diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
index 0935fe529..024301d00 100644
--- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
+++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
@@ -68,11 +68,11 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 	private IntrospectionConfigurationService introspectionConfigurationService;
 	private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter();
 
-	private int defaultExpireTime = 300000; // 5 minutes in milliseconds 
+	private int defaultExpireTime = 300000; // 5 minutes in milliseconds
 	private boolean forceCacheExpireTime = false; // force removal of cached tokens based on default expire time
 	private boolean cacheNonExpiringTokens = false;
 	private boolean cacheTokens = true;
-	
+
 	private HttpClient httpClient = HttpClientBuilder.create()
 			.useSystemProperties()
 			.build();
@@ -83,15 +83,15 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 		OAuth2AccessToken token;
 		OAuth2Authentication auth;
 		Date cacheExpire;
-		
+
 		private TokenCacheObject(OAuth2AccessToken token, OAuth2Authentication auth) {
 			this.token = token;
 			this.auth = auth;
-			
+
 			// we don't need to check the cacheTokens values, because this won't actually be added to the cache if cacheTokens is false
 			// if the token isn't null we use the token expire time
 			// if forceCacheExpireTime is also true, we also make sure that the token expire time is shorter than the default expire time
-			if ((this.token.getExpiration() != null) && (!forceCacheExpireTime || (forceCacheExpireTime && (this.token.getExpiration().getTime() - System.currentTimeMillis() <= defaultExpireTime)))) { 
+			if ((this.token.getExpiration() != null) && (!forceCacheExpireTime || (forceCacheExpireTime && (this.token.getExpiration().getTime() - System.currentTimeMillis() <= defaultExpireTime)))) {
 				this.cacheExpire = this.token.getExpiration();
 			} else { // if the token doesn't have an expire time, or if the using forceCacheExpireTime the token expire time is longer than the default, then use the default expire time
 				Calendar cal = Calendar.getInstance();
@@ -150,7 +150,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 	public void setDefaultExpireTime(int defaultExpireTime) {
 		this.defaultExpireTime = defaultExpireTime;
 	}
-	
+
 	/**
 	 * check if forcing a cache expire time maximum value
 	 * @return the forceCacheExpireTime setting
@@ -198,10 +198,10 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 	public void setCacheTokens(boolean cacheTokens) {
 		this.cacheTokens = cacheTokens;
 	}
-	
+
 	/**
 	 * Check to see if the introspection end point response for a token has been cached locally
-	 * This call will return the token if it has been cached and is still valid according to 
+	 * This call will return the token if it has been cached and is still valid according to
 	 * the cache expire time on the TokenCacheObject. If a cached value has been found but is
 	 * expired, either by default expire times or the token's own expire time, then the token is
 	 * removed from the cache and null is returned.
@@ -211,7 +211,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 	private TokenCacheObject checkCache(String key) {
 		if (cacheTokens && authCache.containsKey(key)) {
 			TokenCacheObject tco = authCache.get(key);
-			
+
 			if (tco != null && tco.cacheExpire != null && tco.cacheExpire.after(new Date())) {
 				return tco;
 			} else {
@@ -246,7 +246,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
 
 	/**
 	 * Validate a token string against the introspection endpoint,
-	 * then parse it and store it in the local cache if caching is enabled. 
+	 * then parse it and store it in the local cache if caching is enabled.
 	 *
 	 * @param accessToken Token to pass to the introspection endpoint
 	 * @return TokenCacheObject containing authentication and token if the token was valid, otherwise null
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
index 3b8a2564f..8b941154b 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/NamedAdminAuthoritiesMapper.java
@@ -45,7 +45,7 @@ import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
 public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {
 
 	private static Logger logger = LoggerFactory.getLogger(NamedAdminAuthoritiesMapper.class);
-	
+
 	private static final SimpleGrantedAuthority ROLE_ADMIN = new SimpleGrantedAuthority("ROLE_ADMIN");
 	private static final SimpleGrantedAuthority ROLE_USER = new SimpleGrantedAuthority("ROLE_USER");
 
@@ -57,17 +57,17 @@ public class NamedAdminAuthoritiesMapper implements OIDCAuthoritiesMapper {
 		Set<GrantedAuthority> out = new HashSet<>();
 		try {
 			ReadOnlyJWTClaimsSet claims = idToken.getJWTClaimsSet();
-			
+
 			SubjectIssuerGrantedAuthority authority = new SubjectIssuerGrantedAuthority(claims.getSubject(), claims.getIssuer());
 			out.add(authority);
 
 			if (admins.contains(authority)) {
 				out.add(ROLE_ADMIN);
 			}
-	
+
 			// everybody's a user by default
 			out.add(ROLE_USER);
-			
+
 		} catch (ParseException e) {
 			logger.error("Unable to parse ID Token inside of authorities mapper (huh?)");
 		}
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
index fbbe0a7b5..2be6aaa32 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
@@ -333,8 +333,8 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 				protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOException {
 					ClientHttpRequest httpRequest = super.createRequest(url, method);
 					httpRequest.getHeaders().add("Authorization",
-							String.format("Basic %s", Base64.encode(String.format("%s:%s", 
-									UriUtils.encodePathSegment(clientConfig.getClientId(), "UTF-8"), 
+							String.format("Basic %s", Base64.encode(String.format("%s:%s",
+									UriUtils.encodePathSegment(clientConfig.getClientId(), "UTF-8"),
 									UriUtils.encodePathSegment(clientConfig.getClientSecret(), "UTF-8")))));
 
 					return httpRequest;
@@ -581,10 +581,10 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 				// construct an PendingOIDCAuthenticationToken and return a Authentication object w/the userId and the idToken
 
-				PendingOIDCAuthenticationToken token = new PendingOIDCAuthenticationToken(idClaims.getSubject(), idClaims.getIssuer(), 
-						serverConfig, 
+				PendingOIDCAuthenticationToken token = new PendingOIDCAuthenticationToken(idClaims.getSubject(), idClaims.getIssuer(),
+						serverConfig,
 						idToken, accessTokenValue, refreshTokenValue);
-				
+
 				Authentication authentication = this.getAuthenticationManager().authenticate(token);
 
 				return authentication;
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
index 156ff4dd7..64ff8a0ce 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
@@ -39,7 +39,7 @@ import com.nimbusds.jwt.JWT;
 public class OIDCAuthenticationProvider implements AuthenticationProvider {
 
 	private static Logger logger = LoggerFactory.getLogger(OIDCAuthenticationProvider.class);
-	
+
 	private UserInfoFetcher userInfoFetcher = new UserInfoFetcher();
 
 	private OIDCAuthoritiesMapper authoritiesMapper = new NamedAdminAuthoritiesMapper();
@@ -60,7 +60,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 		if (authentication instanceof PendingOIDCAuthenticationToken) {
 
 			PendingOIDCAuthenticationToken token = (PendingOIDCAuthenticationToken) authentication;
-			
+
 			// get the ID Token value out
 			JWT idToken = token.getIdToken();
 
@@ -68,7 +68,7 @@ public class OIDCAuthenticationProvider implements AuthenticationProvider {
 			UserInfo userInfo = userInfoFetcher.loadUserInfo(token);
 
 			if (userInfo == null) {
-				// user info not found -- could be an error, could be fine 
+				// user info not found -- could be an error, could be fine
 			} else {
 				// if we found userinfo, double check it
 				if (!Strings.isNullOrEmpty(userInfo.getSub()) && !userInfo.getSub().equals(token.getSub())) {
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java
index 4300d26a9..d16dea4e1 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java
@@ -32,7 +32,7 @@ public interface OIDCAuthoritiesMapper {
 
 	/**
 	 * @param idToken the ID Token (parsed as a JWT, cannot be @null)
-	 * @param userInfo userInfo of the current user (could be @null) 
+	 * @param userInfo userInfo of the current user (could be @null)
 	 * @return the set of authorities to map to this user
 	 */
 	Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo);
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
index b0bd91ec6..35f9cfdfc 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestOptionsService.java
@@ -46,7 +46,7 @@ public interface AuthRequestOptionsService {
 	 * @return
 	 */
 	public Map<String, String> getOptions(ServerConfiguration server, RegisteredClient client, HttpServletRequest request);
-	
+
 	/**
 	 * The set of options needed at the token endpoint.
 	 * 
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
index 723ec1ee1..869c33cc5 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
@@ -25,7 +25,7 @@ import org.mitre.oauth2.model.RegisteredClient;
 import org.mitre.openid.connect.config.ServerConfiguration;
 
 /**
- * Builds a URL string to the IdP's authorization endpoint. 
+ * Builds a URL string to the IdP's authorization endpoint.
  * 
  * @author jricher
  *
@@ -38,7 +38,7 @@ public interface AuthRequestUrlBuilder {
 	 * @param redirectUri
 	 * @param nonce
 	 * @param state
-	 * @param loginHint 
+	 * @param loginHint
 	 * @return
 	 */
 	public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map<String, String> options, String loginHint);
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
index 1664cb35a..4fb3e7f6a 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java
@@ -78,7 +78,7 @@ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 		for (Entry<String, String> option : options.entrySet()) {
 			claims.setClaim(option.getKey(), option.getValue());
 		}
-		
+
 		// if there's a login hint, send it
 		if (!Strings.isNullOrEmpty(loginHint)) {
 			claims.setClaim("login_hint", loginHint);
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
index d9a269b03..ea0b09bf7 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java
@@ -63,7 +63,7 @@ public class PlainAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 			for (Entry<String, String> option : options.entrySet()) {
 				uriBuilder.addParameter(option.getKey(), option.getValue());
 			}
-			
+
 			// if there's a login hint, send it
 			if (!Strings.isNullOrEmpty(loginHint)) {
 				uriBuilder.addParameter("login_hint", loginHint);
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
index 88bb1d234..57e645cc4 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java
@@ -72,7 +72,7 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 		for (Entry<String, String> option : options.entrySet()) {
 			claims.setClaim(option.getKey(), option.getValue());
 		}
-		
+
 		// if there's a login hint, send it
 		if (!Strings.isNullOrEmpty(loginHint)) {
 			claims.setClaim("login_hint", loginHint);
diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
index 31a4ed36c..0573db705 100644
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/WebfingerIssuerService.java
@@ -77,7 +77,7 @@ public class WebfingerIssuerService implements IssuerService {
 	 * URL of the page to forward to if no identifier is given.
 	 */
 	private String loginPageUrl;
-	
+
 	/**
 	 * Strict enfocement of "https"
 	 */
@@ -207,7 +207,7 @@ public class WebfingerIssuerService implements IssuerService {
 
 			// preserving http scheme is strictly for demo system use only.
 			String scheme = key.getScheme();
-			
+
 			if (!Strings.isNullOrEmpty(scheme) &&scheme.equals("http")) {
 				if (forceHttps) {
 					throw new IllegalArgumentException("Scheme must start with htps");
@@ -231,13 +231,13 @@ public class WebfingerIssuerService implements IssuerService {
 			builder.addParameter("rel", "http://openid.net/specs/connect/1.0/issuer");
 
 			try {
-			
+
 				// do the fetch
 				logger.info("Loading: " + builder.toString());
 				String webfingerResponse = restTemplate.getForObject(builder.build(), String.class);
-	
+
 				JsonElement json = parser.parse(webfingerResponse);
-	
+
 				if (json != null && json.isJsonObject()) {
 					// find the issuer
 					JsonArray links = json.getAsJsonObject().get("links").getAsJsonArray();
@@ -247,7 +247,7 @@ public class WebfingerIssuerService implements IssuerService {
 							if (linkObj.has("href")
 									&& linkObj.has("rel")
 									&& linkObj.get("rel").getAsString().equals("http://openid.net/specs/connect/1.0/issuer")) {
-	
+
 								// we found the issuer, return it
 								return linkObj.get("href").getAsString();
 							}
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
index 02381f24c..e17a6bb77 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/ClientKeyCacheService.java
@@ -50,16 +50,16 @@ import com.nimbusds.jose.jwk.JWKSet;
 public class ClientKeyCacheService {
 
 	private static Logger logger = LoggerFactory.getLogger(ClientKeyCacheService.class);
-	
+
 	@Autowired
 	private JWKSetCacheService jwksUriCache = new JWKSetCacheService();
-	
+
 	@Autowired
 	private SymmetricKeyJWTValidatorCacheService symmetricCache = new SymmetricKeyJWTValidatorCacheService();
-	
+
 	// cache of validators for by-value JWKs
 	private LoadingCache<JWKSet, JWTSigningAndValidationService> jwksValidators;
-	
+
 	// cache of encryptors for by-value JWKs
 	private LoadingCache<JWKSet, JWTEncryptionAndDecryptionService> jwksEncrypters;
 
@@ -74,7 +74,7 @@ public class ClientKeyCacheService {
 				.build(new JWKSetEncryptorBuilder());
 	}
 
-	
+
 	public JWTSigningAndValidationService getValidator(ClientDetailsEntity client, JWSAlgorithm alg) {
 
 		try {
@@ -87,7 +87,7 @@ public class ClientKeyCacheService {
 					|| alg.equals(JWSAlgorithm.PS256)
 					|| alg.equals(JWSAlgorithm.PS384)
 					|| alg.equals(JWSAlgorithm.PS512)) {
-				
+
 				// asymmetric key
 				if (client.getJwks() != null) {
 					return jwksValidators.get(client.getJwks());
@@ -96,28 +96,28 @@ public class ClientKeyCacheService {
 				} else {
 					return null;
 				}
-				
+
 			} else if (alg.equals(JWSAlgorithm.HS256)
 					|| alg.equals(JWSAlgorithm.HS384)
 					|| alg.equals(JWSAlgorithm.HS512)) {
-	
+
 				// symmetric key
-				
+
 				return symmetricCache.getSymmetricValidtor(client);
-	
+
 			} else {
-				
+
 				return null;
 			}
- 		} catch (UncheckedExecutionException | ExecutionException e) {
+		} catch (UncheckedExecutionException | ExecutionException e) {
 			logger.error("Problem loading client validator", e);
 			return null;
 		}
 
 	}
-	
+
 	public JWTEncryptionAndDecryptionService getEncrypter(ClientDetailsEntity client) {
-	
+
 		try {
 			if (client.getJwks() != null) {
 				return jwksEncrypters.get(client.getJwks());
@@ -130,17 +130,17 @@ public class ClientKeyCacheService {
 			logger.error("Problem loading client encrypter", e);
 			return null;
 		}
-			
+
 	}
-	
-	
+
+
 	private class JWKSetEncryptorBuilder extends CacheLoader<JWKSet, JWTEncryptionAndDecryptionService> {
 
 		@Override
 		public JWTEncryptionAndDecryptionService load(JWKSet key) throws Exception {
 			return new DefaultJWTEncryptionAndDecryptionService(new JWKSetKeyStore(key));
 		}
-		
+
 	}
 
 	private class JWKSetVerifierBuilder extends CacheLoader<JWKSet, JWTSigningAndValidationService> {
@@ -152,5 +152,5 @@ public class ClientKeyCacheService {
 
 	}
 
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
index ea34efd34..6692fb15c 100644
--- a/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
+++ b/openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java
@@ -178,10 +178,10 @@ public class DefaultJWTSigningAndValidationService implements JWTSigningAndValid
 					ECDSASigner signer = new ECDSASigner(((ECKey) jwk).getD().decodeToBigInteger());
 					signers.put(id, signer);
 				}
-				
+
 				ECDSAVerifier verifier = new ECDSAVerifier(((ECKey) jwk).getX().decodeToBigInteger(), ((ECKey) jwk).getY().decodeToBigInteger());
 				verifiers.put(id, verifier);
-				
+
 			} else if (jwk instanceof OctetSequenceKey) {
 				// build HMAC signers & verifiers
 
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
index 7ad1b9478..061b16a5d 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java
@@ -65,25 +65,25 @@ public class AuthenticationHolderEntity {
 	private Long id;
 
 	private SavedUserAuthentication userAuth;
-	
+
 	private Collection<? extends GrantedAuthority> authorities;
-	
+
 	private Set<String> resourceIds;
-	
+
 	private boolean approved;
-	
+
 	private String redirectUri;
-	
+
 	private Set<String> responseTypes;
-	
+
 	private Map<String, Serializable> extensions;
-	
+
 	private String clientId;
-	
+
 	private Set<String> scope;
-	
+
 	private Map<String, String> requestParameters;
-	
+
 	public AuthenticationHolderEntity() {
 
 	}
@@ -125,7 +125,7 @@ public class AuthenticationHolderEntity {
 		setResponseTypes(o2Request.getResponseTypes());
 		setScope(o2Request.getScope());
 		setApproved(o2Request.isApproved());
-		
+
 		if (authentication.getUserAuthentication() != null) {
 			this.userAuth = new SavedUserAuthentication(authentication.getUserAuthentication());
 		} else {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
index 2e636369e..46a573f86 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
@@ -47,7 +47,7 @@ public class AuthorizationCodeEntity {
 
 	public static final String QUERY_BY_VALUE = "AuthorizationCodeEntity.getByValue";
 	public static final String QUERY_EXPIRATION_BY_DATE = "AuthorizationCodeEntity.expirationByDate";
-	
+
 	public static final String PARAM_DATE = "date";
 
 	private Long id;
@@ -55,7 +55,7 @@ public class AuthorizationCodeEntity {
 	private String code;
 
 	private AuthenticationHolderEntity authenticationHolder;
-	
+
 	private Date expiration;
 
 	/**
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
index dc09184d4..4774856d0 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@@ -76,7 +76,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	public static final String QUERY_ALL = "ClientDetailsEntity.findAll";
 
 	public static final String PARAM_CLIENT_ID = "clientId";
-	
+
 	private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600;
 
 	private static final long serialVersionUID = -1617727085733786296L;
@@ -141,7 +141,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	private Integer idTokenValiditySeconds; //timeout for id tokens
 	private Date createdAt; // time the client was created
 	private boolean clearAccessTokensOnRefresh = true; // do we clear access tokens on refresh?
-	
+
 	/** fields for UMA */
 	private Set<String> claimsRedirectUris;
 
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
index 4bad4c0f9..b642f64e5 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@@ -92,7 +92,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static final String PARAM_REFERSH_TOKEN = "refreshToken";
 	public static final String PARAM_DATE = "date";
 	public static final String PARAM_RESOURCE_SET_ID = "rsid";
-	
+
 	public static String ID_TOKEN_FIELD_NAME = "id_token";
 
 	private Long id;
@@ -112,7 +112,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	private OAuth2RefreshTokenEntity refreshToken;
 
 	private Set<String> scope;
-	
+
 	private Set<Permission> permissions;
 
