oauth2: Add and enhance access/refresh token tests

This patch introduces more tests for code and refresh flows and the JWT strategy. Signed-off-by: arekkas <aeneas@ory.am>
ory · Jul 23, 2018 · 7855b33 · 7855b33
1 parent d3b4e77
commit 7855b33
Show file tree

Hide file tree

Showing 5 changed files with 934 additions and 693 deletions.
diff --git a/oauth2/handler.go b/oauth2/handler.go
@@ -36,7 +36,6 @@ import (
 	"github.com/ory/hydra/client"
 	"github.com/ory/hydra/consent"
 	"github.com/ory/hydra/pkg"
-	"github.com/pborman/uuid"
 	"github.com/pkg/errors"
 )
 
@@ -487,7 +486,6 @@ func (h *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprou
 
 		session.Subject = accessRequest.GetClient().GetID()
 		session.ClientID = accessRequest.GetClient().GetID()
-		session.JTI = uuid.New()
 		session.KID = accessTokenKeyID
 		session.DefaultSession.Claims.Issuer = strings.TrimRight(h.IssuerURL, "/") + "/"
 		session.DefaultSession.Claims.IssuedAt = time.Now().UTC()
@@ -591,7 +589,6 @@ func (h *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprout
 		Extra: session.Session.AccessToken,
 		// Here, we do not include the client because it's typically not the audience.
 		Audience: []string{},
-		JTI:      uuid.New(),
 		KID:      accessTokenKeyID,
 		ClientID: authorizeRequest.GetClient().GetID(),
 	})