List of usage examples for org.springframework.security.jwt JwtHelper decodeAndVerify
public static Jwt decodeAndVerify(String token, SignatureVerifier verifier)
From source file:org.springframework.security.jwt.filter.DefaultJwtTokenService.java
@Override public Map<String, Object> verify(String token) { Jwt jwt = JwtHelper.decodeAndVerify(token, signerVerifier); try {/*from w ww. j a va2 s. c o m*/ return objectMapper.readValue(jwt.getClaims(), Map.class); } catch (IOException e) { e.printStackTrace(); // TODO return null; } }
From source file:org.cloudfoundry.identity.uaa.oauth.JwtTokenEnhancerTests.java
@Test public void rsaKeyCreatesValidRsaSignedTokens() throws Exception { String rsaKey = "-----BEGIN RSA PRIVATE KEY----- \n" + "MIIBywIBAAJhAOTeb4AZ+NwOtPh+ynIgGqa6UWNVe6JyJi+loPmPZdpHtzoqubnC \n" + "wEs6JSiSZ3rButEAw8ymgLV6iBY02hdjsl3h5Z0NWaxx8dzMZfXe4EpfB04ISoqq\n" + "hZCxchvuSDP4eQIDAQABAmEAqUuYsuuDWFRQrZgsbGsvC7G6zn3HLIy/jnM4NiJK\n" + "t0JhWNeN9skGsR7bqb1Sak2uWqW8ZqnqgAC32gxFRYHTavJEk6LTaHWovwDEhPqc\n" + "Zs+vXd6tZojJQ35chR/slUEBAjEA/sAd1oFLWb6PHkaz7r2NllwUBTvXL4VcMWTS\n" + "pN+5cU41i9fsZcHw6yZEl+ZCicDxAjEA5f3R+Bj42htNI7eylebew1+sUnFv1xT8\n" + "jlzxSzwVkoZo+vef7OD6OcFLeInAHzAJAjEAs6izolK+3ETa1CRSwz0lPHQlnmdM\n" + "Y/QuR5tuPt6U/saEVuJpkn4LNRtg5qt6I4JRAjAgFRYTG7irBB/wmZFp47izXEc3\n" + "gOdvA1hvq3tlWU5REDrYt24xpviA0fvrJpwMPbECMAKDKdiDi6Q4/iBkkzNMefA8\n" + "7HX27b9LR33don/1u/yvzMUo+lrRdKAFJ+9GPE9XFA== \n" + "-----END RSA PRIVATE KEY----- "; tokenEnhancer.setSigningKey(rsaKey); OAuth2Authentication authentication = new OAuth2Authentication(new DefaultAuthorizationRequest("foo", null), userAuthentication);/*from w w w . ja v a2s . c o m*/ OAuth2AccessToken token = tokenEnhancer.enhance(new DefaultOAuth2AccessToken("FOO"), authentication); JwtHelper.decodeAndVerify(token.getValue(), new RsaVerifier(rsaKey)); }
From source file:com.ge.predix.uaa.token.lib.FastTokenServices.java
@Override public OAuth2Authentication loadAuthentication(final String accessToken) throws AuthenticationException { Map<String, Object> claims; try {//www . j a v a2 s . c o m claims = getTokenClaims(accessToken); } catch (IllegalArgumentException e) { LOG.error("Malformed Access Token: " + accessToken); LOG.error(e); throw new InvalidTokenException("Malformed Access Token", e); } String iss = getIssuerFromClaims(claims); verifyIssuer(iss); // check if the singerProvider for that issuer has already in the cache SignatureVerifier verifier = this.tokenKeys.get(iss); if (null == verifier) { String tokenKey = getTokenKey(iss); verifier = getVerifier(tokenKey); this.tokenKeys.put(iss, verifier); } JwtHelper.decodeAndVerify(accessToken, verifier); verifyTimeWindow(claims); Assert.state(claims.containsKey("client_id"), "Client id must be present in response from auth server"); String remoteClientId = (String) claims.get("client_id"); Set<String> scope = new HashSet<>(); if (claims.containsKey("scope")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("scope"); scope.addAll(values); } AuthorizationRequest clientAuthentication = new AuthorizationRequest(remoteClientId, scope); if (claims.containsKey("resource_ids") || claims.containsKey("client_authorities")) { Set<String> resourceIds = new HashSet<>(); if (claims.containsKey("resource_ids")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("resource_ids"); resourceIds.addAll(values); } Set<GrantedAuthority> clientAuthorities = new HashSet<>(); if (claims.containsKey("client_authorities")) { @SuppressWarnings("unchecked") Collection<String> values = (Collection<String>) claims.get("client_authorities"); clientAuthorities.addAll(getAuthorities(values)); } BaseClientDetails clientDetails = new