Examples with OAuth2AccessToken org.springframework.security.oauth2.common.OAuth2AccessToken used on opensource projects

Example 31 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationCodeTokenGranterTests method testAuthorizationRequestPreserved.

@Test
public void testAuthorizationRequestPreserved() {
    parameters.clear();
    parameters.put(OAuth2Utils.CLIENT_ID, "foo");
    parameters.put(OAuth2Utils.SCOPE, "read");
    OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request(parameters, "foo", null, true, Collections.singleton("read"), Collections.singleton("resource"), null, null, null);
    Authentication userAuthentication = new UsernamePasswordAuthenticationToken("marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
    String code = authorizationCodeServices.createAuthorizationCode(new OAuth2Authentication(storedOAuth2Request, userAuthentication));
    parameters.put("code", code);
    // Ensure even if token request asks for more scope they are not granted
    parameters.put(OAuth2Utils.SCOPE, "read write");
    TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters, client);
    AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter(providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory);
    OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest);
    OAuth2Request finalRequest = providerTokenServices.loadAuthentication(token.getValue()).getOAuth2Request();
    assertEquals("[read]", finalRequest.getScope().toString());
    assertEquals("[resource]", finalRequest.getResourceIds().toString());
    assertTrue(finalRequest.isApproved());
}

Example 32 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AuthorizationEndpointTests method testImplicitWithAdditionalInfo.

@Test
public void testImplicitWithAdditionalInfo() throws Exception {
    endpoint.setTokenGranter(new TokenGranter() {

        public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
            DefaultOAuth2AccessToken token = new DefaultOAuth2AccessToken("FOO");
            token.setAdditionalInformation(Collections.<String, Object>singletonMap("foo", "bar"));
            return token;
        }
    });
    endpoint.setUserApprovalHandler(new DefaultUserApprovalHandler() {

        public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
            return true;
        }
    });
    AuthorizationRequest authorizationRequest = getAuthorizationRequest("foo", "http://anywhere.com", "mystate", "myscope", Collections.singleton("token"));
    ModelAndView result = endpoint.authorize(model, authorizationRequest.getRequestParameters(), sessionStatus, principal);
    String url = ((RedirectView) result.getView()).getUrl();
    assertTrue("Wrong url: " + result, url.contains("foo=bar"));
}

Example 33 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRevokedTokenNotAvailable.

@Test
public void testRevokedTokenNotAvailable() throws Exception {
    OAuth2Authentication authentication = createAuthentication();
    OAuth2AccessToken token = getTokenServices().createAccessToken(authentication);
    getTokenServices().revokeToken(token.getValue());
    Collection<OAuth2AccessToken> tokens = getTokenStore().findTokensByClientIdAndUserName(authentication.getOAuth2Request().getClientId(), authentication.getUserAuthentication().getName());
    assertFalse(tokens.contains(token));
    assertTrue(tokens.isEmpty());
}

Example 34 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshedTokenInvalidWithWrongClient.

@Test(expected = InvalidGrantException.class)
public void testRefreshedTokenInvalidWithWrongClient() throws Exception {
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "wrong"), "wrong", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals("[read]", refreshedAccessToken.getScope().toString());
}

Example 35 with OAuth2AccessToken

use of org.springframework.security.oauth2.common.OAuth2AccessToken in project spring-security-oauth by spring-projects.

the class AbstractDefaultTokenServicesTests method testRefreshedTokenHasNarrowedScopes.

@Test
public void testRefreshedTokenHasNarrowedScopes() throws Exception {
    ExpiringOAuth2RefreshToken expectedExpiringRefreshToken = (ExpiringOAuth2RefreshToken) getTokenServices().createAccessToken(createAuthentication()).getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals("[read]", refreshedAccessToken.getScope().toString());
}