Ability to modify OIDC provider configuration

Closes spring-projectsgh-616

Author: ovidiupopa07

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.java

@@ -26,6 +26,7 @@
 
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
+import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.server.ServletServerHttpResponse;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -59,7 +60,7 @@ public final class OidcProviderConfigurationEndpointFilter extends OncePerReques
 
 	private final ProviderSettings providerSettings;
 	private final RequestMatcher requestMatcher;
-	private final OidcProviderConfigurationHttpMessageConverter providerConfigurationHttpMessageConverter =
+	private HttpMessageConverter<OidcProviderConfiguration> providerConfigurationHttpMessageConverter =
 			new OidcProviderConfigurationHttpMessageConverter();
 
 	public OidcProviderConfigurationEndpointFilter(ProviderSettings providerSettings) {
@@ -103,6 +104,20 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 				providerConfiguration, MediaType.APPLICATION_JSON, httpResponse);
 	}
 
+	/**
+	 * Sets the {@link HttpMessageConverter} used for converting the {@link OidcProviderConfiguration}
+	 * from and to HTTP requests and responses
+	 *
+	 * @param providerConfigurationHttpMessageConverter the {@link HttpMessageConverter} used for converting a
+	 * representation of the OpenID Provider Configuration from and to HTTP requests and responses
+	 *
+	 * @since 0.2.3
+	 */
+	public void setProviderConfigurationHttpMessageConverter(HttpMessageConverter<OidcProviderConfiguration> providerConfigurationHttpMessageConverter) {
+		Assert.notNull(providerConfigurationHttpMessageConverter, "providerConfigurationHttpMessageConverter cannot be null");
+		this.providerConfigurationHttpMessageConverter = providerConfigurationHttpMessageConverter;
+	}
+
 	private static Consumer<List<String>> clientAuthenticationMethods() {
 		return (authenticationMethods) -> {
 			authenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilterTests.java

@@ -15,6 +15,10 @@
  */
 package org.springframework.security.oauth2.server.authorization.oidc.web;
 
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
 import javax.servlet.FilterChain;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -25,6 +29,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.oauth2.core.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter;
 import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
 import org.springframework.security.oauth2.server.authorization.context.ProviderContext;
 import org.springframework.security.oauth2.server.authorization.context.ProviderContextHolder;
@@ -56,6 +61,15 @@ public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException
 				.withMessage("providerSettings cannot be null");
 	}
 
+	@Test
+	public void setProviderConfigurationHttpMessageConverterWhenNullThenThrowIllegalArgumentException() {
+		OidcProviderConfigurationEndpointFilter filter =
+				new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build());
+		assertThatIllegalArgumentException()
+				.isThrownBy(() -> filter.setProviderConfigurationHttpMessageConverter(null))
+				.withMessage("providerConfigurationHttpMessageConverter cannot be null");
+	}
+
 	@Test
 	public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception {
 		OidcProviderConfigurationEndpointFilter filter =
@@ -71,6 +85,55 @@ public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Excepti
 
 		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
 	}
+	@Test
+	public void providerConfigurationHttpMessageConverterWhenCustomThenAbleToOverride() throws Exception{
+		String issuer = "https://example.com/issuer1";
+		String authorizationEndpoint = "/oauth2/v1/authorize";
+		String tokenEndpoint = "/oauth2/v1/token";
+		String jwkSetEndpoint = "/oauth2/v1/jwks";
+		String userInfoEndpoint = "/userinfo";
+
+		ProviderSettings providerSettings = ProviderSettings.builder()
+				.issuer(issuer)
+				.authorizationEndpoint(authorizationEndpoint)
+				.tokenEndpoint(tokenEndpoint)
+				.jwkSetEndpoint(jwkSetEndpoint)
+				.oidcUserInfoEndpoint(userInfoEndpoint)
+				.build();
+		ProviderContextHolder.setProviderContext(new ProviderContext(providerSettings, null));
+		OidcProviderConfigurationEndpointFilter filter =
+				new OidcProviderConfigurationEndpointFilter(providerSettings);
+
+		OidcProviderConfigurationHttpMessageConverter httpMessageConverter = new OidcProviderConfigurationHttpMessageConverter();
+		httpMessageConverter.setProviderConfigurationParametersConverter(oidcProviderConfiguration -> {
+			Map<String, Object> claims = new HashMap<>(oidcProviderConfiguration.getClaims());
+			claims.put("scopes_supported", Arrays.asList("openid", "value1"));
+			return claims;
+		});
+		filter.setProviderConfigurationHttpMessageConverter(httpMessageConverter);
+		String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
+		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
+		request.setServletPath(requestUri);
+		MockHttpServletResponse response = new MockHttpServletResponse();
+		FilterChain filterChain = mock(FilterChain.class);
+		filter.doFilter(request, response, filterChain);
+
+		verifyNoInteractions(filterChain);
+		assertThat(response.getContentType()).isEqualTo(MediaType.APPLICATION_JSON_VALUE);
+		String providerConfigurationResponse = response.getContentAsString();
+		assertThat(providerConfigurationResponse).contains("\"issuer\":\"https://example.com/issuer1\"");
+		assertThat(providerConfigurationResponse).contains("\"authorization_endpoint\":\"https://example.com/issuer1/oauth2/v1/authorize\"");
+		assertThat(providerConfigurationResponse).contains("\"token_endpoint\":\"https://example.com/issuer1/oauth2/v1/token\"");
+		assertThat(providerConfigurationResponse).contains("\"jwks_uri\":\"https://example.com/issuer1/oauth2/v1/jwks\"");
+		assertThat(providerConfigurationResponse).contains("\"scopes_supported\":[\"openid\",\"value1\"]");
+		assertThat(providerConfigurationResponse).contains("\"response_types_supported\":[\"code\"]");
+		assertThat(providerConfigurationResponse).contains("\"grant_types_supported\":[\"authorization_code\",\"client_credentials\",\"refresh_token\"]");
+		assertThat(providerConfigurationResponse).contains("\"subject_types_supported\":[\"public\"]");
+		assertThat(providerConfigurationResponse).contains("\"id_token_signing_alg_values_supported\":[\"RS256\"]");
+		assertThat(providerConfigurationResponse).contains("\"userinfo_endpoint\":\"https://example.com/issuer1/userinfo\"");
+		assertThat(providerConfigurationResponse).contains("\"token_endpoint_auth_methods_supported\":[\"client_secret_basic\",\"client_secret_post\",\"client_secret_jwt\",\"private_key_jwt\"]");
+	}
+
 
 	@Test
 	public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception {