From bb2c42302785162f65a0d65954a18188538325f8 Mon Sep 17 00:00:00 2001
From: oharsta <oharsta@zilverline.com>
Date: Thu, 2 Aug 2012 16:22:22 +0200
Subject: [PATCH] Refactored and combined client jar and authorization jar

---
 oaaas-authorization-server-war/pom.xml        | 453 ++++++++-------
 .../src/main/resources/application.properties |  31 ++
 .../src/main/webapp/example.js                |   1 +
 .../test/java/it/VerifyResourceTestIT.java    |   2 +-
 oaaas-authorization-server/pom.xml            | 411 +++++++-------
 .../oaaas/auth/AbstractAuthenticator.java     |   0
 .../surfnet/oaaas/auth/AbstractFilter.java    |   0
 .../auth/AbstractUserConsentHandler.java      |   2 +
 .../oaaas/auth/AuthorizationServerFilter.java |   1 +
 .../oaaas/auth/OAuth2ValidatorImpl.java       |   1 +
 .../surfnet/oaaas/auth/UserConsentFilter.java |  20 +-
 .../oaaas/auth/principal/RolesPrincipal.java  |   0
 .../oaaas/auth/principal/SimplePrincipal.java |   0
 .../oaaas/basic/BasicAuthenticator.java       |   1 -
 .../oaaas/basic}/UserPassCredentials.java     |   2 +-
 .../surfnet/oaaas/model}/AbstractEntity.java  |   2 +-
 .../org/surfnet/oaaas/model/AccessToken.java  |   2 -
 .../oaaas/model/AuthorizationRequest.java     |   4 -
 .../java/org/surfnet/oaaas/model}/Client.java |   3 +-
 .../surfnet/oaaas/model}/ResourceServer.java  |   2 +-
 .../oaaas/model}/VerifyTokenResponse.java     |   2 +-
 .../oaaas/repository/ClientRepository.java    |   4 +-
 .../repository/ResourceServerRepository.java  |   2 +-
 .../oaaas/resource/ClientResource.java        |   6 +-
 .../resource/ResourceServerResource.java      |   4 +-
 .../surfnet/oaaas/resource/TokenResource.java |  52 +-
 .../oaaas/resource/VerifyResource.java        |   6 +-
 .../org/surfnet/oaaas/simple/ConsentView.java |  13 +-
 .../org/surfnet/oaaas/simple/Context.java     |   2 +-
 .../oaaas/simple/FormUserConsentHandler.java  |  11 +-
 .../org/surfnet/oaaas/simple/consent.ftl      |  21 +-
 .../org/surfnet/oaaas/simple/login.ftl        |   1 -
 .../org/surfnet/oaaas/simple/old_consent.ftl  |  68 +++
 .../auth/AuthorizationServerFilterTest.java   |   2 +
 .../oaaas/auth/OAuth2ValidatorImplTest.java   |   1 +
 oaaas-client/pom.xml                          | 166 +++---
 oaaas-example-resource-server/pom.xml         | 247 ++++----
 .../oaaas/example/api/OAuthAuthenticator.java |   2 +-
 oaaas-surfconext-authn/pom.xml                |  86 ++-
 pom.xml                                       | 525 +++++++++---------
 40 files changed, 1101 insertions(+), 1058 deletions(-)
 create mode 100644 oaaas-authorization-server-war/src/main/resources/application.properties
 create mode 100644 oaaas-authorization-server-war/src/main/webapp/example.js
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/AbstractAuthenticator.java (100%)
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java (100%)
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java (99%)
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java (99%)
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/principal/RolesPrincipal.java (100%)
 rename {oaaas-client => oaaas-authorization-server}/src/main/java/org/surfnet/oaaas/auth/principal/SimplePrincipal.java (100%)
 rename {oaaas-client/src/main/java/org/surfnet/oaaas/auth => oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic}/UserPassCredentials.java (98%)
 rename {oaaas-client/src/main/java/org/surfnet/oaaas/auth => oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model}/AbstractEntity.java (98%)
 rename {oaaas-client/src/main/java/org/surfnet/oaaas/auth => oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model}/Client.java (98%)
 rename {oaaas-client/src/main/java/org/surfnet/oaaas/auth => oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model}/ResourceServer.java (98%)
 rename {oaaas-client/src/main/java/org/surfnet/oaaas/auth => oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model}/VerifyTokenResponse.java (99%)
 create mode 100644 oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/old_consent.ftl
 rename {oaaas-client => oaaas-authorization-server}/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java (98%)

diff --git a/oaaas-authorization-server-war/pom.xml b/oaaas-authorization-server-war/pom.xml
index 5236f4d8..01c59214 100644
--- a/oaaas-authorization-server-war/pom.xml
+++ b/oaaas-authorization-server-war/pom.xml
@@ -1,235 +1,222 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-  <parent>
-    <artifactId>oaaas-parent</artifactId>
-    <groupId>nl.surfnet.oaaas</groupId>
-    <version>0.1-SNAPSHOT</version>
-  </parent>
-  <modelVersion>4.0.0</modelVersion>
-  <artifactId>oaaas-authorization-server-war</artifactId>
-  <packaging>war</packaging>
-  <name>OA-aaS - authorization server webapp</name>
-
-
-  <properties>
-    <servlet.port>8080</servlet.port>
-  </properties>
-  <dependencies>
-    <dependency>
-      <groupId>nl.surfnet.oaaas</groupId>
-      <artifactId>oaaas-authorization-server</artifactId>
-      <exclusions>
-        <!-- TODO: remove exlusions once DropWizard has been removed from the jar. -->
-        <exclusion>
-          <groupId>com.yammer.dropwizard</groupId>
-          <artifactId>dropwizard-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>com.yammer.dropwizard</groupId>
-          <artifactId>dropwizard-views</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-servlet</artifactId>
-      <version>${jersey.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>com.sun.jersey.contribs</groupId>
-      <artifactId>jersey-spring</artifactId>
-      <version>${jersey.version}</version>
-
-      <exclusions>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-core</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-web</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-beans</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-context</artifactId>
-        </exclusion>
-        <exclusion>
-          <groupId>org.springframework</groupId>
-          <artifactId>spring-aop</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
-
-    <dependency>
-      <groupId>ch.qos.logback</groupId>
-      <artifactId>logback-classic</artifactId>
-      <version>1.0.6</version>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-client</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>3.1.2.RELEASE</version>
-      <scope>test</scope>
-    </dependency>
-  </dependencies>
-
-  <build>
-    <pluginManagement>
-      <plugins>
-
-      <!--
-      Basic configuration for Cargo.
-      Do mind that no specific container is declared here.
-      This is deferred to the profiles section: there the plugin is refined
-      with a specific container.
-      -->
-      <plugin>
-        <groupId>org.codehaus.cargo</groupId>
-        <artifactId>cargo-maven2-plugin</artifactId>
-        <version>1.2.3</version>
-        <configuration>
-          <container>
-            <dependencies>
-              <dependency>
-                <location>src/test/resources/</location>
-              </dependency>
-            </dependencies>
-          </container>
-          <configuration>
-            <properties>
-              <cargo.servlet.port>${servlet.port}</cargo.servlet.port>
-            </properties>
-          </configuration>
-          <deployables>
-            <!-- The project's artifact is automatically deployed if no deployable
-                      is defined. However, we define it here so that we can specify the context
-                      (we don't want the version to be included in the context). -->
-            <deployable>
-              <groupId>${project.groupId}</groupId>
-              <artifactId>${project.artifactId}</artifactId>
-              <type>war</type>
-              <properties>
-                <context>/</context>
-              </properties>
-            </deployable>
-          </deployables>
-        </configuration>
-      </plugin>
-      </plugins>
-    </pluginManagement>
-
-    <plugins>
-
-      <!--
-      Run the failsafe plugin which executes all **TestIT tests.
-      -->
-      <plugin>
-        <artifactId>maven-failsafe-plugin</artifactId>
-        <version>2.12</version>
-        <executions>
-          <execution>
-            <goals>
-              <goal>integration-test</goal>
-              <goal>verify</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-
-
-
-      <!--
-      Start the configured container before running the IT tests.
-      Stop it afterwards.
-      -->
-      <plugin>
-        <groupId>org.codehaus.cargo</groupId>
-        <artifactId>cargo-maven2-plugin</artifactId>
-        <executions>
-          <execution>
-            <id>start-cargo</id>
-            <phase>pre-integration-test</phase>
-            <goals>
-              <goal>start</goal>
-            </goals>
-          </execution>
-          <execution>
-            <id>stop-cargo</id>
-            <phase>post-integration-test</phase>
-            <goals>
-              <goal>stop</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-
-    </plugins>
-  </build>
-
-  <profiles>
-
-    <!--
-    Actually tie a specific container to the cargo plugin.
-    Could be another container as well, if desired.
-    Refer to the Cargo documentation for ideas:
-    http://cargo.codehaus.org/Containers
-    -->
-    <profile>
-      <id>jetty7x</id>
-      <activation>
-        <activeByDefault>true</activeByDefault>
-      </activation>
-      <build>
-        <pluginManagement>
-          <plugins>
-            <plugin>
-              <groupId>org.codehaus.cargo</groupId>
-              <artifactId>cargo-maven2-plugin</artifactId>
-              <configuration>
-                <container>
-                  <containerId>jetty7x</containerId>
-                  <artifactInstaller>
-                    <groupId>org.eclipse.jetty</groupId>
-                    <artifactId>jetty-distribution</artifactId>
-                    <version>7.6.4.v20120524</version>
-                  </artifactInstaller>
-                </container>
-              </configuration>
-            </plugin>
-          </plugins>
-        </pluginManagement>
-      </build>
-    </profile>
-  </profiles>
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<parent>
+		<artifactId>oaaas-parent</artifactId>
+		<groupId>nl.surfnet.oaaas</groupId>
+		<version>0.1-SNAPSHOT</version>
+	</parent>
+	<modelVersion>4.0.0</modelVersion>
+	<artifactId>oaaas-authorization-server-war</artifactId>
+	<packaging>war</packaging>
+	<name>OA-aaS - authorization server webapp</name>
+
+
+	<properties>
+		<servlet.port>8080</servlet.port>
+	</properties>
+	<dependencies>
+		<dependency>
+			<groupId>nl.surfnet.oaaas</groupId>
+			<artifactId>oaaas-authorization-server</artifactId>
+			<!-- exclusions> <exclusion> <groupId>com.yammer.dropwizard</groupId> 
+				<artifactId>dropwizard-core</artifactId> </exclusion> <exclusion> <groupId>com.yammer.dropwizard</groupId> 
+				<artifactId>dropwizard-views</artifactId> </exclusion> </exclusions -->
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-servlet</artifactId>
+			<version>${jersey.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>com.sun.jersey.contribs</groupId>
+			<artifactId>jersey-spring</artifactId>
+			<version>${jersey.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring-core</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring-web</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring-beans</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring-context</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.springframework</groupId>
+					<artifactId>spring-aop</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
+		<dependency>
+			<groupId>ch.qos.logback</groupId>
+			<artifactId>logback-classic</artifactId>
+			<version>1.0.6</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>log4j-over-slf4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>jcl-over-slf4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>jul-to-slf4j</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-web</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<pluginManagement>
+			<plugins>
+
+				<!-- Basic configuration for Cargo. Do mind that no specific container 
+					is declared here. This is deferred to the profiles section: there the plugin 
+					is refined with a specific container. -->
+				<plugin>
+					<groupId>org.codehaus.cargo</groupId>
+					<artifactId>cargo-maven2-plugin</artifactId>
+					<version>1.2.3</version>
+					<configuration>
+						<container>
+							<dependencies>
+								<dependency>
+									<location>src/test/resources/</location>
+								</dependency>
+							</dependencies>
+						</container>
+						<configuration>
+							<properties>
+								<cargo.servlet.port>${servlet.port}</cargo.servlet.port>
+								<cargo.jvmargs>
+						          -Xdebug
+						          -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000
+						          -Xnoagent
+						          -Djava.compiler=NONE
+	        					</cargo.jvmargs>
+							</properties>
+						</configuration>
+						<deployables>
+							<!-- The project's artifact is automatically deployed if no deployable 
+								is defined. However, we define it here so that we can specify the context 
+								(we don't want the version to be included in the context). -->
+							<deployable>
+								<groupId>${project.groupId}</groupId>
+								<artifactId>${project.artifactId}</artifactId>
+								<type>war</type>
+								<properties>
+									<context>/</context>
+								</properties>
+							</deployable>
+						</deployables>
+					</configuration>
+				</plugin>
+			</plugins>
+		</pluginManagement>
+
+		<plugins>
+
+			<!-- Run the failsafe plugin which executes all **TestIT tests. -->
+			<plugin>
+				<artifactId>maven-failsafe-plugin</artifactId>
+				<version>2.12</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>integration-test</goal>
+							<goal>verify</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+
+
+			<!-- Start the configured container before running the IT tests. Stop 
+				it afterwards. -->
+			<plugin>
+				<groupId>org.codehaus.cargo</groupId>
+				<artifactId>cargo-maven2-plugin</artifactId>
+				<executions>
+					<execution>
+						<id>start-cargo</id>
+						<phase>pre-integration-test</phase>
+						<goals>
+							<goal>start</goal>
+						</goals>
+					</execution>
+					<execution>
+						<id>stop-cargo</id>
+						<phase>post-integration-test</phase>
+						<goals>
+							<goal>stop</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+		</plugins>
+	</build>
+
+	<profiles>
+
+		<!-- Actually tie a specific container to the cargo plugin. Could be another 
+			container as well, if desired. Refer to the Cargo documentation for ideas: 
+			http://cargo.codehaus.org/Containers -->
+		<profile>
+			<id>jetty7x</id>
+			<activation>
+				<activeByDefault>true</activeByDefault>
+			</activation>
+			<build>
+				<pluginManagement>
+					<plugins>
+						<plugin>
+							<groupId>org.codehaus.cargo</groupId>
+							<artifactId>cargo-maven2-plugin</artifactId>
+							<configuration>
+								<container>
+									<containerId>jetty7x</containerId>
+									<artifactInstaller>
+										<groupId>org.eclipse.jetty</groupId>
+										<artifactId>jetty-distribution</artifactId>
+										<version>7.6.4.v20120524</version>
+									</artifactInstaller>
+								</container>
+							</configuration>
+						</plugin>
+					</plugins>
+				</pluginManagement>
+			</build>
+		</profile>
+	</profiles>
 </project>
diff --git a/oaaas-authorization-server-war/src/main/resources/application.properties b/oaaas-authorization-server-war/src/main/resources/application.properties
new file mode 100644
index 00000000..5c09ab20
--- /dev/null
+++ b/oaaas-authorization-server-war/src/main/resources/application.properties
@@ -0,0 +1,31 @@
+#
+# Copyright 2012 SURFnet bv, The Netherlands
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+jdbc.driverClassName=org.hsqldb.jdbcDriver
+jdbc.url=jdbc:hsqldb:file:target/db
+jdbc.username=sa
+jdbc.password=
+
+authenticatorClass=org.surfnet.oaaas.basic.BasicAuthenticator
+userConsentHandlerClass=org.surfnet.oaaas.simple.FormUserConsentHandler
+
+adminService.tokenVerificationUrl=http://localhost:8080/v1/tokeninfo
+adminService.resourceServerKey=authorization-server-admin
+adminService.resourceServerSecret=cafebabe-cafe-babe-cafe-babecafebabe
+
+# Either db/migration/mysql or db/migration/hsqldb
+flyway.migrations.location=db/migration/hsqldb
\ No newline at end of file
diff --git a/oaaas-authorization-server-war/src/main/webapp/example.js b/oaaas-authorization-server-war/src/main/webapp/example.js
new file mode 100644
index 00000000..7eb9cc72
--- /dev/null
+++ b/oaaas-authorization-server-war/src/main/webapp/example.js
@@ -0,0 +1 @@
+testje
\ No newline at end of file
diff --git a/oaaas-authorization-server-war/src/test/java/it/VerifyResourceTestIT.java b/oaaas-authorization-server-war/src/test/java/it/VerifyResourceTestIT.java
index e3c05a9d..ef7632db 100644
--- a/oaaas-authorization-server-war/src/test/java/it/VerifyResourceTestIT.java
+++ b/oaaas-authorization-server-war/src/test/java/it/VerifyResourceTestIT.java
@@ -20,7 +20,7 @@
 import com.sun.jersey.api.client.ClientResponse;
 
 import org.junit.Test;
-import org.surfnet.oaaas.auth.VerifyTokenResponse;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 
 import static org.junit.Assert.assertEquals;
 
