Do not require authorizationRequest for device grant

Issue spring-projectsgh-1127
sjohnr · Apr 11, 2023 · 1bfc54f · 1bfc54f
1 parent 8c63c7d
commit 1bfc54f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/.../server/authorization/authentication/OAuth2AuthorizationConsentAuthenticationContext.java b/.../server/authorization/authentication/OAuth2AuthorizationConsentAuthenticationContext.java
@@ -21,6 +21,7 @@
 import java.util.function.Consumer;
 
 import org.springframework.lang.Nullable;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
@@ -162,7 +163,10 @@ public OAuth2AuthorizationConsentAuthenticationContext build() {
 			Assert.notNull(get(OAuth2AuthorizationConsent.Builder.class), "authorizationConsentBuilder cannot be null");
 			Assert.notNull(get(RegisteredClient.class), "registeredClient cannot be null");
 			Assert.notNull(get(OAuth2Authorization.class), "authorization cannot be null");
-			Assert.notNull(get(OAuth2AuthorizationRequest.class), "authorizationRequest cannot be null");
+			OAuth2Authorization authorization = get(OAuth2Authorization.class);
+			if (authorization.getAuthorizationGrantType().equals(AuthorizationGrantType.AUTHORIZATION_CODE)) {
+				Assert.notNull(get(OAuth2AuthorizationRequest.class), "authorizationRequest cannot be null");
+			}
 			return new OAuth2AuthorizationConsentAuthenticationContext(getContext());
 		}