1
0

OauthApiControllerTest.php 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Lukas Reschke <lukas@statuscode.ch>
  7. * @author Morris Jobke <hey@morrisjobke.de>
  8. * @author Roeland Jago Douma <roeland@famdouma.nl>
  9. *
  10. * @license GNU AGPL version 3 or any later version
  11. *
  12. * This program is free software: you can redistribute it and/or modify
  13. * it under the terms of the GNU Affero General Public License as
  14. * published by the Free Software Foundation, either version 3 of the
  15. * License, or (at your option) any later version.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  24. *
  25. */
  26. namespace OCA\OAuth2\Tests\Controller;
  27. use OC\Authentication\Exceptions\ExpiredTokenException;
  28. use OC\Authentication\Exceptions\InvalidTokenException;
  29. use OC\Authentication\Token\IProvider as TokenProvider;
  30. use OC\Authentication\Token\PublicKeyToken;
  31. use OCA\OAuth2\Controller\OauthApiController;
  32. use OCA\OAuth2\Db\AccessToken;
  33. use OCA\OAuth2\Db\AccessTokenMapper;
  34. use OCA\OAuth2\Db\Client;
  35. use OCA\OAuth2\Db\ClientMapper;
  36. use OCA\OAuth2\Exceptions\AccessTokenNotFoundException;
  37. use OCA\OAuth2\Exceptions\ClientNotFoundException;
  38. use OCP\AppFramework\Http;
  39. use OCP\AppFramework\Http\JSONResponse;
  40. use OCP\AppFramework\Utility\ITimeFactory;
  41. use OCP\IRequest;
  42. use OCP\Security\Bruteforce\IThrottler;
  43. use OCP\Security\ICrypto;
  44. use OCP\Security\ISecureRandom;
  45. use Psr\Log\LoggerInterface;
  46. use Test\TestCase;
  47. /* We have to use this to add a property to the mocked request and avoid warnings about dynamic properties on PHP>=8.2 */
  48. abstract class RequestMock implements IRequest {
  49. public array $server = [];
  50. }
  51. class OauthApiControllerTest extends TestCase {
  52. /** @var IRequest|\PHPUnit\Framework\MockObject\MockObject */
  53. private $request;
  54. /** @var ICrypto|\PHPUnit\Framework\MockObject\MockObject */
  55. private $crypto;
  56. /** @var AccessTokenMapper|\PHPUnit\Framework\MockObject\MockObject */
  57. private $accessTokenMapper;
  58. /** @var ClientMapper|\PHPUnit\Framework\MockObject\MockObject */
  59. private $clientMapper;
  60. /** @var TokenProvider|\PHPUnit\Framework\MockObject\MockObject */
  61. private $tokenProvider;
  62. /** @var ISecureRandom|\PHPUnit\Framework\MockObject\MockObject */
  63. private $secureRandom;
  64. /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
  65. private $time;
  66. /** @var IThrottler|\PHPUnit\Framework\MockObject\MockObject */
  67. private $throttler;
  68. /** @var LoggerInterface|\PHPUnit\Framework\MockObject\MockObject */
  69. private $logger;
  70. /** @var ITimeFactory|\PHPUnit\Framework\MockObject\MockObject */
  71. private $timeFactory;
  72. /** @var OauthApiController */
  73. private $oauthApiController;
  74. protected function setUp(): void {
  75. parent::setUp();
  76. $this->request = $this->createMock(RequestMock::class);
  77. $this->crypto = $this->createMock(ICrypto::class);
  78. $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class);
  79. $this->clientMapper = $this->createMock(ClientMapper::class);
  80. $this->tokenProvider = $this->createMock(TokenProvider::class);
  81. $this->secureRandom = $this->createMock(ISecureRandom::class);
  82. $this->time = $this->createMock(ITimeFactory::class);
  83. $this->throttler = $this->createMock(IThrottler::class);
  84. $this->logger = $this->createMock(LoggerInterface::class);
  85. $this->timeFactory = $this->createMock(ITimeFactory::class);
  86. $this->oauthApiController = new OauthApiController(
  87. 'oauth2',
  88. $this->request,
  89. $this->crypto,
  90. $this->accessTokenMapper,
  91. $this->clientMapper,
  92. $this->tokenProvider,
  93. $this->secureRandom,
  94. $this->time,
  95. $this->logger,
  96. $this->throttler,
  97. $this->timeFactory
  98. );
  99. }
  100. public function testGetTokenInvalidGrantType() {
  101. $expected = new JSONResponse([
  102. 'error' => 'invalid_grant',
