Updated OAuth2 response handler (#650)

Change-Id: Id00eec7cd37f3dc3efbadf1c7f8e1f7f2a3d15f9
diff --git a/full/Changes b/full/Changes
index f7d62c5..8709b67 100644
--- a/full/Changes
+++ b/full/Changes
@@ -22,6 +22,7 @@
 - Make scope extraction more flexible.
 - Updated token response using Nimbus (#650)
 - Remove Oltu request and validator implementations (#650)
+- Updated OAuth2 response handler (#650)
 
 
 # version 0.71.1
diff --git a/full/pom.xml b/full/pom.xml
index 9ec117d..23c336f 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -651,13 +651,6 @@
 		    <scope>provided</scope>
 		</dependency>
 
-		<!-- needed by apache Oltu -->
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>javax.servlet-api</artifactId>
-			<version>4.0.1</version>
-		</dependency>
-		
 	    <dependency>
 	      <groupId>org.apache.commons</groupId>
 	      <artifactId>commons-text</artifactId>
@@ -750,18 +743,6 @@
 
 		<!-- OAuth -->
 		<dependency>
-			<groupId>org.apache.oltu.oauth2</groupId>
-			<artifactId>org.apache.oltu.oauth2.authzserver</artifactId>
-			<version>1.0.2</version>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.oltu.oauth2</groupId>
-			<artifactId>org.apache.oltu.oauth2.client</artifactId>
-			<version>1.0.2</version>
-		</dependency>
-
-		<!-- Nimbus -->
-		<dependency>
 			<groupId>com.nimbusds</groupId>
 			<artifactId>oauth2-oidc-sdk</artifactId>
 			<version>11.6</version>
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ResponseHandler.java b/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ResponseHandler.java
index 9ece449..112b05d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ResponseHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ResponseHandler.java
@@ -1,33 +1,23 @@
 package de.ids_mannheim.korap.web;
 
 import java.net.URI;
-import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.apache.http.HttpHeaders;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
-import org.apache.oltu.oauth2.common.message.OAuthResponse;
-import org.apache.oltu.oauth2.common.message.OAuthResponse.OAuthErrorResponseBuilder;
 
 import com.nimbusds.oauth2.sdk.AccessTokenResponse;
-import com.nimbusds.oauth2.sdk.AuthorizationErrorResponse;
 import com.nimbusds.oauth2.sdk.ErrorObject;
-import com.nimbusds.oauth2.sdk.ErrorResponse;
 import com.nimbusds.oauth2.sdk.OAuth2Error;
-import com.nimbusds.oauth2.sdk.TokenErrorResponse;
-import com.nimbusds.oauth2.sdk.id.State;
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.StatusCodes;
 import jakarta.ws.rs.WebApplicationException;
-import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.ResponseBuilder;
 import jakarta.ws.rs.core.Response.Status;
 
