From 5f7d3e266a69f7f3ebd0a37bf0eb05bd5e1bb7fa Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Mon, 25 Apr 2022 16:30:36 +0200
Subject: [PATCH 1/9] typo

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8a789eb..4253ba7 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ support for [PKCE](https://datatracker.ietf.org/doc/html/rfc8252#section-8.1) an
 ## Usage
 
 ```java
-// this library will just to the Authorization Flow:
+// this library will just perform the Authorization Flow:
 String tokenResponse = AuthFlow.asClient("oauth-client-id")
         .authorize(URI.create("https://login.example.com/oauth2/authorize"), uri -> System.out.println("Please login on " + uri))
         .getAccessToken(URI.create("https://login.example.com/oauth2/token"));

From 5d8e134d725e370c2b857df683bfb456631c5f4c Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 09:47:45 +0200
Subject: [PATCH 2/9] typo

[ci skip]
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4253ba7..07d815e 100644
--- a/README.md
+++ b/README.md
@@ -33,6 +33,6 @@ The `authorize(...)` method optionally allows you to specify:
 ## Why this library?
 
 * Often you just need to authorize your client and nothing more. Most OAuth2 libraries try to do a lot more
-* Nano-tiny-minuscule attack surface, since this doesn't contain any JOSE/JWT signature code, nor a fully-fleged web server
+* Nano-tiny-minuscule attack surface, since this doesn't contain any JOSE/JWT signature code, nor a fully-fledged web server
 * Focus is strictly on the authorization flow. Use any library for dealing with the tokens, you like.
 * Modular jar, exposing only one single public API. No need to read docs, you can't do anything wrong.
\ No newline at end of file

From ecbdddbcea37a09bd03d74bcb55dbe0591323d47 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 09:50:34 +0200
Subject: [PATCH 3/9] implemented HttpHtmlResponseTest

---
 .../http/HttpHtmlResponseTest.java            | 21 ++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java
index bdf7902..d50e12f 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java
@@ -1,7 +1,26 @@
 package io.github.coffeelibs.tinyoauth2client.http;
 
-import static org.junit.jupiter.api.Assertions.*;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import java.io.CharArrayWriter;
+import java.io.IOException;
 
 public class HttpHtmlResponseTest {
 
+	@Test
+	public void testWrite() throws IOException {
+		var body = "<html><body>Hello World</body></html>";
+		var response = new HttpHtmlResponse(HttpResponse.Status.OK, body);
+		var writer = new CharArrayWriter();
+
+		response.write(writer);
+
+		var str = writer.toString();
+		Assertions.assertTrue(str.startsWith("HTTP/1.1 200 OK"));
+		Assertions.assertTrue(str.contains("Content-Type: text/html; charset=UTF-8"));
+		Assertions.assertTrue(str.contains("Content-Length: " + body.length()));
+		Assertions.assertTrue(str.endsWith("<html><body>Hello World</body></html>\n"));
+	}
+
 }
\ No newline at end of file

From 59346d9bc885645930fd6d694b05df5e745cf215 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 09:52:46 +0200
Subject: [PATCH 4/9] renamed HttpResponse due to ambiguity

---
 ...pEmptyResponse.java => EmptyResponse.java} |  4 +--
 ...ttpHtmlResponse.java => HtmlResponse.java} |  4 +--
 .../http/InvalidRequestException.java         |  4 +--
 ...ectResponse.java => RedirectResponse.java} |  4 +--
 .../tinyoauth2client/http/RedirectTarget.java | 16 +++++------
 .../http/{HttpResponse.java => Response.java} | 14 +++++-----
 ...sponseTest.java => EmptyResponseTest.java} |  4 +--
 ...esponseTest.java => HtmlResponseTest.java} |  4 +--
 .../http/HttpResponseTest.java                | 28 -------------------
 ...nseTest.java => RedirectResponseTest.java} |  4 +--
 .../tinyoauth2client/http/ResponseTest.java   | 28 +++++++++++++++++++
 11 files changed, 57 insertions(+), 57 deletions(-)
 rename src/main/java/io/github/coffeelibs/tinyoauth2client/http/{HttpEmptyResponse.java => EmptyResponse.java} (77%)
 rename src/main/java/io/github/coffeelibs/tinyoauth2client/http/{HttpHtmlResponse.java => HtmlResponse.java} (86%)
 rename src/main/java/io/github/coffeelibs/tinyoauth2client/http/{HttpRedirectResponse.java => RedirectResponse.java} (81%)
 rename src/main/java/io/github/coffeelibs/tinyoauth2client/http/{HttpResponse.java => Response.java} (62%)
 rename src/test/java/io/github/coffeelibs/tinyoauth2client/http/{HttpEmptyResponseTest.java => EmptyResponseTest.java} (85%)
 rename src/test/java/io/github/coffeelibs/tinyoauth2client/http/{HttpHtmlResponseTest.java => HtmlResponseTest.java} (86%)
 delete mode 100644 src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponseTest.java
 rename src/test/java/io/github/coffeelibs/tinyoauth2client/http/{HttpRedirectResponseTest.java => RedirectResponseTest.java} (77%)
 create mode 100644 src/test/java/io/github/coffeelibs/tinyoauth2client/http/ResponseTest.java

diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponse.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponse.java
similarity index 77%
rename from src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponse.java
rename to src/main/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponse.java
index a10cfa6..1b0708c 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponse.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponse.java