 	/**
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
index ebf88e1f0..d91a7db1d 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
@@ -64,7 +64,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	public static final String PARAM_TOKEN_VALUE = "tokenValue";
 	public static final String PARAM_CLIENT = "client";
 	public static final String PARAM_DATE = "date";
-	
+
 	private Long id;
 
 	private AuthenticationHolderEntity authenticationHolder;
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
index 994dfbb67..62311c849 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/RegisteredClient.java
@@ -591,7 +591,7 @@ public class RegisteredClient {
 	public void setRequestUris(Set<String> requestUris) {
 		client.setRequestUris(requestUris);
 	}
-	
+
 	/**
 	 * @return
 	 * @see org.mitre.oauth2.model.ClientDetailsEntity#getRequestObjectSigningAlg()
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
index 11594030e..4cf6aab15 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SavedUserAuthentication.java
@@ -49,17 +49,17 @@ import org.springframework.security.core.GrantedAuthority;
 public class SavedUserAuthentication implements Authentication {
 
 	private static final long serialVersionUID = -1804249963940323488L;
-	
+
 	private Long id;
-	
+
 	private String name;
-	
+
 	private Collection<? extends GrantedAuthority> authorities;
-	
+
 	private boolean authenticated;
-	
+
 	private String sourceClass;
-	
+
 	/**
 	 * Create a Saved Auth from an existing Auth token
 	 */
@@ -80,7 +80,7 @@ public class SavedUserAuthentication implements Authentication {
 	 * Create an empty saved auth
 	 */
 	public SavedUserAuthentication() {
-		
+
 	}
 
 	/**
@@ -104,7 +104,7 @@ public class SavedUserAuthentication implements Authentication {
 	@Basic
 	@Column(name="name")
 	public String getName() {
-		return name;		
+		return name;
 	}
 
 	@Override
@@ -116,7 +116,7 @@ public class SavedUserAuthentication implements Authentication {
 	@Convert(converter = SimpleGrantedAuthorityStringConverter.class)
 	@Column(name="authority")
 	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return authorities;		
+		return authorities;
 	}
 
 	@Override
@@ -183,5 +183,5 @@ public class SavedUserAuthentication implements Authentication {
 		}
 	}
 
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
index 02dd134d1..01f55ef31 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
@@ -44,9 +44,9 @@ public class SystemScope {
 
 	public static final String QUERY_BY_VALUE = "SystemScope.getByValue";
 	public static final String QUERY_ALL = "SystemScope.findAll";
-	
+
 	public static final String PARAM_VALUE = "value";
-	
+
 	private Long id;
 	private String value; // scope value
 	private String description; // human-readable description
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
index 94cb7f9ce..e9bae0c90 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java
@@ -61,7 +61,7 @@ public class JWKSetStringConverter implements AttributeConverter<JWKSet, String>
 		} else {
 			return null;
 		}
-		
+
 	}
 
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java
index 7f3922520..cf561fa31 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java
@@ -36,7 +36,7 @@ import com.nimbusds.jwt.JWTParser;
 public class JWTStringConverter implements AttributeConverter<JWT, String> {
 
 	public static Logger logger = LoggerFactory.getLogger(JWTStringConverter.class);
-	
+
 	@Override
 	public String convertToDatabaseColumn(JWT attribute) {
 		if (attribute != null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java
index c087034a0..7369db9f6 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java
@@ -32,7 +32,7 @@ import com.google.gson.JsonParser;
 public class JsonElementStringConverter implements AttributeConverter<JsonElement, String> {
 
 	private JsonParser parser = new JsonParser();
-	
+
 	@Override
 	public String convertToDatabaseColumn(JsonElement attribute) {
 		if (attribute != null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
index d62e54fb4..3fb30098c 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SerializableStringConverter.java
@@ -27,7 +27,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * Translates a Serializable object of certain primitive types 
+ * Translates a Serializable object of certain primitive types
  * into a String for storage in the database, for use with the
  * OAuth2Request extensions map.
  * 
@@ -40,7 +40,7 @@ import org.slf4j.LoggerFactory;
 public class SerializableStringConverter implements AttributeConverter<Serializable, String> {
 
 	private static Logger logger = LoggerFactory.getLogger(SerializableStringConverter.class);
-	
+
 	@Override
 	public String convertToDatabaseColumn(Serializable attribute) {
 		if (attribute == null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java
index dec3e4b86..7a33d48f1 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java
@@ -35,7 +35,7 @@ public class SimpleGrantedAuthorityStringConverter implements AttributeConverter
 			return attribute.getAuthority();
 		} else {
 			return null;
-		}		
+		}
 	}
 
 	@Override
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
index dbdaa4e04..baa0ebc8f 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
@@ -55,5 +55,5 @@ public interface AuthorizationCodeRepository {
 	 * @return A collection of all expired codes.
 	 */
 	public Collection<AuthorizationCodeEntity> getExpiredCodes();
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
index 487af45f3..c3521d3ec 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
@@ -53,7 +53,7 @@ public interface SystemScopeService {
 	 * @return
 	 */
 	public Set<SystemScope> getDefaults();
-	
+
 	/**
 	 * Get all the reserved system scopes. These can't be used
 	 * by clients directly, but are instead tied to special system
@@ -62,7 +62,7 @@ public interface SystemScopeService {
 	 * @return
 	 */
 	public Set<SystemScope> getReserved();
-	
+
 	/**
 	 * Get all the registered scopes that are restricted.
 	 * @return
@@ -74,7 +74,7 @@ public interface SystemScopeService {
 	 * @return
 	 */
 	public Set<SystemScope> getUnrestricted();
-	
+
 	public SystemScope getById(Long id);
 
 	public SystemScope getByValue(String value);
@@ -108,13 +108,13 @@ public interface SystemScopeService {
 	public boolean scopesMatch(Set<String> expected, Set<String> actual);
 
 	/**
-	 * Remove any system-reserved or registered restricted scopes from the 
+	 * Remove any system-reserved or registered restricted scopes from the
 	 * set and return the result.
 	 * @param scopes
 	 * @return
 	 */
 	public Set<SystemScope> removeRestrictedAndReservedScopes(Set<SystemScope> scopes);
-	
+
 	/**
 	 * Remove any system-reserved scopes from the set and return the result.
 	 * @param scopes
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
index 7cbbafb69..168624332 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java
@@ -55,28 +55,28 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
 
 		try {
 			ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientId);
-	
+
 			if (client != null) {
-	
+
 				String password = Strings.nullToEmpty(client.getClientSecret());
-	
+
 				if (client.getTokenEndpointAuthMethod() != null &&
 						(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
 								client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) {
-	
+
 					// Issue a random password each time to prevent password auth from being used (or skipped)
 					// for private key or shared key clients, see #715
-	
+
 					password = new BigInteger(512, new SecureRandom()).toString(16);
 				}
-	
+
 				boolean enabled = true;
 				boolean accountNonExpired = true;
 				boolean credentialsNonExpired = true;
 				boolean accountNonLocked = true;
 				Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities());
 				authorities.add(ROLE_CLIENT);
-	
+
 				return new User(clientId, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
 			} else {
 				throw new UsernameNotFoundException("Client not found: " + clientId);
diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
index ee14c5055..2dd015bd4 100644
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
@@ -42,7 +42,7 @@ import com.google.common.base.Strings;
  * Loads client details based on URI encoding as passed in from basic auth.
  * 
  *  Should only get called if non-encoded provider fails.
- *  
+ * 
  * @author AANGANES
  *
  */
@@ -59,30 +59,30 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {
 
 		try {
 			String decodedClientId = UriUtils.decode(clientId, "UTF-8");
-			
+
 			ClientDetailsEntity client = clientDetailsService.loadClientByClientId(decodedClientId);
-	
+
 			if (client != null) {
-	
+
 				String encodedPassword = UriUtils.encodeQueryParam(Strings.nullToEmpty(client.getClientSecret()), "UTF-8");
-	
+
 				if (client.getTokenEndpointAuthMethod() != null &&
 						(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
 								client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT))) {
-	
+
 					// Issue a random password each time to prevent password auth from being used (or skipped)
 					// for private key or shared key clients, see #715
-	
+
 					encodedPassword = new BigInteger(512, new SecureRandom()).toString(16);
 				}
-	
+
 				boolean enabled = true;
 				boolean accountNonExpired = true;
 				boolean credentialsNonExpired = true;
 				boolean accountNonLocked = true;
 				Collection<GrantedAuthority> authorities = new HashSet<>(client.getAuthorities());
 				authorities.add(ROLE_CLIENT);
-	
+
 				return new User(decodedClientId, encodedPassword, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
 			} else {
 				throw new UsernameNotFoundException("Client not found: " + clientId);
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
index 486802be8..59157623f 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java
@@ -92,7 +92,7 @@ import static org.mitre.util.JsonUtils.getAsStringSet;
 public class ClientDetailsEntityJsonProcessor {
 
 	private static Logger logger = LoggerFactory.getLogger(ClientDetailsEntityJsonProcessor.class);
-	
+
 	private static JsonParser parser = new JsonParser();
 
 	/**
@@ -140,7 +140,7 @@ public class ClientDetailsEntityJsonProcessor {
 			c.setResponseTypes(getAsStringSet(o, RESPONSE_TYPES));
 			c.setPolicyUri(getAsString(o, POLICY_URI));
 			c.setJwksUri(getAsString(o, JWKS_URI));
-			
+
 			JsonElement jwksEl = o.get(JWKS);
 			if (jwksEl != null && jwksEl.isJsonObject()) {
 				try {
@@ -223,7 +223,7 @@ public class ClientDetailsEntityJsonProcessor {
 			rc.setClientSecretExpiresAt(getAsDate(o, CLIENT_SECRET_EXPIRES_AT));
 
 			rc.setSource(o);
-			
+
 			return rc;
 		} else {
 			return null;
@@ -237,25 +237,25 @@ public class ClientDetailsEntityJsonProcessor {
 	 * @return
 	 */
 	public static JsonObject serialize(RegisteredClient c) {
-		
+
 		if (c.getSource() != null) {
 			// if we have the original object, just use that
 			return c.getSource();
 		} else {
-		
+
 			JsonObject o = new JsonObject();
-	
+
 			o.addProperty(CLIENT_ID, c.getClientId());
 			if (c.getClientSecret() != null) {
 				o.addProperty(CLIENT_SECRET, c.getClientSecret());
-	
+
 				if (c.getClientSecretExpiresAt() == null) {
 					o.addProperty(CLIENT_SECRET_EXPIRES_AT, 0); // TODO: do we want to let secrets expire?
 				} else {
 					o.addProperty(CLIENT_SECRET_EXPIRES_AT, c.getClientSecretExpiresAt().getTime() / 1000L);
 				}
 			}
-	
+
 			if (c.getClientIdIssuedAt() != null) {
 				o.addProperty(CLIENT_ID_ISSUED_AT, c.getClientIdIssuedAt().getTime() / 1000L);
 			} else if (c.getCreatedAt() != null) {
@@ -264,14 +264,14 @@ public class ClientDetailsEntityJsonProcessor {
 			if (c.getRegistrationAccessToken() != null) {
 				o.addProperty(REGISTRATION_ACCESS_TOKEN, c.getRegistrationAccessToken());
 			}
-	
+
 			if (c.getRegistrationClientUri() != null) {
 				o.addProperty(REGISTRATION_CLIENT_URI, c.getRegistrationClientUri());
 			}
-	
-	
+
+
 			// add in all other client properties
-	
+
 			// OAuth DynReg
 			o.add(REDIRECT_URIS, getAsArray(c.getRedirectUris()));
 			o.addProperty(CLIENT_NAME, c.getClientName());
@@ -285,7 +285,7 @@ public class ClientDetailsEntityJsonProcessor {
 			o.add(RESPONSE_TYPES, getAsArray(c.getResponseTypes()));
 			o.addProperty(POLICY_URI, c.getPolicyUri());
 			o.addProperty(JWKS_URI, c.getJwksUri());
-			
+
 			// get the JWKS sub-object
 			if (c.getJwks() != null) {
 				// We have to re-parse it into GSON because Nimbus uses a different parser
@@ -294,7 +294,7 @@ public class ClientDetailsEntityJsonProcessor {
 			} else {
 				o.add(JWKS, null);
 			}
-	
+
 			// OIDC Registration
 			o.addProperty(APPLICATION_TYPE, c.getApplicationType() != null ? c.getApplicationType().getValue() : null);
 			o.addProperty(SECTOR_IDENTIFIER_URI, c.getSectorIdentifierUri());
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
index 746f51035..f9bf1364f 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
@@ -49,7 +49,7 @@ public class ConfigurationPropertiesBean {
 	private String logoImageUrl;
 
 	private Long regTokenLifeTime;
-	
+
 	private Long rqpTokenLifeTime;
 
 	private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
index 376444ee1..d206e0cb2 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
@@ -55,7 +55,7 @@ public class ApprovedSite {
 	public static final String QUERY_BY_CLIENT_ID = "ApprovedSite.getByClientId";
 	public static final String QUERY_BY_USER_ID = "ApprovedSite.getByUserId";
 	public static final String QUERY_ALL = "ApprovedSite.getAll";
-	
+
 	public static final String PARAM_CLIENT_ID = "clientId";
 	public static final String PARAM_USER_ID = "userId";
 
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
index 2bbb959cc..ed9f38a87 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java
@@ -417,13 +417,13 @@ public class DefaultUserInfo implements UserInfo {
 
 	@Override
 	public JsonObject toJson() {
-		
+
 		if (src == null) {
-		
+
 			JsonObject obj = new JsonObject();
-	
+
 			obj.addProperty("sub", this.getSub());
-	
+
 			obj.addProperty("name", this.getName());
 			obj.addProperty("preferred_username", this.getPreferredUsername());
 			obj.addProperty("given_name", this.getGivenName());
@@ -438,15 +438,15 @@ public class DefaultUserInfo implements UserInfo {
 			obj.addProperty("locale", this.getLocale());
 			obj.addProperty("updated_time", this.getUpdatedTime());
 			obj.addProperty("birthdate", this.getBirthdate());
-	
+
 			obj.addProperty("email", this.getEmail());
 			obj.addProperty("email_verified", this.getEmailVerified());
-	
+
 			obj.addProperty("phone_number", this.getPhoneNumber());
 			obj.addProperty("phone_number_verified", this.getPhoneNumberVerified());
-	
+
 			if (this.getAddress() != null) {
-	
+
 				JsonObject addr = new JsonObject();
 				addr.addProperty("formatted", this.getAddress().getFormatted());
 				addr.addProperty("street_address", this.getAddress().getStreetAddress());
@@ -454,10 +454,10 @@ public class DefaultUserInfo implements UserInfo {
 				addr.addProperty("region", this.getAddress().getRegion());
 				addr.addProperty("postal_code", this.getAddress().getPostalCode());
 				addr.addProperty("country", this.getAddress().getCountry());
-	
+
 				obj.add("address", addr);
 			}
-	
+
 			return obj;
 		} else {
 			return src;
@@ -531,8 +531,8 @@ public class DefaultUserInfo implements UserInfo {
 	public void setSource(JsonObject src) {
 		this.src = src;
 	}
-	
-	
+
+
 	private static String nullSafeGetString(JsonObject obj, String field) {
 		return obj.has(field) && obj.get(field).isJsonPrimitive() ? obj.get(field).getAsString() : null;
 	}
@@ -732,26 +732,26 @@ public class DefaultUserInfo implements UserInfo {
 		}
 		return true;
 	}
-	
+
 
 	/*
 	 * Custom serialization to handle the JSON object
 	 */
-    private void writeObject(ObjectOutputStream out) throws IOException {
-    	out.defaultWriteObject();
-    	if (src == null) {
-    		out.writeObject(null);
-    	} else {
-    		out.writeObject(src.toString());
-    	}
-    }
-    private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
-    	in.defaultReadObject();
-    	Object o = in.readObject();
-    	if (o != null) {
-    		JsonParser parser = new JsonParser();
-    		src = parser.parse((String)o).getAsJsonObject();
-    	}
-    }
+	private void writeObject(ObjectOutputStream out) throws IOException {
+		out.defaultWriteObject();
+		if (src == null) {
+			out.writeObject(null);
+		} else {
+			out.writeObject(src.toString());
+		}
+	}
+	private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
+		in.defaultReadObject();
+		Object o = in.readObject();
+		if (o != null) {
+			JsonParser parser = new JsonParser();
+			src = parser.parse((String)o).getAsJsonObject();
+		}
+	}
 
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
index 65a71812e..9f526d241 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
@@ -136,20 +136,20 @@ public class OIDCAuthenticationToken extends AbstractAuthenticationToken {
 	/*
 	 * Custom serialization to handle the JSON object
 	 */
-    private void writeObject(ObjectOutputStream out) throws IOException {
-    	out.defaultWriteObject();
-    	if (idToken == null) {
-    		out.writeObject(null);
-    	} else {
-    		out.writeObject(idToken.serialize());
-    	}
-    }
-    private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
-    	in.defaultReadObject();
-    	Object o = in.readObject();
-    	if (o != null) {
-    		idToken = JWTParser.parse((String)o);
-    	}
-    }
+	private void writeObject(ObjectOutputStream out) throws IOException {
+		out.defaultWriteObject();
+		if (idToken == null) {
+			out.writeObject(null);
+		} else {
+			out.writeObject(idToken.serialize());
+		}
+	}
+	private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
+		in.defaultReadObject();
+		Object o = in.readObject();
+		if (o != null) {
+			idToken = JWTParser.parse((String)o);
+		}
+	}
 
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
index 78dac5768..a1391df1e 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java
@@ -49,7 +49,7 @@ public class PairwiseIdentifier {
 
 	public static final String PARAM_SECTOR_IDENTIFIER = "sectorIdentifier";
 	public static final String PARAM_SUB = "sub";
-	
+
 	private Long id;
 	private String identifier;
 	private String userSub;
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
index 659daa369..26f0bb154 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PendingOIDCAuthenticationToken.java
@@ -138,20 +138,20 @@ public class PendingOIDCAuthenticationToken extends AbstractAuthenticationToken
 	/*
 	 * Custom serialization to handle the JSON object
 	 */
-    private void writeObject(ObjectOutputStream out) throws IOException {
-    	out.defaultWriteObject();
-    	if (idToken == null) {
-    		out.writeObject(null);
-    	} else {
-    		out.writeObject(idToken.serialize());
-    	}
-    }
-    private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
-    	in.defaultReadObject();
-    	Object o = in.readObject();
-    	if (o != null) {
-    		idToken = JWTParser.parse((String)o);
-    	}
-    }
+	private void writeObject(ObjectOutputStream out) throws IOException {
+		out.defaultWriteObject();
+		if (idToken == null) {
+			out.writeObject(null);
+		} else {
+			out.writeObject(idToken.serialize());
+		}
+	}
+	private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException, ParseException {
+		in.defaultReadObject();
+		Object o = in.readObject();
+		if (o != null) {
+			idToken = JWTParser.parse((String)o);
+		}
+	}
 
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
index 47f13b794..c25c15650 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java
@@ -233,7 +233,7 @@ public interface UserInfo extends Serializable {
 	 * @return
 	 */
 	public JsonObject toJson();
-	
+
 	/**
 	 * The JSON source of this UserInfo (if it was fetched), or null if it's local.
 	 * @return
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
index fab666005..a89215882 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
@@ -50,7 +50,7 @@ public class WhitelistedSite {
 	public static final String QUERY_BY_CREATOR = "WhitelistedSite.getByCreatoruserId";
 	public static final String QUERY_BY_CLIENT_ID = "WhitelistedSite.getByClientId";
 	public static final String QUERY_ALL = "WhitelistedSite.getAll";
-	
+
 	public static final String PARAM_USER_ID = "userId";
 	public static final String PARAM_CLIENT_ID = "clientId";
 
