Don't set any scope as discussed in PR 8790

martin-v · martin-v · commit 3938ea4846bd · 2020-08-17T13:08:08.000+02:00
#8790
diff --git a/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/oauth2/client/ClientRegistrationsBeanDefinitionParserTests.java
@@ -152,7 +152,7 @@ public void parseWhenIssuerUriConfiguredThenRequestConfigFromIssuer() throws Exc
 		assertThat(googleRegistration.getClientAuthenticationMethod()).isEqualTo(ClientAuthenticationMethod.BASIC);
 		assertThat(googleRegistration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(googleRegistration.getRedirectUri()).isEqualTo("{baseUrl}/{action}/oauth2/code/{registrationId}");
-		assertThat(googleRegistration.getScopes()).isEqualTo(StringUtils.commaDelimitedListToSet("openid"));
+		assertThat(googleRegistration.getScopes()).isNull();
 		assertThat(googleRegistration.getClientName()).isEqualTo(serverUrl);
 
 		ProviderDetails googleProviderDetails = googleRegistration.getProviderDetails();
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistrations.java
@@ -34,7 +34,6 @@
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
-import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.util.Assert;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
@@ -239,7 +238,6 @@ private static ClientRegistration.Builder withProviderConfiguration(Authorizatio
 
 		return ClientRegistration.withRegistrationId(name)
 				.userNameAttributeName(IdTokenClaimNames.SUB)
-				.scope(OidcScopes.OPENID) // default to "openid" which must be supported
 				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
 				.clientAuthenticationMethod(method)
 				.redirectUri("{baseUrl}/{action}/oauth2/code/{registrationId}")
diff --git a/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java b/oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/registration/ClientRegistrationsTest.java
@@ -158,7 +158,7 @@ private void assertIssuerMetadata(ClientRegistration registration,
 		assertThat(registration.getAuthorizationGrantType()).isEqualTo(AuthorizationGrantType.AUTHORIZATION_CODE);
 		assertThat(registration.getRegistrationId()).isEqualTo(this.server.getHostName());
 		assertThat(registration.getClientName()).isEqualTo(this.issuer);
-		assertThat(registration.getScopes()).containsOnly("openid");
+		assertThat(registration.getScopes()).isNull();
 		assertThat(provider.getAuthorizationUri()).isEqualTo("https://example.com/o/oauth2/v2/auth");
 		assertThat(provider.getTokenUri()).isEqualTo("https://example.com/oauth2/v4/token");
 		assertThat(provider.getJwkSetUri()).isEqualTo("https://example.com/oauth2/v3/certs");
@@ -222,41 +222,6 @@ public void issuerWhenOAuth2ContainsTrailingSlashThenSuccess() throws Exception
 		assertThat(this.issuer).endsWith("/");
 	}
 
-	/**
-	 * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
-	 *
-	 * RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The
-	 * server MUST support the openid scope value.
-	 * @throws Exception
-	 */
-	@Test
-	public void issuerWhenScopesNullThenScopesDefaulted() throws Exception {
-		this.response.remove("scopes_supported");
-
-		ClientRegistration registration = registration("").build();
-
-		assertThat(registration.getScopes()).containsOnly("openid");
-	}
-
-	@Test
-	public void issuerWhenOidcFallbackScopesNullThenScopesDefaulted() throws Exception {
-		this.response.remove("scopes_supported");
-
-		ClientRegistration registration = registrationOidcFallback("", null).build();
-
-		assertThat(registration.getScopes()).containsOnly("openid");
-	}
-
-	@Test
-	public void issuerWhenOAuth2ScopesNullThenScopesDefaulted() throws Exception {
-		this.response.remove("scopes_supported");
-
-		ClientRegistration registration = registrationOAuth2("", null).build();
-
-		assertThat(registration.getScopes()).containsOnly("openid");
-	}
-
-
 	@Test
 	public void issuerWhenGrantTypesSupportedNullThenDefaulted() throws Exception {
 		this.response.remove("grant_types_supported");