@@ -3,11 +3,11 @@
 import java.io.IOException;
 import java.io.Writer;
 
-class HttpEmptyResponse implements HttpResponse {
+class EmptyResponse implements Response {
 
 	private final Status status;
 
-	public HttpEmptyResponse(HttpResponse.Status status) {
+	public EmptyResponse(Response.Status status) {
 		this.status = status;
 	}
 
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponse.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponse.java
similarity index 86%
rename from src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponse.java
rename to src/main/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponse.java
index a164f78..0af01e5 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponse.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponse.java
@@ -4,12 +4,12 @@
 import java.io.Writer;
 import java.nio.charset.StandardCharsets;
 
-class HttpHtmlResponse implements HttpResponse {
+class HtmlResponse implements Response {
 
 	private final Status status;
 	private final String body;
 
-	public HttpHtmlResponse(Status status, String body) {
+	public HtmlResponse(Status status, String body) {
 		this.status = status;
 		this.body = body;
 	}
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/InvalidRequestException.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/InvalidRequestException.java
index ecac84b..86eefc6 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/InvalidRequestException.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/InvalidRequestException.java
@@ -1,9 +1,9 @@
 package io.github.coffeelibs.tinyoauth2client.http;
 
 public class InvalidRequestException extends Exception {
-	public final HttpResponse suggestedResponse;
+	public final Response suggestedResponse;
 
-	public InvalidRequestException(HttpResponse suggestedResponse) {
+	public InvalidRequestException(Response suggestedResponse) {
 		this.suggestedResponse = suggestedResponse;
 	}
 
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponse.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponse.java
similarity index 81%
rename from src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponse.java
rename to src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponse.java
index 5872ee9..fe14e82 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponse.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponse.java
@@ -4,12 +4,12 @@
 import java.io.Writer;
 import java.net.URI;
 
-class HttpRedirectResponse implements HttpResponse {
+class RedirectResponse implements Response {
 
 	private final Status status;
 	private URI target;
 
-	public HttpRedirectResponse(Status status, URI target) {
+	public RedirectResponse(Status status, URI target) {
 		this.status = status;
 		this.target = target;
 	}
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
index dfd1106..b9754c3 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
@@ -36,7 +36,7 @@ public class RedirectTarget implements Closeable {
 	private final String path;
 	private final String csrfToken;
 
-	private HttpResponse successResponse = HttpResponse.html(HttpResponse.Status.OK, "<html><body>Success</body></html>"); // TODO: allow customization with custom html or redirect
+	private Response successResponse = Response.html(Response.Status.OK, "<html><body>Success</body></html>"); // TODO: allow customization with custom html or redirect
 
 	private RedirectTarget(ServerSocketChannel serverChannel, String path) {
 		this.serverChannel = serverChannel;
@@ -126,23 +126,23 @@ public String receive() throws IOException {
 				throw new IOException("Unparseable Request", e);
 			}
 			if (!Path.of(path).equals(Path.of(requestUri.getPath()))) {
-				HttpResponse.empty(HttpResponse.Status.NOT_FOUND).write(writer);
+				Response.empty(Response.Status.NOT_FOUND).write(writer);
 				throw new IOException("Requested invalid path " + requestUri);
 			}
 
 			var params = URIUtil.parseQueryString(requestUri.getRawQuery());
 			if (!csrfToken.equals(params.get("state"))) {
-				HttpResponse.empty(HttpResponse.Status.BAD_REQUEST).write(writer);
+				Response.empty(Response.Status.BAD_REQUEST).write(writer);
 				throw new IOException("Missing or invalid state token");
 			} else if (params.containsKey("error")) {
 				var html = "<html><body>" + params.get("error") + "</body></html>";
-				HttpResponse.html(HttpResponse.Status.OK, html).write(writer);
+				Response.html(Response.Status.OK, html).write(writer);
 				throw new IOException("Authorization failed"); // TODO more specific exception containing the error code
 			} else if (params.containsKey("code")) {
 				successResponse.write(writer);
 				return params.get("code");
 			} else {
-				HttpResponse.empty(HttpResponse.Status.BAD_REQUEST).write(writer);
+				Response.empty(Response.Status.BAD_REQUEST).write(writer);
 				throw new IOException("Missing authorization code");
 			}
 		}
@@ -159,16 +159,16 @@ public String receive() throws IOException {
 	static URI parseRequestLine(String requestLine) throws InvalidRequestException {
 		var words = requestLine.split(" ");
 		if (words.length < 3) {
-			throw new InvalidRequestException(HttpResponse.empty(HttpResponse.Status.BAD_REQUEST));
+			throw new InvalidRequestException(Response.empty(Response.Status.BAD_REQUEST));