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java
index 7f6016232..1578760ff 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java
@@ -32,7 +32,7 @@ import com.google.gson.JsonParser;
 public class JsonObjectStringConverter implements AttributeConverter<JsonObject, String> {
 
 	private JsonParser parser = new JsonParser();
-	
+
 	@Override
 	public String convertToDatabaseColumn(JsonObject attribute) {
 		if (attribute != null) {
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
index 899923533..45879ee33 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java
@@ -45,7 +45,7 @@ public interface UserInfoService {
 	public UserInfo getByUsernameAndClientId(String username, String clientId);
 
 	/**
-	 * Get the user registered at this server with the given email address. 
+	 * Get the user registered at this server with the given email address.
 	 * 
 	 * @param email
 	 * @return
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java
index 8c1156f41..9e38a334e 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/WhitelistedSiteService.java
@@ -52,7 +52,7 @@ public interface WhitelistedSiteService {
 	 */
 	public WhitelistedSite getByClientId(String clientId);
 
-	
+
 
 	/**
 	 * Removes the given WhitelistedSite from the repository
diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
index 64fc23aaf..d22e374a1 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
@@ -93,7 +93,7 @@ public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 				}
 			}
 		}
-		
+
 		return true;
 	}
 
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java
index 856617a12..51390e3dc 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java
@@ -51,7 +51,7 @@ public class Claim {
 	private JsonElement value;
 	private Set<String> claimTokenFormat;
 	private Set<String> issuer;
-	
+
 	/**
 	 * @return the id
 	 */
@@ -81,7 +81,7 @@ public class Claim {
 	public void setName(String name) {
 		this.name = name;
 	}
-	
+
 	/**
 	 * @return the friendlyName
 	 */
@@ -96,7 +96,7 @@ public class Claim {
 	public void setFriendlyName(String friendlyName) {
 		this.friendlyName = friendlyName;
 	}
-	
+
 	/**
 	 * @return the claimType
 	 */
@@ -111,7 +111,7 @@ public class Claim {
 	public void setClaimType(String claimType) {
 		this.claimType = claimType;
 	}
-	
+
 	/**
 	 * @return the claimTokenFormat
 	 */
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java
index 07f035c7e..c1ca4b9dd 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ClaimProcessingResult.java
@@ -40,7 +40,7 @@ public class ClaimProcessingResult {
 		this.unmatched = unmatched;
 		this.matched = null;
 	}
-	
+
 	/**
 	 * Create a matched result. isSatisfied is true.
 	 * @param matched
@@ -92,5 +92,5 @@ public class ClaimProcessingResult {
 	public void setMatched(Policy matched) {
 		this.matched = matched;
 	}
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java
index 039e998db..3e6509b7e 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java
@@ -67,14 +67,14 @@ public class Permission {
 	public ResourceSet getResourceSet() {
 		return resourceSet;
 	}
-	
+
 	/**
 	 * @param resourceSet the resourceSet to set
 	 */
 	public void setResourceSet(ResourceSet resourceSet) {
 		this.resourceSet = resourceSet;
 	}
-	
+
 	/**
 	 * @return the scopes
 	 */
@@ -87,7 +87,7 @@ public class Permission {
 	public Set<String> getScopes() {
 		return scopes;
 	}
-	
+
 	/**
 	 * @param scopes the scopes to set
 	 */
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java b/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java
index bc3de8046..25848b35e 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java
@@ -57,16 +57,16 @@ public class PermissionTicket {
 	public static final String QUERY_TICKET = "PermissionTicket.queryByTicket";
 	public static final String QUERY_ALL = "PermissionTicket.queryAll";
 	public static final String QUERY_BY_RESOURCE_SET = "PermissionTicket.queryByResourceSet";
-	
+
 	public static final String PARAM_TICKET = "ticket";
 	public static final String PARAM_RESOURCE_SET_ID = "rsid";
-	
+
 	private Long id;
 	private Permission permission;
 	private String ticket;
 	private Date expiration;
 	private Collection<Claim> claimsSupplied;
-	
+
 	/**
 	 * @return the id
 	 */
@@ -76,14 +76,14 @@ public class PermissionTicket {
 	public Long getId() {
 		return id;
 	}
-	
+
 	/**
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
 		this.id = id;
 	}
-	
+
 	/**
 	 * @return the permission
 	 */
@@ -108,7 +108,7 @@ public class PermissionTicket {
 	public String getTicket() {
 		return ticket;
 	}
-	
+
 	/**
 	 * @param ticket the ticket to set
 	 */
@@ -152,6 +152,6 @@ public class PermissionTicket {
 	public void setClaimsSupplied(Collection<Claim> claimsSupplied) {
 		this.claimsSupplied = claimsSupplied;
 	}
-	
-	
+
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
index b96da6bf7..3d1870a29 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java
@@ -49,7 +49,7 @@ public class Policy {
 	private String name;
 	private Collection<Claim> claimsRequired;
 	private Set<String> scopes;
-	
+
 	/**
 	 * @return the id
 	 */
@@ -59,14 +59,14 @@ public class Policy {
 	public Long getId() {
 		return id;
 	}
-	
+
 	/**
 	 * @param id the id to set
 	 */
 	public void setId(Long id) {
 		this.id = id;
 	}
-	
+
 	/**
 	 * @return the name
 	 */
@@ -91,7 +91,7 @@ public class Policy {
 			name = "claim_to_policy",
 			joinColumns = @JoinColumn(name = "policy_id"),
 			inverseJoinColumns = @JoinColumn(name = "claim_id")
-	)
+			)
 	public Collection<Claim> getClaimsRequired() {
 		return claimsRequired;
 	}
@@ -102,7 +102,7 @@ public class Policy {
 	public void setClaimsRequired(Collection<Claim> claimsRequired) {
 		this.claimsRequired = claimsRequired;
 	}
-	
+
 	/**
 	 * @return the scopes
 	 */
@@ -115,7 +115,7 @@ public class Policy {
 	public Set<String> getScopes() {
 		return scopes;
 	}
-	
+
 	/**
 	 * @param scopes the scopes to set
 	 */
@@ -190,5 +190,5 @@ public class Policy {
 		}
 		return true;
 	}
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
index 78fca51b4..3097ec3a2 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java
@@ -39,10 +39,10 @@ import javax.persistence.Table;
 @Entity
 @Table(name = "resource_set")
 @NamedQueries ({
-		@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
-		@NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
-		@NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
-		@NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
+	@NamedQuery(name = ResourceSet.QUERY_BY_OWNER, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER),
+	@NamedQuery(name = ResourceSet.QUERY_BY_OWNER_AND_CLIENT, query = "select r from ResourceSet r where r.owner = :" + ResourceSet.PARAM_OWNER + " and r.clientId = :" + ResourceSet.PARAM_CLIENTID),
+	@NamedQuery(name = ResourceSet.QUERY_BY_CLIENT, query = "select r from ResourceSet r where r.clientId = :" + ResourceSet.PARAM_CLIENTID),
+	@NamedQuery(name = ResourceSet.QUERY_ALL, query = "select r from ResourceSet r")
 })
 public class ResourceSet {
 
@@ -60,12 +60,12 @@ public class ResourceSet {
 	private String type;
 	private Set<String> scopes = new HashSet<>();
 	private String iconUri;
-	
+
 	private String owner; // username of the person responsible for the registration (either directly or via OAuth token)
 	private String clientId; // client id of the protected resource that registered this resource set via OAuth token
-	
+
 	private Collection<Policy> policies = new HashSet<>();
-	
+
 	/**
 	 * @return the id
 	 */
@@ -75,7 +75,7 @@ public class ResourceSet {
 	public Long getId() {
 		return id;
 	}
-	
+
 	/**
 	 * @param id the id to set
 	 */
@@ -91,14 +91,14 @@ public class ResourceSet {
 	public String getName() {
 		return name;
 	}
-	
+
 	/**
 	 * @param name the name to set
 	 */
 	public void setName(String name) {
 		this.name = name;
 	}
-	
+
 	/**
 	 * @return the uri
 	 */
@@ -107,14 +107,14 @@ public class ResourceSet {
 	public String getUri() {
 		return uri;
 	}
-	
+
 	/**
 	 * @param uri the uri to set
 	 */
 	public void setUri(String uri) {
 		this.uri = uri;
 	}
-	
+
 	/**
 	 * @return the type
 	 */
@@ -123,14 +123,14 @@ public class ResourceSet {
 	public String getType() {
 		return type;
 	}
-	
+
 	/**
 	 * @param type the type to set
 	 */
 	public void setType(String type) {
 		this.type = type;
 	}
-	
+
 	/**
 	 * @return the scopes
 	 */
@@ -143,14 +143,14 @@ public class ResourceSet {
 	public Set<String> getScopes() {
 		return scopes;
 	}
-	
+
 	/**
 	 * @param scopes the scopes to set
 	 */
 	public void setScopes(Set<String> scopes) {
 		this.scopes = scopes;
 	}
-	
+
 	/**
 	 * @return the iconUri
 	 */
@@ -159,14 +159,14 @@ public class ResourceSet {
 	public String getIconUri() {
 		return iconUri;
 	}
-	
+
 	/**
 	 * @param iconUri the iconUri to set
 	 */
 	public void setIconUri(String iconUri) {
 		this.iconUri = iconUri;
 	}
-	
+
 	/**
 	 * @return the owner
 	 */
@@ -175,7 +175,7 @@ public class ResourceSet {
 	public String getOwner() {
 		return owner;
 	}
-	
+
 	/**
 	 * @param owner the owner to set
 	 */
@@ -322,9 +322,9 @@ public class ResourceSet {
 		}
 		return true;
 	}
-	
-	
-	
-	
-	
+
+
+
+
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java b/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java
index d7d2db337..25ed8723f 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/SavedRegisteredClient.java
@@ -40,7 +40,7 @@ public class SavedRegisteredClient {
 	private Long id;
 	private String issuer;
 	private RegisteredClient registeredClient;
-	
+
 	/**
 	 * @return the id
 	 */
@@ -93,5 +93,5 @@ public class SavedRegisteredClient {
 	}
 
 
-	
+
 }
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java b/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java
index 90ae88690..2cdb24a70 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java
@@ -42,7 +42,7 @@ public class RegisteredClientStringConverter implements AttributeConverter<Regis
 		} else {
 			return attribute.getSource().toString();
 		}
-		
+
 	}
 
 	/* (non-Javadoc)
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/repository/PermissionRepository.java b/openid-connect-common/src/main/java/org/mitre/uma/repository/PermissionRepository.java
index de9159879..30fa77a5e 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/repository/PermissionRepository.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/repository/PermissionRepository.java
@@ -57,7 +57,7 @@ public interface PermissionRepository {
 	 * Save a permission object with no associated ticket (used by the import/export API)
 	 * 
 	 * @param p
-	 * @return 
+	 * @return
 	 */
 	public Permission saveRawPermission(Permission p);
 
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
index de17e3558..0c633cebd 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
@@ -48,10 +48,10 @@ public interface PermissionService {
 	public PermissionTicket getByTicket(String ticket);
 
 	/**
-	 * Save the updated permission ticket to the database. Does not create a new ticket. 
+	 * Save the updated permission ticket to the database. Does not create a new ticket.
 	 * 
 	 * @param ticket
-	 * @return 
+	 * @return
 	 */
 	public PermissionTicket updateTicket(PermissionTicket ticket);
 
diff --git a/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java b/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java
index 88c6f92b6..4a85ca9e7 100644
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java
@@ -31,7 +31,7 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 public interface UmaTokenService {
 
 	/**
-	 * Create the RPT from the given authentication and ticket. 
+	 * Create the RPT from the given authentication and ticket.
 	 * 
 	 */
 	public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy);
diff --git a/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java b/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java
index 35136a9f3..7e2002649 100644
--- a/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java
+++ b/openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java
@@ -152,7 +152,7 @@ public class JsonUtils {
 			return null;
 		}
 	}
-	
+
 	/**
 	 * Gets the value of the given member as a Long, null if it doesn't exist
 	 */
@@ -163,7 +163,7 @@ public class JsonUtils {
 				return e.getAsLong();
 			} else {
 				return null;
-			}			
+			}
 		} else {
 			return null;
 		}
diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
index cce124eb4..62c05b9cc 100644
--- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
@@ -116,12 +116,12 @@ public class DiscoveryEndpoint {
 
 				// check on email addresses first
 				UserInfo user = userService.getByEmailAddress(resourceUri.getUserInfo() + "@" + resourceUri.getHost());
-				
+
 				if (user == null) {
 					// user wasn't found, see if the local part of the username matches, plus our issuer host
-				
+
 					user = userService.getByUsername(resourceUri.getUserInfo()); // first part is the username
-					
+
 					if (user != null) {
 						// username matched, check the host component
 						UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build();
@@ -131,16 +131,16 @@ public class DiscoveryEndpoint {
 							model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 							return HttpCodeView.VIEWNAME;
 						}
-						
+
 					} else {
-					
+
 						// if the user's still null, punt and say we didn't find them
-						
+
 						logger.info("User not found: " + resource);
 						model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 						return HttpCodeView.VIEWNAME;
 					}
-					
+
 				}
 
 			} else {
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
index b7dd22e9c..58b6adcca 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
@@ -77,7 +77,7 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
 		AuthorizationCodeEntity found = manager.find(AuthorizationCodeEntity.class, authorizationCodeEntity.getId());
 		if (found != null) {
 			manager.remove(found);
-		}		
+		}
 	}
 
 	/* (non-Javadoc)
@@ -89,7 +89,7 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
 		query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
 		return query.getResultList();
 	}
-	
-	
+
+
 
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
index a4adf7195..c8214d2e5 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
@@ -42,9 +42,9 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
 
 	@Autowired
 	private BlacklistedSiteService blacklistService;
-	
+
 	private boolean strictMatch = false;
-	
+
 	/* (non-Javadoc)
 	 * @see org.springframework.security.oauth2.provider.endpoint.RedirectResolver#resolveRedirect(java.lang.String, org.springframework.security.oauth2.provider.ClientDetails)
 	 */
@@ -65,7 +65,7 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
 	 */
 	@Override
 	protected boolean redirectMatches(String requestedRedirect, String redirectUri) {
-		
+
 		if (isStrictMatch()) {
 			// we're doing a strict string match for all clients
 			return Strings.nullToEmpty(requestedRedirect).equals(redirectUri);
@@ -73,7 +73,7 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
 			// otherwise do the prefix-match from the library
 			return super.redirectMatches(requestedRedirect, redirectUri);
 		}
-		
+
 	}
 
 	/**
@@ -92,6 +92,6 @@ public class BlacklistAwareRedirectResolver extends DefaultRedirectResolver {
 		this.strictMatch = strictMatch;
 	}
 
-	
-	
+
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
index aeca0f5b5..84ec9bea0 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java
@@ -57,7 +57,7 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
 		if (accessToken.getPermissions() != null && !accessToken.getPermissions().isEmpty()) {
 
 			Set<Object> permissions = Sets.newHashSet();
-			
+
 			for (Permission perm : accessToken.getPermissions()) {
 				Map<String, Object> o = newLinkedHashMap();
 				o.put("resource_set_id", perm.getResourceSet().getId().toString());
@@ -65,14 +65,14 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
 				o.put("scopes", scopes);
 				permissions.add(o);
 			}
-			
+
 			result.put("permissions", permissions);
-			
+
 		} else {
 			Set<String> scopes = Sets.intersection(authScopes, accessToken.getScope());
-			
+
 			result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
-			
+
 		}
 
 		if (accessToken.getExpiration() != null) {
@@ -110,7 +110,7 @@ public class DefaultIntrospectionResultAssembler implements IntrospectionResultA
 		result.put(ACTIVE, true);
 
 		Set<String> scopes = Sets.intersection(authScopes, authentication.getOAuth2Request().getScope());
-		
+
 		result.put(SCOPE, Joiner.on(SCOPE_SEPARATOR).join(scopes));
 
 		if (refreshToken.getExpiration() != null) {
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
index e29632311..36cb51644 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
@@ -49,10 +49,10 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 
 	@Autowired
 	private AuthorizationCodeRepository repository;
-	
+
 	@Autowired
 	private AuthenticationHolderRepository authenticationHolderRepository;
-	
+
 	private int authCodeExpirationSeconds = 60 * 5; // expire in 5 minutes by default
 
 	private RandomValueStringGenerator generator = new RandomValueStringGenerator();
@@ -75,8 +75,8 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 		authHolder = authenticationHolderRepository.save(authHolder);
 
 		// set the auth code to expire
-		Date expiration = new Date(System.currentTimeMillis() + (getAuthCodeExpirationSeconds() * 1000L));		
-		
+		Date expiration = new Date(System.currentTimeMillis() + (getAuthCodeExpirationSeconds() * 1000L));
+
 		AuthorizationCodeEntity entity = new AuthorizationCodeEntity(code, authHolder, expiration);
 		repository.save(entity);
 
@@ -97,32 +97,32 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 	public OAuth2Authentication consumeAuthorizationCode(String code) throws InvalidGrantException {
 
 		AuthorizationCodeEntity result = repository.getByCode(code);
-		
+
 		if (result == null) {
 			throw new InvalidGrantException("JpaAuthorizationCodeRepository: no authorization code found for value " + code);
 		}
-		
+
 		OAuth2Authentication auth = result.getAuthenticationHolder().getAuthentication();
-		
+
 		repository.remove(result);
-		
+
 		return auth;
 	}
-	
+
 	/**
 	 * Find and remove all expired auth codes.
 	 */
 	@Transactional
 	public void clearExpiredAuthorizationCodes() {
-		
+
 		Collection<AuthorizationCodeEntity> codes = repository.getExpiredCodes();
-		
+
 		for (AuthorizationCodeEntity code : codes) {
 			repository.remove(code);
 		}
-		
+
 		logger.info("Removed " + codes.size() + " expired authorization codes.");
-		
+
 	}
 
 	/**
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
index d7f6f429c..9e1bf88ee 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@@ -89,10 +89,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 
 	@Autowired
 	private StatsService statsService;
-	
+
 	@Autowired
 	private ResourceSetService resourceSetService;
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
 
@@ -124,7 +124,7 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 
 		// make sure that clients with the "refresh_token" grant type have the "offline_access" scope, and vice versa
 		ensureRefreshTokenConsistency(client);
-		
+
 		// make sure we don't have both a JWKS and a JWKS URI
 		ensureKeyConsistency(client);
 
@@ -158,9 +158,9 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 	private void ensureNoReservedScopes(ClientDetailsEntity client) {
 		// make sure a client doesn't get any special system scopes
 		Set<SystemScope> requestedScope = scopeService.fromStrings(client.getScope());
-		
+
 		requestedScope = scopeService.removeReservedScopes(requestedScope);
-		
+
 		client.setScope(scopeService.toStrings(requestedScope));
 	}
 