diff --git a/oaaas-authorization-server/pom.xml b/oaaas-authorization-server/pom.xml
index fd67d712..30b7ca56 100644
--- a/oaaas-authorization-server/pom.xml
+++ b/oaaas-authorization-server/pom.xml
@@ -1,215 +1,202 @@
-<!--
-  Copyright 2012 SURFnet bv, The Netherlands
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-  -->
+<!-- Copyright 2012 SURFnet bv, The Netherlands Licensed under the Apache 
+	License, Version 2.0 (the "License"); you may not use this file except in 
+	compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+	Unless required by applicable law or agreed to in writing, software distributed 
+	under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 
+	OR CONDITIONS OF ANY KIND, either express or implied. See the License for 
+	the specific language governing permissions and limitations under the License. -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <parent>
-    <relativePath>../pom.xml</relativePath>
-    <groupId>nl.surfnet.oaaas</groupId>
-    <artifactId>oaaas-parent</artifactId>
-    <version>0.1-SNAPSHOT</version>
-  </parent>
-
-  <groupId>nl.surfnet.oaaas</groupId>
-  <artifactId>oaaas-authorization-server</artifactId>
-  <packaging>jar</packaging>
-  <name>OA-aaS - authorization server</name>
-
-  <dependencies>
-    <dependency>
-      <groupId>nl.surfnet.oaaas</groupId>
-      <artifactId>oaaas-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-views</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-json</artifactId>
-    </dependency>
-
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-testing</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-    </dependency>
-	 <dependency>
-		<groupId>commons-validator</groupId>
-		<artifactId>commons-validator</artifactId>
-     <exclusions>
-       <exclusion>
-         <groupId>commons-logging</groupId>
-         <artifactId>commons-logging</artifactId>
-       </exclusion>
-     </exclusions>
-	  </dependency>
-    <dependency>
-      <groupId>org.springframework.data</groupId>
-      <artifactId>spring-data-jpa</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-context</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>javax.inject</groupId>
-      <artifactId>javax.inject</artifactId>
-      <version>1</version>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-    </dependency>
-
-
-    <!-- needed for spring's @Configuration -->
-    <dependency>
-      <groupId>cglib</groupId>
-      <artifactId>cglib</artifactId>
-      <version>2.2.2</version>
-    </dependency>
-
-    <dependency>
-      <groupId>org.hsqldb</groupId>
-      <artifactId>hsqldb</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate.javax.persistence</groupId>
-      <artifactId>hibernate-jpa-2.0-api</artifactId>
-      <version>1.0.0.Final</version>
-      <scope>provided</scope>
-    </dependency>
-    <dependency>
-      <groupId>joda-time</groupId>
-      <artifactId>joda-time</artifactId>
-      <version>2.1</version>
-    </dependency>
-    <dependency>
-      <groupId>com.googlecode.flyway</groupId>
-      <artifactId>flyway-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>commons-codec</groupId>
-      <artifactId>commons-codec</artifactId>
-      <version>${commons-codec.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>nl.surfnet.oaaas</groupId>
-      <artifactId>oaaas-surfconext-authn</artifactId>
-      <version>0.1-SNAPSHOT</version>
-    </dependency>
-
-  </dependencies>
-
-  <build>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.openjpa</groupId>
-        <artifactId>openjpa-maven-plugin</artifactId>
-        <version>2.2.0</version>
-        <configuration>
-          <includes>org/surfnet/oaaas/model/*.class</includes>
-          <addDefaultConstructor>true</addDefaultConstructor>
-          <enforcePropertyRestrictions>true</enforcePropertyRestrictions>
-        </configuration>
-        <executions>
-          <execution>
-            <id>enhancer</id>
-            <phase>process-classes</phase>
-            <goals>
-              <goal>enhance</goal>
-            </goals>
-          </execution>
-        </executions>
-        <dependencies>
-          <dependency>
-            <groupId>org.apache.openjpa</groupId>
-            <artifactId>openjpa</artifactId>
-            <!-- set the version to be the same as the level in your runtime -->
-            <version>2.2.0</version>
-          </dependency>
-        </dependencies>
-      </plugin>
-      <plugin>
-        <artifactId>maven-failsafe-plugin</artifactId>
-        <version>2.12</version>
-        <executions>
-          <execution>
-            <goals>
-              <goal>integration-test</goal>
-              <goal>verify</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-      
-
-
-      <!-- Plugin disabled until it's useful. -->
-      <!--
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-shade-plugin</artifactId>
-        <version>1.6</version>
-        <configuration>
-          <createDependencyReducedPom>true</createDependencyReducedPom>
-          <filters>
-            <filter>
-              <artifact>*:*</artifact>
-              <excludes>
-                <exclude>META-INF/*.SF</exclude>
-                <exclude>META-INF/*.DSA</exclude>
-                <exclude>META-INF/*.RSA</exclude>
-              </excludes>
-            </filter>
-          </filters>
-        </configuration>
-        <executions>
-          <execution>
-            <phase>package</phase>
-            <goals>
-              <goal>shade</goal>
-            </goals>
-            <configuration>
-              <transformers>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/>
-                <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-                  <mainClass>org.surfnet.oaaas.boot.Application</mainClass>
-                </transformer>
-              </transformers>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
--->
-    </plugins>
-  </build>
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<relativePath>../pom.xml</relativePath>
+		<groupId>nl.surfnet.oaaas</groupId>
+		<artifactId>oaaas-parent</artifactId>
+		<version>0.1-SNAPSHOT</version>
+	</parent>
+
+	<groupId>nl.surfnet.oaaas</groupId>
+	<artifactId>oaaas-authorization-server</artifactId>
+	<packaging>jar</packaging>
+	<name>OA-aaS - authorization server</name>
+
+	<dependencies>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-views</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-json</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-testing</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-lang</groupId>
+			<artifactId>commons-lang</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-validator</groupId>
+			<artifactId>commons-validator</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-logging</groupId>
+					<artifactId>commons-logging</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.openjpa</groupId>
+			<artifactId>openjpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.hibernate</groupId>
+			<artifactId>hibernate-validator</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.data</groupId>
+			<artifactId>spring-data-jpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-context</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.inject</groupId>
+			<artifactId>javax.inject</artifactId>
+			<version>1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>jul-to-slf4j</artifactId>
+		</dependency>
+
+		<!-- needed for spring's @Configuration -->
+		<dependency>
+			<groupId>cglib</groupId>
+			<artifactId>cglib</artifactId>
+			<version>2.2.2</version>
+		</dependency>
+		<dependency>
+			<groupId>org.surfnet.coin</groupId>
+			<artifactId>coin-test</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.eclipse.jetty</groupId>
+					<artifactId>jetty-server</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.eclipse.jetty</groupId>
+					<artifactId>jetty-util</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
+		<dependency>
+			<groupId>org.hsqldb</groupId>
+			<artifactId>hsqldb</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.hibernate.javax.persistence</groupId>
+			<artifactId>hibernate-jpa-2.0-api</artifactId>
+			<version>1.0.0.Final</version>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>joda-time</groupId>
+			<artifactId>joda-time</artifactId>
+			<version>2.1</version>
+		</dependency>
+		<dependency>
+			<groupId>com.googlecode.flyway</groupId>
+			<artifactId>flyway-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-codec</groupId>
+			<artifactId>commons-codec</artifactId>
+			<version>${commons-codec.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+		</dependency>
+	</dependencies>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.openjpa</groupId>
+				<artifactId>openjpa-maven-plugin</artifactId>
+				<version>2.2.0</version>
+				<configuration>
+					<includes>org/surfnet/oaaas/model/*.class</includes>
+					<addDefaultConstructor>true</addDefaultConstructor>
+					<enforcePropertyRestrictions>true</enforcePropertyRestrictions>
+				</configuration>
+				<executions>
+					<execution>
+						<id>enhancer</id>
+						<phase>process-classes</phase>
+						<goals>
+							<goal>enhance</goal>
+						</goals>
+					</execution>
+				</executions>
+				<dependencies>
+					<dependency>
+						<groupId>org.apache.openjpa</groupId>
+						<artifactId>openjpa</artifactId>
+						<!-- set the version to be the same as the level in your runtime -->
+						<version>2.2.0</version>
+					</dependency>
+				</dependencies>
+			</plugin>
+			<plugin>
+				<artifactId>maven-failsafe-plugin</artifactId>
+				<version>2.12</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>integration-test</goal>
+							<goal>verify</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+
+
+
+			<!-- Plugin disabled until it's useful. -->
+			<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> 
+				<version>1.6</version> <configuration> <createDependencyReducedPom>true</createDependencyReducedPom> 
+				<filters> <filter> <artifact>*:*</artifact> <excludes> <exclude>META-INF/*.SF</exclude> 
+				<exclude>META-INF/*.DSA</exclude> <exclude>META-INF/*.RSA</exclude> </excludes> 
+				</filter> </filters> </configuration> <executions> <execution> <phase>package</phase> 
+				<goals> <goal>shade</goal> </goals> <configuration> <transformers> <transformer 
+				implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer"/> 
+				<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer"> 
+				<mainClass>org.surfnet.oaaas.boot.Application</mainClass> </transformer> 
+				</transformers> </configuration> </execution> </executions> </plugin> -->
+		</plugins>
+	</build>
 </project>
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractAuthenticator.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractAuthenticator.java
similarity index 100%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractAuthenticator.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractAuthenticator.java
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java
similarity index 100%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractFilter.java
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java
similarity index 99%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java
index 209b7c97..cf95a362 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AbstractUserConsentHandler.java
@@ -28,6 +28,8 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.surfnet.oaaas.model.Client;
+
 /**
  * Responsible for handling user consent.
  * 
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
similarity index 99%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
index 30a96a23..2281da59 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/AuthorizationServerFilter.java
@@ -40,6 +40,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 
 /**
  * {@link Filter} which can be used to protect all relevant resources by
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java
index 0a7c643b..5a79d939 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/OAuth2ValidatorImpl.java
@@ -25,6 +25,7 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.surfnet.oaaas.model.AuthorizationRequest;
+import org.surfnet.oaaas.model.Client;
 import org.surfnet.oaaas.repository.ClientRepository;
 
 /**
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/UserConsentFilter.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/UserConsentFilter.java
index b2d4fcb0..3ac7dfaf 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/UserConsentFilter.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/UserConsentFilter.java
@@ -68,20 +68,26 @@ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
     if (initialRequest(request)) {
       storePrincipal(request, response, authorizationRequest);
       request.setAttribute(AbstractAuthenticator.RETURN_URI, returnUri);
+      request.setAttribute(AbstractUserConsentHandler.CLIENT, authorizationRequest.getClient());
       if (!authorizationRequest.getClient().isSkipConsent()) {
         userConsentHandler.doFilter(request, response, chain);
+      } else {
+        chain.doFilter(request, response);
       }
     } else {
       /*
        * Ok, the consentHandler wants to have control again (because he stepped
        * out)
        */
-      chain.doFilter(request, response);
+      userConsentHandler.doFilter(request, response, chain);
     }
   }
 
   private AuthorizationRequest findAuthorizationRequest(HttpServletRequest request) {
     String authState = (String) request.getAttribute(AbstractAuthenticator.AUTH_STATE);
+    if (StringUtils.isBlank(authState)) {
+      authState = request.getParameter(AbstractAuthenticator.AUTH_STATE);
+    }
     return authorizationRequestRepository.findByAuthState(authState);
   }
 
@@ -117,11 +123,13 @@ public void setUserConsentHandler(AbstractUserConsentHandler userConsentHandler)
 
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
-//    this.returnUri = filterConfig.getInitParameter(MAPPING_URL);
-//    if (StringUtils.isBlank(returnUri)) {
-//      throw new ServletException("Must provide an init parameter '" + MAPPING_URL
-//          + "' that can serve as returnUri for AbstractUserConsentHandler instances (e.g. 'oauth2/consent') ");
-//    }
+    // this.returnUri = filterConfig.getInitParameter(MAPPING_URL);
+    // if (StringUtils.isBlank(returnUri)) {
+    // throw new ServletException("Must provide an init parameter '" +
+    // MAPPING_URL
+    // +
+    // "' that can serve as returnUri for AbstractUserConsentHandler instances (e.g. 'oauth2/consent') ");
+    // }
   }
 