 		}
 		var method = words[0];
 		if (!"GET".equals(method)) {
-			throw new InvalidRequestException(HttpResponse.empty(HttpResponse.Status.METHOD_NOT_ALLOWED));
+			throw new InvalidRequestException(Response.empty(Response.Status.METHOD_NOT_ALLOWED));
 		}
 		try {
 			return new URI(words[1]);
 		} catch (URISyntaxException e) {
-			throw new InvalidRequestException(HttpResponse.empty(HttpResponse.Status.BAD_REQUEST));
+			throw new InvalidRequestException(Response.empty(Response.Status.BAD_REQUEST));
 		}
 	}
 
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponse.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
similarity index 62%
rename from src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponse.java
rename to src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
index 283ecbe..97d7656 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponse.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
@@ -4,20 +4,20 @@
 import java.io.Writer;
 import java.net.URI;
 
-interface HttpResponse {
+interface Response {
 
 	void write(Writer writer) throws IOException;
 
-	static HttpResponse empty(Status status) {
-		return new HttpEmptyResponse(status);
+	static Response empty(Status status) {
+		return new EmptyResponse(status);
 	}
 
-	static HttpResponse html(Status status, String body) {
-		return new HttpHtmlResponse(status, body);
+	static Response html(Status status, String body) {
+		return new HtmlResponse(status, body);
 	}
 
-	static HttpResponse redirect(URI target) {
-		return new HttpRedirectResponse(Status.SEE_OTHER, target);
+	static Response redirect(URI target) {
+		return new RedirectResponse(Status.SEE_OTHER, target);
 	}
 
 	enum Status {
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponseTest.java
similarity index 85%
rename from src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponseTest.java
rename to src/test/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponseTest.java
index 3cbb508..93895e8 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpEmptyResponseTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/EmptyResponseTest.java
@@ -6,12 +6,12 @@
 import java.io.CharArrayWriter;
 import java.io.IOException;
 
-public class HttpEmptyResponseTest {
+public class EmptyResponseTest {
 
 	@Test
 	public void testWrite() throws IOException {
 		var html = "<html><body>Hello World</body></html>";
-		var response = new HttpHtmlResponse(HttpResponse.Status.OK, html);
+		var response = new HtmlResponse(Response.Status.OK, html);
 		var writer = new CharArrayWriter();
 
 		response.write(writer);
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponseTest.java
similarity index 86%
rename from src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java
rename to src/test/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponseTest.java
index d50e12f..cc49789 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpHtmlResponseTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HtmlResponseTest.java
@@ -6,12 +6,12 @@
 import java.io.CharArrayWriter;
 import java.io.IOException;
 
-public class HttpHtmlResponseTest {
+public class HtmlResponseTest {
 
 	@Test
 	public void testWrite() throws IOException {
 		var body = "<html><body>Hello World</body></html>";
-		var response = new HttpHtmlResponse(HttpResponse.Status.OK, body);
+		var response = new HtmlResponse(Response.Status.OK, body);
 		var writer = new CharArrayWriter();
 
 		response.write(writer);
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponseTest.java
deleted file mode 100644
index eb7c795..0000000
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpResponseTest.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package io.github.coffeelibs.tinyoauth2client.http;
-
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.Test;
-
-import java.net.URI;
-
-public class HttpResponseTest {
-
-	@Test
-	public void testEmpty() {
-		var result = HttpResponse.empty(HttpResponse.Status.OK);
-		Assertions.assertInstanceOf(HttpEmptyResponse.class, result);
-	}
-
-	@Test
-	public void testHtml() {
-		var result = HttpResponse.html(HttpResponse.Status.OK, "test");
-		Assertions.assertInstanceOf(HttpHtmlResponse.class, result);
-	}
-
-	@Test
-	public void testRedirect() {
-		var result = HttpResponse.redirect(URI.create("http://google.com"));
-		Assertions.assertInstanceOf(HttpRedirectResponse.class, result);
-	}
-
-}
\ No newline at end of file
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponseTest.java
similarity index 77%
rename from src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponseTest.java
rename to src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponseTest.java
index 30df4e8..b5b2f96 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/HttpRedirectResponseTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectResponseTest.java
@@ -7,11 +7,11 @@
 import java.io.IOException;
 import java.net.URI;
 
-public class HttpRedirectResponseTest {
+public class RedirectResponseTest {
 
 	@Test
 	public void testWrite() throws IOException {
-		var response = new HttpRedirectResponse(HttpResponse.Status.SEE_OTHER, URI.create("http://google.com"));
+		var response = new RedirectResponse(Response.Status.SEE_OTHER, URI.create("http://google.com"));
 		var writer = new CharArrayWriter();
 
 		response.write(writer);