@@ -240,7 +240,7 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
 		if (whitelistedSite != null) {
 			whitelistedSiteService.remove(whitelistedSite);
 		}
-		
+
 		// clear out resource sets registered for this client
 		Collection<ResourceSet> resourceSets = resourceSetService.getAllForClient(client);
 		for (ResourceSet rs : resourceSets) {
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
index d93420717..120d3df30 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@@ -151,8 +151,8 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			Set<SystemScope> scopes = scopeService.fromStrings(clientAuth.getScope());
 
 			// remove any of the special system scopes
-			scopes = scopeService.removeReservedScopes(scopes);			
-			
+			scopes = scopeService.removeReservedScopes(scopes);
+
 			token.setScope(scopeService.toStrings(scopes));
 
 			// make it expire if necessary
@@ -280,7 +280,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 
 		Set<String> scopeRequested = authRequest.getScope() == null ? new HashSet<String>() : new HashSet<>(authRequest.getScope());
 		Set<SystemScope> scope = scopeService.fromStrings(scopeRequested);
-		
+
 		// remove any of the special system scopes
 		scope = scopeService.removeReservedScopes(scope);
 
@@ -313,7 +313,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			// otherwise, make a new refresh token
 			OAuth2RefreshTokenEntity newRefresh = createRefreshToken(client, authHolder);
 			token.setRefreshToken(newRefresh);
-			
+
 			// clean up the old refresh token
 			tokenRepository.removeRefreshToken(refreshToken);
 		}
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
index 687a7fe33..9dba8b817 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
@@ -62,7 +62,7 @@ public class DefaultSystemScopeService implements SystemScopeService {
 			return (input != null && input.isRestricted());
 		}
 	};
-	
+
 	private Predicate<SystemScope> isReserved = new Predicate<SystemScope>() {
 		@Override
 		public boolean apply(SystemScope input) {
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java
index a9d588e12..1b220892e 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/AuthenticationUtilities.java
@@ -32,7 +32,7 @@ import com.google.common.collect.ImmutableSet;
  *
  */
 public abstract class AuthenticationUtilities {
-	
+
 	/**
 	 * Makes sure the authentication contains the given scope, throws an exception otherwise
 	 * @param auth the authentication object to check
@@ -63,7 +63,7 @@ public abstract class AuthenticationUtilities {
 		}
 		return false;
 	}
-	
+
 
 	public static boolean hasRole(Authentication auth, String role) {
 		for (GrantedAuthority grantedAuthority : auth.getAuthorities()) {
@@ -72,7 +72,7 @@ public abstract class AuthenticationUtilities {
 			}
 		}
 		return false;
-		
+
 	}
-	
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
index 1762323b8..3d6147ad6 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
@@ -70,7 +70,7 @@ public class IntrospectionEndpoint {
 
 	@Autowired
 	private UserInfoService userInfoService;
-	
+
 	@Autowired
 	private ResourceSetService resourceSetService;
 
@@ -94,52 +94,52 @@ public class IntrospectionEndpoint {
 
 		ClientDetailsEntity authClient = null;
 		Set<String> authScopes = new HashSet<>();
-		
+
 		if (auth instanceof OAuth2Authentication) {
 			// the client authenticated with OAuth, do our UMA checks
 			ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-			
+
 			// get out the client that was issued the access token (not the token being introspected)
 			OAuth2Authentication o2a = (OAuth2Authentication) auth;
-			
+
 			String authClientId = o2a.getOAuth2Request().getClientId();
 			authClient = clientService.loadClientByClientId(authClientId);
-			
+
 			// the owner is the user who authorized the token in the first place
 			String ownerId = o2a.getUserAuthentication().getName();
-			
+
 			authScopes.addAll(authClient.getScope());
-			
+
 			// UMA style clients also get a subset of scopes of all the resource sets they've registered
 			Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwnerAndClient(ownerId, authClientId);
-			
+
 			// collect all the scopes
 			for (ResourceSet rs : resourceSets) {
 				authScopes.addAll(rs.getScopes());
 			}
-			
+
 		} else {
 			// the client authenticated directly, make sure it's got the right access
-			
+
 			String authClientId = auth.getName(); // direct authentication puts the client_id into the authentication's name field
 			authClient = clientService.loadClientByClientId(authClientId);
 
 			// directly authenticated clients get a subset of any scopes that they've registered for
 			authScopes.addAll(authClient.getScope());
-			
+
 			if (!AuthenticationUtilities.hasRole(auth, "ROLE_CLIENT")
 					|| !authClient.isAllowIntrospection()) {
-				
+
 				// this client isn't allowed to do direct introspection
-				
+
 				logger.error("Client " + authClient.getClientId() + " is not allowed to call introspection endpoint");
 				model.addAttribute("code", HttpStatus.FORBIDDEN);
 				return HttpCodeView.VIEWNAME;
 
 			}
-			
+
 		}
-		
+
 		// by here we're allowed to introspect, now we need to look up the token in our token stores
 
 		// first make sure the token is there
@@ -188,7 +188,7 @@ public class IntrospectionEndpoint {
 		}
 
 		// if it's a valid token, we'll print out information on it
-		
+
 		if (accessToken != null) {
 			Map<String, Object> entity = introspectionResultAssembler.assembleFrom(accessToken, user, authScopes);
 			model.addAttribute(JsonEntityView.ENTITY, entity);
@@ -202,9 +202,9 @@ public class IntrospectionEndpoint {
 			model.addAttribute(JsonEntityView.ENTITY, entity);
 			return JsonEntityView.VIEWNAME;
 		}
-		
+
 		return JsonEntityView.VIEWNAME;
-			
+
 	}
-	
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 719e4ee9e..895cae133 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -131,20 +131,20 @@ public class OAuthConfirmationController {
 		}
 
 		if (prompts.contains("none")) {
-			// if we've got a redirect URI then we'll send it 
-			
+			// if we've got a redirect URI then we'll send it
+
 			String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client);
-			
+
 			try {
 				URIBuilder uriBuilder = new URIBuilder(url);
-			
+
 				uriBuilder.addParameter("error", "interaction_required");
 				if (!Strings.isNullOrEmpty(authRequest.getState())) {
 					uriBuilder.addParameter("state", authRequest.getState()); // copy the state parameter if one was given
 				}
 
 				return "redirect:" + uriBuilder.toString();
-				
+
 			} catch (URISyntaxException e) {
 				logger.error("Can't build redirect URI for prompt=none, sending error instead", e);
 				model.put("code", HttpStatus.FORBIDDEN);
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java
index 70ed8f2a1..408d45ca0 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java
@@ -52,7 +52,7 @@ import com.google.gson.Gson;
 public class ScopeAPI {
 
 	public static final String URL = RootController.API_URL + "/scopes";
-	
+
 	@Autowired
 	private SystemScopeService scopeService;
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java
index 252077577..ccb906460 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerClientAssertionTokenEndpointFilter.java
@@ -62,6 +62,7 @@ public class JWTBearerClientAssertionTokenEndpointFilter extends AbstractAuthent
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
 		setAuthenticationFailureHandler(new AuthenticationFailureHandler() {
+			@Override
 			public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
 					AuthenticationException exception) throws IOException, ServletException {
 				if (exception instanceof BadCredentialsException) {
@@ -71,6 +72,7 @@ public class JWTBearerClientAssertionTokenEndpointFilter extends AbstractAuthent
 			}
 		});
 		setAuthenticationSuccessHandler(new AuthenticationSuccessHandler() {
+			@Override
 			public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 					Authentication authentication) throws IOException, ServletException {
 				// no-op - just allow filter chain to continue to token endpoint
@@ -109,13 +111,13 @@ public class JWTBearerClientAssertionTokenEndpointFilter extends AbstractAuthent
 	}
 
 	private static class ClientAssertionRequestMatcher implements RequestMatcher {
-		
+
 		private RequestMatcher additionalMatcher;
-		
+
 		public ClientAssertionRequestMatcher(RequestMatcher additionalMatcher) {
 			this.additionalMatcher = additionalMatcher;
 		}
-		
+
 		@Override
 		public boolean matches(HttpServletRequest request) {
 			// check for appropriate parameters
@@ -127,10 +129,10 @@ public class JWTBearerClientAssertionTokenEndpointFilter extends AbstractAuthent
 			} else if (!assertionType.equals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer")) {
 				return false;
 			}
-			
+
 			return additionalMatcher.matches(request);
 		}
-		
+
 	}
 
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java
index 8c5a7303b..edf7fcb40 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java
@@ -47,30 +47,30 @@ public class JsonMessageSource extends AbstractMessageSource {
 	private static final Logger logger = LoggerFactory.getLogger(JsonMessageSource.class);
 
 	private Resource baseDirectory;
-	
+
 	private Locale fallbackLocale = new Locale("en"); // US English is the fallback language
 
 	private Map<Locale, JsonObject> languageMaps = new HashMap<>();
-	
+
 	@Override
 	protected MessageFormat resolveCode(String code, Locale locale) {
-		
+
 		JsonObject lang = getLanguageMap(locale);
 
 		String value = getValue(code, lang);
-		
+
 		if (value == null) {
 			// if we haven't found anything, try the default locale
 			lang = getLanguageMap(fallbackLocale);
 			value = getValue(code, lang);
 		}
-		
+
 		if (value == null) {
 			value = code;
 		}
 
 		MessageFormat mf = new MessageFormat(value, locale);
-		
+
 		return mf;
 	}
 
@@ -81,44 +81,44 @@ public class JsonMessageSource extends AbstractMessageSource {
 	 * @return
 	 */
 	private String getValue(String code, JsonObject lang) {
-		
+
 		// if there's no language map, nothing to look up
 		if (lang == null) {
 			return null;
 		}
-		
+
 		JsonElement e = lang;
-		
+
 		Iterable<String> parts = Splitter.on('.').split(code);
 		Iterator<String> it = parts.iterator();
-		
+
 		String value = null;
-		
+
 		while (it.hasNext()) {
 			String p = it.next();
-				if (e.isJsonObject()) {
-					JsonObject o = e.getAsJsonObject();
-					if (o.has(p)) {
-						e = o.get(p); // found the next level
-						if (!it.hasNext()) {
-							// we've reached a leaf, grab it
-							if (e.isJsonPrimitive()) {
-								value = e.getAsString();
-							}
+			if (e.isJsonObject()) {
+				JsonObject o = e.getAsJsonObject();
+				if (o.has(p)) {
+					e = o.get(p); // found the next level
+					if (!it.hasNext()) {
+						// we've reached a leaf, grab it
+						if (e.isJsonPrimitive()) {
+							value = e.getAsString();
 						}
-					} else {
-						// didn't find it, stop processing
-						break;
 					}
 				} else {
 					// didn't find it, stop processing
 					break;
 				}
+			} else {
+				// didn't find it, stop processing
+				break;
+			}
 		}
-		
-		
+
+
 		return value;
-		
+
 	}
 
 	/**
@@ -126,28 +126,28 @@ public class JsonMessageSource extends AbstractMessageSource {
 	 * @return
 	 */
 	private JsonObject getLanguageMap(Locale locale) {
-		
+
 		if (!languageMaps.containsKey(locale)) {
 			try {
 				String filename = locale.getLanguage() + File.separator + "messages.json";
-				
+
 				Resource r = getBaseDirectory().createRelative(filename);
-				
+
 				logger.info("No locale loaded, trying to load from " + r);
-				
+
 				JsonParser parser = new JsonParser();
 				JsonObject obj = (JsonObject) parser.parse(new InputStreamReader(r.getInputStream(), "UTF-8"));
-				
+
 				languageMaps.put(locale, obj);
 			} catch (JsonIOException | JsonSyntaxException | IOException e) {
 				logger.error("Unable to load locale", e);
 			}
 		}
-		
+
 		return languageMaps.get(locale);
-		
-		
-		
+
+
+
 	}
 
 	/**
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java
index f70b25e3e..a22764275 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java
@@ -83,7 +83,7 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 
 	@Autowired
 	private ClientDetailsEntityService clientService;
-	
+
 	@Autowired
 	private RedirectResolver redirectResolver;
 
@@ -106,7 +106,7 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 		try {
 			// we have to create our own auth request in order to get at all the parmeters appropriately
 			AuthorizationRequest authRequest = null;
-	
+
 			ClientDetailsEntity client = null;
 
 			authRequest = authRequestFactory.createAuthorizationRequest(createRequestMap(request.getParameterMap()));
@@ -120,16 +120,16 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 			} else {
 				session.removeAttribute(LOGIN_HINT);
 			}
-	
+
 			if (authRequest.getExtensions().get(PROMPT) != null) {
 				// we have a "prompt" parameter
 				String prompt = (String)authRequest.getExtensions().get(PROMPT);
 				List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt));
-	
+
 				if (prompts.contains(PROMPT_NONE)) {
 					// see if the user's logged in
 					Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-	
+
 					if (auth != null) {
 						// user's been logged in already (by session management)
 						// we're OK, continue without prompting
@@ -138,40 +138,40 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 						logger.info("Client requested no prompt");
 						// user hasn't been logged in, we need to "return an error"
 						if (client != null && authRequest.getRedirectUri() != null) {
-							
-							// if we've got a redirect URI then we'll send it 
-							
+
+							// if we've got a redirect URI then we'll send it
+
 							String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client);
-							
+
 							try {
 								URIBuilder uriBuilder = new URIBuilder(url);
-							
+
 								uriBuilder.addParameter(ERROR, LOGIN_REQUIRED);
 								if (!Strings.isNullOrEmpty(authRequest.getState())) {
 									uriBuilder.addParameter(STATE, authRequest.getState()); // copy the state parameter if one was given
 								}
-								
+
 								response.sendRedirect(uriBuilder.toString());
 								return;
-								
+
 							} catch (URISyntaxException e) {
 								logger.error("Can't build redirect URI for prompt=none, sending error instead", e);
 								response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
 								return;
 							}
 						}
-						
+
 						response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied");
 						return;
 					}
 				} else if (prompts.contains(PROMPT_LOGIN)) {
-	
+
 					// first see if the user's already been prompted in this session
 					if (session.getAttribute(PROMPTED) == null) {
 						// user hasn't been PROMPTED yet, we need to check
-	
+
 						session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE);
-	
+
 						// see if the user's logged in
 						Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 						if (auth != null) {
@@ -185,7 +185,7 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 						}
 					} else {
 						// user has been PROMPTED, we're fine
-	
+
 						// but first, undo the prompt tag
 						session.removeAttribute(PROMPTED);
 						chain.doFilter(req, res);
@@ -194,21 +194,21 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 					// prompt parameter is a value we don't care about, not our business
 					chain.doFilter(req, res);
 				}
-	
+
 			} else if (authRequest.getExtensions().get(MAX_AGE) != null ||
 					(client != null && client.getDefaultMaxAge() != null)) {
-	
+
 				// default to the client's stored value, check the string parameter
 				Integer max = (client != null ? client.getDefaultMaxAge() : null);
 				String maxAge = (String) authRequest.getExtensions().get(MAX_AGE);
 				if (maxAge != null) {
 					max = Integer.parseInt(maxAge);
 				}
-	
+
 				if (max != null) {
-	
+
 					Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
-	
+
 					Date now = new Date();
 					if (authTime != null) {
 						long seconds = (now.getTime() - authTime.getTime()) / 1000;
@@ -223,7 +223,7 @@ public class AuthorizationRequestFilter extends GenericFilterBean {
 				// no prompt parameter, not our business
 				chain.doFilter(req, res);
 			}
-	
+
 		} catch (InvalidClientException e) {
 			// we couldn't find the client, move on and let the rest of the system catch the error
 			chain.doFilter(req, res);
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java
index 9e62f4354..535bea36a 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java
@@ -42,6 +42,7 @@ public class MultiUrlRequestMatcher implements RequestMatcher {
 		this.filterProcessesUrls = ImmutableSet.copyOf(filterProcessesUrls);
 	}
 
+	@Override
 	public boolean matches(HttpServletRequest request) {
 		String uri = request.getRequestURI();
 		int pathParamIndex = uri.indexOf(';');
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
index 59fb332c4..936eecd36 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
@@ -58,7 +58,7 @@ public class JpaUserInfoRepository implements UserInfoRepository {
 	public UserInfo getByEmailAddress(String email) {
 		TypedQuery<DefaultUserInfo> query = manager.createNamedQuery(DefaultUserInfo.QUERY_BY_EMAIL, DefaultUserInfo.class);
 		query.setParameter(DefaultUserInfo.PARAM_EMAIL, email);
-		
+
 		return getSingleResult(query.getResultList());
 	}
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
index 8583827d5..96b7a642f 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
@@ -110,7 +110,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 				|| (client.getRequireAuthTime() != null && client.getRequireAuthTime())) {
 
 			if (request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP) != null) {
-			
+
 				Long authTimestamp = Long.parseLong((String) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP));
 				if (authTimestamp != null) {
 					idClaims.setClaim("auth_time", authTimestamp / 1000L);
@@ -192,7 +192,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 					JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
 							jwtService.getDefaultSignerKeyId(),
 							null, null);
-					
+
 					idToken = new SignedJWT(header, idClaims);
 
 					// sign it with the server's key
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java
index 4ab6f8ff6..729d6b59f 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DummyResourceSetService.java
@@ -26,7 +26,7 @@ import org.mitre.uma.service.ResourceSetService;
 import org.springframework.stereotype.Service;
 