   @Override
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/principal/RolesPrincipal.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/principal/RolesPrincipal.java
similarity index 100%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/principal/RolesPrincipal.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/principal/RolesPrincipal.java
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/principal/SimplePrincipal.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/principal/SimplePrincipal.java
similarity index 100%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/principal/SimplePrincipal.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/auth/principal/SimplePrincipal.java
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/BasicAuthenticator.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/BasicAuthenticator.java
index 87c36c29..575557c7 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/BasicAuthenticator.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/BasicAuthenticator.java
@@ -25,7 +25,6 @@
 import javax.servlet.http.HttpServletResponse;
 
 import org.surfnet.oaaas.auth.AbstractAuthenticator;
-import org.surfnet.oaaas.auth.UserPassCredentials;
 import org.surfnet.oaaas.auth.principal.SimplePrincipal;
 
 /**
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/UserPassCredentials.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/UserPassCredentials.java
similarity index 98%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/UserPassCredentials.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/UserPassCredentials.java
index 4a298b90..f318241b 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/UserPassCredentials.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/basic/UserPassCredentials.java
@@ -13,7 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.surfnet.oaaas.auth;
+package org.surfnet.oaaas.basic;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractEntity.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AbstractEntity.java
similarity index 98%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractEntity.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AbstractEntity.java
index 471b2b5b..41c3bf17 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/AbstractEntity.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AbstractEntity.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.surfnet.oaaas.auth;
+package org.surfnet.oaaas.model;
 
 import java.io.Serializable;
 
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AccessToken.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AccessToken.java
index 6f9ec3c7..e2103b6c 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AccessToken.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AccessToken.java
@@ -27,8 +27,6 @@
 import javax.persistence.Table;
 import javax.validation.constraints.NotNull;
 
-import org.surfnet.oaaas.auth.AbstractEntity;
-import org.surfnet.oaaas.auth.Client;
 
 /**
  * Representation of an <a
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AuthorizationRequest.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AuthorizationRequest.java
index f13e9a2a..bf4f8054 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AuthorizationRequest.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/AuthorizationRequest.java
@@ -29,11 +29,7 @@
 import javax.validation.constraints.NotNull;
 
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang.builder.ReflectionToStringBuilder;
-import org.apache.commons.lang.builder.ToStringStyle;
 import org.apache.openjpa.persistence.jdbc.Unique;
-import org.surfnet.oaaas.auth.AbstractEntity;
-import org.surfnet.oaaas.auth.Client;
 import org.surfnet.oaaas.auth.principal.RolesPrincipal;
 
 /**
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/Client.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/Client.java
similarity index 98%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/Client.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/Client.java
index 2cb7c892..a0b05e60 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/Client.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/Client.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.surfnet.oaaas.auth;
+package org.surfnet.oaaas.model;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -26,6 +26,7 @@
 import javax.validation.constraints.NotNull;
 
 import org.codehaus.jackson.annotate.JsonIgnore;
+import org.surfnet.oaaas.basic.UserPassCredentials;
 
 /**
  * Represents a Client as defined by the OAuth 2 specification:
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/ResourceServer.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/ResourceServer.java
similarity index 98%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/ResourceServer.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/ResourceServer.java
index 402ae731..4ea31dc8 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/ResourceServer.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/ResourceServer.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.surfnet.oaaas.auth;
+package org.surfnet.oaaas.model;
 
 
 import java.util.List;
diff --git a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/VerifyTokenResponse.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/VerifyTokenResponse.java
similarity index 99%
rename from oaaas-client/src/main/java/org/surfnet/oaaas/auth/VerifyTokenResponse.java
rename to oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/VerifyTokenResponse.java
index 2b7f1236..254cb950 100644
--- a/oaaas-client/src/main/java/org/surfnet/oaaas/auth/VerifyTokenResponse.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/model/VerifyTokenResponse.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.surfnet.oaaas.auth;
+package org.surfnet.oaaas.model;
 
 import java.io.Serializable;
 
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java
index cbd79eca..ec39b5b9 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ClientRepository.java
@@ -20,8 +20,8 @@
 
 import org.springframework.data.repository.CrudRepository;
 import org.springframework.stereotype.Repository;
-import org.surfnet.oaaas.auth.Client;
-import org.surfnet.oaaas.auth.ResourceServer;
+import org.surfnet.oaaas.model.Client;
+import org.surfnet.oaaas.model.ResourceServer;
 
 @Repository
 public interface ClientRepository extends CrudRepository<Client, Long> {
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java
index bb48600d..483881f7 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/repository/ResourceServerRepository.java
@@ -20,7 +20,7 @@
 
 import org.springframework.data.repository.CrudRepository;
 import org.springframework.stereotype.Repository;
-import org.surfnet.oaaas.auth.ResourceServer;
+import org.surfnet.oaaas.model.ResourceServer;
 
 @Repository
 public interface ResourceServerRepository extends CrudRepository<ResourceServer, Long> {
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ClientResource.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ClientResource.java
index 24c18142..0a9d4d06 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ClientResource.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ClientResource.java
@@ -37,9 +37,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.surfnet.oaaas.auth.AuthorizationServerFilter;
-import org.surfnet.oaaas.auth.Client;
-import org.surfnet.oaaas.auth.ResourceServer;
-import org.surfnet.oaaas.auth.VerifyTokenResponse;
+import org.surfnet.oaaas.model.Client;
+import org.surfnet.oaaas.model.ResourceServer;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 import org.surfnet.oaaas.repository.ClientRepository;
 import org.surfnet.oaaas.repository.ResourceServerRepository;
 
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ResourceServerResource.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ResourceServerResource.java
index 29000dd7..2e1e499d 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ResourceServerResource.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/ResourceServerResource.java
@@ -39,8 +39,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.surfnet.oaaas.auth.AuthorizationServerFilter;
-import org.surfnet.oaaas.auth.ResourceServer;
-import org.surfnet.oaaas.auth.VerifyTokenResponse;
+import org.surfnet.oaaas.model.ResourceServer;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 import org.surfnet.oaaas.repository.ResourceServerRepository;
 
 /**
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/TokenResource.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/TokenResource.java
index 9a20e91b..be5634b6 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/TokenResource.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/TokenResource.java
@@ -35,18 +35,21 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.ArrayUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.surfnet.oaaas.auth.AbstractAuthenticator;
-import org.surfnet.oaaas.auth.Client;
+import org.surfnet.oaaas.auth.AbstractUserConsentHandler;
 import org.surfnet.oaaas.auth.OAuth2Validator;
-import org.surfnet.oaaas.auth.UserPassCredentials;
 import org.surfnet.oaaas.auth.principal.RolesPrincipal;
+import org.surfnet.oaaas.basic.UserPassCredentials;
 import org.surfnet.oaaas.model.AccessToken;
 import org.surfnet.oaaas.model.AccessTokenRequest;
 import org.surfnet.oaaas.model.AccessTokenResponse;
 import org.surfnet.oaaas.model.AuthorizationRequest;
+import org.surfnet.oaaas.model.Client;
 import org.surfnet.oaaas.model.ErrorResponse;
 import org.surfnet.oaaas.repository.AccessTokenRepository;
 import org.surfnet.oaaas.repository.AuthorizationRequestRepository;
@@ -82,15 +85,7 @@ public Response authorizeCallbackGet(@Context
   }
 
   /**
-   * 
-   * We have two situations: either the {@link RolesPrincipal} is present on the
-   * {@link HttpServletRequest} as is the
-   * {@link AbstractAuthenticator#AUTH_STATE} or we already have saved the
-   * {@link RolesPrincipal} on the {@link AuthorizationRequest} and we haven
-   * relinquished control to the {@link UserConsentHandler} and we are in the
-   * Method POST of the consent screen and the
-   * {@link AbstractAuthenticator#AUTH_STATE} is a parameter.
-   * 
+   *  TODO document
    * 
    * @param request
    *          the {@link HttpServletRequest}
@@ -100,16 +95,29 @@ public Response authorizeCallbackGet(@Context
   @Path("/authorize")
   public Response authorizeCallback(@Context
   HttpServletRequest request) {
+    return doProcess(request);
+  }
 
+  /**
+   *  TODO document
+   * 
+   * @param request
+   *          the {@link HttpServletRequest}
+   * @return Response the response
+   */
+  @POST
+  @Path("/consent")
+  public Response consentCallback(@Context
+  HttpServletRequest request) {
+    return doProcess(request);
+  }
+  
+  private Response doProcess(HttpServletRequest request) {
     AuthorizationRequest authReq = findAuthorizationRequest(request);
     if (authReq == null) {
       return serverError("Not a valid AbstractAuthenticator.AUTH_STATE on the Request");
     }
-    RolesPrincipal principal = (RolesPrincipal) request.getAttribute(AbstractAuthenticator.PRINCIPAL);
-    if (principal == null) {
-      return serverError("Not a valid AbstractAuthenticator.AUTH_STATE on the Request");
-    }
-
+    processScopes(authReq, request);
     if (authReq.getResponseType().equals(OAuth2Validator.IMPLICIT_GRANT_RESPONSE_TYPE)) {
       AccessToken token = createAccessToken(authReq);
       return sendImplicitGrantResponse(authReq, token);
@@ -117,6 +125,18 @@ public Response authorizeCallback(@Context
       return sendAuthorizationCodeResponse(authReq);
     }
   }
+  
+  
+
+  /*
+   * In the user consent filter the scopes are (possible) set on the Request
+   */
+  private void processScopes(AuthorizationRequest authReq, HttpServletRequest request) {
+    String[] scopes = (String[]) request.getAttribute(AbstractUserConsentHandler.GRANTED_SCOPES);
+    if (ArrayUtils.isNotEmpty(scopes)) {
+      authReq.setScopes(StringUtils.join(scopes, ","));
+    }
+  }
 
   private AccessToken createAccessToken(AuthorizationRequest authReq) {
     Client client = authReq.getClient();
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java
index 3d2ccc2f..bae1a41e 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java
@@ -33,10 +33,10 @@
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.surfnet.oaaas.auth.ResourceServer;
-import org.surfnet.oaaas.auth.UserPassCredentials;
-import org.surfnet.oaaas.auth.VerifyTokenResponse;
+import org.surfnet.oaaas.basic.UserPassCredentials;
 import org.surfnet.oaaas.model.AccessToken;
+import org.surfnet.oaaas.model.ResourceServer;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 import org.surfnet.oaaas.repository.AccessTokenRepository;
 import org.surfnet.oaaas.repository.ResourceServerRepository;
 
