diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
index b2bfeb0b02b..8fa0667a055 100644
--- a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
+++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
@@ -82,7 +82,7 @@
-
+
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
index 0b3f53c77c7..7a86fbc8fd7 100755
--- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
+++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java
@@ -17,6 +17,7 @@
import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper;
import org.cloudfoundry.identity.uaa.test.TestAccountSetup;
import org.cloudfoundry.identity.uaa.test.UaaTestAccounts;
+import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.springframework.http.HttpEntity;
@@ -32,6 +33,7 @@
import java.util.Map;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
import static org.hamcrest.CoreMatchers.containsString;
@@ -192,6 +194,34 @@ public void testZoneInactive() {
assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode());
}
+ @Test
+ public void testAuthorizationRequestWithoutRedirectUri() {
+
+ Map body = IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning,
+ testAccounts,
+ "login",
+ "loginsecret",
+ testAccounts.getUserName(),
+ testAccounts.getPassword(),
+ null,
+ null,
+ null,
+ null,
+ false);
+
+ assertNotNull("Token not received", body.get("access_token"));
+
+ try {
+ IntegrationTestUtils.getAuthorizationCodeTokenMap(serverRunning, testAccounts, "app", "appclientsecret",
+ testAccounts.getUserName(), testAccounts.getPassword(),
+ null, null, null, null, false);
+ } catch (AssertionError error) {
+ // expected
+ return;
+ }
+ Assert.fail("Token retrival not allowed");
+ }
+
public void testSuccessfulAuthorizationCodeFlow_Internal() {
AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource();