org.apache.cxf.rs.security.oauth2.common.ServerAccessToken Java Examples
The following examples show how to use
org.apache.cxf.rs.security.oauth2.common.ServerAccessToken.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: OidcImplicitService.java From cxf with Apache License 2.0 | 6 votes |
@Override protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { if (canAccessTokenBeReturned(state.getResponseType())) { return super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); } // id_token response type processing StringBuilder sb = getUriWithFragment(state.getRedirectUri()); String idToken = getProcessedIdToken(state, userSubject, getApprovedScope(requestedScope, approvedScope)); if (idToken != null) { sb.append(OidcUtils.ID_TOKEN).append('=').append(idToken); } finalizeResponse(sb, state); return sb; }
Example #2
Source File: AbstractImplicitGrantService.java From cxf with Apache License 2.0 | 6 votes |
protected ClientAccessToken getClientAccessToken(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAccessToken token = null; if (preAuthorizedToken == null) { AccessTokenRegistration reg = createTokenRegistration(state, client, requestedScope, approvedScope, userSubject); token = getDataProvider().createAccessToken(reg); } else { token = preAuthorizedToken; if (state.getNonce() != null) { JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.NONCE, state.getNonce()); } } ClientAccessToken clientToken = OAuthUtils.toClientAccessToken(token, isWriteOptionalParameters()); processClientAccessToken(clientToken, token); return clientToken; }
Example #3
Source File: JCacheOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
public JCacheOAuthDataProvider(String configFileURL, Bus bus, String clientCacheKey, String accessTokenCacheKey, String refreshTokenCacheKey, boolean storeJwtTokenKeyOnly) { cacheManager = createCacheManager(configFileURL, bus); clientCache = createCache(cacheManager, clientCacheKey, String.class, Client.class); this.storeJwtTokenKeyOnly = storeJwtTokenKeyOnly; if (storeJwtTokenKeyOnly) { jwtAccessTokenCache = createCache(cacheManager, accessTokenCacheKey, String.class, String.class); } else { accessTokenCache = createCache(cacheManager, accessTokenCacheKey, String.class, ServerAccessToken.class); } refreshTokenCache = createCache(cacheManager, refreshTokenCacheKey, String.class, RefreshToken.class); }
Example #4
Source File: OidcHybridService.java From cxf with Apache License 2.0 | 6 votes |
@Override protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode( state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); StringBuilder sb = super.prepareRedirectResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); if (codeGrant != null) { sb.append('&'); sb.append(OAuthConstants.AUTHORIZATION_CODE_VALUE).append('=').append(codeGrant.getCode()); } return sb; }
Example #5
Source File: BackChannelLogoutHandler.java From cxf-fediz with Apache License 2.0 | 6 votes |
public void handleLogout(Client client, OidcUserSubject subject, IdToken idTokenHint) { // At the moment the only way to find out which RPs a given User is logged in is // to check the access tokens - it can not offer a complete solution, for ex // in cases when ATs have expired or been revoked or Implicit id_token flow is used. // Most likely a 'visited sites' cookie as suggested by the spec will need to be used. List<ServerAccessToken> accessTokens = dataProvider.getAccessTokens(null, subject); Set<String> processedClients = new HashSet<>(); for (ServerAccessToken at : accessTokens) { Client atClient = at.getClient(); if (client.getClientId().equals(atClient.getClientId()) || processedClients.contains(atClient.getClientId())) { continue; } String uri = atClient.getProperties().get(BACK_CHANNEL_LOGOUT_URI); if (uri != null) { processedClients.add(atClient.getClientId()); submitBackChannelLogoutRequest(atClient, subject, idTokenHint, uri); } } }
Example #6
Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
@Override public ServerAccessToken getPreauthorizedToken(Client client, List<String> requestedScopes, UserSubject sub, String grantType) throws OAuthServiceException { if (!isSupportPreauthorizedTokens()) { return null; } ServerAccessToken token = null; for (ServerAccessToken at : getAccessTokens(client, sub)) { if (at.getClient().getClientId().equals(client.getClientId()) && at.getGrantType().equals(grantType) && (sub == null && at.getSubject() == null || sub != null && at.getSubject().getLogin().equals(sub.getLogin()))) { if (!OAuthUtils.isExpired(at.getIssuedAt(), at.getExpiresIn())) { token = at; } else { revokeToken(client, at.getTokenKey(), OAuthConstants.ACCESS_TOKEN); } break; } } return token; }
Example #7
Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
protected void handleLinkedRefreshToken(Client client, ServerAccessToken accessToken) { if (accessToken != null && accessToken.getRefreshToken() != null) { RefreshToken rt = getRefreshToken(accessToken.getRefreshToken()); if (rt == null) { return; } unlinkRefreshAccessToken(rt, accessToken.getTokenKey()); if (rt.getAccessTokens().isEmpty()) { revokeRefreshToken(client, rt.getTokenKey()); } else { saveRefreshToken(rt); } } }
Example #8
Source File: AuthorizationCodeGrantService.java From cxf with Apache License 2.0 | 6 votes |
protected AuthorizationCodeRegistration createCodeRegistration(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) { AuthorizationCodeRegistration codeReg = new AuthorizationCodeRegistration(); codeReg.setPreauthorizedTokenAvailable(preauthorizedToken != null); codeReg.setClient(client); codeReg.setRedirectUri(state.getRedirectUri()); codeReg.setRequestedScope(requestedScope); codeReg.setResponseType(state.getResponseType()); codeReg.setApprovedScope(getApprovedScope(requestedScope, approvedScope)); codeReg.setSubject(userSubject); codeReg.setAudience(state.getAudience()); codeReg.setNonce(state.getNonce()); codeReg.setClientCodeChallenge(state.getClientCodeChallenge()); codeReg.getExtraProperties().putAll(state.getExtraProperties()); return codeReg; }
Example #9
Source File: JPAOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
@Override protected ServerAccessToken doCreateAccessToken(AccessTokenRegistration atReg) { ServerAccessToken at = super.doCreateAccessToken(atReg); // we override this in order to get rid of elementCollections directly injected // from another entity // this can be the case when using multiple cmt dataProvider operation in a single entityManager // lifespan if (at.getAudiences() != null) { at.setAudiences(new ArrayList<>(at.getAudiences())); } if (at.getExtraProperties() != null) { at.setExtraProperties(new HashMap<String, String>(at.getExtraProperties())); } if (at.getScopes() != null) { at.setScopes(new ArrayList<>(at.getScopes())); } if (at.getParameters() != null) { at.setParameters(new HashMap<String, String>(at.getParameters())); } return at; }
Example #10
Source File: AbstractGrantHandler.java From cxf with Apache License 2.0 | 6 votes |
protected ServerAccessToken getPreAuthorizedToken(Client client, UserSubject subject, String requestedGrant, List<String> requestedScopes, List<String> audiences) { if (!OAuthUtils.validateScopes(requestedScopes, client.getRegisteredScopes(), partialMatchScopeValidation)) { throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE)); } if (!OAuthUtils.validateAudiences(audiences, client.getRegisteredAudiences())) { throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_GRANT)); } // Get a pre-authorized token if available return dataProvider.getPreauthorizedToken( client, requestedScopes, subject, requestedGrant); }
Example #11
Source File: OAuthUtils.java From cxf with Apache License 2.0 | 6 votes |
public static ClientAccessToken toClientAccessToken(ServerAccessToken serverToken, boolean supportOptionalParams) { String tokenKey = serverToken.getEncodedToken() != null ? serverToken.getEncodedToken() : serverToken.getTokenKey(); ClientAccessToken clientToken = new ClientAccessToken(serverToken.getTokenType(), tokenKey); clientToken.setRefreshToken(serverToken.getRefreshToken()); if (supportOptionalParams) { clientToken.setExpiresIn(serverToken.getExpiresIn()); List<OAuthPermission> perms = serverToken.getScopes(); String scopeString = OAuthUtils.convertPermissionsToScope(perms); if (!StringUtils.isEmpty(scopeString)) { clientToken.setApprovedScope(scopeString); } clientToken.setParameters(new HashMap<String, String>(serverToken.getParameters())); } return clientToken; }
Example #12
