Spring Authorization Server with Password Grant Type

Finally, spring-authorization-server got custom grant type support with version 1.0.0. Let’s see what implementations we need to do for grant-type:password. PasswordGrantAuthenticationConverter The following example shows a sample implementation of the AuthenticationConverter. public class PasswordGrantAuthenticationConverter implements AuthenticationConverter { public static final String PASSWORD = "password"; @Nullable @Override public Authentication convert(HttpServletRequest request) { // grant_type (REQUIRED) String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE); if (!PASSWORD.equals(grantType)) { return null; } Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication(); MultiValueMap<String, String> parameters = getParameters(request); // username and password (REQUIRED) String username = parameters.getFirst(OAuth2ParameterNames.USERNAME); String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD); if (!StringUtils.hasText(username) || !StringUtils.hasText(password) || parameters.get(OAuth2ParameterNames.USERNAME).size() != 1 || parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) { throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_REQUEST); } Map<String, Object> additionalParameters = new HashMap<>(); parameters.forEach((key, value) -> { if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) && !key.equals(OAuth2ParameterNames.CLIENT_ID)) { additionalParameters.put(key, value.get(0)); } }); return new PasswordGrantAuthenticationToken(username, password, clientPrincipal, additionalParameters); } private static MultiValueMap<String, String> getParameters(HttpServletRequest request) { Map<String, String[]> parameterMap = request.getParameterMap(); MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size()); parameterMap.forEach((key, values) -> { for (String value : values) { parameters.add(key, value); } }); return parameters; } } PasswordGrantAuthenticationProvider AuthenticationProvider is responsible for validating the authorization grant. The following example shows a sample implementation. ...

August 22, 2023 · 4 min · 850 words · Me

Automated Testing On Real iOS Devices

Automated testing is one of the popular topics of our time and almost indispensable. Usually it saves us from wasting time and offers repeatability. In this article, I will explain how we can do automated tests on real iOS devices with Appium. Appium is an open source test automation framework for use with native, hybrid and mobile web apps. It drives iOS, Android, and Windows apps using the WebDriver protocol.[1] ...

January 15, 2019 · 4 min · 707 words · Me