diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index 08429c95a..a4eb4170e 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -53,7 +53,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Long accessTokenTimeout; // in seconds
 	private Long refreshTokenTimeout; // in seconds
 	private String owner; // userid of who registered it
-	private String registeredRedirectUri;
+	private Set<String> registeredRedirectUri;
 	private Set<String> resourceIds;
 
 	//Additional properties added by OpenID Connect Dynamic Client Registration spec
@@ -300,15 +300,20 @@ public class ClientDetailsEntity implements ClientDetails {
 	/**
      * @return the registeredRedirectUri
      */
-	@Basic
-    public String getRegisteredRedirectUri() {
+	//@Basic
+    @ElementCollection(fetch = FetchType.EAGER)
+	@CollectionTable(
+			name="redirect_uris",
+			joinColumns=@JoinColumn(name="owner_id")
+	)
+    public Set<String> getRegisteredRedirectUri() {
     	return registeredRedirectUri;
     }
 
 	/**
      * @param registeredRedirectUri the registeredRedirectUri to set
      */
-    public void setRegisteredRedirectUri(String registeredRedirectUri) {
+    public void setRegisteredRedirectUri(Set<String> registeredRedirectUri) {
     	this.registeredRedirectUri = registeredRedirectUri;
     }
 
@@ -499,7 +504,7 @@ public class ClientDetailsEntity implements ClientDetails {
          * @param registeredRedirectUri
          * @see org.mitre.oauth2.model.ClientDetailsEntity#setRegisteredRedirectUri(java.lang.String)
          */
-        public ClientDetailsEntityBuilder setRegisteredRedirectUri(String registeredRedirectUri) {
+        public ClientDetailsEntityBuilder setRegisteredRedirectUri(Set<String> registeredRedirectUri) {
 	        instance.setRegisteredRedirectUri(registeredRedirectUri);
 	        return this;
         }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 0649d71cb..787cae18f 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -43,7 +43,8 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 @NamedQueries({
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"),
 	@NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"),
-	@NamedQuery(name = "OAuth2AccessTokenEntity.getExpired", query = "select a from OAuth2AccessTokenEntity a where a.expiration is not null and a.expiration < current_timestamp")
+	@NamedQuery(name = "OAuth2AccessTokenEntity.getExpired", query = "select a from OAuth2AccessTokenEntity a where a.expiration is not null and a.expiration < current_timestamp"),
+	@NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authentication = :authentication")
 })
 //@JsonSerialize(using = OAuth2AccessTokenSerializer.class)
 //@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class)
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
index 475a5c0c3..7d39e01fb 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
@@ -5,6 +5,7 @@ import java.util.List;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 
 public interface OAuth2TokenRepository {
 
@@ -32,4 +33,6 @@ public interface OAuth2TokenRepository {
 
 	public List<OAuth2RefreshTokenEntity> getExpiredRefreshTokens();
 
+	public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth);
+	
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
index 85cd9041d..07420a5af 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java
@@ -11,6 +11,7 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.repository.OAuth2TokenRepository;
 import org.mitre.util.jpa.JpaUtil;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -133,6 +134,14 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 		TypedQuery<OAuth2RefreshTokenEntity> queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getExpired", OAuth2RefreshTokenEntity.class);
 	    List<OAuth2RefreshTokenEntity> refreshTokens = queryR.getResultList();
 	    return refreshTokens;
-    }	
+    }
+    
+    @Override
+    public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth) {
+    	TypedQuery<OAuth2AccessTokenEntity> queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class);
+	    queryA.setParameter("authentication", auth);
+	    List<OAuth2AccessTokenEntity> accessTokens = queryA.getResultList();
+	    return JpaUtil.getSingleResult(accessTokens);
+    }
 
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index e761e0ca3..bf15428b7 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -1,6 +1,7 @@
 package org.mitre.oauth2.service.impl;
 
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.mitre.oauth2.model.ClientDetailsEntity;
@@ -74,7 +75,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 		ClientDetailsEntity client = clientFactory.createClient(clientId, clientSecret);
 		client.setScope(scope);
 		client.setAuthorizedGrantTypes(grantTypes);
-		client.setRegisteredRedirectUri(redirectUri);
+		//client.setRegisteredRedirectUri(redirectUri);
+		Set<String> redirectUris = new HashSet<String>();
+		redirectUris.add(redirectUri);
+		client.setRegisteredRedirectUri(redirectUris);
 		client.setAuthorities(authorities);
 		client.setClientName(name);
 		client.setClientDescription(description);
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index 0ca7b131a..e5e03abea 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -218,14 +218,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		}
     }
 
-	/**
-	 * TODO: Implement
-	 * See github issue #2
-	 */
 	@Override
 	public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) {
 		
-		OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity();
+		OAuth2AccessTokenEntity accessToken = tokenRepository.getByAuthentication(authentication);
 		
 		return accessToken;
 	}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
index e9c2b036f..955678af6 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
@@ -1,6 +1,7 @@
 package org.mitre.oauth2.web;
 