 /**
- * Dummy resource set service that doesn't do anything; acts as a stub for the 
+ * Dummy resource set service that doesn't do anything; acts as a stub for the
  * introspection service when the UMA functionality is disabled.
  * 
  * @author jricher
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
index a3905e66b..bdb1cf42f 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java
@@ -36,7 +36,7 @@ public abstract class MITREidDataServiceSupport {
 		dateFormatter = new DateFormatter();
 		dateFormatter.setIso(ISO.DATE_TIME);
 	}
-	
+
 	protected Date utcToDate(String value) {
 		if (value == null) {
 			return null;
@@ -48,7 +48,7 @@ public abstract class MITREidDataServiceSupport {
 		}
 		return null;
 	}
-	
+
 	protected String toUTCString(Date value) {
 		if (value == null) {
 			return null;
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
index b34c9d031..6c8a63582 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
@@ -96,7 +96,7 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 	private OAuth2TokenRepository tokenRepository;
 	@Autowired
 	private SystemScopeRepository sysScopeRepository;
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter)
 	 */
@@ -149,16 +149,16 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 				reader.endObject();
 				continue;
 			default:
-                logger.debug("Found unexpected entry");
-                reader.skipValue();
-                continue;			}
+				logger.debug("Found unexpected entry");
+				reader.skipValue();
+				continue;			}
 		}
 		fixObjectReferences();
 	}
 	private Map<Long, String> refreshTokenToClientRefs = new HashMap<>();
 	private Map<Long, Long> refreshTokenToAuthHolderRefs = new HashMap<>();
 	private Map<Long, Long> refreshTokenOldToNewIdMap = new HashMap<>();
-	
+
 	/**
 	 * @param reader
 	 * @throws IOException
@@ -347,10 +347,10 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 								} else if (subName.equals("userAuthentication")) {
 									// skip binary encoded version
 									reader.skipValue();
-									
+
 								} else if (subName.equals("savedUserAuthentication")) {
 									userAuthentication = readSavedUserAuthentication(reader);
-									
+
 								} else {
 									logger.debug("Found unexpected entry");
 									reader.skipValue();
@@ -444,16 +444,16 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 		reader.endObject();
 		return new OAuth2Request(authorizationParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, null);
 	}
-	
+
 	/**
 	 * @param reader
 	 * @return
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException {
 		SavedUserAuthentication savedUserAuth = new SavedUserAuthentication();
 		reader.beginObject();
-		
+
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
 			case END_OBJECT:
@@ -487,7 +487,7 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 				continue;
 			}
 		}
-		
+
 		reader.endObject();
 		return savedUserAuth;
 	}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
index 3206b962d..1e6894f52 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java
@@ -99,7 +99,7 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 	private OAuth2TokenRepository tokenRepository;
 	@Autowired
 	private SystemScopeRepository sysScopeRepository;
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter)
 	 */
@@ -350,10 +350,10 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 								} else if (subName.equals("userAuthentication")) {
 									// skip binary encoded version
 									reader.skipValue();
-									
+
 								} else if (subName.equals("savedUserAuthentication")) {
 									userAuthentication = readSavedUserAuthentication(reader);
-									
+
 								} else {
 									logger.debug("Found unexpected entry");
 									reader.skipValue();
@@ -454,16 +454,16 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 		reader.endObject();
 		return new OAuth2Request(requestParameters, clientId, authorities, approved, scope, resourceIds, redirectUri, responseTypes, extensions);
 	}
-	
+
 	/**
 	 * @param reader
 	 * @return
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException {
 		SavedUserAuthentication savedUserAuth = new SavedUserAuthentication();
 		reader.beginObject();
-		
+
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
 			case END_OBJECT:
@@ -497,7 +497,7 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 				continue;
 			}
 		}
-		
+
 		reader.endObject();
 		return savedUserAuth;
 	}
@@ -922,5 +922,5 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 		accessTokenOldToNewIdMap.clear();
 		grantOldToNewIdMap.clear();
 	}
-	
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
index 6eb9d07a5..d628e6002 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
@@ -163,7 +163,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	private OAuth2TokenRepository tokenRepository;
 	@Autowired
 	private SystemScopeRepository sysScopeRepository;
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter)
 	 */
@@ -275,7 +275,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		for (AuthenticationHolderEntity holder : authHolderRepository.getAll()) {
 			writer.beginObject();
 			writer.name(ID).value(holder.getId());
-			
+
 			writer.name(REQUEST_PARAMETERS);
 			writer.beginObject();
 			for (Entry<String, String> entry : holder.getRequestParameters().entrySet()) {
@@ -336,13 +336,13 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 					writer.value(authority.getAuthority());
 				}
 				writer.endArray();
-				
+
 				writer.endObject();
 			} else {
 				writer.nullValue();
 			}
-			
-			
+
+
 			writer.endObject();
 			logger.debug("Wrote authentication holder {}", holder.getId());
 		}
@@ -804,12 +804,12 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	/**
 	 * @param reader
 	 * @return
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException {
 		SavedUserAuthentication savedUserAuth = new SavedUserAuthentication();
 		reader.beginObject();
-		
+
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
 			case END_OBJECT:
@@ -843,7 +843,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				continue;
 			}
 		}
-		
+
 		reader.endObject();
 		return savedUserAuth;
 	}
@@ -1274,5 +1274,5 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		grantOldToNewIdMap.clear();
 		logger.info("Done fixing object references.");
 	}
-	
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
index fd8d2a608..f6de571f7 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
@@ -63,7 +63,7 @@ public abstract class AbstractClientEntityView extends AbstractView {
 	private static final Logger logger = LoggerFactory.getLogger(AbstractClientEntityView.class);
 
 	private JsonParser parser = new JsonParser();
-	
+
 	private Gson gson = new GsonBuilder()
 	.setExclusionStrategies(getExclusionStrategy())
 	.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java
index 0e8ff0b01..a6e7850a9 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java
@@ -37,7 +37,7 @@ import org.springframework.web.servlet.view.AbstractView;
 public class HttpCodeView extends AbstractView {
 
 	public static final String VIEWNAME = "httpCodeView";
-	
+
 	public static final String CODE = "code";
 
 	@Override
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
index ef5f0c064..58a792692 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
@@ -56,27 +56,27 @@ public class JsonEntityView extends AbstractView {
 	public static final String VIEWNAME = "jsonEntityView";
 
 	private Gson gson = new GsonBuilder()
-		.setExclusionStrategies(new ExclusionStrategy() {
-	
-			@Override
-			public boolean shouldSkipField(FieldAttributes f) {
-	
-				return false;
+	.setExclusionStrategies(new ExclusionStrategy() {
+
+		@Override
+		public boolean shouldSkipField(FieldAttributes f) {
+
+			return false;
+		}
+
+		@Override
+		public boolean shouldSkipClass(Class<?> clazz) {
+			// skip the JPA binding wrapper
+			if (clazz.equals(BeanPropertyBindingResult.class)) {
+				return true;
 			}
-	
-			@Override
-			public boolean shouldSkipClass(Class<?> clazz) {
-				// skip the JPA binding wrapper
-				if (clazz.equals(BeanPropertyBindingResult.class)) {
-					return true;
-				}
-				return false;
-			}
-	
-		})
-		.serializeNulls()
-		.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-		.create();
+			return false;
+		}
+
+	})
+	.serializeNulls()
+	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+	.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java
index fa822bfff..ba5e9a015 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java
@@ -71,8 +71,8 @@ public class UserInfoJWTView extends UserInfoView {
 
 	public static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt";
 	public static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt");
-	
-	
+
+
 	@Autowired
 	private JWTSigningAndValidationService jwtService;
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
index a3fcb81d7..3ee1e32e8 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
@@ -53,7 +53,7 @@ public class UserInfoView extends AbstractView {
 	public static final String USER_INFO = "userInfo";
 
 	public static final String VIEWNAME = "userInfoView";
-	
+
 	private static JsonParser jsonParser = new JsonParser();
 
 	/**
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
index 10dd47f25..0b9e096b1 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
@@ -224,13 +224,13 @@ public class ClientAPI {
 
 
 		}
-		
+
 		client.setDynamicallyRegistered(false);
 
 		try {
 			ClientDetailsEntity newClient = clientService.saveNewClient(client);
 			m.addAttribute(JsonEntityView.ENTITY, newClient);
-	
+
 			if (AuthenticationUtilities.isAdmin(auth)) {
 				return ClientEntityViewForAdmins.VIEWNAME;
 			} else {
@@ -331,7 +331,7 @@ public class ClientAPI {
 		try {
 			ClientDetailsEntity newClient = clientService.updateClient(oldClient, client);
 			m.addAttribute(JsonEntityView.ENTITY, newClient);
-	
+
 			if (AuthenticationUtilities.isAdmin(auth)) {
 				return ClientEntityViewForAdmins.VIEWNAME;
 			} else {
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java
index c3f0ba194..b84a8c847 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java
@@ -32,7 +32,7 @@ import com.nimbusds.jose.jwk.JWK;
 public class JWKSetPublishingEndpoint {
 
 	public static final String URL = "jwk";
-	
+
 	@Autowired
 	private JWTSigningAndValidationService jwtService;
 
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
index 7c435d851..8ae8e8108 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
@@ -220,7 +220,7 @@ public class ProtectedResourceRegistrationEndpoint {
 		if (allowedScopes == null || allowedScopes.isEmpty()) {
 			allowedScopes = scopeService.getDefaults();
 		}
-		
+
 		newClient.setScope(scopeService.toStrings(allowedScopes));
 
 		return newClient;
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java
index 7fbc42e78..eceda9b7e 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/RootController.java
@@ -31,7 +31,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 
 @Controller
 public class RootController {
-	
+
 	public static final String API_URL = "api";
 
 	@Autowired
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java
index 7dac1fe46..5400f63b0 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java
@@ -28,7 +28,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 /**
  * 
- * Injects the server configuration bean into the request context. 
+ * Injects the server configuration bean into the request context.
  * This allows JSPs and the like to call "config.logoUrl" among others.
  * 
  * @author jricher
@@ -44,5 +44,5 @@ public class ServerConfigInterceptor extends HandlerInterceptorAdapter {
 		request.setAttribute("config", config);
 		return true;
 	}
-	
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
index c3cf642b2..e3aa5a838 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@@ -54,7 +54,7 @@ import com.google.common.base.Strings;
 public class UserInfoEndpoint {
 
 	public static final String URL = "userinfo";
-	
+
 	@Autowired
 	private UserInfoService userInfoService;
 
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
index 8f2954e23..749de6eda 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java
@@ -47,84 +47,84 @@ public class TestBlacklistAwareRedirectResolver {
 
 	@Mock
 	private BlacklistedSiteService blacklistService;
-	
+
 	@Mock
 	private ClientDetails client;
-	
+
 	@InjectMocks
 	private BlacklistAwareRedirectResolver resolver;
-	
+
 	private String blacklistedUri = "https://evil.example.com/";
 
 	private String goodUri = "https://good.example.com/";
-	
+
 	private String pathUri = "https://good.example.com/with/path";
-	
+
 	/**
 	 * @throws java.lang.Exception
 	 */
 	@Before
 	public void setUp() throws Exception {
-		
+
 		when(blacklistService.isBlacklisted(anyString())).thenReturn(false);
 		when(blacklistService.isBlacklisted(blacklistedUri)).thenReturn(true);
-		
+
 		when(client.getAuthorizedGrantTypes()).thenReturn(ImmutableSet.of("authorization_code"));
 		when(client.getRegisteredRedirectUri()).thenReturn(ImmutableSet.of(goodUri, blacklistedUri));
-		
+
 	}
 
 	@Test
 	public void testResolveRedirect_safe() {
 
 		// default uses prefix matching, both of these should work
-		
+
 		String res1 = resolver.resolveRedirect(goodUri, client);
-		
+
 		assertThat(res1, is(equalTo(goodUri)));
-		
+
 		String res2 = resolver.resolveRedirect(pathUri, client);
-		
+
 		assertThat(res2, is(equalTo(pathUri)));
-		
-		
+
+
 	}
-	
+
 	@Test(expected = InvalidRequestException.class)
 	public void testResolveRedirect_blacklisted() {
-		
-		// this should fail with an error 
+
+		// this should fail with an error
 		resolver.resolveRedirect(blacklistedUri, client);
-		
+
 	}
 
 	@Test
 	public void testRedirectMatches_strict() {
 		resolver.setStrictMatch(true);
-		
+
 		// this is not an exact match
 		boolean res1 = resolver.redirectMatches(pathUri, goodUri);
-		
+
 		assertThat(res1, is(false));
-		
+
 		// this is an exact match
 		boolean res2 = resolver.redirectMatches(goodUri, goodUri);
-		
+
 		assertThat(res2, is(true));
-		
+
 	}
-	
+
 	@Test
 	public void testRedirectMatches_default() {
-		
+
 		// this is not an exact match (but that's OK)
 		boolean res1 = resolver.redirectMatches(pathUri, goodUri);
-		
+
 		assertThat(res1, is(true));
-		
+
 		// this is an exact match
 		boolean res2 = resolver.redirectMatches(goodUri, goodUri);
-		
+
 		assertThat(res2, is(true));
 
 	}
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
index 0fc6e8624..4a1394369 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java
@@ -62,7 +62,7 @@ public class TestDefaultIntrospectionResultAssembler {
 				authentication("name", request("clientId")));
 
 		UserInfo userInfo = userInfo("sub");
-		
+
 		Set<String> authScopes = scopes("foo", "bar", "baz");
 
 		// when
@@ -87,12 +87,12 @@ public class TestDefaultIntrospectionResultAssembler {
 	public void shouldAssembleExpectedResultForAccessToken_withPermissions() throws ParseException {
 
 		// given
-		OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), 
+		OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
 				permissions(permission(1L, "foo", "bar")),
 				"Bearer", authentication("name", request("clientId")));
 
 		UserInfo userInfo = userInfo("sub");
-		
+
 		Set<String> authScopes = scopes("foo", "bar", "baz");
 
 		// when
@@ -297,11 +297,11 @@ public class TestDefaultIntrospectionResultAssembler {
 	private Set<String> scopes(String... scopes) {
 		return newHashSet(scopes);
 	}
-	
+
 	private Set<Permission> permissions(Permission... permissions) {
 		return newHashSet(permissions);
 	}
-	
+
 	private Permission permission(Long resourceSetId, String... scopes) {
 		Permission permission = mock(Permission.class, RETURNS_DEEP_STUBS);
 		given(permission.getResourceSet().getId()).willReturn(resourceSetId);
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
index a6a8939ce..ff794f61a 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java
@@ -77,7 +77,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 
 	@Mock
 	private SystemScopeService scopeService;
-	
+
 	@Mock
 	private ResourceSetService resourceSetService;
 
@@ -119,7 +119,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 				return output;
 			}
 		});
-		
+
 		Mockito.when(scopeService.toStrings(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
 			@Override
 			public Set<String> answer(InvocationOnMock invocation) throws Throwable {
@@ -132,7 +132,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 				return output;
 			}
 		});
-		
+
 		// we're not testing reserved scopes here, just pass through when it's called
 		Mockito.when(scopeService.removeReservedScopes(Matchers.anySet())).then(AdditionalAnswers.returnsFirstArg());
 
@@ -208,7 +208,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 		client = service.saveNewClient(client);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(false)));
 	}
 
@@ -270,7 +270,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 		Mockito.when(whitelistedSiteService.getByClientId(clientId)).thenReturn(site);
 
 		Mockito.when(resourceSetService.getAllForClient(client)).thenReturn(new HashSet<ResourceSet>());
-		
+
 		service.deleteClient(client);
 
 		Mockito.verify(tokenRepository).clearTokensForClient(client);
@@ -333,7 +333,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 
 		client = service.updateClient(oldClient, client);
 
-		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());		
+		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
 
 		assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(true)));
 	}
@@ -350,7 +350,7 @@ public class TestDefaultOAuth2ClientDetailsEntityService {
 		client = service.updateClient(oldClient, client);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(client.getScope().contains(SystemScopeService.OFFLINE_ACCESS), is(equalTo(false)));
 	}
 }
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
index 9e16b4431..8a8fba0bc 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
@@ -129,7 +129,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 
 		// by default in tests, allow refresh tokens
 		Mockito.when(client.isAllowRefresh()).thenReturn(true);
-		
+
 		// by default, clear access tokens on refresh
 		Mockito.when(client.isClearAccessTokensOnRefresh()).thenReturn(true);
 
@@ -167,7 +167,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 				return output;
 			}
 		});
-		
+
 		Mockito.when(scopeService.toStrings(Matchers.anySet())).thenAnswer(new Answer<Set<String>>() {
 			@Override
 			public Set<String> answer(InvocationOnMock invocation) throws Throwable {
@@ -266,7 +266,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
 
 		Mockito.verify(tokenRepository, Mockito.never()).saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class));
-		
+
 		assertThat(token.getRefreshToken(), is(nullValue()));
 	}
 
@@ -285,7 +285,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		// Note: a refactor may be appropriate to only save refresh tokens once to the repository during creation.
 		Mockito.verify(tokenRepository, Mockito.atLeastOnce()).saveRefreshToken(Matchers.any(OAuth2RefreshTokenEntity.class));
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getRefreshToken(), is(notNullValue()));
 
 	}
@@ -313,7 +313,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Date upperBoundRefreshTokens = new Date(end + (refreshTokenValiditySeconds * 1000L) + DELTA);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertTrue(token.getExpiration().after(lowerBoundAccessTokens) && token.getExpiration().before(upperBoundAccessTokens));
 		assertTrue(token.getRefreshToken().getExpiration().after(lowerBoundRefreshTokens) && token.getRefreshToken().getExpiration().before(upperBoundRefreshTokens));
 	}
@@ -324,7 +324,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getClient().getClientId(), equalTo(clientId));
 	}
 
@@ -334,7 +334,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getScope(), equalTo(scope));
 	}
 
@@ -351,7 +351,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		assertThat(token.getAuthenticationHolder().getAuthentication(), equalTo(authentication));
 		Mockito.verify(authenticationHolderRepository).save(Matchers.any(AuthenticationHolderEntity.class));
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 	}
 
 	@Test(expected = InvalidTokenException.class)
@@ -400,14 +400,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Mockito.verify(tokenEnhancer).enhance(token, storedAuthentication);
 		Mockito.verify(tokenRepository).saveAccessToken(token);
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 	}
 
 	@Test
 	public void refreshAccessToken_rotateRefreshToken() {
 
 		when(client.isReuseRefreshToken()).thenReturn(false);
-		
+
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(tokenRepository).clearAccessTokensForRefreshToken(refreshToken);
@@ -420,14 +420,14 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Mockito.verify(tokenRepository).saveAccessToken(token);
 		Mockito.verify(tokenRepository).removeRefreshToken(refreshToken);
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 	}
 
 	@Test
 	public void refreshAccessToken_keepAccessTokens() {
 
 		when(client.isClearAccessTokensOnRefresh()).thenReturn(false);
-		
+
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(tokenRepository, never()).clearAccessTokensForRefreshToken(refreshToken);
@@ -439,16 +439,16 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Mockito.verify(tokenEnhancer).enhance(token, storedAuthentication);
 		Mockito.verify(tokenRepository).saveAccessToken(token);
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 	}
-	
+
 	@Test
 	public void refreshAccessToken_requestingSameScope() {
 
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getScope(), equalTo(storedScope));
 	}
 
@@ -462,7 +462,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getScope(), equalTo(lessScope));
 	}
 
@@ -502,7 +502,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getScope(), equalTo(storedScope));
 	}
 
@@ -514,7 +514,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		OAuth2AccessTokenEntity token = service.refreshAccessToken(refreshTokenValue, tokenRequest);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertThat(token.getScope(), equalTo(storedScope));
 
 	}
@@ -538,7 +538,7 @@ public class TestDefaultOAuth2ProviderTokenService {
 		Date upperBoundAccessTokens = new Date(end + (accessTokenValiditySeconds * 1000L) + DELTA);
 
 		Mockito.verify(scopeService, Mockito.atLeastOnce()).removeReservedScopes(Matchers.anySet());
-		
+
 		assertTrue(token.getExpiration().after(lowerBoundAccessTokens) && token.getExpiration().before(upperBoundAccessTokens));
 	}
 
diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
index 2c1853473..d2b4920a3 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java
@@ -104,7 +104,7 @@ public class TestDefaultSystemScopeService {
 		restrictedScope1 = new SystemScope(restrictedScope1String);
 		restrictedScope1.setRestricted(true);
 