Source File: CryptoUtilsTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testBearerTokenJSON() throws Exception { AccessTokenRegistration atr = prepareTokenRegistration(); BearerAccessToken token = p.createAccessTokenInternal(atr); JSONProvider<BearerAccessToken> jsonp = new JSONProvider<>(); jsonp.setMarshallAsJaxbElement(true); jsonp.setUnmarshallAsJaxbElement(true); ByteArrayOutputStream bos = new ByteArrayOutputStream(); jsonp.writeTo(token, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, Object>(), bos); String encrypted = CryptoUtils.encryptSequence(bos.toString(), p.key); String decrypted = CryptoUtils.decryptSequence(encrypted, p.key); ServerAccessToken token2 = jsonp.readFrom(BearerAccessToken.class, BearerAccessToken.class, new Annotation[]{}, MediaType.APPLICATION_JSON_TYPE, new MetadataMap<String, String>(), new ByteArrayInputStream(decrypted.getBytes())); // compare tokens compareAccessTokens(token, token2); }
Example #13
Source File: JCacheOAuthDataProvider.java From cxf with Apache License 2.0 | 6 votes |
protected List<ServerAccessToken> getJwtAccessTokens(Client client, UserSubject sub) { final Set<String> toRemove = new HashSet<>(); final List<ServerAccessToken> tokens = new ArrayList<>(); for (Iterator<Cache.Entry<String, String>> it = jwtAccessTokenCache.iterator(); it.hasNext();) { Cache.Entry<String, String> entry = it.next(); String jose = entry.getValue(); JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; ServerAccessToken token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap()); if (isExpired(token)) { toRemove.add(entry.getKey()); } else if (isTokenMatched(token, client, sub)) { tokens.add(token); } } jwtAccessTokenCache.removeAll(toRemove); return tokens; }
Example #14
Source File: AbstractOAuthDataProviderTest.java From cxf with Apache License 2.0 | 6 votes |
@Test public void testAddGetDeleteAccessTokenWithNullSubject() { Client c = addClient("102", "bob"); AccessTokenRegistration atr = new AccessTokenRegistration(); atr.setClient(c); atr.setApprovedScope(Collections.singletonList("a")); atr.setSubject(null); getProvider().createAccessToken(atr); List<ServerAccessToken> tokens = getProvider().getAccessTokens(c, null); assertNotNull(tokens); assertEquals(1, tokens.size()); validateAccessToken(tokens.get(0)); getProvider().removeClient(c.getClientId()); tokens = getProvider().getAccessTokens(c, null); assertNotNull(tokens); assertEquals(0, tokens.size()); }
Example #15
Source File: OidcHybridService.java From cxf with Apache License 2.0 | 6 votes |
@Override protected AbstractFormImplicitResponse prepareFormResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAuthorizationCodeGrant codeGrant = prepareHybrideCode( state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); AbstractFormImplicitResponse implResp = super.prepareFormResponse(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); FormHybridResponse response = new FormHybridResponse(); response.setResponseType(state.getResponseType()); response.setRedirectUri(state.getRedirectUri()); response.setState(state.getState()); response.setImplicitResponse(implResp); if (codeGrant != null) { response.setCode(codeGrant.getCode()); } return response; }
Example #16
Source File: AuthorizationCodeGrantService.java From cxf with Apache License 2.0 | 6 votes |
public ServerAuthorizationCodeGrant getGrantRepresentation(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preauthorizedToken) { AuthorizationCodeRegistration codeReg = createCodeRegistration(state, client, requestedScope, approvedScope, userSubject, preauthorizedToken); ServerAuthorizationCodeGrant grant = ((AuthorizationCodeDataProvider)getDataProvider()).createCodeGrant(codeReg); if (grant.getExpiresIn() > RECOMMENDED_CODE_EXPIRY_TIME_SECS) { LOG.warning("Code expiry time exceeds 10 minutes"); } return grant; }
Example #17
Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
protected static boolean isTokenMatched(ServerAccessToken token, Client c, UserSubject sub) { if (token != null && (c == null || token.getClient().getClientId().equals(c.getClientId()))) { UserSubject tokenSub = token.getSubject(); if (sub == null || tokenSub != null && tokenSub.getLogin().equals(sub.getLogin())) { return true; } } return false; }
Example #18
Source File: EncryptingDataProvider.java From cxf with Apache License 2.0 | 5 votes |
@Override public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenReg) throws OAuthServiceException { ServerAccessToken token = createAccessTokenInternal(accessTokenReg); encryptAccessToken(token); return token; }
Example #19
Source File: JPAOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
