@Test public void testAuthorizationCodeGrant() { Authentication userAuthentication = new UsernamePasswordAuthenticationToken( "marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); parameters.clear(); parameters.put(OAuth2Utils.CLIENT_ID, "foo"); parameters.put(OAuth2Utils.SCOPE, "scope"); OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request( parameters, "foo", null, true, Collections.singleton("scope"), null, null, null); String code = authorizationCodeServices.createAuthorizationCode( new OAuth2Authentication(storedOAuth2Request, userAuthentication)); parameters.putAll(storedOAuth2Request.getRequestParameters()); parameters.put("code", code); TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters); AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter( providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory); OAuth2AccessToken token = granter.grant("authorization_code", tokenRequest); assertTrue(providerTokenServices.loadAuthentication(token.getValue()).isAuthenticated()); }
@Test public void testAuthorizationRedirectMismatch() { Map<String, String> initialParameters = new HashMap<String, String>(); initialParameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe"); // AuthorizationRequest initialRequest = createFromParameters(initialParameters); // we fake a valid resolvedRedirectUri because without the client would never come this far // initialRequest.setRedirectUri(initialParameters.get(REDIRECT_URI)); parameters.clear(); parameters.put(OAuth2Utils.REDIRECT_URI, "https://redirectMe"); parameters.put(OAuth2Utils.CLIENT_ID, "foo"); OAuth2Request storedOAuth2Request = RequestTokenFactory.createOAuth2Request( parameters, "foo", null, true, null, null, "https://redirectMe", null); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( "marissa", "koala", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER")); String code = authorizationCodeServices.createAuthorizationCode( new OAuth2Authentication(storedOAuth2Request, userAuthentication)); Map<String, String> authorizationParameters = new HashMap<String, String>(); authorizationParameters.put("code", code); // AuthorizationRequest oAuth2Request = createFromParameters(initialParameters); // oAuth2Request.setRequestParameters(authorizationParameters); TokenRequest tokenRequest = requestFactory.createTokenRequest(parameters); tokenRequest.setRequestParameters(authorizationParameters); AuthorizationCodeTokenGranter granter = new AuthorizationCodeTokenGranter( providerTokenServices, authorizationCodeServices, clientDetailsService, requestFactory); try { granter.getOAuth2Authentication(client, tokenRequest); fail("RedirectMismatchException because of null redirect_uri in authorizationRequest"); } catch (RedirectMismatchException e) { } }