-		
+
 		// structuredScope1 : structured scope
 		structuredScope1 = new SystemScope(structuredScope1String);
 		structuredScope1.setStructured(true);
@@ -167,9 +167,9 @@ public class TestDefaultSystemScopeService {
 		Set<SystemScope> restricted = Sets.newHashSet(defaultScope1, defaultScope2, restrictedScope1);
 
 		assertThat(service.getRestricted(), equalTo(restricted));
-		
+
 	}
-	
+
 	@Test
 	public void fromStrings() {
 
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
index 25de4a6e0..6302afca0 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java
@@ -123,7 +123,7 @@ public class TestMITREidDataService_1_0 {
 
 	@InjectMocks
 	private MITREidDataService_1_0 dataService;
-	
+
 	private DateFormatter formatter;
 
 	@Before
@@ -139,7 +139,7 @@ public class TestMITREidDataService_1_0 {
 			return entity1.getId().compareTo(entity2.getId());
 		}
 	}
-	
+
 	@Test
 	public void testImportRefreshTokens() throws IOException, ParseException {
 		Date expirationDate1 = formatter.parse("2014-09-10T22:49:44.090+0000", Locale.ENGLISH);
@@ -236,18 +236,18 @@ public class TestMITREidDataService_1_0 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder
 		verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture());
 
-				List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
-				Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
+		List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
+		Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
 
-				assertThat(savedRefreshTokens.size(), is(2));
+		assertThat(savedRefreshTokens.size(), is(2));
 
-				assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 	private class accessTokenIdComparator implements Comparator<OAuth2AccessTokenEntity>  {
@@ -367,18 +367,18 @@ public class TestMITREidDataService_1_0 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
 		verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
 
-				List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
-				Collections.sort(savedAccessTokens, new accessTokenIdComparator());
+		List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
+		Collections.sort(savedAccessTokens, new accessTokenIdComparator());
 
-				assertThat(savedAccessTokens.size(), is(2));
+		assertThat(savedAccessTokens.size(), is(2));
 
-				assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 
@@ -670,23 +670,23 @@ public class TestMITREidDataService_1_0 {
 		//2 for sites, 1 for updating access token ref on #1
 		verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture());
 
-				List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
+		List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
 
-				assertThat(savedSites.size(), is(2));
+		assertThat(savedSites.size(), is(2));
 
-				assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
-				assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
-				assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
-				assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
-				assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
-				assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
+		assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
+		assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
+		assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
+		assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
+		assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
 
-				assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
-				assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
-				assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
-				assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
-				assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
-				assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
+		assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
+		assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
+		assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
+		assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
+		assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
 	}
 
 	@Test
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
index 71a9dfd76..effc1c0ba 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
@@ -240,18 +240,18 @@ public class TestMITREidDataService_1_1 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder
 		verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture());
 
-				List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
-				Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
+		List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
+		Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
 
-				assertThat(savedRefreshTokens.size(), is(2));
+		assertThat(savedRefreshTokens.size(), is(2));
 
-				assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 	private class accessTokenIdComparator implements Comparator<OAuth2AccessTokenEntity>  {
@@ -372,18 +372,18 @@ public class TestMITREidDataService_1_1 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
 		verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
 
-				List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
-				Collections.sort(savedAccessTokens, new accessTokenIdComparator());
+		List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
+		Collections.sort(savedAccessTokens, new accessTokenIdComparator());
 
-				assertThat(savedAccessTokens.size(), is(2));
+		assertThat(savedAccessTokens.size(), is(2));
 
-				assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 	@Test
@@ -674,23 +674,23 @@ public class TestMITREidDataService_1_1 {
 		//2 for sites, 1 for updating access token ref on #1
 		verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture());
 
-				List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
+		List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
 
-				assertThat(savedSites.size(), is(2));
+		assertThat(savedSites.size(), is(2));
 
-				assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
-				assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
-				assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
-				assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
-				assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
-				assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
+		assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
+		assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
+		assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
+		assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
+		assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
 
-				assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
-				assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
-				assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
-				assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
-				assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
-				assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
+		assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
+		assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
+		assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
+		assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
+		assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
 	}
 
 	@Test
diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
index 0454f2b1c..e38e9532d 100644
--- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
+++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java
@@ -102,7 +102,7 @@ import static org.junit.Assert.fail;
 @RunWith(MockitoJUnitRunner.class)
 @SuppressWarnings(value = {"rawtypes", "unchecked"})
 public class TestMITREidDataService_1_2 {
-	
+
 	private static Logger logger = LoggerFactory.getLogger(TestMITREidDataService_1_2.class);
 
 	@Mock
@@ -370,18 +370,18 @@ public class TestMITREidDataService_1_2 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder
 		verify(tokenRepository, times(6)).saveRefreshToken(capturedRefreshTokens.capture());
 
-				List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
-				Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
+		List<OAuth2RefreshTokenEntity> savedRefreshTokens = new ArrayList(fakeDb.values()); //capturedRefreshTokens.getAllValues();
+		Collections.sort(savedRefreshTokens, new refreshTokenIdComparator());
 
-				assertThat(savedRefreshTokens.size(), is(2));
+		assertThat(savedRefreshTokens.size(), is(2));
 
-				assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedRefreshTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedRefreshTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedRefreshTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedRefreshTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedRefreshTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 	@Test
@@ -639,18 +639,18 @@ public class TestMITREidDataService_1_2 {
 		//2 times for token, 2 times to update client, 2 times to update authHolder, 2 times to update id token, 2 times to update refresh token
 		verify(tokenRepository, times(8)).saveAccessToken(capturedAccessTokens.capture());
 
-				List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
-				Collections.sort(savedAccessTokens, new accessTokenIdComparator());
+		List<OAuth2AccessTokenEntity> savedAccessTokens = new ArrayList(fakeDb.values()); //capturedAccessTokens.getAllValues();
+		Collections.sort(savedAccessTokens, new accessTokenIdComparator());
 
-				assertThat(savedAccessTokens.size(), is(2));
+		assertThat(savedAccessTokens.size(), is(2));
 
-				assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
-				assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
+		assertThat(savedAccessTokens.get(0).getClient().getClientId(), equalTo(token1.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(0).getExpiration(), equalTo(token1.getExpiration()));
+		assertThat(savedAccessTokens.get(0).getValue(), equalTo(token1.getValue()));
 
-				assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
-				assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
-				assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
+		assertThat(savedAccessTokens.get(1).getClient().getClientId(), equalTo(token2.getClient().getClientId()));
+		assertThat(savedAccessTokens.get(1).getExpiration(), equalTo(token2.getExpiration()));
+		assertThat(savedAccessTokens.get(1).getValue(), equalTo(token2.getValue()));
 	}
 
 	@Test
@@ -1357,23 +1357,23 @@ public class TestMITREidDataService_1_2 {
 		//2 for sites, 1 for updating access token ref on #1
 		verify(approvedSiteRepository, times(3)).save(capturedApprovedSites.capture());
 
-				List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
+		List<ApprovedSite> savedSites = new ArrayList(fakeDb.values());
 
-				assertThat(savedSites.size(), is(2));
+		assertThat(savedSites.size(), is(2));
 
-				assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
-				assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
-				assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
-				assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
-				assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
-				assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(0).getClientId(), equalTo(site1.getClientId()));
+		assertThat(savedSites.get(0).getAccessDate(), equalTo(site1.getAccessDate()));
+		assertThat(savedSites.get(0).getCreationDate(), equalTo(site1.getCreationDate()));
+		assertThat(savedSites.get(0).getAllowedScopes(), equalTo(site1.getAllowedScopes()));
+		assertThat(savedSites.get(0).getTimeoutDate(), equalTo(site1.getTimeoutDate()));
+		assertThat(savedSites.get(0).getApprovedAccessTokens().size(), equalTo(site1.getApprovedAccessTokens().size()));
 
-				assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
-				assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
-				assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
-				assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
-				assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
-				assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
+		assertThat(savedSites.get(1).getClientId(), equalTo(site2.getClientId()));
+		assertThat(savedSites.get(1).getAccessDate(), equalTo(site2.getAccessDate()));
+		assertThat(savedSites.get(1).getCreationDate(), equalTo(site2.getCreationDate()));
+		assertThat(savedSites.get(1).getAllowedScopes(), equalTo(site2.getAllowedScopes()));
+		assertThat(savedSites.get(1).getTimeoutDate(), equalTo(site2.getTimeoutDate()));
+		assertThat(savedSites.get(1).getApprovedAccessTokens().size(), equalTo(site2.getApprovedAccessTokens().size()));
 	}
 
 	@Test
@@ -1407,7 +1407,7 @@ public class TestMITREidDataService_1_2 {
 		when(tokenRepository.getAllAccessTokens()).thenReturn(new HashSet<OAuth2AccessTokenEntity>());
 		when(tokenRepository.getAllRefreshTokens()).thenReturn(new HashSet<OAuth2RefreshTokenEntity>());
 		when(sysScopeRepository.getAll()).thenReturn(new HashSet<SystemScope>());
-		
+
 		// do the data export
 		StringWriter stringWriter = new StringWriter();
 		JsonWriter writer = new JsonWriter(stringWriter);
diff --git a/uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
index fb22ae1ca..a0c08c7ca 100644
--- a/uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
+++ b/uma-server-webapp/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java
@@ -176,10 +176,10 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	private static final String PERMISSION = "permission";
 	private static final String TICKET = "ticket";
 	private static final String CLAIMS_SUPPLIED = "claimsSupplied";
-	
+
 	private static final String SAVED_REGISTERED_CLIENTS = "savedRegisteredClients";
 	private static final String RESOURCE_SETS = "resourceSets";
-	
+
 	/**
 	 * Logger for this class
 	 */
@@ -204,7 +204,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	private ResourceSetRepository resourceSetRepository;
 	@Autowired
 	private PermissionRepository permissionRepository;
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.service.MITREidDataService#export(com.google.gson.stream.JsonWriter)
 	 */
@@ -256,38 +256,38 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		writer.beginArray();
 		writeSystemScopes(writer);
 		writer.endArray();
-		
+
 		writer.name(SAVED_REGISTERED_CLIENTS);
 		writer.beginArray();
 		writeSavedRegisteredClients(writer);
 		writer.endArray();
-		
+
 		writer.name(RESOURCE_SETS);
 		writer.beginArray();
 		writeResourceSets(writer);
 		writer.endArray();
-		
+
 		writer.name(PERMISSION_TICKETS);
 		writer.beginArray();
 		writePermissionTickets(writer);
 		writer.endArray();
-		
+
 		writer.endObject(); // end mitreid-connect-1.2
 	}
 
 	/**
 	 * @param writer
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private void writePermissionTickets(JsonWriter writer) throws IOException {
 		for (PermissionTicket ticket : permissionRepository.getAll()) {
 			writer.beginObject();
-			
+
 			writer.name(CLAIMS_SUPPLIED);
 			writer.beginArray();
 			for (Claim claim : ticket.getClaimsSupplied()) {
 				writer.beginObject();
-				
+
 				writer.name(ISSUER);
 				writer.beginArray();
 				for (String issuer : claim.getIssuer()) {
@@ -307,7 +307,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				writer.endObject();
 			}
 			writer.endArray();
-			
+
 			writer.name(EXPIRATION).value(toUTCString(ticket.getExpiration()));
 
 			writer.name(PERMISSION);
@@ -323,16 +323,16 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			writer.endObject();
 
 			writer.name(TICKET).value(ticket.getTicket());
-			
+
 			writer.endObject();
 		}
-		
-		
+
+
 	}
 
 	/**
 	 * @param writer
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private void writeResourceSets(JsonWriter writer) throws IOException {
 		for (ResourceSet rs : resourceSetRepository.getAll()) {
@@ -359,7 +359,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				writer.beginArray();
 				for (Claim claim : policy.getClaimsRequired()) {
 					writer.beginObject();
-					
+
 					writer.name(ISSUER);
 					writer.beginArray();
 					for (String issuer : claim.getIssuer()) {
@@ -391,7 +391,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			writer.endObject();
 			logger.debug("Finished writing resource set {}", rs.getId());
 		}
-		
+
 	}
 
 	/**
@@ -463,7 +463,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				writer.endObject();
 			}
 			writer.endArray();
-			
+
 			writer.name(TYPE).value(token.getTokenType());
 			writer.name(VALUE).value(token.getValue());
 			writer.endObject();
@@ -479,7 +479,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		for (AuthenticationHolderEntity holder : authHolderRepository.getAll()) {
 			writer.beginObject();
 			writer.name(ID).value(holder.getId());
-			
+
 			writer.name(REQUEST_PARAMETERS);
 			writer.beginObject();
 			for (Entry<String, String> entry : holder.getRequestParameters().entrySet()) {
@@ -540,13 +540,13 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 					writer.value(authority.getAuthority());
 				}
 				writer.endArray();
-				
+
 				writer.endObject();
 			} else {
 				writer.nullValue();
 			}
-			
-			
+
+
 			writer.endObject();
 			logger.debug("Wrote authentication holder {}", holder.getId());
 		}
@@ -791,7 +791,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		}
 		fixObjectReferences();
 	}
-	
+
 
 	/**
 	 * @param reader
@@ -907,7 +907,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 
 
 	private Map<Long, Long> resourceSetOldToNewIdMap = new HashMap<>();
-	
+
 	/**
 	 * @param reader
 	 */
@@ -1264,8 +1264,8 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		reader.endArray();
 		logger.info("Done reading access tokens");
 	}
-	
-	
+
+
 	private Map<Long, Long> authHolderOldToNewIdMap = new HashMap<Long, Long>();
 
 	/**
@@ -1337,12 +1337,12 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 	/**
 	 * @param reader
 	 * @return
-	 * @throws IOException 
+	 * @throws IOException
 	 */
 	private SavedUserAuthentication readSavedUserAuthentication(JsonReader reader) throws IOException {
 		SavedUserAuthentication savedUserAuth = new SavedUserAuthentication();
 		reader.beginObject();
-		
+
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
 			case END_OBJECT:
@@ -1376,7 +1376,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 				continue;
 			}
 		}
-		
+
 		reader.endObject();
 		return savedUserAuth;
 	}
@@ -1445,7 +1445,7 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		reader.endArray();
 		logger.info("Done reading grants");
 	}
-	
+
 	private Map<Long, Long> whitelistedSiteOldToNewIdMap = new HashMap<Long, Long>();
 
 	/**
@@ -1814,8 +1814,8 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		}
 		permissionToResourceRefs.clear();
 		resourceSetOldToNewIdMap.clear();
-		
+
 		logger.info("Done fixing object references.");
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java
index 8574db543..213cd7d67 100644
--- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java
+++ b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaPermissionRepository.java
@@ -40,7 +40,7 @@ public class JpaPermissionRepository implements PermissionRepository {
 
 	@PersistenceContext
 	private EntityManager em;
-	
+
 	@Override
 	@Transactional
 	public PermissionTicket save(PermissionTicket p) {
diff --git a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
index 4eefff9ff..2bb6d7192 100644
--- a/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
+++ b/uma-server/src/main/java/org/mitre/uma/repository/impl/JpaResourceSetRepository.java
@@ -41,7 +41,7 @@ public class JpaResourceSetRepository implements ResourceSetRepository {
 	@PersistenceContext
 	private EntityManager em;
 	private static Logger logger = LoggerFactory.getLogger(JpaResourceSetRepository.class);
-	
+
 	@Override
 	@Transactional
 	public ResourceSet save(ResourceSet rs) {
@@ -78,7 +78,7 @@ public class JpaResourceSetRepository implements ResourceSetRepository {
 		query.setParameter(ResourceSet.PARAM_CLIENTID, clientId);
 		return query.getResultList();
 	}
-	
+
 	@Override
 	public Collection<ResourceSet> getAll() {
 		TypedQuery<ResourceSet> query = em.createNamedQuery(ResourceSet.QUERY_ALL, ResourceSet.class);
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
index c4a9ba0b4..9adae2f1c 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
@@ -40,35 +40,35 @@ public class DefaultPermissionService implements PermissionService {
 
 	@Autowired
 	private PermissionRepository repository;
-	
+
 	@Autowired
 	private SystemScopeService scopeService;
-	
+
 	private Long permissionExpirationSeconds = 60L * 60L; // 1 hr
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.uma.service.PermissionService#create(org.mitre.uma.model.ResourceSet, java.util.Set)
 	 */
 	@Override
 	public PermissionTicket createTicket(ResourceSet resourceSet, Set<String> scopes) {
-		
+
 		// check to ensure that the scopes requested are a subset of those in the resource set
-		
+
 		if (!scopeService.scopesMatch(resourceSet.getScopes(), scopes)) {
 			throw new InsufficientScopeException("Scopes of resource set are not enough for requested permission.");
 		}
-		
+
 		Permission perm = new Permission();
 		perm.setResourceSet(resourceSet);
 		perm.setScopes(scopes);
-		
+
 		PermissionTicket ticket = new PermissionTicket();
 		ticket.setPermission(perm);
 		ticket.setTicket(UUID.randomUUID().toString());
 		ticket.setExpiration(new Date(System.currentTimeMillis() + permissionExpirationSeconds * 1000L));
-		
+
 		return repository.save(ticket);
-		
+
 	}
 
 	/* (non-Javadoc)
@@ -89,9 +89,9 @@ public class DefaultPermissionService implements PermissionService {
 		} else {
 			return null;
 		}
-		
+
 	}
 
-	
-	
+
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
index 269c29831..a6d66b87a 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultResourceSetService.java
@@ -43,31 +43,31 @@ import org.springframework.stereotype.Service;
 public class DefaultResourceSetService implements ResourceSetService {
 
 	private static final Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class);
-	
+
 	@Autowired
 	private ResourceSetRepository repository;
-	
+
 	@Autowired
 	private OAuth2TokenRepository tokenRepository;
-	
+
 	@Autowired
 	private PermissionRepository ticketRepository;
 
 	@Override
 	public ResourceSet saveNew(ResourceSet rs) {
-		
+
 		if (rs.getId() != null) {
 			throw new IllegalArgumentException("Can't save a new resource set with an ID already set to it.");
 		}
-		
+
 		if (!checkScopeConsistency(rs)) {
 			throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
 		}
-		
+
 		ResourceSet saved = repository.save(rs);
-		
+
 		return saved;
-		
+
 	}
 
 	@Override
@@ -80,22 +80,22 @@ public class DefaultResourceSetService implements ResourceSetService {
 
 		if (oldRs.getId() == null || newRs.getId() == null
 				|| !oldRs.getId().equals(newRs.getId())) {
-			
+
 			throw new IllegalArgumentException("Resource set IDs mismatched");
-			
+
 		}
 
 		if (!checkScopeConsistency(newRs)) {
 			throw new IllegalArgumentException("Can't save a resource set with inconsistent claims.");
 		}
-		
+
 		newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
 		newRs.setClientId(oldRs.getClientId()); // preserve the client id across updates
-		
+
 		ResourceSet saved = repository.save(newRs);
-		
+
 		return saved;
-		
+
 	}
 
