Search in sources :

Example 6 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class DefaultTokenServicesWithInMemoryTests method testDifferentRefreshTokenMaintainsState.

@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
    // create access token
    getTokenServices().setAccessTokenValiditySeconds(1);
    getTokenServices().setClientDetailsService(new ClientDetailsService() {

        public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
            BaseClientDetails client = new BaseClientDetails();
            client.setAccessTokenValiditySeconds(1);
            client.setAuthorizedGrantTypes(Arrays.asList("authorization_code", "refresh_token"));
            return client;
        }
    });
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
    DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
    OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
    // Make it expire (and rely on mutable state in volatile token store)
    firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
    // create another access token
    OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication);
    assertFalse("The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue()));
    assertEquals("The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue());
    // refresh access token with refresh token
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
    getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertEquals(1, getAccessTokenCount());
}
Also used : BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails) ClientDetails(org.springframework.security.oauth2.provider.ClientDetails) ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) ClientDetailsService(org.springframework.security.oauth2.provider.ClientDetailsService) OAuth2Exception(org.springframework.security.oauth2.common.exceptions.OAuth2Exception) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) Date(java.util.Date) Test(org.junit.Test)

Example 7 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.

// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
    InMemoryTokenStore tokenStore = new InMemoryTokenStore();
    tokenServices.setSupportRefreshToken(true);
    tokenServices.setReuseRefreshToken(false);
    tokenServices.setTokenStore(tokenStore);
    OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
    accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
    OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
    OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
    assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
Also used : InMemoryTokenStore(org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) Test(org.junit.Test)

Example 8 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class RedisTokenStoreTests method testExpiringRefreshToken.

@Test
public void testExpiringRefreshToken() throws InterruptedException {
    String refreshToken = UUID.randomUUID().toString();
    DefaultOAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken(refreshToken, new Date(System.currentTimeMillis() + 1500));
    OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
    getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
    OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken(refreshToken);
    assertEquals(expectedExpiringRefreshToken, actualExpiringRefreshToken);
    assertEquals(expectedAuthentication, getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
    // let the token expire
    Thread.sleep(1500);
    // now it should be gone
    assertNull(getTokenStore().readRefreshToken(refreshToken));
    assertNull(getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
}
Also used : OAuth2Authentication(org.springframework.security.oauth2.provider.OAuth2Authentication) Date(java.util.Date) Test(org.junit.Test)

Example 9 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class AbstractPersistentDefaultTokenServicesTests method testRefreshTokenMaintainsState.

@Test
public void testRefreshTokenMaintainsState() throws Exception {
    getTokenServices().setSupportRefreshToken(true);
    OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
    OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
    TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
    OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
    assertNotNull(refreshedAccessToken);
    assertEquals(1, getAccessTokenCount());
}
Also used : ExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken) DefaultExpiringOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken) OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2AccessToken(org.springframework.security.oauth2.common.DefaultOAuth2AccessToken) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) TokenRequest(org.springframework.security.oauth2.provider.TokenRequest) Test(org.junit.Test)

Example 10 with OAuth2RefreshToken

use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.

the class JaxbOAuth2AccessTokenMessageConverter method convertToInternal.

protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) {
    JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken();
    jaxbAccessToken.setAccessToken(accessToken.getValue());
    jaxbAccessToken.setExpriation(accessToken.getExpiration());
    OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
    if (refreshToken != null) {
        jaxbAccessToken.setRefreshToken(refreshToken.getValue());
    }
    return jaxbAccessToken;
}
Also used : OAuth2RefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) DefaultOAuth2RefreshToken(org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)

Aggregations

OAuth2RefreshToken (org.springframework.security.oauth2.common.OAuth2RefreshToken)24 DefaultExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken)16 DefaultOAuth2RefreshToken (org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken)16 ExpiringOAuth2RefreshToken (org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken)15 Test (org.junit.Test)13 DefaultOAuth2AccessToken (org.springframework.security.oauth2.common.DefaultOAuth2AccessToken)12 Date (java.util.Date)11 OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)9 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)9 TokenRequest (org.springframework.security.oauth2.provider.TokenRequest)4 Transactional (org.springframework.transaction.annotation.Transactional)4 RedisConnection (org.springframework.data.redis.connection.RedisConnection)3 ProfileEntity (org.orcid.persistence.jpa.entities.ProfileEntity)2 DBUnitTest (org.orcid.test.DBUnitTest)2 Authentication (org.springframework.security.core.Authentication)2 ClientDetailsService (org.springframework.security.oauth2.provider.ClientDetailsService)2 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1 OrcidOauth2AuthInfo (org.orcid.core.oauth.OrcidOauth2AuthInfo)1 ClientDetailsEntity (org.orcid.persistence.jpa.entities.ClientDetailsEntity)1