Exemple #1
0
func TestValidateTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockClientCredentialsGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	defer ctrl.Finish()

	h := ClientCredentialsGrantHandler{
		Store:               store,
		Enigma:              chgen,
		AccessTokenLifespan: time.Hour,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("")
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("client_credentials")
				areq.EXPECT().SetGrantTypeHandled("client_credentials")
			},
		},
	} {
		c.mock()
		err := h.ValidateTokenEndpointRequest(nil, c.req, areq, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #2
0
func TestHandleAuthorizeEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAuthorizeRequester(ctrl)
	aresp := internal.NewMockAuthorizeResponder(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store:  store,
		Enigma: chgen,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{})
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"foo"})
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
				chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(nil, fosite.ErrServerError)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
				chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{}, nil)
				store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(fosite.ErrTemporarilyUnavailable)
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{"redirect_uri": {"foobar"}}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"code"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{Secret: []byte("foosecret")})
				chgen.EXPECT().GenerateChallenge(gomock.Eq([]byte("foosecret"))).Return(&enigma.Challenge{Key: "foo", Signature: "bar"}, nil)
				store.EXPECT().CreateAuthorizeCodeSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
				aresp.EXPECT().AddQuery(gomock.Eq("code"), gomock.Eq("foo.bar"))
				aresp.EXPECT().AddQuery(gomock.Eq("scope"), gomock.Any())
				aresp.EXPECT().AddQuery(gomock.Eq("state"), gomock.Any())
				areq.EXPECT().SetResponseTypeHandled(gomock.Eq("code"))
				areq.EXPECT().GetGrantedScopes()
				areq.EXPECT().GetState()
			},
		},
	} {
		c.mock()
		err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #3
0
func TestAuthorizeImplicitEndpointHandler(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockImplicitGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAuthorizeRequester(ctrl)
	aresp := internal.NewMockAuthorizeResponder(ctrl)
	defer ctrl.Finish()

	h := AuthorizeImplicitGrantTypeHandler{
		Store:               store,
		Enigma:              chgen,
		AccessTokenLifespan: time.Hour,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{mock: func() { areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{}) }},
		{
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(nil, errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{Signature: "foo"}, nil)
				store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{Form: url.Values{}},
			mock: func() {
				areq.EXPECT().GetResponseTypes().Return(fosite.Arguments{"token"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{Signature: "foo"}, nil)
				store.EXPECT().CreateImplicitAccessTokenSession("foo", gomock.Any(), gomock.Any()).Return(nil)

				aresp.EXPECT().AddFragment("access_token", gomock.Any())
				aresp.EXPECT().AddFragment("expires_in", strconv.Itoa(int(h.AccessTokenLifespan/time.Second)))
				aresp.EXPECT().AddFragment("token_type", "bearer")
				aresp.EXPECT().AddFragment("state", gomock.Any())
				aresp.EXPECT().AddFragment("scope", gomock.Any())
				areq.EXPECT().SetResponseTypeHandled("token")
				areq.EXPECT().GetState()
				areq.EXPECT().GetGrantedScopes()
			},
			expectErr: nil,
		},
	} {
		c.mock()
		err := h.HandleAuthorizeEndpointRequest(nil, c.req, areq, aresp, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #4
0
func TestHandleTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockClientCredentialsGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	aresp := internal.NewMockAccessResponder(ctrl)
	//mockcl := internal.NewMockClient(ctrl)
	defer ctrl.Finish()

	h := ClientCredentialsGrantHandler{
		Store:               store,
		Enigma:              chgen,
		AccessTokenLifespan: time.Hour,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("")
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("client_credentials")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(nil, errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("client_credentials")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("client_credentials")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)

				areq.EXPECT().GetGrantedScopes()
				aresp.EXPECT().SetAccessToken(".")
				aresp.EXPECT().SetTokenType("bearer")
				aresp.EXPECT().SetExtra("expires_in", gomock.Any())
				aresp.EXPECT().SetExtra("scope", gomock.Any())
			},
		},
	} {
		c.mock()
		err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #5
0
func TestValidateTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockResourceOwnerPasswordCredentialsGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	defer ctrl.Finish()

	h := ResourceOwnerPasswordCredentialsGrantHandler{
		Store:               store,
		Enigma:              chgen,
		AccessTokenLifespan: time.Hour,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("")
			},
		},
		{
			req: &http.Request{PostForm: url.Values{"username": {"peter"}}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("password")
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{"password": {"pan"}}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("password")
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("password")
				store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(pkg.ErrNotFound)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("password")
				store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{"username": {"peter"}, "password": {"pan"}}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("password")
				store.EXPECT().DoCredentialsAuthenticate("peter", "pan").Return(nil)
				areq.EXPECT().SetGrantTypeHandled("password")
			},
		},
	} {
		c.mock()
		err := h.ValidateTokenEndpointRequest(nil, c.req, areq, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #6
0
func TestValidateTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockRefreshTokenGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	defer ctrl.Finish()

