Log in
Log in
Log in
Book a Demo
Get Started
630.1K 456.7K 7.8K
Back to Repositories

Validating OAuth2 Password Grant Authentication in spring-boot-demo

This test suite validates OAuth2 Resource Owner Password Grant functionality in a Spring Boot application. It focuses on testing direct resource server connections and access token generation using Spring Security OAuth2 implementation.

Test Coverage Overview

The test suite provides coverage for OAuth2 password grant flow authentication.

Key areas tested include:
  • Access token generation and validation
  • Resource owner credential verification
  • OAuth2 client configuration validation
  • Direct resource server connectivity

Implementation Analysis

The testing approach utilizes JUnit 5 with Spring Security OAuth2 test utilities. It implements a ResourceOwnerPasswordResourceDetails configuration to simulate password grant authentication flow.

The test demonstrates proper OAuth2 client setup with:
  • Client credentials configuration
  • Token endpoint URI specification
  • Scope definition
  • User credential management

Technical Details

Testing tools and configuration:
  • JUnit Jupiter for test execution
  • OAuth2RestTemplate for OAuth2 client operations
  • ResourceOwnerPasswordResourceDetails for grant type configuration
  • Spring Security OAuth2 client libraries
  • Custom AuthorizationServerInfo utility

Best Practices Demonstrated

The test implementation showcases several OAuth2 testing best practices.

Notable practices include:
  • Separation of token acquisition logic
  • Proper assertion handling
  • Clear scope definition
  • Secure credential management
  • Modular test structure

xkcoding/spring-boot-demo

demo-oauth/oauth-authorization-server/src/test/java/com/xkcoding/oauth/oauth/ResourceOwnerPasswordGrantTests.java

            
package com.xkcoding.oauth.oauth;

import org.junit.jupiter.api.Test;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;

import java.util.Arrays;

import static com.xkcoding.oauth.oauth.AuthorizationServerInfo.getUrl;
import static org.junit.jupiter.api.Assertions.assertNotNull;

/**
 * .
 *
 * @author <a href="https://echocow.cn">EchoCow</a>
 * @date 2020-01-06 21:14
 */
public class ResourceOwnerPasswordGrantTests {

    @Test
    void testConnectDirectlyToResourceServer() {
        assertNotNull(accessToken());
    }

    public static String accessToken() {
        ResourceOwnerPasswordResourceDetails resource = new ResourceOwnerPasswordResourceDetails();
        resource.setAccessTokenUri(getUrl("/oauth/token"));
        resource.setClientId("oauth2");
        resource.setClientSecret("oauth2");
        resource.setId("oauth2");
        resource.setScope(Arrays.asList("READ", "WRITE"));
        resource.setUsername("admin");
        resource.setPassword("123456");
        OAuth2RestTemplate template = new OAuth2RestTemplate(resource);
        OAuth2AccessToken accessToken = template.getAccessToken();
        return accessToken.getValue();
    }
}