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
 
 import org.mitre.oauth2.exception.ClientNotFoundException;
@@ -161,7 +162,12 @@ public class OAuthClientAPI {
     	client.setClientSecret(clientSecret);
     	client.setScope(scopeSet);
     	client.setAuthorizedGrantTypes(grantTypesSet);
-    	client.setRegisteredRedirectUri(redirectUri);
+    	
+    	//AANGANES 4/9/2012 client.redirectUri is now a Set<String>
+    	Set<String> redirectUris = new HashSet<String>();
+    	redirectUris.add(redirectUri);
+    	
+    	client.setRegisteredRedirectUri(redirectUris);
     	client.setAuthorities(authoritiesSet);
     	client.setResourceIds(resourceIdSet);
     	client.setClientName(name);
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index b003a78cd..63167f9e2 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -46,11 +46,16 @@
 	
 	<beans:import resource="controllers.xml" />
 
+	<beans:bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
+		<beans:property name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
+	</beans:bean>
+
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
+		user-approval-handler-ref="userApprovalHandler"
 		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
-		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
+		<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
 	</oauth:authorization-server>
 
 </beans:beans>
diff --git a/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql b/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql
new file mode 100644
index 000000000..6b4f81936
--- /dev/null
+++ b/openid-connect-server/src/main/webapp/db/tables/redirect_uris.sql
@@ -0,0 +1,4 @@
+CREATE TABLE redirect_uris (
+	owner_id VARCHAR(256), 
+	registeredRedirectUri VARCHAR(256) 
+);
\ No newline at end of file
diff --git a/openid-connect-server/src/main/webapp/db/tables/tables.sql b/openid-connect-server/src/main/webapp/db/tables/tables.sql
new file mode 100644
index 000000000..3b89fdd3a
--- /dev/null
+++ b/openid-connect-server/src/main/webapp/db/tables/tables.sql
@@ -0,0 +1,94 @@
+CREATE TABLE accesstoken (
+	id VARCHAR(4096),
+	expiration TIMESTAMP,
+	tokenType VARCHAR(256),
+	refresh_token_id VARCHAR(256),
+	client_id VARCHAR(256),
+	authentication LONGBLOB,
+	idTokenString VARCHAR(4096)
+);
+CREATE TABLE address (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	formatted VARCHAR(256),
+	streetAddress VARCHAR(256),
+	locality VARCHAR(256),
+	region VARCHAR(256),
+	postalCode VARCHAR(256),
+	country VARCHAR(256)
+);
+CREATE TABLE approvedsite (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userinfo_id VARCHAR(256),
+	clientdetails_id VARCHAR(256),
+	creationDate DATE,
+	accessDate DATE,
+	timeoutDate DATE
+);
+CREATE TABLE authorities (
+	owner_id VARCHAR(256),
+	authorities LONGBLOB
+);
+CREATE TABLE clientdetails (
+	clientId VARCHAR(256),
+	clientSecret VARCHAR(2000),
+	registeredRedirectUri VARCHAR(2000),
+	clientName VARCHAR(256),
+	clientDescription VARCHAR(2000),
+	allowRefresh TINYINT,
+	accessTokenTimeout BIGINT,
+	refreshTokenTimeout BIGINT,
+	owner VARCHAR(256)
+);
+CREATE TABLE event (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	type INT(3),
+	timestamp DATE
+);
+CREATE TABLE authorizedgranttypes (
+	owner_id VARCHAR(256),
+	authorizedgranttypes VARCHAR(2000)
+);
+CREATE TABLE idtoken (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY
+);
+CREATE TABLE idtokenclaims (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY
+);
+CREATE TABLE refreshtoken (
+	id VARCHAR(256),
+	expiration TIMESTAMP,
+	client_id VARCHAR(256)
+);
+CREATE TABLE resource_ids (
+	owner_id VARCHAR(256), 
+	resourceids VARCHAR(256) 
+);
+CREATE TABLE scope (
+	owner_id VARCHAR(256),
+	scope VARCHAR(2000)
+);
+CREATE TABLE userinfo (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userId VARCHAR(256),
+	name VARCHAR(256),
+	givenName VARCHAR(256),
+	familyName VARCHAR(256),
+	middleName VARCHAR(256),
+	nickname VARCHAR(256),
+	profile VARCHAR(256),
+	picture VARCHAR(256),
+	website VARCHAR(256),
+	email VARCHAR(256),
+	verified BOOLEAN,
+	gender VARCHAR(256),
+	zoneinfo VARCHAR(256),
+	locale VARCHAR(256),
+	phoneNumber VARCHAR(256),
+	address_id VARCHAR(256),
+	updatedTime VARCHAR(256)
+);
+CREATE TABLE whitelistedsite (
+	id BIGINT AUTO_INCREMENT PRIMARY KEY,
+	userinfo_id VARCHAR(256),
+	clientdetails_id VARCHAR(256)
+);
\ No newline at end of file
diff --git a/spring-security-oauth b/spring-security-oauth
index 5a784a9fb..33acf01dc 160000
--- a/spring-security-oauth
+++ b/spring-security-oauth
@@ -1 +1 @@
-Subproject commit 5a784a9fb7ac11a46cc161e94676e62dac57c2c8
+Subproject commit 33acf01dccc563c184f897448d7d61ed4aa847ff