  103. ], Http::STATUS_BAD_REQUEST);
  104. $expected->throttle(['invalid_grant' => 'foo']);
  105. $this->assertEquals($expected, $this->oauthApiController->getToken('foo', null, null, null, null));
  106. }
  107. public function testGetTokenInvalidCode() {
  108. $expected = new JSONResponse([
  109. 'error' => 'invalid_request',
  110. ], Http::STATUS_BAD_REQUEST);
  111. $expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidcode']);
  112. $this->accessTokenMapper->method('getByCode')
  113. ->with('invalidcode')
  114. ->willThrowException(new AccessTokenNotFoundException());
  115. $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'invalidcode', null, null, null));
  116. }
  117. public function testGetTokenExpiredCode() {
  118. $codeCreatedAt = 100;
  119. $expiredSince = 123;
  120. $expected = new JSONResponse([
  121. 'error' => 'invalid_request',
  122. ], Http::STATUS_BAD_REQUEST);
  123. $expected->throttle(['invalid_request' => 'authorization_code_expired', 'expired_since' => $expiredSince]);
  124. $accessToken = new AccessToken();
  125. $accessToken->setClientId(42);
  126. $accessToken->setCodeCreatedAt($codeCreatedAt);
  127. $this->accessTokenMapper->method('getByCode')
  128. ->with('validcode')
  129. ->willReturn($accessToken);
  130. $tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER + $expiredSince;
  131. $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
  132. $this->timeFactory->method('now')
  133. ->willReturn($dateNow);
  134. $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
  135. }
  136. public function testGetTokenWithCodeForActiveToken() {
  137. // if a token has already delivered oauth tokens,
  138. // it should not be possible to get a new oauth token from a valid authorization code
  139. $codeCreatedAt = 100;
  140. $expected = new JSONResponse([
  141. 'error' => 'invalid_request',
  142. ], Http::STATUS_BAD_REQUEST);
  143. $expected->throttle(['invalid_request' => 'authorization_code_received_for_active_token']);
  144. $accessToken = new AccessToken();
  145. $accessToken->setClientId(42);
  146. $accessToken->setCodeCreatedAt($codeCreatedAt);
  147. $accessToken->setTokenCount(1);
  148. $this->accessTokenMapper->method('getByCode')
  149. ->with('validcode')
  150. ->willReturn($accessToken);
  151. $tsNow = $codeCreatedAt + 1;
  152. $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
  153. $this->timeFactory->method('now')
  154. ->willReturn($dateNow);
  155. $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
  156. }
  157. public function testGetTokenClientDoesNotExist() {
  158. // In this test, the token's authorization code is valid and has not expired
  159. // and we check what happens when the associated Oauth client does not exist
  160. $codeCreatedAt = 100;
  161. $expected = new JSONResponse([
  162. 'error' => 'invalid_request',
  163. ], Http::STATUS_BAD_REQUEST);
  164. $expected->throttle(['invalid_request' => 'client not found', 'client_id' => 42]);
  165. $accessToken = new AccessToken();
  166. $accessToken->setClientId(42);
  167. $accessToken->setCodeCreatedAt($codeCreatedAt);
  168. $this->accessTokenMapper->method('getByCode')
  169. ->with('validcode')
  170. ->willReturn($accessToken);
  171. // 'now' is before the token's authorization code expiration
  172. $tsNow = $codeCreatedAt + OauthApiController::AUTHORIZATION_CODE_EXPIRES_AFTER - 1;
  173. $dateNow = (new \DateTimeImmutable())->setTimestamp($tsNow);
  174. $this->timeFactory->method('now')
  175. ->willReturn($dateNow);
  176. $this->clientMapper->method('getByUid')
  177. ->with(42)
  178. ->willThrowException(new ClientNotFoundException());
  179. $this->assertEquals($expected, $this->oauthApiController->getToken('authorization_code', 'validcode', null, null, null));
  180. }
  181. public function testRefreshTokenInvalidRefreshToken() {
  182. $expected = new JSONResponse([
  183. 'error' => 'invalid_request',
  184. ], Http::STATUS_BAD_REQUEST);
  185. $expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidrefresh']);