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/ConsentView.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/ConsentView.java
index c202dca4..8d51aedb 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/ConsentView.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/ConsentView.java
@@ -18,18 +18,20 @@
  */
 package org.surfnet.oaaas.simple;
 
-import org.surfnet.oaaas.auth.Client;
+import org.apache.commons.lang.StringUtils;
+import org.surfnet.oaaas.model.Client;
 
 import com.yammer.dropwizard.views.View;
 
 public class ConsentView extends View {
 
   private Context context;
+  private String[] scopes;
 
   public ConsentView(String actionUri, String authState, Client client) {
     super("consent.ftl");
     this.context = new Context(actionUri, authState, client);
-
+    this.scopes = StringUtils.isBlank(client.getScopes()) ? new String[] {} : client.getScopes().split(",");
   }
 
   /**
@@ -39,4 +41,11 @@ public Context getContext() {
     return context;
   }
 
+  /**
+   * @return the scopes
+   */
+  public String[] getScopes() {
+    return scopes;
+  }
+
 }
\ No newline at end of file
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/Context.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/Context.java
index 6b95d0df..e77663de 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/Context.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/Context.java
@@ -18,7 +18,7 @@
  */
 package org.surfnet.oaaas.simple;
 
-import org.surfnet.oaaas.auth.Client;
+import org.surfnet.oaaas.model.Client;
 
 /**
  * Wrapper for dynamic view values
diff --git a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/FormUserConsentHandler.java b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/FormUserConsentHandler.java
index 6fdd3633..c91f6b94 100644
--- a/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/FormUserConsentHandler.java
+++ b/oaaas-authorization-server/src/main/java/org/surfnet/oaaas/simple/FormUserConsentHandler.java
@@ -30,8 +30,8 @@
 
 import org.apache.commons.lang.StringUtils;
 import org.surfnet.oaaas.auth.AbstractUserConsentHandler;
-import org.surfnet.oaaas.auth.Client;
 import org.surfnet.oaaas.auth.principal.SimplePrincipal;
+import org.surfnet.oaaas.model.Client;
 
 import com.yammer.dropwizard.views.View;
 import com.yammer.dropwizard.views.ViewMessageBodyWriter;
@@ -64,14 +64,11 @@ public void handleUserConsent(HttpServletRequest request, HttpServletResponse re
     } else {
       processInitial(request, response, returnUri, authStateValue, client);
     }
-    
-    //      http://freemarker.sourceforge.net/docs/pgui_quickstart_all.html
-
   }
   
   private void processInitial(HttpServletRequest request, ServletResponse response, String returnUri,
       String authStateValue, Client client) throws IOException {
-
+    // TODO migrate to http://freemarker.sourceforge.net/docs/pgui_quickstart_all.html
     ViewMessageBodyWriter w = new ViewMessageBodyWriter(new MockHttpHeaders());
     View view = new ConsentView(super.getReturnUri(request), authStateValue, client);
 
@@ -82,8 +79,8 @@ private void processInitial(HttpServletRequest request, ServletResponse response
 
   private void processForm(final HttpServletRequest request) {
     if (Boolean.valueOf(request.getParameter(USER_OAUTH_APPROVAL))) {
-      setAuthStateValue(request, request.getParameter("authState"));
-      String[] scopes = request.getParameterValues("granted_scopes");
+      setAuthStateValue(request, request.getParameter(AUTH_STATE));
+      String[] scopes = request.getParameterValues(GRANTED_SCOPES);
       setScopes(request, scopes);
     }
   }
diff --git a/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/consent.ftl b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/consent.ftl
index c4630d30..02d360a6 100644
--- a/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/consent.ftl
+++ b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/consent.ftl
@@ -7,20 +7,11 @@
 
 		<title>Consent</title>
 
-		<link href="https://static.surfconext.nl/css/responsive/screen.css"
-			rel="stylesheet" type="text/css" media="screen" />
-		<link rel="stylesheet" href="/assets/bootstrap-2.0.2/css/bootstrap.css" />
-		<link rel="stylesheet" href="/assets/awesome-1.0.0/css/font-awesome.css" />
-		<link href="/assets/main.css" rel="stylesheet" type="text/css" media="screen" />
-
-		<script type="text/javascript" src="/assets/js/jquery-1.7.2.js"></script>
-		<script type="text/javascript"
-			src="/assets/bootstrap-2.0.2/js/bootstrap.js"></script>
 </head>
 <body>
 	<div id="wrapper">
   		<div id="main">
-    <h1>${context.client.name} (${context.client.description}) is asking consent for accessing:"/></h1>
+    <h1>${context.client.name} (${context.client.description}) is asking consent for accessing:</h1>
 
     <div class="logos">
         <img class="logo"
@@ -33,11 +24,13 @@
         <form id="accept" method="post" action="${context.actionUri}">
           <p>
             <input name="user_oauth_approval" value="true" type="hidden"/>
-		      <ul class="scopes">
-		      	<#list context.client.scopes as scope>
-			        <li><input id="granted_scopes" type="checkbox" name="granted_scopes" checked="yes" value="${scope}"/></li>
+     		<input type="hidden" name="AUTH_STATE"
+							value="${context.authState}" /> 
+	        <ul class="scopes">
+		      	<#list scopes as scope>
+			        <li><input id="GRANTED_SCOPES" type="checkbox" name="GRANTED_SCOPES" checked="yes" value="${scope}"/>${scope}</li>
 				</#list>
-		      </ul>
+		    </ul>
 
             <input id="accept_terms_button"
                    class="submit bigbutton"
diff --git a/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/login.ftl b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/login.ftl
index ae1d4883..2fa040a6 100644
--- a/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/login.ftl
+++ b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/login.ftl
@@ -41,7 +41,6 @@
 						</div>
 						<input type="hidden" name="authState"
 							value="${context.authState}" /> 
-							
 					</fieldset>
 					<div class="control-group">
 						<label class="control-label"></label>
diff --git a/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/old_consent.ftl b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/old_consent.ftl
new file mode 100644
index 00000000..62b61728
--- /dev/null
+++ b/oaaas-authorization-server/src/main/resources/org/surfnet/oaaas/simple/old_consent.ftl
@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="robots" content="noindex, nofollow" />
+		<meta name="viewport" content="width=device-width" />
+
+		<title>Consent</title>
+
+		<link href="https://static.surfconext.nl/css/responsive/screen.css"
+			rel="stylesheet" type="text/css" media="screen" />
+		<link rel="stylesheet" href="/assets/bootstrap-2.0.2/css/bootstrap.css" />
+		<link rel="stylesheet" href="/assets/awesome-1.0.0/css/font-awesome.css" />
+		<link href="/assets/main.css" rel="stylesheet" type="text/css" media="screen" />
+
+		<script type="text/javascript" src="/assets/js/jquery-1.7.2.js"></script>
+		<script type="text/javascript"
+			src="/assets/bootstrap-2.0.2/js/bootstrap.js"></script>
+</head>
+<body>
+	<div id="wrapper">
+  		<div id="main">
+    <h1>${context.client.name} (${context.client.description}) is asking consent for accessing:"/></h1>
+
+    <div class="logos">
+        <img class="logo"
+             alt="${context.client.name}"
+             title="${context.client.name}"
+             src="${context.client.thumbNailUrl}"/>
+      </div>
+
+  <div id="approve">
+        <form id="accept" method="post" action="${context.actionUri}">
+          <p>
+            <input name="user_oauth_approval" value="true" type="hidden"/>
+		      <ul class="scopes">
+		      	<#list scopes as scope>
+			        <li><input id="granted_scopes" type="checkbox" name="granted_scopes" checked="yes" value="${scope}"/></li>
+				</#list>
+		      </ul>
+
+            <input id="accept_terms_button"
+                   class="submit bigbutton"
+                   type="submit"
+                   value="Yes, grant access"
+                   style="font-weight: bold;" />
+          </p>
+        </form>
+	</div>
+    <div id="deny">
+        <form id="reject" method="post" action="${context.actionUri}">
+          <p>
+            <input name="user_oauth_approval" value="false" type="hidden"/>
+
+            <input id="decline_terms_button" class="submit bigbutton"
+                   type="submit" value="No, deny access" />
+          </p>
+        </form>
+      </div>
+	<div id="consent">	
+      <p>
+      
+      </p>
+    </div>
+
+
+</body>
+</html>
\ No newline at end of file
diff --git a/oaaas-client/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java b/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java
similarity index 98%
rename from oaaas-client/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java
rename to oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java
index c21e7864..d9d89c39 100644
--- a/oaaas-client/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java
+++ b/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/AuthorizationServerFilterTest.java
@@ -25,6 +25,7 @@
 import javax.ws.rs.core.HttpHeaders;
 
 import org.junit.Before;
+import org.junit.Ignore;
 import org.junit.Test;
 import org.springframework.core.io.ByteArrayResource;
 import org.springframework.core.io.Resource;
@@ -32,6 +33,7 @@
 import org.springframework.mock.web.MockFilterConfig;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 
 import nl.surfnet.coin.mock.AbstractMockHttpServerTest;
 