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/ResponseTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/ResponseTest.java
new file mode 100644
index 0000000..75682b9
--- /dev/null
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/ResponseTest.java
@@ -0,0 +1,28 @@
+package io.github.coffeelibs.tinyoauth2client.http;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import java.net.URI;
+
+public class ResponseTest {
+
+	@Test
+	public void testEmpty() {
+		var result = Response.empty(Response.Status.OK);
+		Assertions.assertInstanceOf(EmptyResponse.class, result);
+	}
+
+	@Test
+	public void testHtml() {
+		var result = Response.html(Response.Status.OK, "test");
+		Assertions.assertInstanceOf(HtmlResponse.class, result);
+	}
+
+	@Test
+	public void testRedirect() {
+		var result = Response.redirect(URI.create("http://google.com"));
+		Assertions.assertInstanceOf(RedirectResponse.class, result);
+	}
+
+}
\ No newline at end of file

From a1f5510d426c8e750e226b7e625ad8f2d4cea1ec Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 11:27:32 +0200
Subject: [PATCH 5/9] basic support for custom error/success response pages

---
 .idea/inspectionProfiles/Project_Default.xml  |  3 -
 .../coffeelibs/tinyoauth2client/AuthFlow.java | 64 ++++++++++++-
 .../tinyoauth2client/http/RedirectTarget.java | 16 +++-
 .../tinyoauth2client/http/Response.java       |  2 +-
 .../tinyoauth2client/AuthFlowTest.java        | 93 ++++++++++++++++---
 5 files changed, 155 insertions(+), 23 deletions(-)

diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
index 282c7ac..146ab09 100644
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -1,9 +1,6 @@
 <component name="InspectionProjectProfileManager">
   <profile version="1.0">
     <option name="myName" value="Project Default" />
-    <inspection_tool class="AutoCloseableResource" enabled="true" level="WARNING" enabled_by_default="true">
-      <option name="METHOD_MATCHER_CONFIG" value="java.util.Formatter,format,java.io.Writer,append,com.google.common.base.Preconditions,checkNotNull,org.hibernate.Session,close,java.io.PrintWriter,printf,java.io.PrintStream,printf,io.coffeelibs.tinyoauth2client.http.RedirectTarget,start" />
-    </inspection_tool>
     <inspection_tool class="SpellCheckingInspection" enabled="false" level="TYPO" enabled_by_default="false">
       <option name="processCode" value="true" />
       <option name="processLiterals" value="true" />
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/AuthFlow.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/AuthFlow.java
index 28cef7d..f125428 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/AuthFlow.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/AuthFlow.java
@@ -1,8 +1,10 @@
 package io.github.coffeelibs.tinyoauth2client;
 
 import io.github.coffeelibs.tinyoauth2client.http.RedirectTarget;
+import io.github.coffeelibs.tinyoauth2client.http.Response;
 import io.github.coffeelibs.tinyoauth2client.util.RandomUtil;
 import org.jetbrains.annotations.Blocking;
+import org.jetbrains.annotations.Contract;
 import org.jetbrains.annotations.VisibleForTesting;
 
 import java.io.IOException;
@@ -32,6 +34,9 @@ public class AuthFlow {
 	@VisibleForTesting
 	final PKCE pkce;
 
+	private Response successResponse;
+	private Response errorResponse;
+
 	private AuthFlow(String clientId) {
 		this.clientId = clientId;
 		this.pkce = new PKCE();
@@ -47,6 +52,54 @@ public static AuthFlow asClient(String clientId) {
 		return new AuthFlow(clientId);
 	}
 
+	/**
+	 * HTML to display in the Resource Owner's user agent after successful authorization.
+	 *
+	 * @param html content served with {@code Content-Type: text/html; charset=UTF-8}
+	 * @return this
+	 */
+	@Contract("_ -> this")
+	public AuthFlow withSuccessHtml(String html) {
+		this.successResponse = Response.html(Response.Status.OK, html);
+		return this;
+	}
+
+	/**
+	 * Where to redirect the Resource Owner's user agent after successful authorization.
+	 *
+	 * @param target URI of page to show
+	 * @return this
+	 */
+	@Contract("_ -> this")
+	public AuthFlow withSuccessRedirect(URI target) {
+		this.successResponse = Response.redirect(target);
+		return this;
+	}
+
+	/**
+	 * HTML to display in the Resource Owner's user agent after failed authorization.
+	 *
+	 * @param html content served with {@code Content-Type: text/html; charset=UTF-8}
+	 * @return this
+	 */
+	@Contract("_ -> this")
+	public AuthFlow withErrorHtml(String html) {
+		this.errorResponse = Response.html(Response.Status.OK, html);
+		return this;
+	}
+
+	/**
+	 * Where to redirect the Resource Owner's user agent after failed authorization.
+	 *
+	 * @param target URI of page to show
+	 * @return this
+	 */
+	@Contract("_ -> this")
+	public AuthFlow withErrorRedirect(URI target) {
+		this.errorResponse = Response.redirect(target);
+		return this;
+	}
+
 	/**
 	 * Asks the given {@code browser} to browse the authorization URI. This method will block until the browser is
 	 * <a href="https://datatracker.ietf.org/doc/html/rfc8252#section-4.1">redirected back to this application</a>.
@@ -58,6 +111,7 @@ public static AuthFlow asClient(String clientId) {
 	 * @throws IOException In case of I/O errors during communication between browser and this application
 	 * @see #authorize(URI, Consumer, Set, String, int...)