BaseClientDetails(); clientDetails.setClientId(remoteClientId); clientDetails.setResourceIds(resourceIds); clientDetails.setAuthorities(clientAuthorities); clientAuthentication.setResourceIdsAndAuthoritiesFromClientDetails(clientDetails); } Map<String, String> requestParameters = new HashMap<>(); if (isStoreClaims()) { for (Map.Entry<String, Object> entry : claims.entrySet()) { if (entry.getValue() != null && entry.getValue() instanceof String) { requestParameters.put(entry.getKey(), (String) entry.getValue()); } } } if (claims.containsKey(Claims.ADDITIONAL_AZ_ATTR)) { try { requestParameters.put(Claims.ADDITIONAL_AZ_ATTR, JsonUtils.writeValueAsString(claims.get(Claims.ADDITIONAL_AZ_ATTR))); } catch (JsonUtils.JsonUtilException e) { throw new IllegalStateException("Cannot convert access token to JSON", e); } } clientAuthentication.setRequestParameters(Collections.unmodifiableMap(requestParameters)); Authentication userAuthentication = getUserAuthentication(claims, scope); clientAuthentication.setApproved(true); return new OAuth2Authentication(clientAuthentication.createOAuth2Request(), userAuthentication); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenForAClient() { DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "client_credentials"); authorizationRequest.setAuthorizationParameters(azParameters); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt);/*from ww w . j a v a2 s.c o m*/ Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertNull("user_id should be null for a client token", claims.get("user_id")); assertEquals(claims.get("sub"), "client"); assertNull("user_id should be null for a client token", claims.get("user_name")); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrant() throws InterruptedException { Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "read", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest/*from w ww . j ava2 s . co m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read,write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", "true"); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); //NO APPROVALS REQUIRED DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest//www . ja va 2s . c o m .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApprovedDowngradedRequest() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read, write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", "true"); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); //NO APPROVALS REQUIRED DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read" })); refreshAuthorizationRequest//from w ww.ja va2 s . com .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
@Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApproved() throws InterruptedException { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim. clients", "read, write", "authorization_code, password, implicit, client_credentials", "update"); clientDetails.addAdditionalInformation("autoapprove", Arrays.asList(new String[] { "read" })); clientDetailsService.setClientDetailsStore(Collections.singletonMap("client", clientDetails)); Calendar expiresAt = Calendar.getInstance(); expiresAt.add(Calendar.MILLISECOND, 3000); Calendar updatedAt = Calendar.getInstance(); updatedAt.add(Calendar.MILLISECOND, -1000); approvalStore.addApproval(new Approval("jdsa", "client", "write", expiresAt.getTime(), ApprovalStatus.APPROVED, updatedAt.getTime())); DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); authorizationRequest.setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> azParameters = new HashMap<String, String>( authorizationRequest.getAuthorizationParameters()); azParameters.put("grant_type", "authorization_code"); authorizationRequest.setAuthorizationParameters(azParameters); Authentication userAuthentication = new UsernamePasswordAuthenticationToken( new UaaPrincipal(new