Examples of org.springframework.security.oauth2.client.token.AccessTokenRequest

• org.springframework.security.oauth2.client.token.AccessTokenRequest

  @Test
  @OAuth2ContextConfiguration(resource = MyTrustedClient.class, initialize = false)
  public void testWrongRedirectUri() throws Exception {
    approveAccessTokenGrant("http://anywhere", true);
    AccessTokenRequest request = context.getAccessTokenRequest();
    // The redirect is stored in the preserved state...
    context.getOAuth2ClientContext().setPreservedState(request.getStateKey(), "http://nowhere");
    // Finally everything is in place for the grant to happen...
    try {
      assertNotNull(context.getAccessToken());
      fail("Expected RedirectMismatchException");
    }

    approveAccessTokenGrant(null, true);

    // Finally everything is in place for the grant to happen...
    assertNotNull(context.getAccessToken());

    AccessTokenRequest request = context.getAccessTokenRequest();
    assertNotNull(request.getAuthorizationCode());
    assertEquals(HttpStatus.OK, http.getStatusCode("/admin/beans"));

  }

    return uri.build().toString();
  }

  protected void approveAccessTokenGrant(String currentUri, boolean approved) {

    AccessTokenRequest request = context.getAccessTokenRequest();
    request.setHeaders(getAuthenticatedHeaders());
    AuthorizationCodeResourceDetails resource = (AuthorizationCodeResourceDetails) context.getResource();

    if (currentUri != null) {
      request.setCurrentUri(currentUri);
    }

    String location = null;

    try {
      // First try to obtain the access token...
      assertNotNull(context.getAccessToken());
      fail("Expected UserRedirectRequiredException");
    }
    catch (UserRedirectRequiredException e) {
      // Expected and necessary, so that the correct state is set up in the request...
      location = e.getRedirectUri();
    }

    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());

    verifyAuthorizationPage(context.getRestTemplate(), location);

    try {
      // Now try again and the token provider will redirect for user approval...
      assertNotNull(context.getAccessToken());
      fail("Expected UserRedirectRequiredException");
    }
    catch (UserApprovalRequiredException e) {
      // Expected and necessary, so that the user can approve the grant...
      location = e.getApprovalUri();
    }

    assertTrue(location.startsWith(resource.getUserAuthorizationUri()));
    assertNull(request.getAuthorizationCode());

    // The approval (will be processed on the next attempt to obtain an access token)...
    request.set(OAuth2Utils.USER_OAUTH_APPROVAL, "" + approved);

  }

  private ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();

  @Test
  public void testGetAccessToken() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    resource.setAccessTokenUri("http://localhost/oauth/token");
    resource.setUsername("foo");
    resource.setPassword("bar");
    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

  @Test
  public void testGetAccessTokenWithDynamicCredentials() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.set("username", "foo");
    request.set("password", "bar");
    resource.setAccessTokenUri("http://localhost/oauth/token");
    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

  @Test
  public void testCurrentUriNotUsed() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.set("username", "foo");
    request.setCurrentUri("urn:foo:bar");
    resource.setAccessTokenUri("http://localhost/oauth/token");
    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

  private AuthorizationCodeResourceDetails resource = new AuthorizationCodeResourceDetails();

  @Test
  public void testGetAccessToken() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAuthorizationCode("foo");
    resource.setAccessTokenUri("http://localhost/oauth/token");
    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
  }

  @Test
  public void testRedirectToAuthorizationEndpoint() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setCurrentUri("/come/back/soon");
    resource.setUserAuthorizationUri("http://localhost/oauth/authorize");
    try {
      provider.obtainAccessToken(resource, request);
      fail("Expected UserRedirectRequiredException");
    }

  }

  // A missing redirect just means the server has to deal with it
  @Test(expected = UserRedirectRequiredException.class)
  public void testRedirectNotSpecified() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    resource.setUserAuthorizationUri("http://localhost/oauth/authorize");
    provider.obtainAccessToken(resource, request);
  }

    provider.obtainAccessToken(resource, request);
  }

  @Test
  public void testGetAccessTokenRequest() throws Exception {
    AccessTokenRequest request = new DefaultAccessTokenRequest();
    request.setAuthorizationCode("foo");
    request.setStateKey("bar");
    request.setPreservedState(new Object());
    resource.setAccessTokenUri("http://localhost/oauth/token");
    resource.setPreEstablishedRedirectUri("http://anywhere.com");
    assertEquals("FOO", provider.obtainAccessToken(resource, request).getValue());
    // System.err.println(params);
    assertEquals("authorization_code", params.getFirst("grant_type"));