Examples with OAuth2AccessToken org.springframework.security.oauth2.core.OAuth2AccessToken used on opensource projects

Example 1 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testReissuedAccessTokenHasUpdatedExpiration.

@Test
public void testReissuedAccessTokenHasUpdatedExpiration() throws InterruptedException {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
    Thread.sleep(1000);
    earliestExpiry = oneHoursTime();
    OAuth2AccessToken reissuedOauth2AccessToken = tokenServices.createAccessToken(authentication);
    latestExpiry = oneHoursTime();
    assertNotNull(reissuedOauth2AccessToken);
    assertFalse(reissuedOauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(reissuedOauth2AccessToken.getExpiration().after(latestExpiry));
}

Example 2 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRandomValueTokenServicesTest method testCreateAddWorkAccessToken.

@Test
public void testCreateAddWorkAccessToken() {
    Date earliestExpiry = oneHoursTime();
    Map<String, String> authorizationParameters = new HashMap<>();
    String clientId = "4444-4444-4444-4441";
    authorizationParameters.put(OAuth2Utils.CLIENT_ID, clientId);
    authorizationParameters.put(OAuth2Utils.SCOPE, "/orcid-works/create");
    OAuth2Request request = new OAuth2Request(Collections.<String, String>emptyMap(), clientId, Collections.<GrantedAuthority>emptyList(), true, new HashSet<String>(Arrays.asList("/orcid-profile/read-limited")), Collections.<String>emptySet(), null, Collections.<String>emptySet(), Collections.<String, Serializable>emptyMap());
    ClientDetailsEntity clientDetails = clientDetailsManager.findByClientId(clientId);
    Authentication userAuthentication = new OrcidOauth2ClientAuthentication(clientDetails);
    OAuth2Authentication authentication = new OAuth2Authentication(request, userAuthentication);
    OAuth2AccessToken oauth2AccessToken = tokenServices.createAccessToken(authentication);
    Date latestExpiry = oneHoursTime();
    assertNotNull(oauth2AccessToken);
    assertFalse(oauth2AccessToken.getExpiration().before(earliestExpiry));
    assertFalse(oauth2AccessToken.getExpiration().after(latestExpiry));
}

Example 3 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidTokenStoreServiceTest method testRemoveRefreshToken.

@Test
@Transactional
public void testRemoveRefreshToken() throws Exception {
    OAuth2AccessToken token = orcidTokenStoreService.readAccessToken("some-long-oauth2-token-value-3");
    orcidTokenStoreService.removeRefreshToken(token.getRefreshToken());
    OAuth2RefreshToken refreshToken = orcidTokenStoreService.readRefreshToken("some-long-oauth2-refresh-value-3");
    assertNull(refreshToken);
}

Example 4 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenTest.

@Test
public void createRefreshTokenTest() {
    // Create token, create refresh, parent should be disabled, scopes
    // should be equal
    long time = System.currentTimeMillis();
    String scope = "/activities/update";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = null;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, scope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn, scope);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertTrue(parentToken.getTokenDisabled());
    assertEquals(scope, parentToken.getScope());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertEquals(scope, refreshToken.getScope());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
}

Example 5 with OAuth2AccessToken

use of org.springframework.security.oauth2.core.OAuth2AccessToken in project ORCID-Source by ORCID.

the class OrcidRefreshTokenTokenGranterTest method createRefreshTokenWithoutRevokeParent.

@Test
public void createRefreshTokenWithoutRevokeParent() {
    // Create token, create refresh without disabling parent token, parent
    // should be enabled, refresh should be enabled
    long time = System.currentTimeMillis();
    String parentScope = "/activities/update /read-limited";
    String tokenValue = "parent-token-" + time;
    String refreshTokenValue = "refresh-token-" + time;
    Boolean revokeOld = false;
    Date parentTokenExpiration = new Date(time + 10000);
    Long expireIn = null;
    OrcidOauth2TokenDetail parent = createToken(CLIENT_ID_1, USER_ORCID, tokenValue, refreshTokenValue, parentTokenExpiration, parentScope);
    OAuth2AccessToken refresh = generateRefreshToken(parent, null, revokeOld, expireIn);
    assertNotNull(refresh);
    OrcidOauth2TokenDetail parentToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(parent.getTokenValue());
    assertNotNull(parentToken);
    assertEquals(tokenValue, parentToken.getTokenValue());
    assertFalse(parentToken.getTokenDisabled());
    assertNotNull(parentToken.getTokenExpiration());
    OrcidOauth2TokenDetail refreshToken = orcidOauth2TokenDetailService.findIgnoringDisabledByTokenValue(refresh.getValue());
    assertNotNull(refreshToken);
    assertNotNull(refreshToken.getTokenValue());
    assertNotNull(refreshToken.getRefreshTokenValue());
    assertFalse(refreshToken.getTokenDisabled());
    assertNotNull(refreshToken.getTokenExpiration());
    assertEquals(parentToken.getTokenExpiration().getTime(), refreshToken.getTokenExpiration().getTime());
    assertEquals(parentToken.getScope(), refreshToken.getScope());
    Set<String> tokenScopes = OAuth2Utils.parseParameterList(parentToken.getScope());
    Set<String> originalScopes = OAuth2Utils.parseParameterList(parentScope);
    assertEquals(originalScopes, tokenScopes);
}