Use current authentication for device authorization

jgrandja · jgrandja · commit 4698aecf8f00 · 2023-05-01T10:06:12.000-04:00
Issue gh-1189
diff --git a/samples/messages-client/src/main/java/sample/web/DeviceController.java b/samples/messages-client/src/main/java/sample/web/DeviceController.java
@@ -22,30 +22,19 @@
 import java.util.Objects;
 import java.util.Set;
 
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.context.SecurityContextHolderStrategy;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
-import org.springframework.security.oauth2.core.OAuth2DeviceCode;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
-import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.LinkedMultiValueMap;
@@ -83,12 +72,6 @@ public class DeviceController {
 
 	private final String messagesBaseUri;
 
-	private final SecurityContextRepository securityContextRepository =
-			new HttpSessionSecurityContextRepository();
-
-	private final SecurityContextHolderStrategy securityContextHolderStrategy =
-			SecurityContextHolder.getContextHolderStrategy();
-
 	public DeviceController(ClientRegistrationRepository clientRegistrationRepository, WebClient webClient,
 			@Value("${messages.base-uri}") String messagesBaseUri) {
 
@@ -98,7 +81,7 @@ public DeviceController(ClientRegistrationRepository clientRegistrationRepositor
 	}
 
 	@GetMapping("/device_authorize")
-	public String authorize(Model model, HttpServletRequest request, HttpServletResponse response) {
+	public String authorize(Model model) {
 		// @formatter:off
 		ClientRegistration clientRegistration =
 				this.clientRegistrationRepository.findByRegistrationId(
@@ -143,13 +126,9 @@ public String authorize(Model model, HttpServletRequest request, HttpServletResp
 		Instant issuedAt = Instant.now();
 		Integer expiresIn = (Integer) responseParameters.get(OAuth2ParameterNames.EXPIRES_IN);
 		Instant expiresAt = issuedAt.plusSeconds(expiresIn);
-		String deviceCodeValue = (String) responseParameters.get(OAuth2ParameterNames.DEVICE_CODE);
 
-		OAuth2DeviceCode deviceCode = new OAuth2DeviceCode(deviceCodeValue, issuedAt, expiresAt);
-		saveSecurityContext(deviceCode, request, response);
-
-		model.addAttribute("deviceCode", deviceCode.getTokenValue());
-		model.addAttribute("expiresAt", deviceCode.getExpiresAt());
+		model.addAttribute("deviceCode", responseParameters.get(OAuth2ParameterNames.DEVICE_CODE));
+		model.addAttribute("expiresAt", expiresAt);
 		model.addAttribute("userCode", responseParameters.get(OAuth2ParameterNames.USER_CODE));
 		model.addAttribute("verificationUri", responseParameters.get(OAuth2ParameterNames.VERIFICATION_URI));
 		// Note: You could use a QR-code to display this URL
@@ -210,19 +189,4 @@ public String authorized(Model model,
 		return "index";
 	}
 
-	private void saveSecurityContext(OAuth2DeviceCode deviceCode, HttpServletRequest request,
-			HttpServletResponse response) {
-
-		// @formatter:off
-		UsernamePasswordAuthenticationToken deviceAuthentication =
-				UsernamePasswordAuthenticationToken.authenticated(
-						deviceCode, null, AuthorityUtils.createAuthorityList("ROLE_DEVICE"));
-		// @formatter:on
-
-		SecurityContext securityContext = this.securityContextHolderStrategy.createEmptyContext();
-		securityContext.setAuthentication(deviceAuthentication);
-		this.securityContextHolderStrategy.setContext(securityContext);
-		this.securityContextRepository.saveContext(securityContext, request, response);
-	}
-
 }
