Add mapping for DPoP in DefaultMapOAuth2AccessTokenResponseConverter

hammadirshad · jgrandja · commit 1a4602c8c3a6 · 2025-04-30T10:09:41.000-04:00
Closes gh-16806 Signed-off-by: muha <muha@kreftregisteret.no>
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -70,6 +70,10 @@ private static OAuth2AccessToken.TokenType getAccessTokenType(Map<String, Object
 			.equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) {
 			return OAuth2AccessToken.TokenType.BEARER;
 		}
+		else if (OAuth2AccessToken.TokenType.DPOP.getValue()
+			.equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) {
+			return OAuth2AccessToken.TokenType.DPOP;
+		}
 		return null;
 	}
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverterTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/DefaultMapOAuth2AccessTokenResponseConverterTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -98,6 +98,18 @@ public void shouldConvertMinimal() {
 		assertThat(additionalParameters).isEmpty();
 	}
 
+	@Test
+	public void shouldConvertDPoPToken() {
+		Map<String, Object> map = new HashMap<>();
+		map.put("access_token", "access-token-1234");
+		map.put("token_type", "dpop");
+		OAuth2AccessTokenResponse converted = this.messageConverter.convert(map);
+		OAuth2AccessToken accessToken = converted.getAccessToken();
+		assertThat(accessToken).isNotNull();
+		assertThat(accessToken.getTokenValue()).isEqualTo("access-token-1234");
+		assertThat(accessToken.getTokenType()).isEqualTo(OAuth2AccessToken.TokenType.DPOP);
+	}
+
 	@Test
 	public void shouldConvertWithUnsupportedExpiresIn() {
 		Map<String, Object> map = new HashMap<>();

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2021 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -70,6 +70,10 @@ private static OAuth2AccessToken.TokenType getAccessTokenType(Map<String, Object`
`70`	`70`	`.equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) {`
`71`	`71`	`return OAuth2AccessToken.TokenType.BEARER;`
`72`	`72`	`}`
	`73`	`+ else if (OAuth2AccessToken.TokenType.DPOP.getValue()`
	`74`	`+ .equalsIgnoreCase(getParameterValue(tokenResponseParameters, OAuth2ParameterNames.TOKEN_TYPE))) {`
	`75`	`+ return OAuth2AccessToken.TokenType.DPOP;`
	`76`	`+ }`
`73`	`77`	`return null;`
`74`	`78`	`}`
`75`	`79`