spring-projects · dafafdafafadfa · Mar 9, 2025
diff --git a/...java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java b/...java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationResponseUtils.java
@@ -16,14 +16,15 @@
 
 package org.springframework.security.oauth2.client.web;
 
-import java.util.Map;
+import java.util.*;
 
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
 
+
 /**
  * Utility methods for an OAuth 2.0 Authorization Response.
  *
@@ -62,15 +63,36 @@ static boolean isAuthorizationResponseError(MultiValueMap<String, String> reques
 				&& StringUtils.hasText(request.getFirst(OAuth2ParameterNames.STATE));
 	}
 
-	static OAuth2AuthorizationResponse convert(MultiValueMap<String, String> request, String redirectUri) {
-		String code = request.getFirst(OAuth2ParameterNames.CODE);
-		String errorCode = request.getFirst(OAuth2ParameterNames.ERROR);
-		String state = request.getFirst(OAuth2ParameterNames.STATE);
+	private static final Set<String> AUTHORIZATION_RESPONSE_PARAMETER_NAMES = new HashSet<>(
+			Arrays.asList(
+					OAuth2ParameterNames.CODE,
+					OAuth2ParameterNames.ERROR,
+					OAuth2ParameterNames.STATE,
+					OAuth2ParameterNames.ERROR_DESCRIPTION,
+					OAuth2ParameterNames.REDIRECT_URI,
+					OAuth2ParameterNames.ERROR_URI));
+
+	static OAuth2AuthorizationResponse convert(MultiValueMap<String, String> parameters, String redirectUri) {
+		String code = parameters.getFirst(OAuth2ParameterNames.CODE);
+		String errorCode = parameters.getFirst(OAuth2ParameterNames.ERROR);
+		String state = parameters.getFirst(OAuth2ParameterNames.STATE);
 		if (StringUtils.hasText(code)) {
-			return OAuth2AuthorizationResponse.success(code).redirectUri(redirectUri).state(state).build();
+			Map<String, Object> additionalParameters = new LinkedHashMap<>();
+			parameters.forEach((key, value) -> {
+				if (!AUTHORIZATION_RESPONSE_PARAMETER_NAMES.contains(key)) {
+					additionalParameters.put(
+							key,
+							value);
+				}
+			});
+			return OAuth2AuthorizationResponse.success(code)
+					.redirectUri(redirectUri)
+					.state(state)
+					.additionalParameters(additionalParameters)
+					.build();
 		}
-		String errorDescription = request.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
-		String errorUri = request.getFirst(OAuth2ParameterNames.ERROR_URI);
+		String errorDescription = parameters.getFirst(OAuth2ParameterNames.ERROR_DESCRIPTION);
+		String errorUri = parameters.getFirst(OAuth2ParameterNames.ERROR_URI);
 		// @formatter:off
 		return OAuth2AuthorizationResponse.error(errorCode)
 				.redirectUri(redirectUri)

diff --git a/...n/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/...n/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -18,10 +18,13 @@
 
 import java.io.Serial;
 import java.io.Serializable;
+import java.util.Collections;
+import java.util.Map;
 
 import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 /**
@@ -46,6 +49,8 @@ public final class OAuth2AuthorizationResponse implements Serializable {
 
 	private String code;
 
+	private Map<String, Object> additionalParameters;
+
 	private OAuth2Error error;
 
 	private OAuth2AuthorizationResponse() {
@@ -75,6 +80,15 @@ public String getCode() {
 		return this.code;
 	}
 
+	/**
+	 * Returns the additional parameters returned in the response.
+	 * @return a {@code Map} of the additional parameters returned in the response, may be
+	 * empty.
+	 */
+	public Map<String, Object> getAdditionalParameters() {
+		return this.additionalParameters;
+	}
+
 	/**
 	 * Returns the {@link OAuth2Error OAuth 2.0 Error} if the Authorization Request
 	 * failed, otherwise {@code null}.
@@ -134,6 +148,8 @@ public static final class Builder {
 
 		private String code;
 
+		private Map<String, Object> additionalParameters;
+
 		private String errorCode;
 
 		private String errorDescription;
@@ -173,6 +189,16 @@ public Builder code(String code) {
 			return this;
 		}
 
+		/**
+		 * Sets the additional parameters returned in the response.
+		 * @param additionalParameters the additional parameters returned in the response
+		 * @return the {@link Builder}
+		 */
+		public Builder additionalParameters(Map<String, Object> additionalParameters) {
+			this.additionalParameters = additionalParameters;
+			return this;
+		}
+
 		/**
 		 * Sets the error code.
 		 * @param errorCode the error code
@@ -215,6 +241,9 @@ public OAuth2AuthorizationResponse build() {
 			OAuth2AuthorizationResponse authorizationResponse = new OAuth2AuthorizationResponse();
 			authorizationResponse.redirectUri = this.redirectUri;
 			authorizationResponse.state = this.state;
+			authorizationResponse.additionalParameters = Collections
+					.unmodifiableMap(CollectionUtils.isEmpty(this.additionalParameters) ? Collections.emptyMap()
+											 : this.additionalParameters);
 			if (StringUtils.hasText(this.code)) {
 				authorizationResponse.code = this.code;
 			}