 	@Override
@@ -105,13 +105,13 @@ public class DefaultResourceSetService implements ResourceSetService {
 		for (OAuth2AccessTokenEntity token : tokens) {
 			tokenRepository.removeAccessToken(token);
 		}
-		
+
 		// find all outstanding tickets issued against this resource set and revoke them too
 		Collection<PermissionTicket> tickets = ticketRepository.getPermissionTicketsForResourceSet(rs);
 		for (PermissionTicket ticket : tickets) {
 			ticketRepository.remove(ticket);
 		}
-		
+
 		repository.remove(rs);
 	}
 
@@ -124,7 +124,7 @@ public class DefaultResourceSetService implements ResourceSetService {
 	public Collection<ResourceSet> getAllForOwnerAndClient(String owner, String clientId) {
 		return repository.getAllForOwnerAndClient(owner, clientId);
 	}
-	
+
 	private boolean checkScopeConsistency(ResourceSet rs) {
 		if (rs.getPolicies() == null) {
 			// nothing to check, no problem!
@@ -146,5 +146,5 @@ public class DefaultResourceSetService implements ResourceSetService {
 	public Collection<ResourceSet> getAllForClient(ClientDetailsEntity client) {
 		return repository.getAllForClient(client.getClientId());
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
index 4d32e7905..fff7f82ec 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
@@ -52,64 +52,64 @@ import com.nimbusds.jwt.SignedJWT;
 @Service("defaultUmaTokenService")
 public class DefaultUmaTokenService implements UmaTokenService {
 
-	@Autowired 
+	@Autowired
 	private AuthenticationHolderRepository authenticationHolderRepository;
-	
+
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
-		
-	@Autowired 
+
+	@Autowired
 	private ClientDetailsEntityService clientService;
-	
-	@Autowired 
+
+	@Autowired
 	private ConfigurationPropertiesBean config;
-	
-	@Autowired 
+
+	@Autowired
 	private JWTSigningAndValidationService jwtService;
 
-	
+
 	@Override
 	public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy) {
 		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
 		AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
 		authHolder.setAuthentication(o2auth);
 		authHolder = authenticationHolderRepository.save(authHolder);
-		
+
 		token.setAuthenticationHolder(authHolder);
-		
+
 		ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId());
 		token.setClient(client);
-		
+
 		Set<String> ticketScopes = ticket.getPermission().getScopes();
 		Set<String> policyScopes = policy.getScopes();
-		
+
 		Permission perm = new Permission();
 		perm.setResourceSet(ticket.getPermission().getResourceSet());
 		perm.setScopes(new HashSet<>(Sets.intersection(ticketScopes, policyScopes)));
-		
+
 		token.setPermissions(Sets.newHashSet(perm));
-		
+
 		JWTClaimsSet claims = new JWTClaimsSet();
-		
+
 		claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
 		claims.setIssuer(config.getIssuer());
 		claims.setJWTID(UUID.randomUUID().toString());
-		
+
 		if (config.getRqpTokenLifeTime() != null) {
 			Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
-			
+
 			claims.setExpirationTime(exp);
 			token.setExpiration(exp);
 		}
-		
-		
+
+
 		JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
 		SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);
-		
+
 		jwtService.signJwt(signed);
-		
+
 		token.setJwt(signed);
-		
+
 		tokenService.saveAccessToken(token);
 
 		return token;
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java b/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java
index 4d3963d67..031fbe8b8 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/JpaRegisteredClientService.java
@@ -39,14 +39,14 @@ public class JpaRegisteredClientService implements RegisteredClientService {
 
 	@PersistenceContext
 	private EntityManager em;
-	
+
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.client.service.RegisteredClientService#getByIssuer(java.lang.String)
 	 */
 	@Override
 	public RegisteredClient getByIssuer(String issuer) {
 		SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer);
-		
+
 		if (saved == null) {
 			return null;
 		} else {
@@ -60,17 +60,17 @@ public class JpaRegisteredClientService implements RegisteredClientService {
 	@Override
 	@Transactional
 	public void save(String issuer, RegisteredClient client) {
-		
-		
+
+
 		SavedRegisteredClient saved = getSavedRegisteredClientFromStorage(issuer);
-		
+
 		if (saved == null) {
 			saved = new SavedRegisteredClient();
 			saved.setIssuer(issuer);
 		}
-		
+
 		saved.setRegisteredClient(client);
-		
+
 		em.persist(saved);
 
 	}
@@ -78,7 +78,7 @@ public class JpaRegisteredClientService implements RegisteredClientService {
 	private SavedRegisteredClient getSavedRegisteredClientFromStorage(String issuer) {
 		TypedQuery<SavedRegisteredClient> query = em.createQuery("SELECT c from SavedRegisteredClient c where c.issuer = :issuer", SavedRegisteredClient.class);
 		query.setParameter("issuer", issuer);
-		
+
 		SavedRegisteredClient saved = JpaUtil.getSingleResult(query.getResultList());
 		return saved;
 	}
@@ -90,5 +90,5 @@ public class JpaRegisteredClientService implements RegisteredClientService {
 		TypedQuery<SavedRegisteredClient> query = em.createQuery("SELECT c from SavedRegisteredClient c", SavedRegisteredClient.class);
 		return query.getResultList();
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
index 87ee2f693..9b57cc293 100644
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/MatchAllClaimsOnAnyPolicy.java
@@ -29,7 +29,7 @@ import org.mitre.uma.service.ClaimsProcessingService;
 import org.springframework.stereotype.Service;
 
 /**
- * Tests if all the claims in the required set have a matching 
+ * Tests if all the claims in the required set have a matching
  * value in the supplied set.
  * 
  * @author jricher
@@ -54,7 +54,7 @@ public class MatchAllClaimsOnAnyPolicy implements ClaimsProcessingService {
 				allUnmatched.addAll(unmatched);
 			}
 		}
-		
+
 		// otherwise, tell the caller that we'll need some set of these fulfilled somehow
 		return new ClaimProcessingResult(allUnmatched);
 	}
@@ -62,29 +62,29 @@ public class MatchAllClaimsOnAnyPolicy implements ClaimsProcessingService {
 	private Collection<Claim> checkIndividualClaims(Collection<Claim> claimsRequired, Collection<Claim> claimsSupplied) {
 
 		Collection<Claim> claimsUnmatched = new HashSet<>(claimsRequired);
-		
+
 		// see if each of the required claims has a counterpart in the supplied claims set
 		for (Claim required : claimsRequired) {
 			for (Claim supplied : claimsSupplied) {
-				
+
 				if (required.getIssuer().containsAll(supplied.getIssuer())) {
 					// it's from the right issuer
-					
+
 					if (required.getName().equals(supplied.getName()) &&
 							required.getValue().equals(supplied.getValue())) {
-						
+
 						// the claim matched, pull it from the set
 						claimsUnmatched.remove(required);
-						
+
 					}
-					
+
 				}
 			}
 		}
 
 		// if there's anything left then the claims aren't satisfied, return the leftovers
 		return claimsUnmatched;
-		
+
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java b/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java
index aa2bf52ab..80533aa0a 100644
--- a/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java
+++ b/uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java
@@ -37,7 +37,7 @@ import com.nimbusds.jwt.JWT;
 public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper {
 
 	private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER");
-	
+
 	@Override
 	public Collection<? extends GrantedAuthority> mapAuthorities(JWT idToken, UserInfo userInfo) {
 		return Sets.newHashSet(ROLE_EXTERNAL_USER);
diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
index 13df7f178..7f217f90c 100644
--- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
+++ b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java
@@ -51,33 +51,33 @@ public class ResourceSetEntityAbbreviatedView extends AbstractView {
 	public static final String VIEWNAME = "resourceSetEntityAbbreviatedView";
 
 	public static final String LOCATION = "location";
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
 
 	private Gson gson = new GsonBuilder()
-		.setExclusionStrategies(new ExclusionStrategy() {
-	
-			@Override
-			public boolean shouldSkipField(FieldAttributes f) {
-	
-				return false;
+	.setExclusionStrategies(new ExclusionStrategy() {
+
+		@Override
+		public boolean shouldSkipField(FieldAttributes f) {
+
+			return false;
+		}
+
+		@Override
+		public boolean shouldSkipClass(Class<?> clazz) {
+			// skip the JPA binding wrapper
+			if (clazz.equals(BeanPropertyBindingResult.class)) {
+				return true;
 			}
-	
-			@Override
-			public boolean shouldSkipClass(Class<?> clazz) {
-				// skip the JPA binding wrapper
-				if (clazz.equals(BeanPropertyBindingResult.class)) {
-					return true;
-				}
-				return false;
-			}
-	
-		})
-		.serializeNulls()
-		.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-		.setLongSerializationPolicy(LongSerializationPolicy.STRING)
-		.create();
+			return false;
+		}
+
+	})
+	.serializeNulls()
+	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+	.setLongSerializationPolicy(LongSerializationPolicy.STRING)
+	.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
@@ -96,20 +96,20 @@ public class ResourceSetEntityAbbreviatedView extends AbstractView {
 		if (!Strings.isNullOrEmpty(location)) {
 			response.setHeader(HttpHeaders.LOCATION, location);
 		}
-		
+
 		try {
 
 			Writer out = response.getWriter();
 			ResourceSet rs = (ResourceSet) model.get(JsonEntityView.ENTITY);
 
 			JsonObject o = new JsonObject();
-			
+
 			o.addProperty("_id", rs.getId().toString()); // set the ID to a string
 			o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/user/policy/" + rs.getId());
 
-			
+
 			gson.toJson(o, out);
-			
+
 		} catch (IOException e) {
 
 			logger.error("IOException in ResourceSetEntityView.java: ", e);
diff --git a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java
index 471b1f619..7abe83e16 100644
--- a/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java
+++ b/uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityView.java
@@ -49,33 +49,33 @@ public class ResourceSetEntityView extends AbstractView {
 	private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
 
 	public static final String VIEWNAME = "resourceSetEntityView";
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
 
 	private Gson gson = new GsonBuilder()
-		.setExclusionStrategies(new ExclusionStrategy() {
-	
-			@Override
-			public boolean shouldSkipField(FieldAttributes f) {
-	
-				return false;
+	.setExclusionStrategies(new ExclusionStrategy() {
+
+		@Override
+		public boolean shouldSkipField(FieldAttributes f) {
+
+			return false;
+		}
+
+		@Override
+		public boolean shouldSkipClass(Class<?> clazz) {
+			// skip the JPA binding wrapper
+			if (clazz.equals(BeanPropertyBindingResult.class)) {
+				return true;
 			}
-	
-			@Override
-			public boolean shouldSkipClass(Class<?> clazz) {
-				// skip the JPA binding wrapper
-				if (clazz.equals(BeanPropertyBindingResult.class)) {
-					return true;
-				}
-				return false;
-			}
-	
-		})
-		.serializeNulls()
-		.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-		.setLongSerializationPolicy(LongSerializationPolicy.STRING)
-		.create();
+			return false;
+		}
+
+	})
+	.serializeNulls()
+	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+	.setLongSerializationPolicy(LongSerializationPolicy.STRING)
+	.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
@@ -94,14 +94,14 @@ public class ResourceSetEntityView extends AbstractView {
 		if (!Strings.isNullOrEmpty(location)) {
 			response.setHeader(HttpHeaders.LOCATION, location);
 		}
-		
+
 		try {
 
 			Writer out = response.getWriter();
 			ResourceSet rs = (ResourceSet) model.get("entity");
 
 			JsonObject o = new JsonObject();
-			
+
 			o.addProperty("_id", rs.getId().toString()); // send the id as a string
 			o.addProperty("user_access_policy_uri", config.getIssuer() + "manage/resource/" + rs.getId());
 			o.addProperty("name", rs.getName());
@@ -109,9 +109,9 @@ public class ResourceSetEntityView extends AbstractView {
 			o.addProperty("type", rs.getType());
 			o.add("scopes", JsonUtils.getAsArray(rs.getScopes()));
 			o.addProperty("icon_uri", rs.getIconUri());
-			
+
 			gson.toJson(o, out);
-			
+
 		} catch (IOException e) {
 
 			logger.error("IOException in ResourceSetEntityView.java: ", e);
diff --git a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
index 28ad2d2f3..7da6b9498 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
@@ -70,13 +70,13 @@ public class AuthorizationRequestEndpoint {
 
 	@Autowired
 	private PermissionService permissionService;
-	
+
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
-	
+
 	@Autowired
 	private OIDCTokenService oidcTokenService;
-	
+
 	@Autowired
 	private ClaimsProcessingService claimsProcessingService;
 
@@ -85,72 +85,72 @@ public class AuthorizationRequestEndpoint {
 
 	@RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String authorizationRequest(@RequestBody String jsonString, Model m, Authentication auth) {
-		
+
 		AuthenticationUtilities.ensureOAuthScope(auth, SystemScopeService.UMA_AUTHORIZATION_SCOPE);
-		
+
 		JsonParser parser = new JsonParser();
 		JsonElement e = parser.parse(jsonString);
-		
+
 		if (e.isJsonObject()) {
 			JsonObject o = e.getAsJsonObject();
-			
+
 			if (o.has(TICKET)) {
-				
+
 				OAuth2AccessTokenEntity incomingRpt = null;
 				if (o.has(RPT)) {
 					String rptValue = o.get(RPT).getAsString();
 					incomingRpt = tokenService.readAccessToken(rptValue);
-				}				
-				
+				}
+
 				String ticketValue = o.get(TICKET).getAsString();
-				
+
 				PermissionTicket ticket = permissionService.getByTicket(ticketValue);
-				
+
 				if (ticket != null) {
 					// found the ticket, see if it's any good
-					
+
 					ResourceSet rs = ticket.getPermission().getResourceSet();
-					
+
 					if (rs.getPolicies() == null || rs.getPolicies().isEmpty()) {
 						// the required claims are empty, this resource has no way to be authorized
-						
+
 						m.addAttribute(JsonErrorView.ERROR, "not_authorized");
 						m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This resource set can not be accessed.");
 						m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 						return JsonErrorView.VIEWNAME;
 					} else {
 						// claims weren't empty or missing, we need to check against what we have
-						
+
 						ClaimProcessingResult result = claimsProcessingService.claimsAreSatisfied(rs, ticket);
-						
-						
+
+
 						if (result.isSatisfied()) {
 							// the service found what it was looking for, issue a token
 
 							// we need to downscope this based on the required set that was matched if it was matched
 							OAuth2Authentication o2auth = (OAuth2Authentication) auth;
-							
+
 							OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket, result.getMatched());
 
 							// if we have an inbound RPT, throw it out because we're replacing it
 							if (incomingRpt != null) {
 								tokenService.revokeAccessToken(incomingRpt);
 							}
-							
+
 							Map<String, String> entity = ImmutableMap.of("rpt", token.getValue());
-							
+
 							m.addAttribute(JsonEntityView.ENTITY, entity);
-							
+
 							return JsonEntityView.VIEWNAME;
-							
+
 						} else {
-							
+
 							// if we got here, the claim didn't match, forward the user to the claim gathering endpoint
 							JsonObject entity = new JsonObject();
-							
+
 							entity.addProperty(JsonErrorView.ERROR, "need_info");
 							JsonObject details = new JsonObject();
-							
+
 							JsonObject rpClaims = new JsonObject();
 							rpClaims.addProperty("redirect_user", true);
 							rpClaims.addProperty("ticket", ticketValue);
@@ -175,12 +175,12 @@ public class AuthorizationRequestEndpoint {
 							rpClaims.add("required_claims", req);
 							details.add("requesting_party_claims", rpClaims);
 							entity.add("error_details", details);
-							
+
 							m.addAttribute(JsonEntityView.ENTITY, entity);
 							return JsonEntityView.VIEWNAME;
-						}						
-						
-						
+						}
+
+
 					}
 				} else {
 					// ticket wasn't found, return an error
@@ -194,14 +194,14 @@ public class AuthorizationRequestEndpoint {
 				m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Missing JSON elements.");
 				return JsonErrorView.VIEWNAME;
 			}
-			
-			
+
+
 		} else {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
 			m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Malformed JSON request.");
 			return JsonErrorView.VIEWNAME;
 		}
-		
+
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
index 3d0c5ef25..b5a376c5e 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
@@ -63,35 +63,35 @@ public class ClaimsCollectionEndpoint {
 
 	@Autowired
 	private ClientDetailsEntityService clientService;
-	
+
 	@Autowired
 	private PermissionService permissionService;
-	
-	
+
+
 	@RequestMapping(method = RequestMethod.GET)
-	public String collectClaims(@RequestParam("client_id") String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, 
+	public String collectClaims(@RequestParam("client_id") String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri,
 			@RequestParam("ticket") String ticketValue, @RequestParam(value = "state", required = false) String state,
 			Model m, OIDCAuthenticationToken auth) {
 
 
 		ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
-		
+
 		PermissionTicket ticket = permissionService.getByTicket(ticketValue);
-		
+
 		if (client == null || ticket == null) {
 			logger.info("Client or ticket not found: " + clientId + " :: " + ticketValue);
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		// we've got a client and ticket, let's attach the claims that we have from the token and userinfo
-		
+
 		// subject
 		Set<Claim> claimsSupplied = Sets.newHashSet(ticket.getClaimsSupplied());
-		
+
 		String issuer = auth.getIssuer();
 		UserInfo userInfo = auth.getUserInfo();
-		
+
 		claimsSupplied.add(mkClaim(issuer, "sub", new JsonPrimitive(auth.getSub())));
 		if (userInfo.getEmail() != null) {
 			claimsSupplied.add(mkClaim(issuer, "email", new JsonPrimitive(userInfo.getEmail())));
@@ -111,7 +111,7 @@ public class ClaimsCollectionEndpoint {
 		if (userInfo.getProfile() != null) {
 			claimsSupplied.add(mkClaim(issuer, "profile", new JsonPrimitive(auth.getUserInfo().getProfile())));
 		}
-		
+
 		ticket.setClaimsSupplied(claimsSupplied);
 		
 		PermissionTicket updatedTicket = permissionService.updateTicket(ticket);
@@ -128,7 +128,7 @@ public class ClaimsCollectionEndpoint {
 				throw new RedirectMismatchException("Claims redirect did not match the registered values.");
 			}
 		}
-		
+
 		UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri);
 		template.queryParam("authorization_state", "claims_submitted");
 		if (!Strings.isNullOrEmpty(state)) {
@@ -137,11 +137,11 @@ public class ClaimsCollectionEndpoint {
 
 		String uriString = template.toUriString();
 		logger.info("Redirecting to " + uriString);
-		
+
 		return "redirect:" + uriString;
 	}
 