 /**
- * OAuth2ResponseHandler builds {@link Response}s from
- * {@link OAuthResponse}s and handles exceptions by building
+ * OAuth2ResponseHandler builds {@link Response}s and handles exceptions by building
  * OAuth error responses accordingly.
  * 
  * <br/><br/>
@@ -41,185 +31,80 @@
  *
  */
 public class OAuth2ResponseHandler extends KustvaktResponseHandler {
-
-    public WebApplicationException throwit (OAuthSystemException e) {
-        return throwit(StatusCodes.OAUTH2_SYSTEM_ERROR, e.getMessage());
-    }
-
-    public WebApplicationException throwit (OAuthSystemException e,
-            String state) {
-        if (state != null && !state.isEmpty()) {
-            return throwit(StatusCodes.OAUTH2_SYSTEM_ERROR, e.getMessage(),
-                    "state=" + state);
-        }
-        return throwit(e);
-    }
-
-    public WebApplicationException throwit (OAuthProblemException e) {
-        OAuthResponse oAuthResponse = null;
-        String state = e.getState();
-        try {
-            OAuthErrorResponseBuilder builder =
-                    OAuthResponse.errorResponse(e.getResponseStatus()).error(e);
-             if (state != null && !state.isEmpty()) {
-                 builder.setState(state);
-             }
-             if (e.getRedirectUri()!= null && !e.getRedirectUri().isEmpty()) {
-                 builder.location(e.getRedirectUri());
-                 oAuthResponse = builder.buildQueryMessage();
-             }
-             else {
-                 oAuthResponse = builder.buildJSONMessage();
-             }
-        }
-        catch (OAuthSystemException e1) {
-            throwit(e1, state);
-        }
-        Response r = createResponse(oAuthResponse.getResponseStatus(),
-                oAuthResponse.getBody(), oAuthResponse.getLocationUri());
-        return new WebApplicationException(r);
-    }
-    
-    
-
     @Override
-    public WebApplicationException throwit (KustvaktException e){
+    public WebApplicationException throwit (KustvaktException e) {
         return throwit(e, null);
     }
-    
+
     public WebApplicationException throwit (KustvaktException e, String state) {
         String errorCode = e.getEntity();
-                    
         int responseStatus = e.getResponseStatus();
-        try {
-            if(responseStatus>0) {
-                return throwit(createOAuthProblemException(e, responseStatus, state));
-            }
-            else if (errorCode == null){
-                return super.throwit(e);
-            }
-            else if (errorCode.equals(OAuth2Error.INVALID_CLIENT.getCode())
-                    || errorCode.equals(OAuth2Error.UNAUTHORIZED_CLIENT.getCode())
-                    || errorCode.equals(de.ids_mannheim.korap.oauth2.constant.OAuth2Error.INVALID_TOKEN)) {
-                return throwit(createOAuthProblemException(e,
-                        Status.UNAUTHORIZED.getStatusCode(), state));
-            }
-            else if (errorCode.equals(OAuth2Error.INVALID_GRANT.getCode())
-                    || errorCode.equals(OAuth2Error.INVALID_REQUEST.getCode())
-                    || errorCode.equals(OAuth2Error.INVALID_SCOPE.getCode())
-                    || errorCode.equals(OAuth2Error.UNSUPPORTED_GRANT_TYPE.getCode())
-                    || errorCode.equals(OAuth2Error.UNSUPPORTED_RESPONSE_TYPE.getCode())
-                    || errorCode.equals(OAuth2Error.ACCESS_DENIED.getCode())) {
-                return throwit(createOAuthProblemException(e,
-                        Status.BAD_REQUEST.getStatusCode(), state));
-            }
-            else if (errorCode.equals(de.ids_mannheim.korap.oauth2.constant.OAuth2Error.INSUFFICIENT_SCOPE)) {
-                return throwit(createOAuthProblemException(e,
-                        Status.FORBIDDEN.getStatusCode(), state));
-            }
-            else if (errorCode.equals(OAuth2Error.SERVER_ERROR.getCode())) {
-                return throwit(createOAuthProblemException(e,
-                        Status.INTERNAL_SERVER_ERROR.getStatusCode(), state));
-            }
-            else if (errorCode.equals(OAuth2Error.TEMPORARILY_UNAVAILABLE.getCode())) {
-                return throwit(createOAuthProblemException(e,
-                        Status.SERVICE_UNAVAILABLE.getStatusCode(), state));
-            }
-            else {
-                return super.throwit(e);
-            }
-        }
-        catch (OAuthSystemException e1) {
-            return throwit(e1, state);
-        }
-    }
 