  186. $this->accessTokenMapper->method('getByCode')
  187. ->with('invalidrefresh')
  188. ->willThrowException(new AccessTokenNotFoundException());
  189. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'invalidrefresh', null, null));
  190. }
  191. public function testRefreshTokenClientDoesNotExist() {
  192. $expected = new JSONResponse([
  193. 'error' => 'invalid_request',
  194. ], Http::STATUS_BAD_REQUEST);
  195. $expected->throttle(['invalid_request' => 'client not found', 'client_id' => 42]);
  196. $accessToken = new AccessToken();
  197. $accessToken->setClientId(42);
  198. $this->accessTokenMapper->method('getByCode')
  199. ->with('validrefresh')
  200. ->willReturn($accessToken);
  201. $this->clientMapper->method('getByUid')
  202. ->with(42)
  203. ->willThrowException(new ClientNotFoundException());
  204. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
  205. }
  206. public function invalidClientProvider() {
  207. return [
  208. ['invalidClientId', 'invalidClientSecret'],
  209. ['clientId', 'invalidClientSecret'],
  210. ['invalidClientId', 'clientSecret'],
  211. ];
  212. }
  213. /**
  214. * @dataProvider invalidClientProvider
  215. *
  216. * @param string $clientId
  217. * @param string $clientSecret
  218. */
  219. public function testRefreshTokenInvalidClient($clientId, $clientSecret) {
  220. $expected = new JSONResponse([
  221. 'error' => 'invalid_client',
  222. ], Http::STATUS_BAD_REQUEST);
  223. $expected->throttle(['invalid_client' => 'client ID or secret does not match']);
  224. $accessToken = new AccessToken();
  225. $accessToken->setClientId(42);
  226. $this->accessTokenMapper->method('getByCode')
  227. ->with('validrefresh')
  228. ->willReturn($accessToken);
  229. $client = new Client();
  230. $client->setClientIdentifier('clientId');
  231. $client->setSecret('clientSecret');
  232. $this->clientMapper->method('getByUid')
  233. ->with(42)
  234. ->willReturn($client);
  235. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', $clientId, $clientSecret));
  236. }
  237. public function testRefreshTokenInvalidAppToken() {
  238. $expected = new JSONResponse([
  239. 'error' => 'invalid_request',
  240. ], Http::STATUS_BAD_REQUEST);
  241. $expected->throttle(['invalid_request' => 'token is invalid']);
  242. $accessToken = new AccessToken();
  243. $accessToken->setClientId(42);
  244. $accessToken->setTokenId(1337);
  245. $accessToken->setEncryptedToken('encryptedToken');
  246. $this->accessTokenMapper->method('getByCode')
  247. ->with('validrefresh')
  248. ->willReturn($accessToken);
  249. $client = new Client();
  250. $client->setClientIdentifier('clientId');
  251. $client->setSecret('encryptedClientSecret');
  252. $this->clientMapper->method('getByUid')
  253. ->with(42)
  254. ->willReturn($client);
  255. $this->crypto
  256. ->method('decrypt')
  257. ->with($this->callback(function (string $text) {
  258. return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
  259. }))
  260. ->willReturnCallback(function (string $text) {
  261. return $text === 'encryptedClientSecret'
  262. ? 'clientSecret'
  263. : ($text === 'encryptedToken' ? 'decryptedToken' : '');
  264. });
  265. $this->tokenProvider->method('getTokenById')
  266. ->with(1337)
  267. ->willThrowException(new InvalidTokenException());
  268. $this->accessTokenMapper->expects($this->once())
  269. ->method('delete')
  270. ->with($accessToken);
  271. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
  272. }
  273. public function testRefreshTokenValidAppToken() {
  274. $accessToken = new AccessToken();
  275. $accessToken->setClientId(42);
  276. $accessToken->setTokenId(1337);
  277. $accessToken->setEncryptedToken('encryptedToken');
  278. $this->accessTokenMapper->method('getByCode')
  279. ->with('validrefresh')
  280. ->willReturn($accessToken);
  281. $client = new Client();
  282. $client->setClientIdentifier('clientId');
  283. $client->setSecret('encryptedClientSecret');
  284. $this->clientMapper->method('getByUid')
  285. ->with(42)
