@Test @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false) public void testRegisteredRedirectWithWrongOneInTokenEndpoint() throws Exception { approveAccessTokenGrant("http://anywhere?key=value", true); // Setting the redirect uri directly in the request should override the saved value context.getAccessTokenRequest().set("redirect_uri", "http://nowhere.com"); try { assertNotNull(context.getAccessToken()); fail("Expected RedirectMismatchException"); } catch (RedirectMismatchException e) { assertEquals(HttpStatus.BAD_REQUEST.value(), e.getHttpErrorCode()); assertEquals("invalid_grant", e.getOAuth2ErrorCode()); } }
@Test @OAuth2ContextConfiguration(resource = MyClientWithRegisteredRedirect.class, initialize = false) public void testRegisteredRedirectWithWrongOneInTokenEndpoint() throws Exception { approveAccessTokenGrant("http://anywhere?key=value", true); // Setting the redirect uri directly in the request should override the saved value context.getAccessTokenRequest().set("redirect_uri", "http://nowhere.com"); try { assertNotNull(context.getAccessToken()); fail("Expected RedirectMismatchException"); } catch (RedirectMismatchException e) { assertEquals(HttpStatus.BAD_REQUEST.value(), e.getHttpErrorCode()); assertEquals("invalid_grant", e.getOAuth2ErrorCode()); } }