handlers: add tests for the token endpoint

This also simplifies the way we issue tokens in tests

crates/oauth2-types/src/requests.rs

@@ -325,20 +325,32 @@ impl fmt::Debug for AuthorizationRequest {
 ///
 /// [Authorization Endpoint]: https://www.rfc-editor.org/rfc/rfc6749.html#section-3.1
 #[skip_serializing_none]
+#[serde_as]
 #[derive(Serialize, Deserialize, Default, Clone)]
-pub struct AuthorizationResponse<R> {
+pub struct AuthorizationResponse {
     /// The authorization code generated by the authorization server.
     pub code: Option<String>,
 
-    /// Other fields of the response.
-    #[serde(flatten)]
-    pub response: R,
+    /// The access token to access the requested scope.
+    pub access_token: Option<String>,
+
+    /// The type of the access token.
+    pub token_type: Option<OAuthAccessTokenType>,
+
+    /// ID Token value associated with the authenticated session.
+    pub id_token: Option<String>,
+
+    /// The duration for which the access token is valid.
+    #[serde_as(as = "Option<DurationSeconds<i64>>")]
+    pub expires_in: Option<Duration>,
 }
 
-impl<R: fmt::Debug> fmt::Debug for AuthorizationResponse<R> {
+impl fmt::Debug for AuthorizationResponse {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
         f.debug_struct("AuthorizationResponse")
-            .field("response", &self.response)
+            .field("token_type", &self.token_type)
+            .field("id_token", &self.id_token)
+            .field("expires_in", &self.expires_in)
             .finish_non_exhaustive()
     }
 }