  286. ->willReturn($client);
  287. $this->crypto
  288. ->method('decrypt')
  289. ->with($this->callback(function (string $text) {
  290. return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
  291. }))
  292. ->willReturnCallback(function (string $text) {
  293. return $text === 'encryptedClientSecret'
  294. ? 'clientSecret'
  295. : ($text === 'encryptedToken' ? 'decryptedToken' : '');
  296. });
  297. $appToken = new PublicKeyToken();
  298. $appToken->setUid('userId');
  299. $this->tokenProvider->method('getTokenById')
  300. ->with(1337)
  301. ->willThrowException(new ExpiredTokenException($appToken));
  302. $this->accessTokenMapper->expects($this->never())
  303. ->method('delete')
  304. ->with($accessToken);
  305. $this->secureRandom->method('generate')
  306. ->willReturnCallback(function ($len) {
  307. return 'random'.$len;
  308. });
  309. $this->tokenProvider->expects($this->once())
  310. ->method('rotate')
  311. ->with(
  312. $appToken,
  313. 'decryptedToken',
  314. 'random72'
  315. )->willReturn($appToken);
  316. $this->time->method('getTime')
  317. ->willReturn(1000);
  318. $this->tokenProvider->expects($this->once())
  319. ->method('updateToken')
  320. ->with(
  321. $this->callback(function (PublicKeyToken $token) {
  322. return $token->getExpires() === 4600;
  323. })
  324. );
  325. $this->crypto->method('encrypt')
  326. ->with('random72', 'random128')
  327. ->willReturn('newEncryptedToken');
  328. $this->accessTokenMapper->expects($this->once())
  329. ->method('update')
  330. ->with(
  331. $this->callback(function (AccessToken $token) {
  332. return $token->getHashedCode() === hash('sha512', 'random128') &&
  333. $token->getEncryptedToken() === 'newEncryptedToken';
  334. })
  335. );
  336. $expected = new JSONResponse([
  337. 'access_token' => 'random72',
  338. 'token_type' => 'Bearer',
  339. 'expires_in' => 3600,
  340. 'refresh_token' => 'random128',
  341. 'user_id' => 'userId',
  342. ]);
  343. $this->request->method('getRemoteAddress')
  344. ->willReturn('1.2.3.4');
  345. $this->throttler->expects($this->once())
  346. ->method('resetDelay')
  347. ->with(
  348. '1.2.3.4',
  349. 'login',
  350. ['user' => 'userId']
  351. );
  352. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
  353. }
  354. public function testRefreshTokenValidAppTokenBasicAuth() {
  355. $accessToken = new AccessToken();
  356. $accessToken->setClientId(42);
  357. $accessToken->setTokenId(1337);
  358. $accessToken->setEncryptedToken('encryptedToken');
  359. $this->accessTokenMapper->method('getByCode')
  360. ->with('validrefresh')
  361. ->willReturn($accessToken);
  362. $client = new Client();
  363. $client->setClientIdentifier('clientId');
  364. $client->setSecret('encryptedClientSecret');
  365. $this->clientMapper->method('getByUid')
  366. ->with(42)
  367. ->willReturn($client);
  368. $this->crypto
  369. ->method('decrypt')
  370. ->with($this->callback(function (string $text) {
  371. return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
  372. }))
  373. ->willReturnCallback(function (string $text) {
  374. return $text === 'encryptedClientSecret'
  375. ? 'clientSecret'
  376. : ($text === 'encryptedToken' ? 'decryptedToken' : '');
  377. });
  378. $appToken = new PublicKeyToken();
  379. $appToken->setUid('userId');
  380. $this->tokenProvider->method('getTokenById')
  381. ->with(1337)
  382. ->willThrowException(new ExpiredTokenException($appToken));
  383. $this->accessTokenMapper->expects($this->never())
  384. ->method('delete')
  385. ->with($accessToken);
  386. $this->secureRandom->method('generate')
  387. ->willReturnCallback(function ($len) {
  388. return 'random'.$len;
  389. });
  390. $this->tokenProvider->expects($this->once())
  391. ->method('rotate')
  392. ->with(
  393. $appToken,
  394. 'decryptedToken',
  395. 'random72'
  396. )->willReturn($appToken);
  397. $this->time->method('getTime')
  398. ->willReturn(1000);
  399. $this->tokenProvider->expects($this->once())
  400. ->method('updateToken')
  401. ->with(
