Search in sources :

Example 1 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshedTokenInvalidWithWrongClient.

@Test(expected = InvalidGrantException.class)
public void testRefreshedTokenInvalidWithWrongClient() throws Exception {
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "wrong"), "wrong", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals("[read]", refreshedAccessToken.getScope().toString());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Test(org.junit.Test)

Example 2 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshedTokenHasNarrowedScopes.

@Test
public void testRefreshedTokenHasNarrowedScopes() throws Exception {
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals("[read]", refreshedAccessToken.getScope().toString());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Test(org.junit.Test)

Example 3 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshTokenRequestHasRefreshFlag.

@Test
public void testRefreshTokenRequestHasRefreshFlag() throws Exception {
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    final AtomicBoolean called = new AtomicBoolean(false);
    getTokenServices().setTokenEnhancer(new TokenEnhancer() {

        @Override
        public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) {
            assertTrue(authentication.getOAuth2Request().isRefresh());
            called.set(true);
            return accessToken;
        }
    });
    getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertTrue(called.get());
}
Also used : AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) Test(org.junit.Test)

Example 4 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testExpiredRefreshTokenIsRenewedWithNewAccessToken.

@Test
public void testExpiredRefreshTokenIsRenewedWithNewAccessToken() throws Exception {
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    assertNotNull(firstAccessToken.getRefreshToken());
    // Make it expire (and rely on mutable state in volatile token store)
    ReflectionTestUtils.setField(firstAccessToken.getRefreshToken(), "expiration", new Date(System.currentTimeMillis() - 1000));
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    DefaultOAuth2AccessToken secondAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    ExpiringOAuth2RefreshToken refreshToken = (ExpiringOAuth2RefreshToken) secondAccessToken.getRefreshToken();
    assertNotNull(refreshToken);
    assertTrue(refreshToken.getExpiration().getTime() > System.currentTimeMillis());
}
Also used : OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) Test(org.junit.Test)

Example 5 with ExpiringOAuth2RefreshToken

use of org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithJwtTests method testRefreshedTokenHasIdThatMatchesAccessToken.

@Test
public void testRefreshedTokenHasIdThatMatchesAccessToken() throws Exception {
    JsonParser parser = JsonParserFactory.create();
    OAuth2Authentication authentication = createAuthentication();
    OAuth2AccessToken initialToken = getTokenServices().createAccessToken(authentication);
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) initialToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    Map<String, ?> accessTokenInfo = parser.parseMap(JwtHelper.decode(refreshedAccessToken.getValue()).getClaims());
    Map<String, ?> refreshTokenInfo = parser.parseMap(JwtHelper.decode(refreshedAccessToken.getRefreshToken().getValue()).getClaims());
    assertEquals("Access token ID does not match refresh token ATI", accessTokenInfo.get(AccessTokenConverter.JTI), refreshTokenInfo.get(AccessTokenConverter.ATI));
    assertNotSame("Refresh token re-used", expectedExpiringRefreshToken.getValue(), refreshedAccessToken.getRefreshToken().getValue());
}
Also used : OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) JsonParser(org.springframework.security.oauth2.common.util.JsonParser) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) Test(org.junit.Test)

Aggregations

ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)13 Test (org.junit.Test)9 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)9 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)8 Date (java.util.Date)5 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)5 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)5 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)4 OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)4 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)2 RedisConnection (org.springframework.data.redis.connection.RedisConnection)2 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)2 OAuth2Request (org.springframework.security.oauth2.provider.OAuth2Request)2 Transactional (org.springframework.transaction.annotation.Transactional)2 HashMap (java.util.HashMap)1 AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)1 OrcidOauth2UserAuthentication (org.orcid.core.oauth.OrcidOauth2UserAuthentication)1 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)1 OrcidOauth2TokenDetail (org.orcid.persistence.jpa.entities.OrcidOauth2TokenDetail)1 DBUnitTest (org.orcid.test.DBUnitTest)1