@Test
  public void verifyOK() throws Exception {
    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();

    ((OAuth20WrapperController) oauth20WrapperController)
        .getServicesManager()
        .save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));

    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);

    final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
    final TicketGrantingTicketImpl impl =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.authentication.TestUtils.getAuthentication(p),
            new NeverExpiresExpirationPolicy());

    ((OAuth20WrapperController) oauth20WrapperController)
        .getTicketRegistry()
        .addTicket(
            new ServiceTicketImpl(
                CODE,
                impl,
                org.jasig.cas.authentication.TestUtils.getService(),
                false,
                new ExpirationPolicy() {
                  private static final long serialVersionUID = -7321055962209199811L;

                  @Override
                  public boolean isExpired(final TicketState ticketState) {
                    return false;
                  }
                }));

    oauth20WrapperController.handleRequest(mockRequest, mockResponse);

    ((OAuth20WrapperController) oauth20WrapperController).getTicketRegistry().deleteTicket(CODE);

    assertEquals("text/plain", mockResponse.getContentType());
    assertEquals(200, mockResponse.getStatus());
    final String body = mockResponse.getContentAsString();

    assertTrue(
        body.startsWith(
            OAuthConstants.ACCESS_TOKEN + '=' + TGT_ID + '&' + OAuthConstants.EXPIRES + '='));
    // delta = 2 seconds
    final int delta = 2;
    final int timeLeft =
        Integer.parseInt(StringUtils.substringAfter(body, '&' + OAuthConstants.EXPIRES + '='));
    assertTrue(timeLeft >= TIMEOUT - 10 - delta);
  }
  @Test
  public void verifyExpiredServiceTicket() throws Exception {
    clearAllServices();
    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();

    ((OAuth20WrapperController) oauth20WrapperController)
        .getServicesManager()
        .save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));

    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);

    final Principal p = org.jasig.cas.authentication.TestUtils.getPrincipal(ID, map);
    final TicketGrantingTicketImpl impl =
        new TicketGrantingTicketImpl(
            TGT_ID,
            org.jasig.cas.authentication.TestUtils.getAuthentication(p),
            new NeverExpiresExpirationPolicy());

    ((OAuth20WrapperController) oauth20WrapperController)
        .getTicketRegistry()
        .addTicket(
            new ServiceTicketImpl(
                "ST1",
                impl,
                org.jasig.cas.authentication.TestUtils.getService(),
                false,
                new ExpirationPolicy() {
                  private static final long serialVersionUID = -7321055962209199811L;

                  @Override
                  public boolean isExpired(final TicketState ticketState) {
                    return true;
                  }
                }));

    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(400, mockResponse.getStatus());
    assertEquals("error=" + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
  }
  private void clearAllServices() {
    final Collection<RegisteredService> col =
        ((OAuth20WrapperController) oauth20WrapperController).getServicesManager().getAllServices();

    for (final RegisteredService r : col) {
      ((OAuth20WrapperController) oauth20WrapperController).getServicesManager().delete(r.getId());
    }
  }
  @Test
  public void verifyNoServiceTicket() throws Exception {
    clearAllServices();
    final MockHttpServletRequest mockRequest =
        new MockHttpServletRequest("GET", CONTEXT + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();

    ((OAuth20WrapperController) oauth20WrapperController)
        .getServicesManager()
        .save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));

    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(400, mockResponse.getStatus());
    assertEquals("error=" + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
  }