 	 */
+	@Blocking
 	public AuthFlowWithCode authorize(URI authEndpoint, Consumer<URI> browser, String... scopes) throws IOException {
 		return authorize(authEndpoint, browser, Set.of(scopes), "/" + RandomUtil.randomToken(16));
 	}
@@ -77,6 +131,12 @@ public AuthFlowWithCode authorize(URI authEndpoint, Consumer<URI> browser, Strin
 	@Blocking
 	public AuthFlowWithCode authorize(URI authEndpoint, Consumer<URI> browser, Set<String> scopes, String path, int... ports) throws IOException {
 		try (var redirectTarget = RedirectTarget.start(path, ports)) {
+			if (successResponse != null) {
+				redirectTarget.setSuccessResponse(successResponse);
+			}
+			if (errorResponse != null) {
+				redirectTarget.setErrorResponse(errorResponse);
+			}
 			var encodedRedirectUri = URLEncoder.encode(redirectTarget.getRedirectUri().toASCIIString(), StandardCharsets.US_ASCII);
 
 			// https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1
@@ -107,8 +167,8 @@ public AuthFlowWithCode authorize(URI authEndpoint, Consumer<URI> browser, Set<S
 	 * The successfully authenticated authentication flow, ready to retrieve an access token.
 	 */
 	public class AuthFlowWithCode {
-		private String encodedRedirectUri;
-		private String authorizationCode;
+		private final String encodedRedirectUri;
+		private final String authorizationCode;
 
 		@VisibleForTesting
 		AuthFlowWithCode(String encodedRedirectUri, String authorizationCode) {
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
index b9754c3..3ac8150 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
@@ -36,7 +36,8 @@ public class RedirectTarget implements Closeable {
 	private final String path;
 	private final String csrfToken;
 
-	private Response successResponse = Response.html(Response.Status.OK, "<html><body>Success</body></html>"); // TODO: allow customization with custom html or redirect
+	private Response successResponse = Response.html(Response.Status.OK, "<html><body>Success</body></html>");
+	private Response errorResponse = Response.html(Response.Status.BAD_REQUEST, "<html><body>Error</body></html>");
 
 	private RedirectTarget(ServerSocketChannel serverChannel, String path) {
 		this.serverChannel = serverChannel;
@@ -91,6 +92,14 @@ static void tryBind(ServerSocketChannel ch, int... ports) throws IOException {
 		}
 	}
 
+	public void setSuccessResponse(Response successResponse) {
+		this.successResponse = successResponse;
+	}
+
+	public void setErrorResponse(Response errorResponse) {
+		this.errorResponse = errorResponse;
+	}
+
 	public URI getRedirectUri() {
 		try {
 			// use 127.0.0.1, not "localhost", see https://datatracker.ietf.org/doc/html/rfc8252#section-8.3
@@ -135,8 +144,9 @@ public String receive() throws IOException {
 				Response.empty(Response.Status.BAD_REQUEST).write(writer);
 				throw new IOException("Missing or invalid state token");
 			} else if (params.containsKey("error")) {
-				var html = "<html><body>" + params.get("error") + "</body></html>";
-				Response.html(Response.Status.OK, html).write(writer);
+//				var html = "<html><body>" + params.get("error") + "</body></html>";
+//				Response.html(Response.Status.OK, html).write(writer);
+				errorResponse.write(writer); // TODO insert error code?
 				throw new IOException("Authorization failed"); // TODO more specific exception containing the error code
 			} else if (params.containsKey("code")) {
 				successResponse.write(writer);
diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
index 97d7656..46fc910 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/Response.java
@@ -4,7 +4,7 @@
 import java.io.Writer;
 import java.net.URI;
 
-interface Response {
+public interface Response {
 
 	void write(Writer writer) throws IOException;
 
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
index 137d8b5..b16be37 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
@@ -20,7 +20,6 @@
 import java.net.http.HttpResponse;
 import java.util.Set;
 import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.atomic.AtomicReference;
 import java.util.function.Consumer;
 
 public class AuthFlowTest {
@@ -48,27 +47,36 @@ public void testConvenienceAuthorize() throws IOException {
 	}
 
 	@Nested
+	@SuppressWarnings("resource")
 	@Timeout(1)
 	@DisplayName("With mocked redirect target")
 	public class WithMockedRedirectTarget {
 
+		private URI authEndpoint;
 		private RedirectTarget redirectTarget;
 		private MockedStatic<RedirectTarget> redirectTargetClass;
-		private CountDownLatch redirected;
+		private Consumer<URI> browser;
 
 		@BeforeEach
+		@SuppressWarnings({"unchecked"})
 		public void setup() throws IOException {
+			authEndpoint = URI.create("https://login.example.com/?existing_param=existing-value");
 			redirectTarget = Mockito.mock(RedirectTarget.class);
 			redirectTargetClass = Mockito.mockStatic(RedirectTarget.class);
