31,10 +33,7 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.core.OAuth2Error;
-import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
-import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
 import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
@@ -49,6 +48,7 @@
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
+import static org.springframework.http.MediaType.TEXT_HTML_VALUE;
 
 /**
  * The type Spring doc security o auth 2 customizer.
@@ -95,7 +95,10 @@ private void getOAuth2TokenRevocationEndpointFilter(OpenAPI openAPI, SecurityFil
 		Object oAuth2EndpointFilter =
 				new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenRevocationEndpointFilter.class).findEndpoint(securityFilterChain);
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponsesWithBadRequest(SpringDocAnnotationsUtils.resolveSchemaFromType(OAuth2TokenRevocationAuthenticationToken.class, openAPI.getComponents(), null), openAPI);
+			ApiResponses apiResponses = new ApiResponses();
+			apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()));
+			buildApiResponsesOnInternalServerError(apiResponses);
+			buildApiResponsesOnBadRequest(apiResponses, openAPI);
 
 			Operation operation = buildOperation(apiResponses);
 			Schema<?> schema = new ObjectSchema()
@@ -119,15 +122,19 @@ private void getOAuth2TokenIntrospectionEndpointFilter(OpenAPI openAPI, Security
 		Object oAuth2EndpointFilter =
 				new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenIntrospectionEndpointFilter.class).findEndpoint(securityFilterChain);
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponsesWithBadRequest(SpringDocAnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2TokenIntrospection.class, openAPI.getComponents(), null), openAPI);
+			ApiResponses apiResponses = new ApiResponses();
+			buildApiResponsesOnSuccess(apiResponses, SpringDocAnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2TokenIntrospection.class, openAPI.getComponents(), null));
+			buildApiResponsesOnInternalServerError(apiResponses);
+			buildApiResponsesOnBadRequest(apiResponses, openAPI);
+
 			Operation operation = buildOperation(apiResponses);
-			Schema<?> schema = new ObjectSchema()
+			Schema<?> requestSchema = new ObjectSchema()
 					.addProperty("token", new StringSchema())
 					.addProperty(OAuth2ParameterNames.TOKEN_TYPE_HINT, new StringSchema())
 					.addProperty("additionalParameters", new ObjectSchema().additionalProperties(new StringSchema()));
 
 			String mediaType = org.springframework.http.MediaType.APPLICATION_FORM_URLENCODED_VALUE;
-			RequestBody requestBody = new RequestBody().content(new Content().addMediaType(mediaType, new MediaType().schema(schema)));
+			RequestBody requestBody = new RequestBody().content(new Content().addMediaType(mediaType, new MediaType().schema(requestSchema)));
 			operation.setRequestBody(requestBody);
 			buildPath(oAuth2EndpointFilter, "tokenIntrospectionEndpointMatcher", openAPI, operation, HttpMethod.POST);
 		}
@@ -143,7 +150,9 @@ private void getOAuth2AuthorizationServerMetadataEndpoint(OpenAPI openAPI, Secur
 		Object oAuth2EndpointFilter =
 				new SpringDocSecurityOAuth2EndpointUtils(OAuth2AuthorizationServerMetadataEndpointFilter.class).findEndpoint(securityFilterChain);
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponses(SpringDocAnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2AuthorizationServerMetadata.class, openAPI.getComponents(), null));
+			ApiResponses apiResponses = new ApiResponses();
+			buildApiResponsesOnSuccess(apiResponses, SpringDocAnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2AuthorizationServerMetadata.class, openAPI.getComponents(), null));
+			buildApiResponsesOnInternalServerError(apiResponses);
 			Operation operation = buildOperation(apiResponses);
 			buildPath(oAuth2EndpointFilter, "requestMatcher", openAPI, operation, HttpMethod.GET);
 		}
@@ -159,7 +168,17 @@ private void getNimbusJwkSetEndpoint(OpenAPI openAPI, SecurityFilterChain securi
 		Object oAuth2EndpointFilter =
 				new SpringDocSecurityOAuth2EndpointUtils(NimbusJwkSetEndpointFilter.class).findEndpoint(securityFilterChain);
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponses(SpringDocAnnotationsUtils.resolveSchemaFromType(JWKSet.class, openAPI.getComponents(), null));
+			ApiResponses apiResponses = new ApiResponses();
+			Schema<?> schema = new MapSchema();
+			schema.addProperty("keys", new ArraySchema().items(new ObjectSchema().additionalProperties(true)));
+
+			ApiResponse response = new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType(
+					APPLICATION_JSON_VALUE,
+					new MediaType().schema(schema)));
+			apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), response);
+			buildApiResponsesOnInternalServerError(apiResponses);
+			buildApiResponsesOnBadRequest(apiResponses, openAPI);
+
 			Operation operation = buildOperation(apiResponses);
 			operation.responses(apiResponses);
 			buildPath(oAuth2EndpointFilter, "requestMatcher", openAPI, operation, HttpMethod.GET);
@@ -177,7 +196,10 @@ private void getOAuth2TokenEndpoint(OpenAPI openAPI, SecurityFilterChain securit
 				new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenEndpointFilter.class).findEndpoint(securityFilterChain);
 
