@Test
public void testImplicitGrant() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));
LinkedMultiValueMap<String, String> postBody = new LinkedMultiValueMap<>();
postBody.add("client_id", "cf");
postBody.add("redirect_uri", "https://uaa.cloudfoundry.com/redirect/cf");
postBody.add("response_type", "token id_token");
postBody.add("source", "credentials");
postBody.add("username", user.getUserName());
postBody.add("password", secret);
ResponseEntity<Void> responseEntity =
restOperations.exchange(
loginUrl + "/oauth/authorize",
HttpMethod.POST,
new HttpEntity<>(postBody, headers),
Void.class);
Assert.assertEquals(HttpStatus.FOUND, responseEntity.getStatusCode());
UriComponents locationComponents =
UriComponentsBuilder.fromUri(responseEntity.getHeaders().getLocation()).build();
Assert.assertEquals("uaa.cloudfoundry.com", locationComponents.getHost());
Assert.assertEquals("/redirect/cf", locationComponents.getPath());
MultiValueMap<String, String> params = parseFragmentParams(locationComponents);
Assert.assertThat(params.get("jti"), not(empty()));
Assert.assertEquals("bearer", params.getFirst("token_type"));
Assert.assertThat(Integer.parseInt(params.getFirst("expires_in")), Matchers.greaterThan(40000));
String[] scopes = UriUtils.decode(params.getFirst("scope"), "UTF-8").split(" ");
Assert.assertThat(
Arrays.asList(scopes),
containsInAnyOrder(
"scim.userids",
"password.write",
"cloud_controller.write",
"openid",
"cloud_controller.read",
"uaa.user"));
validateToken("access_token", params.toSingleValueMap(), scopes, aud);
validateToken("id_token", params.toSingleValueMap(), openid, new String[] {"cf"});
}