-			redirectTargetClass.when(() -> RedirectTarget.start("/foo", 1234)).thenReturn(redirectTarget);
-			redirected = new CountDownLatch(1);
+			redirectTargetClass.when(() -> RedirectTarget.start(Mockito.any(), Mockito.any())).thenReturn(redirectTarget);
+			browser = Mockito.mock(Consumer.class);
 
+			var redirected = new CountDownLatch(1);
 			Mockito.doReturn(URI.create("http://127.0.0.1:1234/foo")).when(redirectTarget).getRedirectUri();
 			Mockito.doReturn("csrf-token").when(redirectTarget).getCsrfToken();
 			Mockito.doAnswer(invocation -> {
 				redirected.await();
 				return "authCode";
 			}).when(redirectTarget).receive();
+			Mockito.doAnswer(invocation -> {
+				redirected.countDown();
+				return null;
+			}).when(browser).accept(Mockito.any());
 		}
 
 		@AfterEach
@@ -76,23 +84,80 @@ public void tearDown() {
 			redirectTargetClass.close();
 		}
 
+		@Test
+		@DisplayName("authorize(...) with random path")
+		public void testAuthorizeWithRandomPath() {
+			var authFlow = AuthFlow.asClient("my-client");
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser));
+
+			redirectTargetClass.verify(() -> RedirectTarget.start(Mockito.matches("/[0-9a-zA-Z_-]{4,}")));
+		}
+
+		@Test
+		@DisplayName("authorize(...) with fixed path and port")
+		public void testAuthorizeWithFixedPathAndPorts() {
+			var authFlow = AuthFlow.asClient("my-client");
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser, Set.of("scope1", "scope2"), "/foo", 1234, 5678));
+
+			redirectTargetClass.verify(() -> RedirectTarget.start("/foo", 1234, 5678));
+		}
+
+		@Test
+		@DisplayName("withSuccessHtml(...) gets applied during authorize(...)")
+		public void testWithSuccessHtml() {
+			var authFlow = AuthFlow.asClient("my-client").withSuccessHtml("test");
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser));
+
+			Mockito.verify(redirectTarget).setSuccessResponse(Mockito.notNull());
+		}
+
+		@Test
+		@DisplayName("withSuccessRedirect(...) gets applied during authorize(...)")
+		public void testWithSuccessRedirect() {
+			var authFlow = AuthFlow.asClient("my-client").withSuccessRedirect(URI.create("https://example.com"));
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser));
+
+			Mockito.verify(redirectTarget).setSuccessResponse(Mockito.notNull());
+		}
+
+		@Test
+		@DisplayName("withErrorRedirect(...) gets applied during authorize(...)")
+		public void testWithErrorRedirect() {
+			var authFlow = AuthFlow.asClient("my-client").withErrorRedirect(URI.create("https://example.com"));
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser));
+
+			Mockito.verify(redirectTarget).setErrorResponse(Mockito.notNull());
+		}
+
+		@Test
+		@DisplayName("withErrorHtml(...) gets applied during authorize(...)")
+		public void testWithErrorHtml() {
+			var authFlow = AuthFlow.asClient("my-client").withErrorHtml("test");
+
+			Assertions.assertDoesNotThrow(() -> authFlow.authorize(authEndpoint, browser));
+
+			Mockito.verify(redirectTarget).setErrorResponse(Mockito.notNull());
+		}
+
 		@Test
 		@DisplayName("authorize(...) succeeds if browser redirects to URI")
 		public void testAuthorize() throws IOException {
-			URI authEndpoint = URI.create("https://login.example.com/?existing_param=existing-value");
-			AtomicReference<URI> browsedUri = new AtomicReference<>();
-			Consumer<URI> browser = uri -> {
-				browsedUri.set(uri);
-				redirected.countDown();
-			};
 			var authFlow = AuthFlow.asClient("my-client");
 
-			var result = authFlow.authorize(authEndpoint, browser, Set.of("scope1", "scope2"), "/foo", 1234);
+			var result = authFlow.authorize(authEndpoint, browser, "scope1", "scope2");
 
 			Assertions.assertInstanceOf(AuthFlow.AuthFlowWithCode.class, result);
-			Assertions.assertNotNull(browsedUri.get());
-			Assertions.assertNotNull(browsedUri.get().getRawQuery());
-			var queryParams = URIUtil.parseQueryString(browsedUri.get().getRawQuery());
+			var browsedUriCaptor = ArgumentCaptor.forClass(URI.class);
+			Mockito.verify(browser).accept(browsedUriCaptor.capture());
+			var browsedUri = browsedUriCaptor.getValue();
+			Assertions.assertNotNull(browsedUri);
+			Assertions.assertNotNull(browsedUri.getRawQuery());
+			var queryParams = URIUtil.parseQueryString(browsedUri.getRawQuery());
 			Assertions.assertEquals("existing-value", queryParams.get("existing_param"));
 			Assertions.assertEquals(authFlow.clientId, queryParams.get("client_id"));
 			Assertions.assertEquals("code", queryParams.get("response_type"));

From 7a9dae86bb63999f53c8d11f8ba54d4d7035275e Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 11:31:13 +0200
Subject: [PATCH 6/9] fixed status code for default error response

---
 .../github/coffeelibs/tinyoauth2client/http/RedirectTarget.java | 2 +-