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponsesWithBadRequest(SpringDocAnnotationsUtils.resolveSchemaFromType(OAuth2AccessTokenResponse.class, openAPI.getComponents(), null), openAPI);
+			ApiResponses apiResponses = new ApiResponses();
+			buildApiResponsesOnSuccess(apiResponses, SpringDocAnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2Token.class, openAPI.getComponents(), null));
+			buildApiResponsesOnInternalServerError(apiResponses);
+			buildApiResponsesOnBadRequest(apiResponses, openAPI);
 			buildOAuth2Error(openAPI, apiResponses, HttpStatus.UNAUTHORIZED);
 			Operation operation = buildOperation(apiResponses);
 			Schema<?> schema = new ObjectSchema().additionalProperties(new StringSchema());
@@ -196,7 +218,14 @@ private void getOAuth2AuthorizationEndpoint(OpenAPI openAPI, SecurityFilterChain
 		Object oAuth2EndpointFilter =
 				new SpringDocSecurityOAuth2EndpointUtils(OAuth2AuthorizationEndpointFilter.class).findEndpoint(securityFilterChain);
 		if (oAuth2EndpointFilter != null) {
-			ApiResponses apiResponses = buildApiResponsesWithBadRequest(SpringDocAnnotationsUtils.resolveSchemaFromType(OAuth2AuthorizationConsentAuthenticationToken.class, openAPI.getComponents(), null), openAPI);
+			ApiResponses apiResponses = new ApiResponses();
+
+			ApiResponse response = new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType(
+					TEXT_HTML_VALUE,
+					new MediaType()));
+			apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), response);
+			buildApiResponsesOnInternalServerError(apiResponses);
+			buildApiResponsesOnBadRequest(apiResponses, openAPI);
 			apiResponses.addApiResponse(String.valueOf(HttpStatus.MOVED_TEMPORARILY.value()),
 					new ApiResponse().description(HttpStatus.MOVED_TEMPORARILY.getReasonPhrase())
 							.addHeaderObject("Location", new Header().schema(new StringSchema())));
@@ -221,30 +250,39 @@ private Operation buildOperation(ApiResponses apiResponses) {
 	}
 
 	/**
-	 * Build api responses api responses.
+	 * Build api responses api responses on success.
 	 *
+	 * @param apiResponses the api responses
 	 * @param schema the schema
 	 * @return the api responses
 	 */
-	private ApiResponses buildApiResponses(Schema schema) {
-		ApiResponses apiResponses = new ApiResponses();
+	private ApiResponses buildApiResponsesOnSuccess(ApiResponses apiResponses, Schema schema) {
 		ApiResponse response = new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType(
 				APPLICATION_JSON_VALUE,
 				new MediaType().schema(schema)));
 		apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), response);
+		return apiResponses;
+	}
+
+	/**
+	 * Build api responses api responses on internal server error.
+	 *
+	 * @param apiResponses the api responses
+	 * @return the api responses
+	 */
+	private ApiResponses buildApiResponsesOnInternalServerError(ApiResponses apiResponses) {
 		apiResponses.addApiResponse(String.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()), new ApiResponse().description(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()));
 		return apiResponses;
 	}
 
 	/**
-	 * Build api responses with bad request api responses.
+	 * Build api responses on bad request.
 	 *
-	 * @param schema the schema
+	 * @param apiResponses the api responses
 	 * @param openAPI the open api
 	 * @return the api responses
 	 */
-	private ApiResponses buildApiResponsesWithBadRequest(Schema schema, OpenAPI openAPI) {
-		ApiResponses apiResponses = buildApiResponses(schema);
+	private ApiResponses buildApiResponsesOnBadRequest(ApiResponses apiResponses, OpenAPI openAPI) {
 		buildOAuth2Error(openAPI, apiResponses, HttpStatus.BAD_REQUEST);
 		return apiResponses;
 	}

springdoc-openapi-starter-common/src/main/java/org/springdoc/core/configuration/oauth2/SpringDocOAuth2AuthorizationServerMetadata.java

@@ -1,151 +1,54 @@
 package org.springdoc.core.configuration.oauth2;
 
-import java.net.URL;
-import java.time.Instant;
 import java.util.List;
-import java.util.Map;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.v3.oas.annotations.media.Schema;
 
-import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadataClaimAccessor;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadataClaimNames;
 