diff --git a/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java b/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java
index 2cdba7eb..b6ffb2d7 100644
--- a/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java
+++ b/oaaas-authorization-server/src/test/java/org/surfnet/oaaas/auth/OAuth2ValidatorImplTest.java
@@ -25,6 +25,7 @@
 import org.mockito.MockitoAnnotations;
 import org.surfnet.oaaas.auth.OAuth2Validator.ValidationResponse;
 import org.surfnet.oaaas.model.AuthorizationRequest;
+import org.surfnet.oaaas.model.Client;
 import org.surfnet.oaaas.repository.ClientRepository;
 
 import static org.junit.Assert.assertEquals;
diff --git a/oaaas-client/pom.xml b/oaaas-client/pom.xml
index 59ea7d80..b2efcc77 100644
--- a/oaaas-client/pom.xml
+++ b/oaaas-client/pom.xml
@@ -1,93 +1,85 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2012 SURFnet bv, The Netherlands
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
+<!-- ~ Copyright 2012 SURFnet bv, The Netherlands ~ ~ Licensed under the 
+	Apache License, Version 2.0 (the "License"); ~ you may not use this file 
+	except in compliance with the License. ~ You may obtain a copy of the License 
+	at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by 
+	applicable law or agreed to in writing, software ~ distributed under the 
+	License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS 
+	OF ANY KIND, either express or implied. ~ See the License for the specific 
+	language governing permissions and ~ limitations under the License. -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
 
-  <parent>
-    <groupId>nl.surfnet.oaaas</groupId>
-    <artifactId>oaaas-parent</artifactId>
-    <version>0.1-SNAPSHOT</version>
-  </parent>
+	<parent>
+		<groupId>nl.surfnet.oaaas</groupId>
+		<artifactId>oaaas-parent</artifactId>
+		<version>0.1-SNAPSHOT</version>
+	</parent>
 
-  <groupId>nl.surfnet.oaaas</groupId>
-  <artifactId>oaaas-client</artifactId>
-  <name>OA-aaS - client library</name>
+	<groupId>nl.surfnet.oaaas</groupId>
+	<artifactId>oaaas-client</artifactId>
+	<name>OA-aaS - client library</name>
 
-  <dependencies>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-    </dependency>
-	<dependency>
-      <groupId>commons-codec</groupId>
-	  <artifactId>commons-codec</artifactId>
-	</dependency>
-	<dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-json</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.apache.openjpa</groupId>
-      <artifactId>openjpa</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.hibernate</groupId>
-      <artifactId>hibernate-validator</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.google.guava</groupId>
-      <artifactId>guava</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.surfnet.coin</groupId>
-       <artifactId>coin-test</artifactId>
-	   <exclusions>
-	     <exclusion>
-	          <groupId>org.eclipse.jetty</groupId>
-	          <artifactId>jetty-server</artifactId>
-	     </exclusion>
-	     <exclusion>
-	          <groupId>org.eclipse.jetty</groupId>
-	          <artifactId>jetty-util</artifactId>
-	     </exclusion>
-	   </exclusions>
-	</dependency>
-    <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-testing</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>slf4j-api</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-    </dependency>
-  </dependencies>
+	<dependencies>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-codec</groupId>
+			<artifactId>commons-codec</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-json</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.openjpa</groupId>
+			<artifactId>openjpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.hibernate</groupId>
+			<artifactId>hibernate-validator</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.google.guava</groupId>
+			<artifactId>guava</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.surfnet.coin</groupId>
+			<artifactId>coin-test</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>org.eclipse.jetty</groupId>
+					<artifactId>jetty-server</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.eclipse.jetty</groupId>
+					<artifactId>jetty-util</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-testing</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-lang</groupId>
+			<artifactId>commons-lang</artifactId>
+		</dependency>
+	</dependencies>
 </project>
\ No newline at end of file
diff --git a/oaaas-example-resource-server/pom.xml b/oaaas-example-resource-server/pom.xml
index ba55bf34..0d337dd1 100644
--- a/oaaas-example-resource-server/pom.xml
+++ b/oaaas-example-resource-server/pom.xml
@@ -1,150 +1,115 @@
-<!--
-  Copyright 2012 SURFnet bv, The Netherlands
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-  -->
+<!-- Copyright 2012 SURFnet bv, The Netherlands Licensed under the Apache 
+	License, Version 2.0 (the "License"); you may not use this file except in 
+	compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+	Unless required by applicable law or agreed to in writing, software distributed 
+	under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 
+	OR CONDITIONS OF ANY KIND, either express or implied. See the License for 
+	the specific language governing permissions and limitations under the License. -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-  <modelVersion>4.0.0</modelVersion>
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
 
-  <parent>
-    <relativePath>../pom.xml</relativePath>
-    <groupId>nl.surfnet.oaaas</groupId>
-    <artifactId>oaaas-parent</artifactId>
-    <version>0.1-SNAPSHOT</version>
-  </parent>
+	<parent>
+		<relativePath>../pom.xml</relativePath>
+		<groupId>nl.surfnet.oaaas</groupId>
+		<artifactId>oaaas-parent</artifactId>
+		<version>0.1-SNAPSHOT</version>
+	</parent>
 
-  <groupId>nl.surfnet.oaaas</groupId>
-  <artifactId>oaaas-example-resource-server</artifactId>
-  <packaging>jar</packaging>
-  <name>OA-aaS - example resource server</name>
+	<groupId>nl.surfnet.oaaas</groupId>
+	<artifactId>oaaas-example-resource-server</artifactId>
+	<packaging>jar</packaging>
+	<name>OA-aaS - example resource server</name>
 
-  <dependencies>
-    <dependency>
-      <groupId>nl.surfnet.oaaas</groupId>
-      <artifactId>oaaas-client</artifactId>
-	  <version>${project.version}</version>
-	</dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-core</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-auth</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-views</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>junit</groupId>
-      <artifactId>junit</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.yammer.dropwizard</groupId>
-      <artifactId>dropwizard-testing</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>commons-lang</groupId>
-      <artifactId>commons-lang</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>com.sun.jersey</groupId>
-      <artifactId>jersey-json</artifactId>
-    </dependency>
+	<dependencies>
+		<dependency>
+			<groupId>nl.surfnet.oaaas</groupId>
+			<artifactId>oaaas-authorization-server</artifactId>
+			<version>${project.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-auth</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-views</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.yammer.dropwizard</groupId>
+			<artifactId>dropwizard-testing</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>commons-lang</groupId>
+			<artifactId>commons-lang</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.jersey</groupId>
+			<artifactId>jersey-json</artifactId>
+		</dependency>
 
-  </dependencies>
+	</dependencies>
 
-  <build>
-    <plugins>
-		<plugin>
-			<groupId>org.apache.maven.plugins</groupId>
-			<artifactId>maven-compiler-plugin</artifactId>
-			<version>2.3.2</version>
-			<configuration>
-				<source>1.6</source>
-				<target>1.6</target>
-				<encoding>UTF-8</encoding>
-			</configuration>
-		</plugin>
-		<plugin>
-			<groupId>org.apache.maven.plugins</groupId>
-			<artifactId>maven-source-plugin</artifactId>
-			<version>2.1.2</version>
-			<executions>
-				<execution>
-					<id>attach-sources</id>
-					<goals>
-						<goal>jar</goal>
-					</goals>
-				</execution>
-			</executions>
-		</plugin>
-		<plugin>
-			<groupId>org.apache.maven.plugins</groupId>
-			<artifactId>maven-resources-plugin</artifactId>
-			<version>2.5</version>
-			<configuration>
-				<outputDirectory />
-				<encoding>UTF-8</encoding>
-			</configuration>
-		</plugin>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>2.3.2</version>
+				<configuration>
+					<source>1.6</source>
+					<target>1.6</target>
+					<encoding>UTF-8</encoding>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-source-plugin</artifactId>
+				<version>2.1.2</version>
+				<executions>
+					<execution>
+						<id>attach-sources</id>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>2.5</version>
+				<configuration>
+					<outputDirectory />
+					<encoding>UTF-8</encoding>
+				</configuration>
+			</plugin>
 
-      <!-- disabled until we need it. -->
-   <!--
-		<plugin>
-			<groupId>org.apache.maven.plugins</groupId>
-			<artifactId>maven-shade-plugin</artifactId>
-			<version>1.6</version>
-			<configuration>
-				<createDependencyReducedPom>true</createDependencyReducedPom>
-				<filters>
-					<filter>
-						<artifact>*:*</artifact>
-						<excludes>
-							<exclude>META-INF/*.SF</exclude>
-							<exclude>META-INF/*.DSA</exclude>
-							<exclude>META-INF/*.RSA</exclude>
-						</excludes>
-					</filter>
-				</filters>
-			</configuration>
-			<executions>
-				<execution>
-					<phase>package</phase>
-					<goals>
-						<goal>shade</goal>
-					</goals>
-					<configuration>
-						<transformers>
-							<transformer
-								implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
-							<transformer
-								implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
-								<mainClass>org.surfnet.oaaas.example.api.UniversityFooService</mainClass>
-							</transformer>
-						</transformers>
-					</configuration>
-				</execution>
-			</executions>
-		</plugin>
-		-->
-    </plugins>
-  </build>
+			<!-- disabled until we need it. -->
+			<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> 
+				<version>1.6</version> <configuration> <createDependencyReducedPom>true</createDependencyReducedPom> 
+				<filters> <filter> <artifact>*:*</artifact> <excludes> <exclude>META-INF/*.SF</exclude> 
+				<exclude>META-INF/*.DSA</exclude> <exclude>META-INF/*.RSA</exclude> </excludes> 
+				</filter> </filters> </configuration> <executions> <execution> <phase>package</phase> 
+				<goals> <goal>shade</goal> </goals> <configuration> <transformers> <transformer 
+				implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" 
+				/> <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer"> 
+				<mainClass>org.surfnet.oaaas.example.api.UniversityFooService</mainClass> 
+				</transformer> </transformers> </configuration> </execution> </executions> 
+				</plugin> -->
+		</plugins>
+	</build>
 </project>
\ No newline at end of file
diff --git a/oaaas-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/OAuthAuthenticator.java b/oaaas-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/OAuthAuthenticator.java
index 5ffb9bc1..205eb186 100644
--- a/oaaas-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/OAuthAuthenticator.java
+++ b/oaaas-example-resource-server/src/main/java/org/surfnet/oaaas/example/api/OAuthAuthenticator.java
@@ -22,7 +22,7 @@
 
 import javax.ws.rs.core.HttpHeaders;
 