 .../coffeelibs/tinyoauth2client/http/RedirectTargetTest.java    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
index 3ac8150..cfb131c 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
@@ -37,7 +37,7 @@ public class RedirectTarget implements Closeable {
 	private final String csrfToken;
 
 	private Response successResponse = Response.html(Response.Status.OK, "<html><body>Success</body></html>");
-	private Response errorResponse = Response.html(Response.Status.BAD_REQUEST, "<html><body>Error</body></html>");
+	private Response errorResponse = Response.html(Response.Status.OK, "<html><body>Error</body></html>");
 
 	private RedirectTarget(ServerSocketChannel serverChannel, String path) {
 		this.serverChannel = serverChannel;
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
index d8aacae..ee29701 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
@@ -31,7 +31,7 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.atomic.AtomicReference;
 
-@Timeout(value = 3)
+@Timeout(value = 1)
 public class RedirectTargetTest {
 
 	@Test

From 19f5eb1c3466d1ac4376563486c884af62c71b86 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 11:33:28 +0200
Subject: [PATCH 7/9] increase timeout again due to single-core CI servers

---
 .../coffeelibs/tinyoauth2client/http/RedirectTargetTest.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
index ee29701..d8aacae 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
@@ -31,7 +31,7 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.atomic.AtomicReference;
 
-@Timeout(value = 1)
+@Timeout(value = 3)
 public class RedirectTargetTest {
 
 	@Test

From 49f608f974a470e93720978b864d44d107dbb612 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 12:27:36 +0200
Subject: [PATCH 8/9] Improved tests

---
 .../tinyoauth2client/http/RedirectTarget.java |  5 +-
 .../tinyoauth2client/AuthFlowTest.java        | 24 +++++++--
 .../http/RedirectTargetTest.java              | 53 ++++++++++++++++---
 3 files changed, 71 insertions(+), 11 deletions(-)

diff --git a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
index cfb131c..5187bda 100644
--- a/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
+++ b/src/main/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTarget.java
@@ -16,6 +16,7 @@
 import java.nio.channels.ServerSocketChannel;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Path;
+import java.util.Objects;
 
 /**
  * A TCP connector to deal with the redirect response. We only listen for the expected response,
@@ -93,11 +94,11 @@ static void tryBind(ServerSocketChannel ch, int... ports) throws IOException {
 	}
 
 	public void setSuccessResponse(Response successResponse) {
-		this.successResponse = successResponse;
+		this.successResponse = Objects.requireNonNull(successResponse);
 	}
 
 	public void setErrorResponse(Response errorResponse) {
-		this.errorResponse = errorResponse;
+		this.errorResponse = Objects.requireNonNull(errorResponse);
 	}
 
 	public URI getRedirectUri() {
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
index b16be37..b58f7b6 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/AuthFlowTest.java
@@ -60,7 +60,7 @@ public class WithMockedRedirectTarget {
 		@BeforeEach
 		@SuppressWarnings({"unchecked"})
 		public void setup() throws IOException {
-			authEndpoint = URI.create("https://login.example.com/?existing_param=existing-value");
+			authEndpoint = URI.create("https://login.example.com/");
 			redirectTarget = Mockito.mock(RedirectTarget.class);
 			redirectTargetClass = Mockito.mockStatic(RedirectTarget.class);
 			redirectTargetClass.when(() -> RedirectTarget.start(Mockito.any(), Mockito.any())).thenReturn(redirectTarget);
@@ -145,7 +145,26 @@ public void testWithErrorHtml() {
 		}
 
 		@Test
-		@DisplayName("authorize(...) succeeds if browser redirects to URI")
+		@DisplayName("authorize(...) with existing query string in authorization endpoint")
+		public void testAuthorizeWithExistingQueryParams() throws IOException {
+			authEndpoint = URI.create("https://login.example.com/?existing_param=existing-value");
+			var authFlow = AuthFlow.asClient("my-client");
+
+			var result = authFlow.authorize(authEndpoint, browser);
+
+			Assertions.assertInstanceOf(AuthFlow.AuthFlowWithCode.class, result);
+			var browsedUriCaptor = ArgumentCaptor.forClass(URI.class);
+			Mockito.verify(browser).accept(browsedUriCaptor.capture());
+			var browsedUri = browsedUriCaptor.getValue();
+			Assertions.assertNotNull(browsedUri);
+			Assertions.assertNotNull(browsedUri.getRawQuery());
+			var queryParams = URIUtil.parseQueryString(browsedUri.getRawQuery());
+			Assertions.assertEquals("existing-value", queryParams.get("existing_param"));
+			Assertions.assertEquals("code", queryParams.get("response_type"));
+		}
+
+		@Test
+		@DisplayName("authorize(...) with custom scopes")
 		public void testAuthorize() throws IOException {
