use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class DefaultTokenServicesWithInMemoryTests method testDifferentRefreshTokenMaintainsState.
@Test
public void testDifferentRefreshTokenMaintainsState() throws Exception {
// create access token
getTokenServices().setAccessTokenValiditySeconds(1);
getTokenServices().setClientDetailsService(new ClientDetailsService() {
public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception {
BaseClientDetails client = new BaseClientDetails();
client.setAccessTokenValiditySeconds(1);
client.setAuthorizedGrantTypes(Arrays.asList("authorization_code", "refresh_token"));
return client;
}
});
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false, Collections.singleton("read")), new TestAuthentication("test2", false));
DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication);
OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken();
// Make it expire (and rely on mutable state in volatile token store)
firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000));
// create another access token
OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication);
assertFalse("The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue()));
assertEquals("The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue());
// refresh access token with refresh token
TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", Collections.singleton("read"), null);
getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
assertEquals(1, getAccessTokenCount());
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class TokenServicesWithTokenEnhancerTests method storeEnhancedRefreshTokenDuringRefresh.
// gh-511
@Test
public void storeEnhancedRefreshTokenDuringRefresh() {
InMemoryTokenStore tokenStore = new InMemoryTokenStore();
tokenServices.setSupportRefreshToken(true);
tokenServices.setReuseRefreshToken(false);
tokenServices.setTokenStore(tokenStore);
OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication);
OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
TokenRequest tokenRequest = new TokenRequest(Collections.<String, String>emptyMap(), request.getClientId(), request.getScope(), "authorization_code");
accessToken = tokenServices.refreshAccessToken(refreshToken.getValue(), tokenRequest);
OAuth2RefreshToken enhancedRefreshToken = accessToken.getRefreshToken();
OAuth2RefreshToken storedEnhancedRefreshToken = tokenStore.readRefreshToken(enhancedRefreshToken.getValue());
assertEquals(enhancedRefreshToken.getValue(), storedEnhancedRefreshToken.getValue());
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class RedisTokenStoreTests method testExpiringRefreshToken.
@Test
public void testExpiringRefreshToken() throws InterruptedException {
String refreshToken = UUID.randomUUID().toString();
DefaultOAuth2RefreshToken expectedExpiringRefreshToken = new DefaultExpiringOAuth2RefreshToken(refreshToken, new Date(System.currentTimeMillis() + 1500));
OAuth2Authentication expectedAuthentication = new OAuth2Authentication(RequestTokenFactory.createOAuth2Request("id", false), new TestAuthentication("test2", false));
getTokenStore().storeRefreshToken(expectedExpiringRefreshToken, expectedAuthentication);
OAuth2RefreshToken actualExpiringRefreshToken = getTokenStore().readRefreshToken(refreshToken);
assertEquals(expectedExpiringRefreshToken, actualExpiringRefreshToken);
assertEquals(expectedAuthentication, getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
// let the token expire
Thread.sleep(1500);
// now it should be gone
assertNull(getTokenStore().readRefreshToken(refreshToken));
assertNull(getTokenStore().readAuthenticationForRefreshToken(expectedExpiringRefreshToken));
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class AbstractPersistentDefaultTokenServicesTests method testRefreshTokenMaintainsState.
@Test
public void testRefreshTokenMaintainsState() throws Exception {
getTokenServices().setSupportRefreshToken(true);
OAuth2AccessToken accessToken = getTokenServices().createAccessToken(createAuthentication());
OAuth2RefreshToken expectedExpiringRefreshToken = accessToken.getRefreshToken();
TokenRequest tokenRequest = new TokenRequest(Collections.singletonMap("client_id", "id"), "id", null, null);
OAuth2AccessToken refreshedAccessToken = getTokenServices().refreshAccessToken(expectedExpiringRefreshToken.getValue(), tokenRequest);
assertNotNull(refreshedAccessToken);
assertEquals(1, getAccessTokenCount());
}
use of org.springframework.security.oauth2.common.OAuth2RefreshToken in project spring-security-oauth by spring-projects.
the class JaxbOAuth2AccessTokenMessageConverter method convertToInternal.
protected JaxbOAuth2AccessToken convertToInternal(OAuth2AccessToken accessToken) {
JaxbOAuth2AccessToken jaxbAccessToken = new JaxbOAuth2AccessToken();
jaxbAccessToken.setAccessToken(accessToken.getValue());
jaxbAccessToken.setExpriation(accessToken.getExpiration());
OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
if (refreshToken != null) {
jaxbAccessToken.setRefreshToken(refreshToken.getValue());
}
return jaxbAccessToken;
}
Aggregations