	h := RefreshTokenGrantHandler{
		Store:               store,
		Enigma:              chgen,
		AccessTokenLifespan: time.Hour,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("")
			},
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("refresh_token")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("refresh_token")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil, pkg.ErrNotFound)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("refresh_token")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("refresh_token")
				areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(&fosite.AccessRequest{Client: &client.SecureClient{ID: ""}}, nil)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("refresh_token")
				areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				areq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetRefreshTokenSession(gomock.Any(), gomock.Any()).Return(&fosite.AccessRequest{Client: &client.SecureClient{ID: "foo"}}, nil)
				areq.EXPECT().SetGrantTypeHandled("refresh_token")
			},
		},
	} {
		c.mock()
		err := h.ValidateTokenEndpointRequest(nil, c.req, areq, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #7
0
func TestHandleTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	aresp := internal.NewMockAccessResponder(ctrl)
	//mockcl := internal.NewMockClient(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store:  store,
		Enigma: chgen,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("13245678")
			},
		},
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, errors.New("foo"))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})

				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)

				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})

				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)

				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)

				store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(errors.New(""))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			req: &http.Request{PostForm: url.Values{}},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code")
				areq.EXPECT().GetGrantedScopes()
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)
				chgen.EXPECT().GenerateChallenge(gomock.Any()).Return(&enigma.Challenge{}, nil)

				aresp.EXPECT().SetAccessToken(gomock.Eq("."))
				aresp.EXPECT().SetTokenType(gomock.Eq("bearer"))
				aresp.EXPECT().SetExtra(gomock.Eq("refresh_token"), gomock.Any())
				aresp.EXPECT().SetExtra(gomock.Eq("expires_in"), gomock.Any())
				aresp.EXPECT().SetExtra(gomock.Eq("state"), gomock.Any())
				aresp.EXPECT().SetExtra(gomock.Eq("scope"), gomock.Any())

				store.EXPECT().DeleteAuthorizeCodeSession(gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(&fosite.AuthorizeRequest{}, nil)
				store.EXPECT().CreateAccessTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().CreateRefreshTokenSession(gomock.Any(), gomock.Any(), gomock.Any()).Return(nil)
			},
		},
	} {
		c.mock()
		err := h.HandleTokenEndpointRequest(nil, c.req, areq, aresp, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}
Exemple #8
0
func TestValidateTokenEndpointRequest(t *testing.T) {
	ctrl := gomock.NewController(t)
	store := internal.NewMockAuthorizeCodeGrantStorage(ctrl)
	chgen := internal.NewMockEnigma(ctrl)
	areq := internal.NewMockAccessRequester(ctrl)
	authreq := internal.NewMockAuthorizeRequester(ctrl)
	defer ctrl.Finish()

	h := AuthorizeExplicitGrantTypeHandler{
		Store:  store,
		Enigma: chgen,
	}
	for k, c := range []struct {
		mock      func()
		req       *http.Request
		expectErr error
	}{
		{
			mock: func() {
				areq.EXPECT().GetGrantType().Return("13245678") // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
		},
		{
			req: &http.Request{
				PostForm: url.Values{"foo": {"bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {".bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"."}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(errors.New("foo"))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, pkg.ErrNotFound)
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().Return(&client.SecureClient{})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(nil, errors.New("foo"))
			},
			expectErr: fosite.ErrServerError,
		},
		{
			// clients mismatch
			req: &http.Request{
				PostForm: url.Values{"code": {"foo.bar"}}, // code REQUIRED. The authorization code received from the authorization server.
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "bar"})
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Do(func(_ interface{}, sess *authorize.AuthorizeSession) {
					sess.RequestRedirectURI = "request-redir"
				}).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code":         {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
					"redirect_uri": {"request-redir"},
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Do(func(_ interface{}, sess *authorize.AuthorizeSession) {
					sess.RequestRedirectURI = "request-redir"
				}).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code":         {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
					"redirect_uri": {"request-redir"},
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(-time.Hour))
			},
			expectErr: fosite.ErrInvalidRequest,
		},
		{
			req: &http.Request{
				PostForm: url.Values{
					"code": {"foo.bar"}, // code REQUIRED. The authorization code received from the authorization server.
				},
			},
			mock: func() {
				areq.EXPECT().GetGrantType().Return("authorization_code") // grant_type REQUIRED. Value MUST be set to "authorization_code".
				areq.EXPECT().GetClient().AnyTimes().Return(&client.SecureClient{ID: "foo"})
				chgen.EXPECT().ValidateChallenge(gomock.Any(), gomock.Any()).Return(nil)
				store.EXPECT().GetAuthorizeCodeSession(gomock.Any(), gomock.Any()).Return(authreq, nil)

				authreq.EXPECT().GetScopes().Return([]string{})
				areq.EXPECT().SetScopes(gomock.Any())
				authreq.EXPECT().GetClient().Return(&client.SecureClient{ID: "foo"})
				authreq.EXPECT().GetRequestedAt().Return(time.Now().Add(time.Hour))
				areq.EXPECT().SetGrantTypeHandled("authorization_code")
			},
		},
	} {
		c.mock()
		err := h.ValidateTokenEndpointRequest(nil, c.req, areq, nil)
		assert.True(t, errors.Is(c.expectErr, err), "%d\n%s\n%s", k, err, c.expectErr)
		t.Logf("Passed test case %d", k)
	}
}