Resolve reviews

Signed-off-by: fine-pine <[email protected]>

Author: fine-pine

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProvider.java

@@ -121,10 +121,9 @@ public Authentication authenticate(Authentication authentication) throws Authent
 					throwError(OAuth2ErrorCodes.INVALID_SCOPE, OAuth2ParameterNames.SCOPE);
 				}
 			}
-		}
-
-		if (requestedScopes.contains(OidcScopes.OPENID)) {
-			throwError(OAuth2ErrorCodes.INVALID_SCOPE, OAuth2ParameterNames.SCOPE);
+			if (requestedScopes.contains(OidcScopes.OPENID)) {
+				throwError(OAuth2ErrorCodes.INVALID_SCOPE, OAuth2ParameterNames.SCOPE);
+			}
 		}
 
 		if (this.logger.isTraceEnabled()) {

oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProvider.java

@@ -215,7 +215,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
 
 		// ----- ID token -----
 		OidcIdToken idToken;
-		if (authorizedScopes.contains(OidcScopes.OPENID) && authorization.getToken(OidcIdToken.class) != null) {
+		if (authorizedScopes.contains(OidcScopes.OPENID)) {
 			// @formatter:off
 			tokenContext = tokenContextBuilder
 					.tokenType(ID_TOKEN_TOKEN_TYPE)

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceAuthorizationRequestAuthenticationProviderTests.java

@@ -169,9 +169,9 @@ public void authenticateWhenInvalidScopesThenThrowOAuth2AuthenticationException(
 	@Test
 	public void authenticateWhenOpenIdScopeThenThrowOAuth2AuthenticationException() {
 		RegisteredClient registeredClient = TestRegisteredClients.registeredClient()
-				.authorizationGrantType(AuthorizationGrantType.DEVICE_CODE)
-				.scope(OidcScopes.OPENID)
-				.build();
+			.authorizationGrantType(AuthorizationGrantType.DEVICE_CODE)
+			.scope(OidcScopes.OPENID)
+			.build();
 		Authentication authentication = createAuthentication(registeredClient);
 		// @formatter:off
 		assertThatExceptionOfType(OAuth2AuthenticationException.class)

oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationProviderTests.java

@@ -571,17 +571,7 @@ public void authenticateWhenRefreshTokenNotGeneratedThenThrowOAuth2Authenticatio
 	@Test
 	public void authenticateWhenIdTokenNotGeneratedThenThrowOAuth2AuthenticationException() {
 		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build();
-		OidcIdToken authorizedIdToken = OidcIdToken.withTokenValue("id-token")
-				.issuer("https://provider.com")
-				.subject("subject")
-				.issuedAt(Instant.now())
-				.expiresAt(Instant.now().plusSeconds(60))
-				.claim("sid", "sessionId-1234")
-				.claim(IdTokenClaimNames.AUTH_TIME, Date.from(Instant.now()))
-				.build();
-		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient)
-				.token(authorizedIdToken)
-				.build();
+		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
 		given(this.authorizationService.findByToken(eq(authorization.getRefreshToken().getToken().getTokenValue()),
 				eq(OAuth2TokenType.REFRESH_TOKEN)))
 			.willReturn(authorization);
@@ -610,27 +600,6 @@ public void authenticateWhenIdTokenNotGeneratedThenThrowOAuth2AuthenticationExce
 			});
 	}
 
-	@Test
-	public void authenticateAuthorizationWithoutIdTokenThenIdTokenNotGenerated() {
-		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().scope(OidcScopes.OPENID).build();
-		OAuth2Authorization authorization = TestOAuth2Authorizations.authorization(registeredClient).build();
-		given(this.authorizationService.findByToken(eq(authorization.getRefreshToken().getToken().getTokenValue()),
-				eq(OAuth2TokenType.REFRESH_TOKEN)))
-				.willReturn(authorization);
-
-		OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(registeredClient,
-				ClientAuthenticationMethod.CLIENT_SECRET_BASIC, registeredClient.getClientSecret());
-		OAuth2RefreshTokenAuthenticationToken authentication = new OAuth2RefreshTokenAuthenticationToken(
-				authorization.getRefreshToken().getToken().getTokenValue(), clientPrincipal, null, null);
-
-
-		OAuth2AccessTokenAuthenticationToken accessTokenAuthentication = (OAuth2AccessTokenAuthenticationToken) this.authenticationProvider
-				.authenticate(authentication);
-
-		assertThat(accessTokenAuthentication.getAdditionalParameters().containsKey(OidcParameterNames.ID_TOKEN))
-				.isFalse();
-	}
-
 	@Test
 	public void authenticateWhenAccessTokenFormatReferenceThenAccessTokenGeneratorCalled() {
 		// @formatter:off