-import org.surfnet.oaaas.auth.VerifyTokenResponse;
+import org.surfnet.oaaas.model.VerifyTokenResponse;
 
 import com.google.common.base.Optional;
 import com.sun.jersey.api.client.Client;
diff --git a/oaaas-surfconext-authn/pom.xml b/oaaas-surfconext-authn/pom.xml
index 366272e3..339393ea 100644
--- a/oaaas-surfconext-authn/pom.xml
+++ b/oaaas-surfconext-authn/pom.xml
@@ -1,54 +1,44 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ Copyright 2012 SURFnet bv, The Netherlands
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~      http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~ See the License for the specific language governing permissions and
-  ~ limitations under the License.
-  -->
+<!-- ~ Copyright 2012 SURFnet bv, The Netherlands ~ ~ Licensed under the 
+	Apache License, Version 2.0 (the "License"); ~ you may not use this file 
+	except in compliance with the License. ~ You may obtain a copy of the License 
+	at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by 
+	applicable law or agreed to in writing, software ~ distributed under the 
+	License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS 
+	OF ANY KIND, either express or implied. ~ See the License for the specific 
+	language governing permissions and ~ limitations under the License. -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
 
-  <parent>
-    <groupId>nl.surfnet.oaaas</groupId>
-    <artifactId>oaaas-parent</artifactId>
-    <version>0.1-SNAPSHOT</version>
-  </parent>
+	<parent>
+		<groupId>nl.surfnet.oaaas</groupId>
+		<artifactId>oaaas-parent</artifactId>
+		<version>0.1-SNAPSHOT</version>
+	</parent>
 
-  <groupId>nl.surfnet.oaaas</groupId>
-  <artifactId>oaaas-surfconext-authn</artifactId>
-  <name>OA-aaS - conext authentication plugin</name>
+	<groupId>nl.surfnet.oaaas</groupId>
+	<artifactId>oaaas-surfconext-authn</artifactId>
+	<name>OA-aaS - conext authentication plugin</name>
 
-  <dependencies>
-    <dependency>
-      <groupId>org.surfnet.coin</groupId>
-      <artifactId>spring-security-opensaml</artifactId>
-      <version>2.8.1-SNAPSHOT</version>
-    </dependency>
-
-    <dependency>
-      <groupId>nl.surfnet.oaaas</groupId>
-      <artifactId>oaaas-client</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>javax.servlet</groupId>
-      <artifactId>javax.servlet-api</artifactId>
-    </dependency>
-    <dependency>
-      <groupId>javax.inject</groupId>
-      <artifactId>javax.inject</artifactId>
-      <version>1</version>
-    </dependency>
-  </dependencies>
+	<dependencies>
+		<dependency>
+			<groupId>org.surfnet.coin</groupId>
+			<artifactId>spring-security-opensaml</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>nl.surfnet.oaaas</groupId>
+			<artifactId>oaaas-authorization-server</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>javax.inject</groupId>
+			<artifactId>javax.inject</artifactId>
+			<version>1</version>
+		</dependency>
+	</dependencies>
 </project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 16bb593d..923632a5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,272 +1,267 @@
-<!--
-  Copyright 2012 SURFnet bv, The Netherlands
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
-  -->
+<!-- Copyright 2012 SURFnet bv, The Netherlands Licensed under the Apache 
+	License, Version 2.0 (the "License"); you may not use this file except in 
+	compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 
+	Unless required by applicable law or agreed to in writing, software distributed 
+	under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES 
+	OR CONDITIONS OF ANY KIND, either express or implied. See the License for 
+	the specific language governing permissions and limitations under the License. -->
 
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <groupId>nl.surfnet.oaaas</groupId>
-  <artifactId>oaaas-parent</artifactId>
-  <version>0.1-SNAPSHOT</version>
-  <packaging>pom</packaging>
-  <name>OA-aaS</name>
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
 
-  <modules>
-    <module>oaaas-client</module>
-    <module>oaaas-example-resource-server</module>
-    <module>oaaas-authorization-server</module>
-    <module>oaaas-authorization-server-war</module>
-    <module>oaaas-surfconext-authn</module>
-    <module>oaaas-example-resource-server-war</module>
-    <!--<module>oaaas-performance</module>-->
-    <!--<module>oaaas-vm</module>-->
-    <!--<module>oaaas-gui</module>-->
-  </modules>
+	<groupId>nl.surfnet.oaaas</groupId>
+	<artifactId>oaaas-parent</artifactId>
+	<version>0.1-SNAPSHOT</version>
+	<packaging>pom</packaging>
+	<name>OA-aaS</name>
 
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-    <!-- all the versions in the oa-aas project -->
-    <dropwizard.version>0.4.2</dropwizard.version>
-    <flyway.version>1.5</flyway.version>
-    <hsqldb.version>2.2.8</hsqldb.version>
-    <junit.version>4.10</junit.version>
-    <commons.dbcp.version>1.4</commons.dbcp.version>
-    <spring.version>3.1.2.RELEASE</spring.version>
-    <openjpa.version>2.2.0</openjpa.version>
-    <commons-lang.version>2.6</commons-lang.version>
-    <commons-io.version>2.0.1</commons-io.version>
-    <jersey.version>1.13</jersey.version>
-    <commons-codec.version>1.4</commons-codec.version>
-    <guava.version>12.0.1</guava.version>
-    <coin-test.version>2.8.1</coin-test.version>
-    <servlet-api.version>3.0.1</servlet-api.version>
-    <slf4j.version>1.6.6</slf4j.version>
-    <commons-validator.version>1.4.0</commons-validator.version>
-	<hibernate-validator.version>4.3.0.Final</hibernate-validator.version>
-	<spring-security-opensaml.version>2.8.1-SNAPSHOT</spring-security-opensaml.version>
-  </properties>
+	<modules>
+		<!--module>oaaas-client</module> -->
+		<module>oaaas-example-resource-server</module>
+		<module>oaaas-authorization-server</module>
+		<module>oaaas-authorization-server-war</module>
+		<module>oaaas-surfconext-authn</module>
+		<module>oaaas-example-resource-server-war</module>
+		<!--<module>oaaas-performance</module> -->
+		<!--<module>oaaas-vm</module> -->
+		<!--<module>oaaas-gui</module> -->
+	</modules>
 