-    private OAuthProblemException createOAuthProblemException (
-            KustvaktException e, int statusCode, String state)
-            throws OAuthSystemException {
-        OAuthProblemException ex = OAuthProblemException.error(e.getEntity())
-                .responseStatus(statusCode).state(state)
-                .description(e.getMessage());
-        if (e.getRedirectUri()!= null) {
-            ex.setRedirectUri(e.getRedirectUri().toString());
+        Response r = null;
+        if (responseStatus > 0) {
+            r = createResponse(e,
+                    Status.fromStatusCode(responseStatus), state);
         }
-        return ex;
-    }
-    
-    private ErrorResponse createErrorResponse (
-            KustvaktException e, String statusCode, String state){
-        ErrorResponse r = null;
-        
-        if (e.getRedirectUri()!=null) {
-            ErrorObject eo = new ErrorObject(statusCode, e.getMessage());
-            State s = new State(state);
-            r = new AuthorizationErrorResponse(e.getRedirectUri(), eo, s, null);
+        else if (errorCode == null) {
+            return super.throwit(e);
         }
-        
-        return r;
-    }
-
-    /**
-     * RFC 6749 regarding authorization error response:
-     * 
-     * If the request fails due to a missing, invalid, or mismatching
-     * redirection URI, or if the client identifier is missing or
-     * invalid, the authorization server SHOULD inform the resource
-     * owner of the error and MUST NOT automatically redirect the
-     * user-agent to the invalid redirection URI.
-     * 
-     * If the resource owner denies the access request or if the
-     * request fails for reasons other than a missing or invalid
-     * redirection URI, the authorization server informs the client by
-     * adding the following parameters to the query component of the
-     * redirection URI using the "application/x-www-form-urlencoded"
-     * format.
-     * 
-     * @param oAuthResponse
-     * @return
-     */
-    public Response createResponse (int status, String body, String uri) {
-        ResponseBuilder builder =
-                Response.status(status);
-        builder.entity(body);
-        builder.header(HttpHeaders.CACHE_CONTROL, "no-store");
-        builder.header(HttpHeaders.PRAGMA, "no-store");
-
-        if (status == Status.UNAUTHORIZED
-                .getStatusCode()) {
-            builder.header(HttpHeaders.WWW_AUTHENTICATE,
-                    "Basic realm=\"Kustvakt\"");
+        else if (errorCode.equals(OAuth2Error.INVALID_CLIENT.getCode())
+                || errorCode.equals(OAuth2Error.UNAUTHORIZED_CLIENT.getCode())
+                || errorCode.equals(
+                        de.ids_mannheim.korap.oauth2.constant.OAuth2Error.INVALID_TOKEN)) {
+            r = createResponse(e, Status.UNAUTHORIZED, state);
         }
-        if (uri != null && !uri.isEmpty()) {
-            try {
-                builder.location(new URI(uri));
-                builder.type(MediaType.APPLICATION_FORM_URLENCODED_TYPE);
-            }
-            catch (URISyntaxException e) {
-                e.printStackTrace();
-            }
+        else if (errorCode.equals(OAuth2Error.INVALID_GRANT.getCode())
+                || errorCode.equals(OAuth2Error.INVALID_REQUEST.getCode())
+                || errorCode.equals(OAuth2Error.INVALID_SCOPE.getCode())
+                || errorCode
+                        .equals(OAuth2Error.UNSUPPORTED_GRANT_TYPE.getCode())
+                || errorCode
+                        .equals(OAuth2Error.UNSUPPORTED_RESPONSE_TYPE.getCode())
+                || errorCode.equals(OAuth2Error.ACCESS_DENIED.getCode())) {
+            r = createResponse(e, Status.BAD_REQUEST, state);
         }
-
-        return builder.build();
+        else if (errorCode.equals(
+                de.ids_mannheim.korap.oauth2.constant.OAuth2Error.INSUFFICIENT_SCOPE)) {
+            r = createResponse(e, Status.FORBIDDEN, state);
+        }
+        else if (errorCode.equals(OAuth2Error.SERVER_ERROR.getCode())) {
+            r = createResponse(e, Status.INTERNAL_SERVER_ERROR,
+                    state);
+        }
+        else if (errorCode
+                .equals(OAuth2Error.TEMPORARILY_UNAVAILABLE.getCode())) {
+            r = createResponse(e, Status.SERVICE_UNAVAILABLE,
+                    state);
+        }
+        else {
+            return super.throwit(e);
+        }
+        return new WebApplicationException(r);
     }
 
     public Response sendRedirect (URI locationUri) {
         ResponseBuilder builder = Response.temporaryRedirect(locationUri);
         return builder.build();
     }
+
+    private Response createResponse (KustvaktException e, Status statusCode,
+            String state) {
+        ErrorObject eo = new ErrorObject(e.getEntity(), e.getMessage());
+        if (state != null && !state.isEmpty()) {
+            Map<String, String> map = new HashMap<String, String>();
+            map.put("state", state);
+            eo = eo.setCustomParams(map);
+        }
+        return createResponse(statusCode, eo.toJSONObject().toJSONString());
+    }
     
     public Response createResponse (AccessTokenResponse tokenResponse) {
         String jsonString = tokenResponse.toJSONObject().toJSONString();
         return createResponse(Status.OK, jsonString);
     }
 
