Warn when AuthorizationGrantType does not match

msosa · Steve Riesenberg · commit 52888d6206fb · 2022-11-17T14:17:54.000-06:00
Log a warning when AuthorizationGrantType does not exactly match a pre-defined constant. Closes gh-11905
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,9 +24,14 @@
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.core.log.LogMessage;
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.AuthenticationMethod;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
@@ -39,6 +44,7 @@
  * Provider.
  *
  * @author Joe Grandja
+ * @author Michael Sosa
  * @since 5.0
  * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2
  * Client Registration</a>
@@ -333,6 +339,12 @@ public static final class Builder implements Serializable {
 
 		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
+		private static final Log logger = LogFactory.getLog(Builder.class);
+
+		private static final List<AuthorizationGrantType> AUTHORIZATION_GRANT_TYPES = Arrays.asList(
+				AuthorizationGrantType.AUTHORIZATION_CODE, AuthorizationGrantType.CLIENT_CREDENTIALS,
+				AuthorizationGrantType.REFRESH_TOKEN, AuthorizationGrantType.IMPLICIT, AuthorizationGrantType.PASSWORD);
+
 		private String registrationId;
 
 		private String clientId;
@@ -622,6 +634,7 @@ else if (AuthorizationGrantType.IMPLICIT.equals(this.authorizationGrantType)) {
 			else if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(this.authorizationGrantType)) {
 				this.validateAuthorizationCodeGrantType();
 			}
+			this.validateAuthorizationGrantTypes();
 			this.validateScopes();
 			return this.create();
 		}
@@ -698,6 +711,17 @@ private void validatePasswordGrantType() {
 			Assert.hasText(this.tokenUri, "tokenUri cannot be empty");
 		}
 
+		private void validateAuthorizationGrantTypes() {
+			for (AuthorizationGrantType authorizationGrantType : AUTHORIZATION_GRANT_TYPES) {
+				if (authorizationGrantType.getValue().equalsIgnoreCase(this.authorizationGrantType.getValue())
+						&& !authorizationGrantType.equals(this.authorizationGrantType)) {
+					logger.warn(LogMessage.format(
+							"AuthorizationGrantType: %s does not match the pre-defined constant %s and won't match a valid OAuth2AuthorizedClientProvider",
+							this.authorizationGrantType, authorizationGrantType));
+				}
+			}
+		}
+
 		private void validateScopes() {
 			if (this.scopes == null) {
 				return;
