Fix registration access token cannot be deserialized

ovidiupopa07 · jgrandja · commit ef949a656d8f · 2021-11-30T13:17:06.000-05:00
Change the authorized scopes Set from SingletonSet to UnmodifiableSet as there is no mixin registered for SingletonSet Closes spring-projectsgh-495
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/oidc/authentication/OidcClientRegistrationAuthenticationProvider.java
@@ -21,6 +21,7 @@
 import java.util.Base64;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import java.util.UUID;
@@ -218,7 +219,9 @@ private OidcClientRegistrationAuthenticationToken registerClient(OidcClientRegis
 	private OAuth2Authorization registerAccessToken(RegisteredClient registeredClient) {
 		JoseHeader headers = JwtUtils.headers().build();
 
-		Set<String> authorizedScopes = Collections.singleton(DEFAULT_CLIENT_CONFIGURATION_AUTHORIZED_SCOPE);
+		Set<String> authorizedScopes = new HashSet<>();
+		authorizedScopes.add(DEFAULT_CLIENT_CONFIGURATION_AUTHORIZED_SCOPE);
+		authorizedScopes = Collections.unmodifiableSet(authorizedScopes);
 
 		JwtClaimsSet claims = JwtUtils.accessTokenClaims(
 				registeredClient, this.providerSettings.getIssuer(), registeredClient.getClientId(), authorizedScopes)
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OidcClientRegistrationTests.java
@@ -62,6 +62,8 @@
 import org.springframework.security.oauth2.jose.TestJwks;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
+import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
 import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository.RegisteredClientParametersMapper;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
@@ -323,6 +325,11 @@ RegisteredClientRepository registeredClientRepository(JdbcOperations jdbcOperati
 			return registeredClientRepository;
 		}
 
+		@Bean
+		OAuth2AuthorizationService authorizationService(JdbcOperations jdbcOperations, RegisteredClientRepository registeredClientRepository) {
+			return new JdbcOAuth2AuthorizationService(jdbcOperations, registeredClientRepository);
+		}
+
 		@Bean
 		JdbcOperations jdbcOperations() {
 			return new JdbcTemplate(db);