 /**
  * The type Spring doc o auth 2 authorization server metadata.
  *
+ * @ses <a href="https://github.com/spring-projects/spring-authorization-server/blob/main/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationServerMetadata.java">OAuth2AuthorizationServerMetadata</a>
  * @author bnasslahsen
+ * @author yuta.saito
  */
 @Schema(name = "OAuth2AuthorizationServerMetadata")
-public class SpringDocOAuth2AuthorizationServerMetadata implements OAuth2AuthorizationServerMetadataClaimAccessor {
-
-
-	@Override
-	public Map<String, Object> getClaims() {
-		return null;
-	}
-
-	@Override
-	public <T> T getClaim(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaim(claim);
-	}
-
-	@Override
-	public boolean hasClaim(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.hasClaim(claim);
-	}
-
-	@Override
-	public String getClaimAsString(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsString(claim);
-	}
-
-	@Override
-	public Boolean getClaimAsBoolean(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsBoolean(claim);
-	}
-
-	@Override
-	public Instant getClaimAsInstant(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsInstant(claim);
-	}
-
-	@Override
-	public URL getClaimAsURL(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsURL(claim);
-	}
-
-	@Override
-	public Map<String, Object> getClaimAsMap(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsMap(claim);
-	}
-
-	@Override
-	public List<String> getClaimAsStringList(String claim) {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClaimAsStringList(claim);
-	}
-
-	@Override
+public interface SpringDocOAuth2AuthorizationServerMetadata {
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.ISSUER)
-	public URL getIssuer() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getIssuer();
-	}
+	String issuer();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT)
-	public URL getAuthorizationEndpoint() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getAuthorizationEndpoint();
-	}
+	String authorizationEndpoint();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT)
-	public URL getTokenEndpoint() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenEndpoint();
-	}
+	String tokenEndpoint();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED)
-	public List<String> getTokenEndpointAuthenticationMethods() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenEndpointAuthenticationMethods();
-	}
+	List<String> tokenEndpointAuthMethodsSupported();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.JWKS_URI)
-	public URL getJwkSetUrl() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getJwkSetUrl();
-	}
-
-	@Override
-	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.SCOPES_SUPPORTED)
-	public List<String> getScopes() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getScopes();
-	}
+	String jwksUri();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.RESPONSE_TYPES_SUPPORTED)
-	public List<String> getResponseTypes() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getResponseTypes();
-	}
+	List<String> responseTypesSupported();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.GRANT_TYPES_SUPPORTED)
-	public List<String> getGrantTypes() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getGrantTypes();
-	}
+	List<String> grantTypesSupported();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT)
-	public URL getTokenRevocationEndpoint() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenRevocationEndpoint();
-	}
+	String revocationEndpoint();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED)
-	public List<String> getTokenRevocationEndpointAuthenticationMethods() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenRevocationEndpointAuthenticationMethods();
-	}
+	List<String> revocationEndpointAuthMethodsSupported();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT)
-	public URL getTokenIntrospectionEndpoint() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenIntrospectionEndpoint();
-	}
+	String introspectionEndpoint();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED)
-	public List<String> getTokenIntrospectionEndpointAuthenticationMethods() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getTokenIntrospectionEndpointAuthenticationMethods();
-	}
-
-	@Override
-	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.REGISTRATION_ENDPOINT)
-	public URL getClientRegistrationEndpoint() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getClientRegistrationEndpoint();
-	}
+	List<String> introspectionEndpointAuthMethodsSupported();
 
-	@Override
 	@JsonProperty(OAuth2AuthorizationServerMetadataClaimNames.CODE_CHALLENGE_METHODS_SUPPORTED)
-	public List<String> getCodeChallengeMethods() {
-		return OAuth2AuthorizationServerMetadataClaimAccessor.super.getCodeChallengeMethods();
-	}
+	List<String> codeChallengeMethodsSupported();
 }

springdoc-openapi-starter-common/src/main/java/org/springdoc/core/configuration/oauth2/SpringDocOAuth2Token.java

@@ -0,0 +1,25 @@
+package org.springdoc.core.configuration.oauth2;
+
+import com.fasterxml.jackson.databind.PropertyNamingStrategies;
+import com.fasterxml.jackson.databind.annotation.JsonNaming;
+import io.swagger.v3.oas.annotations.media.Schema;
+
+/**
+ * The type Spring doc o auth 2 token.
+ *
+ * @see <a href="https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultOAuth2AccessTokenResponseMapConverter.java">DefaultOAuth2AccessTokenResponseMapConverter</a>
+ * @author yuta.saito
+ */
+@Schema(name = "OAuth2Token")
+@JsonNaming(PropertyNamingStrategies.SnakeCaseStrategy.class)
+public interface SpringDocOAuth2Token {
+	String getAccessToken();
+
+	String getTokenType();
+
+	long getExpiresIn();
+
+	String getScope();
+
+	String getRefreshToken();
+}