UaaUser("jdsa", "password", "jdsa@vmware.com", null, null)), "n/a", null); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, userAuthentication); OAuth2AccessToken accessToken = testCreateAccessTokenForAUser(authentication, false); DefaultAuthorizationRequest refreshAuthorizationRequest = new DefaultAuthorizationRequest("client", Arrays.asList(new String[] { "read", "write" })); refreshAuthorizationRequest/*from w ww . j av a2 s. co m*/ .setResourceIds(new HashSet<String>(Arrays.asList(new String[] { "scim", "clients" }))); Map<String, String> refreshAzParameters = new HashMap<String, String>( refreshAuthorizationRequest.getAuthorizationParameters()); refreshAzParameters.put("grant_type", "refresh_token"); refreshAuthorizationRequest.setAuthorizationParameters(refreshAzParameters); OAuth2AccessToken refreshedAccessToken = tokenServices .refreshAccessToken(accessToken.getRefreshToken().getValue(), refreshAuthorizationRequest); assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); Jwt tokenJwt = JwtHelper.decodeAndVerify(refreshedAccessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt); Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertEquals(claims.get("user_id"), "12345"); assertEquals(claims.get("sub"), "12345"); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); assertNotNull(accessToken.getRefreshToken()); }
From source file:org.cloudfoundry.identity.uaa.oauth.token.UaaTokenServicesTests.java
private OAuth2AccessToken testCreateAccessTokenForAUser(OAuth2Authentication authentication, boolean noRefreshToken) { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt tokenJwt = JwtHelper.decodeAndVerify(accessToken.getValue(), signerProvider.getVerifier()); assertNotNull(tokenJwt);//www. j a v a2 s . c om Map<String, Object> claims = null; try { claims = mapper.readValue(tokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(claims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertEquals(claims.get("client_id"), "client"); assertNotNull(claims.get("user_id")); assertNotNull(claims.get("sub")); assertEquals(claims.get("user_name"), "jdsa"); assertEquals(claims.get("email"), "jdsa@vmware.com"); assertEquals(claims.get("cid"), "client"); assertEquals(claims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(claims.get("aud"), Arrays.asList(new String[] { "scim", "clients" })); assertTrue(((String) claims.get("jti")).length() > 0); assertTrue(((Integer) claims.get("iat")) > 0); assertTrue(((Integer) claims.get("exp")) > 0); assertTrue(((Integer) claims.get("exp")) - ((Integer) claims.get("iat")) == 60 * 60 * 12); if (noRefreshToken) { assertNull(accessToken.getRefreshToken()); } else { assertNotNull(accessToken.getRefreshToken()); Jwt refreshTokenJwt = JwtHelper.decodeAndVerify(accessToken.getRefreshToken().getValue(), signerProvider.getVerifier()); assertNotNull(refreshTokenJwt); Map<String, Object> refreshTokenClaims = null; try { refreshTokenClaims = mapper.readValue(refreshTokenJwt.getClaims(), new TypeReference<Map<String, Object>>() { }); } catch (Exception e) { throw new IllegalStateException("Cannot read token claims", e); } assertEquals(refreshTokenClaims.get("iss"), "http://localhost:8080/uaa/oauth/token"); assertNotNull(refreshTokenClaims.get("user_name")); assertNotNull(refreshTokenClaims.get("sub")); assertEquals(refreshTokenClaims.get("cid"), "client"); assertEquals(refreshTokenClaims.get("scope"), Arrays.asList(new String[] { "read", "write" })); assertEquals(refreshTokenClaims.get("aud"), Arrays.asList(new String[] { "read", "write" })); assertTrue(((String) refreshTokenClaims.get("jti")).length() > 0); assertTrue(((Integer) refreshTokenClaims.get("iat")) > 0); assertTrue(((Integer) refreshTokenClaims.get("exp")) > 0); assertTrue(((Integer) refreshTokenClaims.get("exp")) - ((Integer) refreshTokenClaims.get("iat")) == 60 * 60 * 24 * 30); } return accessToken; }