  402. $this->callback(function (PublicKeyToken $token) {
  403. return $token->getExpires() === 4600;
  404. })
  405. );
  406. $this->crypto->method('encrypt')
  407. ->with('random72', 'random128')
  408. ->willReturn('newEncryptedToken');
  409. $this->accessTokenMapper->expects($this->once())
  410. ->method('update')
  411. ->with(
  412. $this->callback(function (AccessToken $token) {
  413. return $token->getHashedCode() === hash('sha512', 'random128') &&
  414. $token->getEncryptedToken() === 'newEncryptedToken';
  415. })
  416. );
  417. $expected = new JSONResponse([
  418. 'access_token' => 'random72',
  419. 'token_type' => 'Bearer',
  420. 'expires_in' => 3600,
  421. 'refresh_token' => 'random128',
  422. 'user_id' => 'userId',
  423. ]);
  424. $this->request->server['PHP_AUTH_USER'] = 'clientId';
  425. $this->request->server['PHP_AUTH_PW'] = 'clientSecret';
  426. $this->request->method('getRemoteAddress')
  427. ->willReturn('1.2.3.4');
  428. $this->throttler->expects($this->once())
  429. ->method('resetDelay')
  430. ->with(
  431. '1.2.3.4',
  432. 'login',
  433. ['user' => 'userId']
  434. );
  435. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', null, null));
  436. }
  437. public function testRefreshTokenExpiredAppToken() {
  438. $accessToken = new AccessToken();
  439. $accessToken->setClientId(42);
  440. $accessToken->setTokenId(1337);
  441. $accessToken->setEncryptedToken('encryptedToken');
  442. $this->accessTokenMapper->method('getByCode')
  443. ->with('validrefresh')
  444. ->willReturn($accessToken);
  445. $client = new Client();
  446. $client->setClientIdentifier('clientId');
  447. $client->setSecret('encryptedClientSecret');
  448. $this->clientMapper->method('getByUid')
  449. ->with(42)
  450. ->willReturn($client);
  451. $this->crypto
  452. ->method('decrypt')
  453. ->with($this->callback(function (string $text) {
  454. return $text === 'encryptedClientSecret' || $text === 'encryptedToken';
  455. }))
  456. ->willReturnCallback(function (string $text) {
  457. return $text === 'encryptedClientSecret'
  458. ? 'clientSecret'
  459. : ($text === 'encryptedToken' ? 'decryptedToken' : '');
  460. });
  461. $appToken = new PublicKeyToken();
  462. $appToken->setUid('userId');
  463. $this->tokenProvider->method('getTokenById')
  464. ->with(1337)
  465. ->willReturn($appToken);
  466. $this->accessTokenMapper->expects($this->never())
  467. ->method('delete')
  468. ->with($accessToken);
  469. $this->secureRandom->method('generate')
  470. ->willReturnCallback(function ($len) {
  471. return 'random'.$len;
  472. });
  473. $this->tokenProvider->expects($this->once())
  474. ->method('rotate')
  475. ->with(
  476. $appToken,
  477. 'decryptedToken',
  478. 'random72'
  479. )->willReturn($appToken);
  480. $this->time->method('getTime')
  481. ->willReturn(1000);
  482. $this->tokenProvider->expects($this->once())
  483. ->method('updateToken')
  484. ->with(
  485. $this->callback(function (PublicKeyToken $token) {
  486. return $token->getExpires() === 4600;
  487. })
  488. );
  489. $this->crypto->method('encrypt')
  490. ->with('random72', 'random128')
  491. ->willReturn('newEncryptedToken');
  492. $this->accessTokenMapper->expects($this->once())
  493. ->method('update')
  494. ->with(
  495. $this->callback(function (AccessToken $token) {
  496. return $token->getHashedCode() === hash('sha512', 'random128') &&
  497. $token->getEncryptedToken() === 'newEncryptedToken';
  498. })
  499. );
  500. $expected = new JSONResponse([
  501. 'access_token' => 'random72',
  502. 'token_type' => 'Bearer',
  503. 'expires_in' => 3600,
  504. 'refresh_token' => 'random128',
  505. 'user_id' => 'userId',
  506. ]);
  507. $this->request->method('getRemoteAddress')
  508. ->willReturn('1.2.3.4');
  509. $this->throttler->expects($this->once())
  510. ->method('resetDelay')
  511. ->with(
  512. '1.2.3.4',
  513. 'login',
  514. ['user' => 'userId']
  515. );
  516. $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret'));
  517. }
  518. }