 			var authFlow = AuthFlow.asClient("my-client");
 
@@ -158,7 +177,6 @@ public void testAuthorize() throws IOException {
 			Assertions.assertNotNull(browsedUri);
 			Assertions.assertNotNull(browsedUri.getRawQuery());
 			var queryParams = URIUtil.parseQueryString(browsedUri.getRawQuery());
-			Assertions.assertEquals("existing-value", queryParams.get("existing_param"));
 			Assertions.assertEquals(authFlow.clientId, queryParams.get("client_id"));
 			Assertions.assertEquals("code", queryParams.get("response_type"));
 			Assertions.assertEquals(redirectTarget.getCsrfToken(), queryParams.get("state"));
diff --git a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
index d8aacae..ef71c91 100644
--- a/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
+++ b/src/test/java/io/github/coffeelibs/tinyoauth2client/http/RedirectTargetTest.java
@@ -28,12 +28,50 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
-import java.util.concurrent.Executors;
 import java.util.concurrent.atomic.AtomicReference;
 
 @Timeout(value = 3)
+@SuppressWarnings("resource")
 public class RedirectTargetTest {
 
+	@Test
+	@DisplayName("start() doesn't accept a relative path")
+	public void testStartWithRelativePath() {
+		Assertions.assertThrows(IllegalArgumentException.class, () -> RedirectTarget.start("hello"));
+	}
+
+	@Test
+	@DisplayName("setSuccessResponse() fails on null")
+	public void testSetSuccessNull() throws IOException {
+		try (var target = RedirectTarget.start("/")) {
+			Assertions.assertThrows(NullPointerException.class, () -> target.setSuccessResponse(null));
+		}
+	}
+
+	@Test
+	@DisplayName("setSuccessResponse() succeeds on non-null")
+	public void testSetSuccessNonNull() throws IOException {
+		try (var target = RedirectTarget.start("/")) {
+			Assertions.assertDoesNotThrow(() -> target.setSuccessResponse(Response.empty(Response.Status.OK)));
+		}
+	}
+
+	@Test
+	@DisplayName("setErrorResponse() fails on null")
+	public void testSetErrorNull() throws IOException {
+		try (var target = RedirectTarget.start("/")) {
+			Assertions.assertThrows(NullPointerException.class, () -> target.setErrorResponse(null));
+		}
+	}
+
+	@Test
+	@DisplayName("setErrorResponse() succeeds on non-null")
+	public void testSetErrorNonNull() throws IOException {
+		try (var target = RedirectTarget.start("/")) {
+			Assertions.assertDoesNotThrow(() -> target.setErrorResponse(Response.empty(Response.Status.OK)));
+		}
+	}
+
 	@Test
 	@DisplayName("start() doesn't leak resource on error")
 	public void testStartExceptionally() throws IOException {
@@ -134,9 +172,11 @@ public void testRedirectError() throws IOException, InterruptedException, URISyn
 
 	@Test
 	@DisplayName("http response 400 for missing code")
-	public void testRedirectMissingCode() throws IOException, InterruptedException {
+	public void testRedirectMissingCode() throws IOException, InterruptedException, URISyntaxException {
 		try (var redirect = RedirectTarget.start("/")) {
-			var uri = redirect.getRedirectUri();
+			var baseUri = redirect.getRedirectUri();
+			var query = "state=" + redirect.getCsrfToken();
+			var uri = new URI(baseUri.getScheme(), baseUri.getAuthority(), baseUri.getPath(), query, baseUri.getFragment());
 
 			var accessToken = receiveAsync(redirect);
 			var request = HttpRequest.newBuilder(uri).GET().build();
@@ -211,10 +251,10 @@ public void testInterrupt() throws IOException, InterruptedException {
 			var threadStarted = new CountDownLatch(1);
 			var threadExited = new CountDownLatch(1);
 			var exception = new AtomicReference<Exception>();
-			var future = Executors.newSingleThreadExecutor().submit(() -> {
+			var thread = new Thread(() -> {
 				try {
 					threadStarted.countDown();
-					return redirect.receive();
+					redirect.receive();
 				} catch (IOException e) {
 					exception.set(e);
 					throw new UncheckedIOException(e);
@@ -222,9 +262,10 @@ public void testInterrupt() throws IOException, InterruptedException {
 					threadExited.countDown();
 				}
 			});
+			thread.start();
 
 			threadStarted.await();
-			future.cancel(true);
+			thread.interrupt();
 			threadExited.await();
 
 			Assertions.assertInstanceOf(ClosedByInterruptException.class, exception.get());

From abcca77c4b8ef1d11a47ab404c816784b666ac49 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@gmail.com>
Date: Thu, 28 Apr 2022 12:32:56 +0200
Subject: [PATCH 9/9] prepare version 0.2.0

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 25dd08d..e5fe02e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>io.github.coffeelibs</groupId>
 	<artifactId>tiny-oauth2-client</artifactId>
-	<version>0.2.0-SNAPSHOT</version>
+	<version>0.2.0</version>
 	<name>Tiny OAuth2 Client</name>
 	<description>Zero Dependency RFC 8252 Authorization Flow</description>
 	<inceptionYear>2022</inceptionYear>