@Override public ServerAccessToken getAccessToken(final String accessToken) throws OAuthServiceException { return execute(em -> { TypedQuery<BearerAccessToken> query = em.createQuery("SELECT t FROM BearerAccessToken t" + " WHERE t.tokenKey = :tokenKey", BearerAccessToken.class) .setParameter("tokenKey", accessToken); if (query.getResultList().isEmpty()) { return null; } return query.getSingleResult(); }); }
Example #20
Source File: OidcHybridService.java From cxf with Apache License 2.0 | 5 votes |
protected ServerAuthorizationCodeGrant prepareHybrideCode(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ServerAuthorizationCodeGrant codeGrant = null; if (state.getResponseType() != null && state.getResponseType().startsWith(OAuthConstants.CODE_RESPONSE_TYPE)) { codeGrant = codeService.getGrantRepresentation( state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); JAXRSUtils.getCurrentMessage().getExchange().put(OAuthConstants.AUTHORIZATION_CODE_VALUE, codeGrant.getCode()); } return codeGrant; }
Example #21
Source File: JCacheOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
protected ServerAccessToken getJwtAccessToken(String key) { String jose = jwtAccessTokenCache.get(key); ServerAccessToken token = null; if (jose != null) { JoseJwtConsumer theConsumer = jwtTokenConsumer == null ? new JoseJwtConsumer() : jwtTokenConsumer; token = JwtTokenUtils.createAccessTokenFromJwt(theConsumer, jose, this, super.getJwtAccessTokenClaimMap()); if (isExpired(token)) { jwtAccessTokenCache.remove(key); token = null; } } return token; }
Example #22
Source File: AbstractImplicitGrantService.java From cxf with Apache License 2.0 | 5 votes |
protected StringBuilder prepareRedirectResponse(OAuthRedirectionState state, Client client, List<String> requestedScope, List<String> approvedScope, UserSubject userSubject, ServerAccessToken preAuthorizedToken) { ClientAccessToken clientToken = getClientAccessToken(state, client, requestedScope, approvedScope, userSubject, preAuthorizedToken); // return the token by appending it as a fragment parameter to the redirect URI StringBuilder sb = getUriWithFragment(state.getRedirectUri()); sb.append(OAuthConstants.ACCESS_TOKEN).append('=').append(clientToken.getTokenKey()); sb.append('&'); sb.append(OAuthConstants.ACCESS_TOKEN_TYPE).append('=').append(clientToken.getTokenType()); if (isWriteOptionalParameters()) { sb.append('&').append(OAuthConstants.ACCESS_TOKEN_EXPIRES_IN) .append('=').append(clientToken.getExpiresIn()); if (!StringUtils.isEmpty(clientToken.getApprovedScope())) { sb.append('&').append(OAuthConstants.SCOPE).append('=') .append(HttpUtils.queryEncode(clientToken.getApprovedScope())); } for (Map.Entry<String, String> entry : clientToken.getParameters().entrySet()) { sb.append('&').append(entry.getKey()).append('=').append(HttpUtils.queryEncode(entry.getValue())); } } if (clientToken.getRefreshToken() != null) { processRefreshToken(sb, clientToken.getRefreshToken()); } finalizeResponse(sb, state); return sb; }
Example #23
Source File: JPAOidcUserSubjectTest.java From cxf with Apache License 2.0 | 5 votes |
@Test public void testAccessTokenWithOidcUserSubject() { Client c = addClient("101", "bob"); AccessTokenRegistration atr = new AccessTokenRegistration(); atr.setClient(c); atr.setApprovedScope(Collections.singletonList("a")); OidcUserSubject oidcSubject = new OidcUserSubject(); oidcSubject.setLogin("bob"); IdToken idToken = new IdToken(); idToken.setAudience(c.getClientId()); oidcSubject.setIdToken(idToken); atr.setSubject(oidcSubject); ServerAccessToken at = getProvider().createAccessToken(atr); ServerAccessToken at2 = getProvider().getAccessToken(at.getTokenKey()); assertEquals(at.getTokenKey(), at2.getTokenKey()); OidcUserSubject oidcSubject2 = (OidcUserSubject)at2.getSubject(); assertEquals(c.getClientId(), oidcSubject2.getIdToken().getAudience()); OidcUserSubject oidcSubject3 = new OidcUserSubject(); oidcSubject3.setLogin("bob"); IdToken idToken2 = new IdToken(); idToken2.setAudience(c.getClientId()); oidcSubject3.setIdToken(idToken2); atr.setSubject(oidcSubject3); ServerAccessToken at3 = getProvider().createAccessToken(atr); ServerAccessToken at4 = getProvider().getAccessToken(at3.getTokenKey()); OidcUserSubject oidcSubject4 = (OidcUserSubject)at4.getSubject(); assertEquals(c.getClientId(), oidcSubject4.getIdToken().getAudience()); }