-    public Response createResponse (TokenErrorResponse tokenResponse,
-            Status status) {
-        String jsonString = tokenResponse.toJSONObject().toJSONString();
-        return createResponse(status, jsonString);
-    }
-
-    private Response createResponse (Status status, Object entity) {
+    private Response createResponse (Status status, String entity) {
         ResponseBuilder builder = Response.status(status);
         builder.entity(entity);
         builder.header(HttpHeaders.CACHE_CONTROL, "no-store");
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
index c35014e..315728a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
@@ -12,10 +12,11 @@
 import jakarta.ws.rs.core.Response.Status;
 
 import org.apache.http.entity.ContentType;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
 import org.junit.jupiter.api.Test;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
+import com.nimbusds.oauth2.sdk.GrantType;
+
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.constant.OAuth2Scope;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
index 9e1542d..a2e7090 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
@@ -12,7 +12,6 @@
 import jakarta.ws.rs.core.Response.Status;
 
 import org.apache.http.entity.ContentType;
-import org.apache.oltu.oauth2.common.message.types.TokenType;
 import org.glassfish.jersey.uri.UriComponent;
 import org.junit.jupiter.api.Test;
 import org.springframework.util.MultiValueMap;
@@ -21,6 +20,7 @@
 import com.google.common.net.HttpHeaders;
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
@@ -71,7 +71,7 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(),
+        assertEquals(TokenType.BEARER.displayName(),
                 node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
     }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java
index d9861c2..a91b119 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java
@@ -7,14 +7,12 @@
 import java.net.URI;
 import org.junit.jupiter.api.Test;
 
-import org.apache.oltu.oauth2.common.error.OAuthError;
-
 import com.fasterxml.jackson.databind.JsonNode;
-import com.nimbusds.oauth2.sdk.OAuth2Error;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import jakarta.ws.rs.core.MultivaluedMap;
 import jakarta.ws.rs.core.Response;
@@ -119,7 +117,7 @@
 
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuth2Error.INVALID_REQUEST.getCode(),
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertEquals("Missing parameter: redirect URI",
                 node.at("/error_description").asText());
@@ -149,7 +147,7 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         
-        assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertEquals("Missing parameter: client_id",
                 node.at("/error_description").asText());
@@ -162,7 +160,7 @@
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuth2Error.INVALID_CLIENT.getCode(), node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_CLIENT, node.at("/error").asText());
         assertEquals("Unknown client: unknown-client-id",
                 node.at("/error_description").asText());
     }
@@ -249,7 +247,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
 
         JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertEquals("Invalid redirect URI",
                 node.at("/error_description").asText());
@@ -262,7 +260,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
 
         node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals(OAuthError.CodeResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertEquals("Missing parameter: redirect URI",
                 node.at("/error_description").asText());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index 127e2d2..25127d5 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -12,19 +12,14 @@
 import java.util.Map.Entry;
 import java.util.Set;
 
-import jakarta.ws.rs.ProcessingException;
-import jakarta.ws.rs.client.Entity;
-import jakarta.ws.rs.core.Form;
-import jakarta.ws.rs.core.Response;
-import jakarta.ws.rs.core.Response.Status;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.http.entity.ContentType;
-import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.glassfish.jersey.server.ContainerRequest;
 import org.junit.jupiter.api.Test;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
+
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
@@ -33,6 +28,11 @@
 import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+import jakarta.ws.rs.ProcessingException;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.core.Form;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.Response.Status;
 
 /**
  * @author margaretha
@@ -47,15 +47,6 @@
         userAuthHeader = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue("dory", "password");
     }
 
-    private void checkWWWAuthenticateHeader(Response response) {
-        Set<Entry<String, List<Object>>> headers = response.getHeaders().entrySet();
-        for (Entry<String, List<Object>> header : headers) {
-            if (header.getKey().equals(ContainerRequest.WWW_AUTHENTICATE)) {
-                assertEquals(header.getValue().get(0), "Basic realm=\"Kustvakt\"");
-            }
-        }
-    }
-
     private OAuth2ClientJson createOAuth2ClientJson(String name, OAuth2ClientType type, String description) {
         OAuth2ClientJson client = new OAuth2ClientJson();
         if (name != null) {
@@ -240,7 +231,7 @@
 
     private void testInvalidUrl(String entity, int status) throws KustvaktException {
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.CodeResponse.INVALID_REQUEST, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
         assertEquals(node.at("/error_description").asText(), "Invalid URL");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), status);
     }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index 6374959..af00355 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -8,16 +8,17 @@
 import java.util.Set;
 