-  <dependencyManagement>
-    <dependencies>
-	    <dependency>
-	      <groupId>org.surfnet.coin</groupId>
-	      <artifactId>spring-security-opensaml</artifactId>
-	      <version>2.8.1-SNAPSHOT</version>
-	    </dependency>
-	
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-beans</artifactId>
-        <version>${spring.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-context</artifactId>
-        <version>${spring.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.sun.jersey</groupId>
-        <artifactId>jersey-client</artifactId>
-        <version>${jersey.version}</version>
-      </dependency>
-	  <dependency>
-        <groupId>com.sun.jersey</groupId>
-		<artifactId>jersey-json</artifactId>
-		<version>${jersey.version}</version>
-	  </dependency>
-      <dependency>
-        <groupId>com.google.guava</groupId>
-        <artifactId>guava</artifactId>
-        <version>${guava.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.hibernate</groupId>
-        <artifactId>hibernate-validator</artifactId>
-        <version>${hibernate-validator.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.yammer.dropwizard</groupId>
-        <artifactId>dropwizard-auth</artifactId>
-        <version>${dropwizard.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.yammer.dropwizard</groupId>
-        <artifactId>dropwizard-views</artifactId>
-        <version>${dropwizard.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.yammer.dropwizard</groupId>
-        <artifactId>dropwizard-client</artifactId>
-        <version>${dropwizard.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.yammer.dropwizard</groupId>
-        <artifactId>dropwizard-core</artifactId>
-        <version>${dropwizard.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>com.googlecode.flyway</groupId>
-        <artifactId>flyway-core</artifactId>
-        <version>${flyway.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>commons-dbcp</groupId>
-        <artifactId>commons-dbcp</artifactId>
-        <version>${commons.dbcp.version}</version>
-      </dependency>
-	  <dependency>
-		<groupId>commons-codec</groupId>
-		<artifactId>commons-codec</artifactId>
-		<version>${commons-codec.version}</version>
-	  </dependency>
-      <dependency>
-        <groupId>commons-io</groupId>
-        <artifactId>commons-io</artifactId>
-		<version>${commons-io.version}</version>
-      </dependency>
-	  <dependency>
-		<groupId>commons-validator</groupId>
-		<artifactId>commons-validator</artifactId>
-		<version>${commons-validator.version}</version>
-	  </dependency>
-      <dependency>
-        <groupId>org.hsqldb</groupId>
-        <artifactId>hsqldb</artifactId>
-        <version>${hsqldb.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>junit</groupId>
-        <artifactId>junit</artifactId>
-        <version>${junit.version}</version>
-        <scope>test</scope>
-      </dependency>
-      <dependency>
-        <groupId>com.yammer.dropwizard</groupId>
-        <artifactId>dropwizard-testing</artifactId>
-        <version>${dropwizard.version}</version>
-        <scope>test</scope>
-      </dependency>
-      <dependency>
-        <groupId>org.surfnet.coin</groupId>
-	    <artifactId>coin-test</artifactId>
-	    <version>${coin-test.version}</version>
-        <scope>test</scope>
-      </dependency>
-      <dependency>
-        <groupId>org.springframework</groupId>
-        <artifactId>spring-test</artifactId>
-        <version>${spring.version}</version>
-        <scope>test</scope>
-      </dependency>
-      <dependency>
-        <groupId>org.apache.openjpa</groupId>
-        <artifactId>openjpa</artifactId>
-        <version>${openjpa.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>commons-lang</groupId>
-        <artifactId>commons-lang</artifactId>
-        <version>${commons-lang.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>nl.surfnet.oaaas</groupId>
-        <artifactId>oaaas-client</artifactId>
-        <version>${project.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>nl.surfnet.oaaas</groupId>
-        <artifactId>oaaas-authorization-server</artifactId>
-        <version>${project.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>nl.surfnet.oaaas</groupId>
-        <artifactId>oaaas-authn</artifactId>
-        <version>${project.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>javax.servlet</groupId>
-        <artifactId>javax.servlet-api</artifactId>
-        <scope>provided</scope>
-        <version>${servlet-api.version}</version>
-      </dependency>
-      <dependency>
-        <groupId>org.slf4j</groupId>
-        <artifactId>slf4j-api</artifactId>
-        <version>${slf4j.version}</version>
-      </dependency>
-	<dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>log4j-over-slf4j</artifactId>
-      <version>${slf4j.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jcl-over-slf4j</artifactId>
-      <version>${slf4j.version}</version>
-    </dependency>
-    <dependency>
-      <groupId>org.slf4j</groupId>
-      <artifactId>jul-to-slf4j</artifactId>
-      <version>${slf4j.version}</version>
-    </dependency>
-   <dependency>
-      <groupId>org.springframework</groupId>
-      <artifactId>spring-test</artifactId>
-      <version>${spring.version}</version>
-      <scope>test</scope>
-    </dependency>
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<!-- all the versions in the oa-aas project -->
+		<dropwizard.version>0.4.2</dropwizard.version>
+		<flyway.version>1.5</flyway.version>
+		<hsqldb.version>2.2.8</hsqldb.version>
+		<junit.version>4.10</junit.version>
+		<commons.dbcp.version>1.4</commons.dbcp.version>
+		<spring.version>3.1.2.RELEASE</spring.version>
+		<openjpa.version>2.2.0</openjpa.version>
+		<commons-lang.version>2.6</commons-lang.version>
+		<commons-io.version>2.0.1</commons-io.version>
+		<jersey.version>1.12</jersey.version>
+		<commons-codec.version>1.4</commons-codec.version>
+		<guava.version>12.0.1</guava.version>
+		<coin-test.version>2.8.1</coin-test.version>
+		<servlet-api.version>3.0.1</servlet-api.version>
+		<slf4j.version>1.6.6</slf4j.version>
+		<commons-validator.version>1.4.0</commons-validator.version>
+		<hibernate-validator.version>4.3.0.Final</hibernate-validator.version>
+		<spring-security-opensaml.version>2.8.1-SNAPSHOT</spring-security-opensaml.version>
+		<spring-data-jpa.version>1.1.0.RELEASE</spring-data-jpa.version>
+	</properties>
 
-    </dependencies>
-  </dependencyManagement>
-  <build>
-    <pluginManagement>
-      <plugins>
-        <plugin>
-          <groupId>com.googlecode.flyway</groupId>
-          <artifactId>flyway-maven-plugin</artifactId>
-          <version>${flyway.version}</version>
-        </plugin>
-      </plugins>
-    </pluginManagement>
-  </build>
-  <repositories>
-    <repository>
-      <snapshots>
-        <enabled>false</enabled>
-      </snapshots>
-      <releases>
-        <enabled>true</enabled>
-        <updatePolicy>never</updatePolicy>
-      </releases>
-      <id>openconext-releases</id>
-      <name>OpenConext public releases repository</name>
-      <url>https://build.surfconext.nl/repository/public/releases</url>
-    </repository>
-    <repository>
-      <snapshots>
-        <enabled>true</enabled>
-      </snapshots>
-      <releases>
-        <enabled>false</enabled>
-        <updatePolicy>never</updatePolicy>
-      </releases>
-      <id>openconext-snapshots</id>
-      <name>OpenConext public snapshots repository</name>
-      <url>https://build.surfconext.nl/repository/public/snapshots</url>
-    </repository>
-  </repositories>
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.surfnet.coin</groupId>
+				<artifactId>spring-security-opensaml</artifactId>
+				<version>${spring-security-opensaml.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework.data</groupId>
+				<artifactId>spring-data-jpa</artifactId>
+				<version>${spring-data-jpa.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-beans</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-web</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-context</artifactId>
+				<version>${spring.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.sun.jersey</groupId>
+				<artifactId>jersey-client</artifactId>
+				<version>${jersey.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.sun.jersey</groupId>
+				<artifactId>jersey-json</artifactId>
+				<version>${jersey.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.google.guava</groupId>
+				<artifactId>guava</artifactId>
+				<version>${guava.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.hibernate</groupId>
+				<artifactId>hibernate-validator</artifactId>
+				<version>${hibernate-validator.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.yammer.dropwizard</groupId>
+				<artifactId>dropwizard-auth</artifactId>
+				<version>${dropwizard.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.yammer.dropwizard</groupId>
+				<artifactId>dropwizard-views</artifactId>
+				<version>${dropwizard.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.yammer.dropwizard</groupId>
+				<artifactId>dropwizard-client</artifactId>
+				<version>${dropwizard.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.yammer.dropwizard</groupId>
+				<artifactId>dropwizard-core</artifactId>
+				<version>${dropwizard.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>com.googlecode.flyway</groupId>
+				<artifactId>flyway-core</artifactId>
+				<version>${flyway.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>commons-dbcp</groupId>
+				<artifactId>commons-dbcp</artifactId>
+				<version>${commons.dbcp.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>commons-codec</groupId>
+				<artifactId>commons-codec</artifactId>
+				<version>${commons-codec.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>commons-io</groupId>
+				<artifactId>commons-io</artifactId>
+				<version>${commons-io.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>commons-validator</groupId>
+				<artifactId>commons-validator</artifactId>
+				<version>${commons-validator.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.hsqldb</groupId>
+				<artifactId>hsqldb</artifactId>
+				<version>${hsqldb.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>junit</groupId>
+				<artifactId>junit</artifactId>
+				<version>${junit.version}</version>
+				<scope>test</scope>
+			</dependency>
+			<dependency>
+				<groupId>com.yammer.dropwizard</groupId>
+				<artifactId>dropwizard-testing</artifactId>
+				<version>${dropwizard.version}</version>
+				<scope>test</scope>
+			</dependency>
+			<dependency>
+				<groupId>org.surfnet.coin</groupId>
+				<artifactId>coin-test</artifactId>
+				<version>${coin-test.version}</version>
+				<scope>test</scope>
+			</dependency>
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-test</artifactId>
+				<version>${spring.version}</version>
+				<scope>test</scope>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.openjpa</groupId>
+				<artifactId>openjpa</artifactId>
+				<version>${openjpa.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>commons-lang</groupId>
+				<artifactId>commons-lang</artifactId>
+				<version>${commons-lang.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>nl.surfnet.oaaas</groupId>
+				<artifactId>oaaas-client</artifactId>
+				<version>${project.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>nl.surfnet.oaaas</groupId>
+				<artifactId>oaaas-authorization-server</artifactId>
+				<version>${project.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>nl.surfnet.oaaas</groupId>
+				<artifactId>oaaas-authn</artifactId>
+				<version>${project.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>javax.servlet</groupId>
+				<artifactId>javax.servlet-api</artifactId>
+				<scope>provided</scope>
+				<version>${servlet-api.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.slf4j</groupId>
+				<artifactId>slf4j-api</artifactId>
+				<version>${slf4j.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.slf4j</groupId>
+				<artifactId>log4j-over-slf4j</artifactId>
+				<version>${slf4j.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.slf4j</groupId>
+				<artifactId>jcl-over-slf4j</artifactId>
+				<version>${slf4j.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.slf4j</groupId>
+				<artifactId>jul-to-slf4j</artifactId>
+				<version>${slf4j.version}</version>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+	<build>
+		<pluginManagement>
+			<plugins>
+				<plugin>
+					<groupId>com.googlecode.flyway</groupId>
+					<artifactId>flyway-maven-plugin</artifactId>
+					<version>${flyway.version}</version>
+				</plugin>
+			</plugins>
+		</pluginManagement>
+	</build>
+	<repositories>
+		<repository>
+			<snapshots>
+				<enabled>false</enabled>
+			</snapshots>
+			<releases>
+				<enabled>true</enabled>
+				<updatePolicy>never</updatePolicy>
+			</releases>
+			<id>openconext-releases</id>
+			<name>OpenConext public releases repository</name>
+			<url>https://build.surfconext.nl/repository/public/releases</url>
+		</repository>
+		<repository>
+			<snapshots>
+				<enabled>true</enabled>
+			</snapshots>
+			<releases>
+				<enabled>false</enabled>
+				<updatePolicy>never</updatePolicy>
+			</releases>
+			<id>openconext-snapshots</id>
+			<name>OpenConext public snapshots repository</name>
+			<url>https://build.surfconext.nl/repository/public/snapshots</url>
+		</repository>
+	</repositories>
 </project>