Example #24
Source File: JPAOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
@Override protected void doRevokeAccessToken(final ServerAccessToken at) { executeInTransaction(em -> { ServerAccessToken tokenToRemove = em.getReference(at.getClass(), at.getTokenKey()); em.remove(tokenToRemove); return null; }); }
Example #25
Source File: RefreshTokenEnabledProvider.java From openwebbeans-meecrowave with Apache License 2.0 | 5 votes |
@Override public ServerAccessToken createAccessToken(final AccessTokenRegistration accessToken) throws OAuthServiceException { if (!accessToken.getRequestedScope().contains(OAuthConstants.REFRESH_TOKEN_SCOPE)) { accessToken.setRequestedScope(new ArrayList<>(accessToken.getRequestedScope())); accessToken.getRequestedScope().add(OAuthConstants.REFRESH_TOKEN_SCOPE); } if (!accessToken.getApprovedScope().contains(OAuthConstants.REFRESH_TOKEN_SCOPE)) { accessToken.setApprovedScope(new ArrayList<>(accessToken.getApprovedScope())); accessToken.getApprovedScope().add(OAuthConstants.REFRESH_TOKEN_SCOPE); } return delegate.createAccessToken(accessToken); }
Example #26
Source File: AbstractOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
protected ServerAccessToken revokeAccessToken(Client client, String accessTokenKey) { ServerAccessToken at = getAccessToken(accessTokenKey); if (at != null) { if (!at.getClient().getClientId().equals(client.getClientId())) { throw new OAuthServiceException(OAuthConstants.INVALID_GRANT); } doRevokeAccessToken(at); } return at; }
Example #27
Source File: ModelEncryptionSupport.java From cxf with Apache License 2.0 | 5 votes |
public static ServerAccessToken decryptAccessToken(OAuthDataProvider provider, String encodedData, Key secretKey, KeyProperties props) throws SecurityException { String decryptedSequence = CryptoUtils.decryptSequence(encodedData, secretKey, props); return recreateAccessToken(provider, encodedData, decryptedSequence); }
Example #28
Source File: DefaultEncryptingOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
@Override public List<ServerAccessToken> getAccessTokens(Client c, UserSubject sub) { List<ServerAccessToken> list = new ArrayList<>(tokens.size()); for (String tokenKey : tokens) { ServerAccessToken token = getAccessToken(tokenKey); if (isTokenMatched(token, c, sub)) { list.add(token); } } return list; }
Example #29
Source File: DefaultEncryptingOAuthDataProvider.java From cxf with Apache License 2.0 | 5 votes |
@Override public ServerAccessToken getAccessToken(String accessToken) throws OAuthServiceException { try { return ModelEncryptionSupport.decryptAccessToken(this, accessToken, key); } catch (SecurityException ex) { throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED, ex); } }
Example #30
Source File: CryptoUtilsTest.java From cxf with Apache License 2.0 | 5 votes |
private void compareAccessTokens(ServerAccessToken token, ServerAccessToken token2) { assertEquals(token.getTokenKey(), token2.getTokenKey()); assertEquals(token.getTokenType(), token2.getTokenType()); assertEquals(token.getIssuedAt(), token2.getIssuedAt()); assertEquals(token.getExpiresIn(), token2.getExpiresIn()); Client regClient1 = token.getClient(); Client regClient2 = token2.getClient(); assertEquals(regClient1.getClientId(), regClient2.getClientId()); assertNull(regClient2.getApplicationDescription()); UserSubject endUser1 = token.getSubject(); UserSubject endUser2 = token2.getSubject(); assertEquals(endUser1.getLogin(), endUser2.getLogin()); assertEquals(endUser1.getId(), endUser2.getId()); assertEquals(endUser1.getRoles(), endUser2.getRoles()); assertEquals(token.getRefreshToken(), token2.getRefreshToken()); assertEquals(token.getAudiences(), token2.getAudiences()); assertEquals(token.getGrantType(), token2.getGrantType()); assertEquals(token.getParameters(), token2.getParameters()); List<OAuthPermission> permissions = token.getScopes(); List<OAuthPermission> permissions2 = token2.getScopes(); assertEquals(1, permissions.size()); assertEquals(1, permissions2.size()); OAuthPermission perm1 = permissions.get(0); OAuthPermission perm2 = permissions2.get(0); assertEquals(perm1.getPermission(), perm2.getPermission()); assertEquals(perm1.getDescription(), perm2.getDescription()); RefreshToken refreshToken = ModelEncryptionSupport.decryptRefreshToken(p, token2.getRefreshToken(), p.key); assertEquals(1200L, refreshToken.getExpiresIn()); }