 import org.apache.http.entity.ContentType;
-import org.apache.oltu.oauth2.common.error.OAuthError;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
-import org.apache.oltu.oauth2.common.message.types.TokenType;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
+import com.nimbusds.oauth2.sdk.GrantType;
+
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.FullConfiguration;
+import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
 import de.ids_mannheim.korap.oauth2.entity.AccessScope;
@@ -51,7 +52,7 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         String accessToken = node.at("/access_token").asText();
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertEquals(31536000, node.at("/expires_in").asInt());
         testRevokeToken(accessToken, publicClientId, null, ACCESS_TOKEN_TYPE);
         assertTrue(node.at("/refresh_token").isMissingNode());
@@ -70,7 +71,7 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         testRequestTokenWithUsedAuthorization(code);
         String refreshToken = node.at("/refresh_token").asText();
@@ -86,7 +87,7 @@
         String entity = response.readEntity(String.class);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_GRANT, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
         assertEquals(node.at("/error_description").asText(), "Invalid authorization");
     }
 
@@ -96,7 +97,7 @@
         String entity = response.readEntity(String.class);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
     }
 
     @Test
@@ -149,7 +150,7 @@
         Response response = requestToken(tokenForm);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_GRANT, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
         assertEquals(node.at("/error_description").asText(), "Invalid authorization");
     }
 
@@ -160,7 +161,7 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         assertEquals(node.at("/scope").asText(), "all");
         String refresh = node.at("/refresh_token").asText();
@@ -186,7 +187,7 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         assertEquals(scope, node.at("/scope").asText());
         String refreshToken = node.at("/refresh_token").asText();
@@ -200,7 +201,7 @@
         String entity = response.readEntity(String.class);
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT, node.at("/error").asText());
+        assertEquals(OAuth2Error.UNAUTHORIZED_CLIENT, node.at("/error").asText());
         assertEquals(node.at("/error_description").asText(), "Password grant is not allowed for third party clients");
     }
 
@@ -226,7 +227,7 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
     }
 
@@ -248,7 +249,7 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
     }
 
@@ -261,7 +262,7 @@
 
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertNotNull(node.at("/error_description").asText());
     }
@@ -274,7 +275,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
         assertEquals(node.at("/error_description").asText(), "Missing parameter: client_secret");
     }
 
@@ -284,7 +285,7 @@
         String entity = response.readEntity(String.class);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertNotNull(node.at("/error_description").asText());
     }
@@ -298,7 +299,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
 
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertNotNull(node.at("/error_description").asText());
     }
@@ -316,7 +317,7 @@
         // length?
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
     }
 
@@ -334,7 +335,7 @@
         String entity = response.readEntity(String.class);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.at("/error").asText());
         assertNotNull(node.at("/error_description").asText());
     }
@@ -353,7 +354,7 @@
         // length?
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         assertEquals(node.at("/scope").asText(), "client_info");
     }
@@ -365,7 +366,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, node.at("/error").asText());
+        assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
     }
 
     @Test
@@ -377,7 +378,7 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.get("error_description").asText());
-        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+        assertEquals(OAuth2Error.INVALID_REQUEST,
                 node.get("error").asText());
     }
 
@@ -407,7 +408,7 @@
         assertNotNull(node.at("/access_token").asText());
         String newRefreshToken = node.at("/refresh_token").asText();
         assertNotNull(newRefreshToken);
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         assertTrue(!newRefreshToken.equals(refreshToken));
         testRequestTokenWithRevokedRefreshToken(clientId, clientSecret, refreshToken);
@@ -442,7 +443,7 @@
         assertNotNull(node.at("/access_token").asText());
         String newRefreshToken = node.at("/refresh_token").asText();
         assertNotNull(newRefreshToken);
-        assertEquals(TokenType.BEARER.toString(), node.at("/token_type").asText());
+        assertEquals(TokenType.BEARER.displayName(), node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
         assertTrue(!newRefreshToken.equals(refreshToken));
         assertEquals(scope, node.at("/scope").asText());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index f922624..0b94e02 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -8,7 +8,6 @@
 import java.util.Set;
 
 import org.apache.http.entity.ContentType;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
 import org.glassfish.jersey.client.ClientConfig;
 import org.glassfish.jersey.client.ClientProperties;
 import org.glassfish.jersey.uri.UriComponent;
@@ -18,6 +17,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
+import com.nimbusds.oauth2.sdk.GrantType;
 import com.nimbusds.oauth2.sdk.OAuth2Error;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;