public OAuth2AccessToken enhance( OAuth2AccessToken accessToken, OAuth2Authentication authentication) { DefaultOAuth2AccessToken result = new DefaultOAuth2AccessToken(accessToken); Map<String, Object> info = new LinkedHashMap<String, Object>(accessToken.getAdditionalInformation()); String tokenId = result.getValue(); if (!info.containsKey(TOKEN_ID)) { info.put(TOKEN_ID, tokenId); } result.setAdditionalInformation(info); return result.setValue(encode(result, authentication)); }
@Test public void testExpiredToken() throws Exception { OAuth2Authentication expectedAuthentication = new OAuth2Authentication( new AuthorizationRequest("id", Collections.singleton("read"), null, null), new TestAuthentication("test2", false)); DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication); // Make it expire (and rely on mutable state in volatile token store) firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); expected.expect(InvalidTokenException.class); expected.expectMessage("expired"); getTokenServices().loadAuthentication(firstAccessToken.getValue()); }
@Test public void testDifferentRefreshTokenMaintainsState() throws Exception { // create access token getTokenServices().setAccessTokenValiditySeconds(1); getTokenServices() .setClientDetailsService( new ClientDetailsService() { public ClientDetails loadClientByClientId(String clientId) throws OAuth2Exception { BaseClientDetails client = new BaseClientDetails(); client.setAccessTokenValiditySeconds(1); return client; } }); OAuth2Authentication expectedAuthentication = new OAuth2Authentication( new AuthorizationRequest("id", Collections.singleton("read"), null, null), new TestAuthentication("test2", false)); DefaultOAuth2AccessToken firstAccessToken = (DefaultOAuth2AccessToken) getTokenServices().createAccessToken(expectedAuthentication); OAuth2RefreshToken expectedExpiringRefreshToken = firstAccessToken.getRefreshToken(); // Make it expire (and rely on mutable state in volatile token store) firstAccessToken.setExpiration(new Date(System.currentTimeMillis() - 1000)); // create another access token OAuth2AccessToken secondAccessToken = getTokenServices().createAccessToken(expectedAuthentication); assertFalse( "The new access token should be different", firstAccessToken.getValue().equals(secondAccessToken.getValue())); assertEquals( "The new access token should have the same refresh token", expectedExpiringRefreshToken.getValue(), secondAccessToken.getRefreshToken().getValue()); // refresh access token with refresh token getTokenServices() .refreshAccessToken( expectedExpiringRefreshToken.getValue(), expectedAuthentication.getAuthorizationRequest().getScope()); assertEquals(1, getAccessTokenCount()); }