-	
+
 	private Claim mkClaim(String issuer, String name, JsonElement value) {
 		Claim c = new Claim();
 		c.setIssuer(Sets.newHashSet(issuer));
@@ -149,5 +149,5 @@ public class ClaimsCollectionEndpoint {
 		c.setValue(value);
 		return c;
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
index 0b7ed248c..d7c19abcd 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/PermissionRegistrationEndpoint.java
@@ -59,90 +59,90 @@ import static org.mitre.util.JsonUtils.getAsStringSet;
 public class PermissionRegistrationEndpoint {
 	// Logger for this class
 	private static final Logger logger = LoggerFactory.getLogger(PermissionRegistrationEndpoint.class);
-	
+
 	public static final String URL = "permission";
-	
+
 	@Autowired
 	private PermissionService permissionService;
-	
+
 	@Autowired
 	private ResourceSetService resourceSetService;
-	
+
 	@Autowired
 	private SystemScopeService scopeService;
 
 	private JsonParser parser = new JsonParser();
-	
+
 	@RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String getPermissionTicket(@RequestBody String jsonString, Model m, Authentication auth) {
-		
+
 		ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-		
+
 		try {
-			
+
 			// parse the permission request
-			
-			JsonElement el = parser.parse(jsonString);			
+
+			JsonElement el = parser.parse(jsonString);
 			if (el.isJsonObject()) {
 				JsonObject o = el.getAsJsonObject();
-				
+
 				Long rsid = getAsLong(o, "resource_set_id");
 				Set<String> scopes = getAsStringSet(o, "scopes");
-				
+
 				if (rsid == null || scopes == null || scopes.isEmpty()){
 					// missing information
 					m.addAttribute("code", HttpStatus.BAD_REQUEST);
 					m.addAttribute("errorMessage", "Missing required component of permission registration request.");
 					return JsonErrorView.VIEWNAME;
 				}
-				
+
 				// trim any restricted scopes
 				Set<SystemScope> scopesRequested = scopeService.fromStrings(scopes);
 				scopesRequested = scopeService.removeRestrictedAndReservedScopes(scopesRequested);
 				scopes = scopeService.toStrings(scopesRequested);
-				
+
 				ResourceSet resourceSet = resourceSetService.getById(rsid);
-				
+
 				// requested resource set doesn't exist
 				if (resourceSet == null) {
 					m.addAttribute("code", HttpStatus.NOT_FOUND);
 					m.addAttribute("errorMessage", "Requested resource set not found: " + rsid);
 					return JsonErrorView.VIEWNAME;
 				}
-				
+
 				// authorized user of the token doesn't match owner of the resource set
 				if (!resourceSet.getOwner().equals(auth.getName())) {
 					m.addAttribute("code", HttpStatus.FORBIDDEN);
 					m.addAttribute("errorMessage", "Party requesting permission is not owner of resource set, expected " + resourceSet.getOwner() + " got " + auth.getName());
 					return JsonErrorView.VIEWNAME;
 				}
-				
+
 				// create the permission
 				PermissionTicket permission = permissionService.createTicket(resourceSet, scopes);
-				
+
 				if (permission != null) {
 					// we've created the permission, return the ticket
 					JsonObject out = new JsonObject();
 					out.addProperty("ticket", permission.getTicket());
 					m.addAttribute("entity", out);
-					
+
 					m.addAttribute("code", HttpStatus.CREATED);
-					
+
 					return JsonEntityView.VIEWNAME;
 				} else {
 					// there was a failure creating the permission object
-					
+
 					m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
 					m.addAttribute("errorMessage", "Unable to save permission and generate ticket.");
-					
+
 					return JsonErrorView.VIEWNAME;
 				}
-				
+
 			} else {
 				// malformed request
 				m.addAttribute("code", HttpStatus.BAD_REQUEST);
 				m.addAttribute("errorMessage", "Malformed JSON request.");
-				return JsonErrorView.VIEWNAME;				
+				return JsonErrorView.VIEWNAME;
 			}
 		} catch (JsonParseException e) {
 			// malformed request
@@ -150,7 +150,7 @@ public class PermissionRegistrationEndpoint {
 			m.addAttribute("errorMessage", "Malformed JSON request.");
 			return JsonErrorView.VIEWNAME;
 		}
-		
+
 	}
 
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java b/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java
index 4f3cdcbf1..545f85688 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/PolicyAPI.java
@@ -56,18 +56,18 @@ import com.google.gson.Gson;
 @RequestMapping("/" + PolicyAPI.URL)
 @PreAuthorize("hasRole('ROLE_USER')")
 public class PolicyAPI {
-	
+
 	// Logger for this class
 	private static final Logger logger = LoggerFactory.getLogger(PolicyAPI.class);
-	
+
 	public static final String URL = RootController.API_URL + "/resourceset";
 	public static final String POLICYURL = "/policy";
-	
+
 	private Gson gson = new Gson();
-	
+
 	@Autowired
 	private ResourceSetService resourceSetService;
-	
+
 	/**
 	 * List all resource sets for the current user
 	 * @param m
@@ -76,14 +76,14 @@ public class PolicyAPI {
 	 */
 	@RequestMapping(value = "", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String getResourceSetsForCurrentUser(Model m, Authentication auth) {
-		
+
 		Collection<ResourceSet> resourceSets = resourceSetService.getAllForOwner(auth.getName());
-		
+
 		m.addAttribute(JsonEntityView.ENTITY, resourceSets);
-		
+
 		return JsonEntityView.VIEWNAME;
 	}
-	
+
 	/**
 	 * Get the indicated resource set
 	 * @param rsid
@@ -93,14 +93,14 @@ public class PolicyAPI {
 	 */
 	@RequestMapping(value = "/{rsid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String getResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-		
+
 		ResourceSet rs = resourceSetService.getById(rsid);
 
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -108,12 +108,12 @@ public class PolicyAPI {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 			return HttpCodeView.VIEWNAME;
 		}
-				
+
 		m.addAttribute(JsonEntityView.ENTITY, rs);
-		
+
 		return JsonEntityView.VIEWNAME;
 	}
-	
+
 	/**
 	 * Delete the indicated resource set
 	 * @param rsid
@@ -123,14 +123,14 @@ public class PolicyAPI {
 	 */
 	@RequestMapping(value = "/{rsid}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String deleteResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-		
+
 		ResourceSet rs = resourceSetService.getById(rsid);
 
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -142,9 +142,9 @@ public class PolicyAPI {
 		resourceSetService.remove(rs);
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
 		return HttpCodeView.VIEWNAME;
-		
+
 	}
-	
+
 	/**
 	 * List all the policies for the given resource set
 	 * @param rsid
@@ -154,14 +154,14 @@ public class PolicyAPI {
 	 */
 	@RequestMapping(value = "/{rsid}" + POLICYURL, method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String getPoliciesForResourceSet(@PathVariable (value = "rsid") Long rsid, Model m, Authentication auth) {
-		
+
 		ResourceSet rs = resourceSetService.getById(rsid);
 
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -169,12 +169,12 @@ public class PolicyAPI {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 			return HttpCodeView.VIEWNAME;
 		}
-				
+
 		m.addAttribute(JsonEntityView.ENTITY, rs.getPolicies());
-		
+
 		return JsonEntityView.VIEWNAME;
 	}
-	
+
 	/**
 	 * Create a new policy on the given resource set
 	 * @param rsid
@@ -190,7 +190,7 @@ public class PolicyAPI {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -200,13 +200,13 @@ public class PolicyAPI {
 		}
 
 		Policy p = gson.fromJson(jsonString, Policy.class);
-		
+
 		if (p.getId() != null) {
 			logger.warn("Tried to add a policy with a non-null ID: " + p.getId());
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		for (Claim claim : p.getClaimsRequired()) {
 			if (claim.getId() != null) {
 				logger.warn("Tried to add a policy with a non-null claim ID: " + claim.getId());
@@ -220,7 +220,7 @@ public class PolicyAPI {
 
 		// find the new policy object
 		Collection<Policy> newPolicies = Sets.difference(new HashSet<>(saved.getPolicies()), new HashSet<>(rs.getPolicies()));
-		
+
 		if (newPolicies.size() == 1) {
 			Policy newPolicy = newPolicies.iterator().next();
 			m.addAttribute(JsonEntityView.ENTITY, newPolicy);
@@ -230,9 +230,9 @@ public class PolicyAPI {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 	}
-	
+
 	/**
 	 * Get a specific policy
 	 * @param rsid
@@ -243,14 +243,14 @@ public class PolicyAPI {
 	 */
 	@RequestMapping(value = "/{rsid}" + POLICYURL + "/{pid}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String getPolicy(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) {
-		
+
 		ResourceSet rs = resourceSetService.getById(rsid);
 
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -266,12 +266,12 @@ public class PolicyAPI {
 				return JsonEntityView.VIEWNAME;
 			}
 		}
-		
+
 		// if we made it this far, we haven't found it
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 		return HttpCodeView.VIEWNAME;
 	}
-	
+
 	/**
 	 * Update a specific policy
 	 * @param rsid
@@ -285,12 +285,12 @@ public class PolicyAPI {
 	public String setClaimsForResourceSet(@PathVariable (value = "rsid") Long rsid, @PathVariable (value = "pid") Long pid, @RequestBody String jsonString, Model m, Authentication auth) {
 
 		ResourceSet rs = resourceSetService.getById(rsid);
-		
+
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		if (!rs.getOwner().equals(auth.getName())) {
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
 
@@ -298,16 +298,16 @@ public class PolicyAPI {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		Policy p = gson.fromJson(jsonString, Policy.class);
-		
+
 		if (!pid.equals(p.getId())) {
 			logger.warn("Policy ID mismatch, expected " + pid + " got " + p.getId());
-			
+
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
 			return HttpCodeView.VIEWNAME;
 		}
-		
+
 		for (Policy policy : rs.getPolicies()) {
 			if (policy.getId().equals(pid)) {
 				// found it!
@@ -325,14 +325,14 @@ public class PolicyAPI {
 						return HttpCodeView.VIEWNAME;
 					}
 				}
-				
+
 				// update the existing object with the new values
 				policy.setClaimsRequired(p.getClaimsRequired());
 				policy.setName(p.getName());
 				policy.setScopes(p.getScopes());
-				
+
 				resourceSetService.update(rs, rs);
-				
+
 				m.addAttribute(JsonEntityView.ENTITY, policy);
 				return JsonEntityView.VIEWNAME;
 			}
@@ -342,7 +342,7 @@ public class PolicyAPI {
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 		return HttpCodeView.VIEWNAME;
 	}
-	
+
 	/**
 	 * Delete a specific policy
 	 * @param rsid
@@ -355,38 +355,38 @@ public class PolicyAPI {
 	public String deleteResourceSet(@PathVariable ("rsid") Long rsid, @PathVariable (value = "pid") Long pid, Model m, Authentication auth) {
 
 		ResourceSet rs = resourceSetService.getById(rsid);
-		
+
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			m.addAttribute(JsonErrorView.ERROR, "not_found");
 			return JsonErrorView.VIEWNAME;
 		}
-		
+
 		if (!auth.getName().equals(rs.getOwner())) {
-			
+
 			logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-			
+
 			// it wasn't issued to this user
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 			return JsonErrorView.VIEWNAME;
 		}
-			
-				
+
+
 		for (Policy policy : rs.getPolicies()) {
 			if (policy.getId().equals(pid)) {
 				// found it!
 				rs.getPolicies().remove(policy);
 				resourceSetService.update(rs, rs);
-		
+
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
 				return HttpCodeView.VIEWNAME;
 			}
 		}
-		
+
 		// if we made it this far, we haven't found it
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 		return HttpCodeView.VIEWNAME;
-		
+
 	}
-	
+
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
index dcc6335e8..2f9799d07 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ResourceSetRegistrationEndpoint.java
@@ -64,13 +64,13 @@ import static org.mitre.util.JsonUtils.getAsStringSet;
 public class ResourceSetRegistrationEndpoint {
 
 	private static final Logger logger = LoggerFactory.getLogger(ResourceSetRegistrationEndpoint.class);
-	
+
 	public static final String DISCOVERY_URL = "resource_set";
 	public static final String URL = DISCOVERY_URL + "/resource_set";
 
 	@Autowired
 	private ResourceSetService resourceSetService;
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
 
@@ -78,16 +78,16 @@ public class ResourceSetRegistrationEndpoint {
 	private SystemScopeService scopeService;
 
 	private JsonParser parser = new JsonParser();
-	
+
 	@RequestMapping(method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) {
 		ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-		
+
 		ResourceSet rs = parseResourceSet(jsonString);
-		
+
 		if (rs == null) { // there was no resource set in the body
 			logger.warn("Resource set registration missing body.");
-			
+
 			m.addAttribute("code", HttpStatus.BAD_REQUEST);
 			m.addAttribute("error_description", "Resource request was missing body.");
 			return JsonErrorView.VIEWNAME;
@@ -104,48 +104,48 @@ public class ResourceSetRegistrationEndpoint {
 			m.addAttribute(JsonErrorView.ERROR_MESSAGE, "This call must be made with an OAuth token");
 			return JsonErrorView.VIEWNAME;
 		}
-		
+
 		rs = validateScopes(rs);
-		
+
 		if (Strings.isNullOrEmpty(rs.getName()) // there was no name (required)
 				|| rs.getScopes() == null // there were no scopes (required)
-			) {
+				) {
 
 			logger.warn("Resource set registration missing one or more required fields.");
-			
+
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
 			m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
 			return JsonErrorView.VIEWNAME;
 		}
 
 		ResourceSet saved = resourceSetService.saveNew(rs);
-		
+
 		m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED);
 		m.addAttribute(JsonEntityView.ENTITY, saved);
 		m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId());
-		
+
 		return ResourceSetEntityAbbreviatedView.VIEWNAME;
-		
+
 	}
 
 	@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String readResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
 		ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-		
+
 		ResourceSet rs = resourceSetService.getById(id);
-		
+
 		if (rs == null) {
 			m.addAttribute("code", HttpStatus.NOT_FOUND);
 			m.addAttribute("error", "not_found");
 			return JsonErrorView.VIEWNAME;
 		} else {
-			
+
 			rs = validateScopes(rs);
-			
+
 			if (!auth.getName().equals(rs.getOwner())) {
-				
+
 				logger.warn("Unauthorized resource set request from wrong user; expected " + rs.getOwner() + " got " + auth.getName());
-				
+
 				// it wasn't issued to this user
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 				return JsonErrorView.VIEWNAME;
@@ -153,9 +153,9 @@ public class ResourceSetRegistrationEndpoint {
 				m.addAttribute(JsonEntityView.ENTITY, rs);
 				return ResourceSetEntityView.VIEWNAME;
 			}
-			
+
 		}
-		
+
 	}
 
 	@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
@@ -168,85 +168,85 @@ public class ResourceSetRegistrationEndpoint {
 				|| Strings.isNullOrEmpty(newRs.getName()) // there was no name (required)
 				|| newRs.getScopes() == null // there were no scopes (required)
 				|| newRs.getId() == null || !newRs.getId().equals(id) // the IDs didn't match
-			) {
+				) {
 
 			logger.warn("Resource set registration missing one or more required fields.");
-			
+
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST);
 			m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Resource request was missing one or more required fields.");
 			return JsonErrorView.VIEWNAME;
 		}
 
 		ResourceSet rs = resourceSetService.getById(id);
-		
+
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			m.addAttribute(JsonErrorView.ERROR, "not_found");
 			return JsonErrorView.VIEWNAME;
 		} else {
 			if (!auth.getName().equals(rs.getOwner())) {
-				
+
 				logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-				
+
 				// it wasn't issued to this user
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 				return JsonErrorView.VIEWNAME;
 			} else {
-				
+
 				ResourceSet saved = resourceSetService.update(rs, newRs);
-				
+
 				m.addAttribute(JsonEntityView.ENTITY, saved);
 				m.addAttribute(ResourceSetEntityAbbreviatedView.LOCATION, config.getIssuer() + URL + "/" + rs.getId());
 				return ResourceSetEntityAbbreviatedView.VIEWNAME;
 			}
-			
+
 		}
 	}
-	
+
 	@RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String deleteResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
 		ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
 
 		ResourceSet rs = resourceSetService.getById(id);
-		
+
 		if (rs == null) {
 			m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
 			m.addAttribute(JsonErrorView.ERROR, "not_found");
 			return JsonErrorView.VIEWNAME;
 		} else {
 			if (!auth.getName().equals(rs.getOwner())) {
-				
+
 				logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
-				
+
 				// it wasn't issued to this user
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 				return JsonErrorView.VIEWNAME;
-			} else if (auth instanceof OAuth2Authentication && 
+			} else if (auth instanceof OAuth2Authentication &&
 					!((OAuth2Authentication)auth).getOAuth2Request().getClientId().equals(rs.getClientId())){
-				
+
 				logger.warn("Unauthorized resource set request from bad client; expected " + rs.getClientId() + " got " + ((OAuth2Authentication)auth).getOAuth2Request().getClientId());
-				
+
 				// it wasn't issued to this client
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
 				return JsonErrorView.VIEWNAME;
 			} else {
-				
+
 				// user and client matched
 				resourceSetService.remove(rs);
-				
+
 				m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT);
 				return HttpCodeView.VIEWNAME;
 			}
-			
+
 		}
 	}
-	
+
 	@RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String listResourceSets(Model m, Authentication auth) {
 		ensureOAuthScope(auth, SystemScopeService.UMA_PROTECTION_SCOPE);
-		
+
 		String owner = auth.getName();
-		
+
 		Collection<ResourceSet> resourceSets = Collections.emptySet();
 		if (auth instanceof OAuth2Authentication) {
 			// if it's an OAuth mediated call, it's on behalf of a client, so look that up too
@@ -256,14 +256,14 @@ public class ResourceSetRegistrationEndpoint {
 			// otherwise get everything for the current user
 			resourceSets = resourceSetService.getAllForOwner(owner);
 		}
-		
+
 		// build the entity here and send to the display
-		
+
 		Set<String> ids = new HashSet<>();
 		for (ResourceSet resourceSet : resourceSets) {
 			ids.add(resourceSet.getId().toString()); // add them all as strings so that gson renders them properly
 		}
-		
+
 		m.addAttribute(JsonEntityView.ENTITY, ids);
 		return JsonEntityView.VIEWNAME;
 	}
@@ -272,10 +272,10 @@ public class ResourceSetRegistrationEndpoint {
 
 		try {
 			JsonElement el = parser.parse(jsonString);
-			
+
 			if (el.isJsonObject()) {
 				JsonObject o = el.getAsJsonObject();
-				
+
 				ResourceSet rs = new ResourceSet();
 				rs.setId(getAsLong(o, "_id"));
 				rs.setName(getAsString(o, "name"));
@@ -283,19 +283,19 @@ public class ResourceSetRegistrationEndpoint {
 				rs.setType(getAsString(o, "type"));
 				rs.setScopes(getAsStringSet(o, "scopes"));
 				rs.setUri(getAsString(o, "uri"));
-				
+
 				return rs;
-				
+
 			}
-			
+
 			return null;
-			
+
 		} catch (JsonParseException e) {
 			return null;
 		}
-		
+
 	}
-	
+
 
 	/**
 	 * 
diff --git a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java b/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java
index f11422c66..ff4442744 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/UmaDiscoveryEndpoint.java
@@ -39,10 +39,10 @@ import com.google.common.collect.Lists;
  */
 @Controller
 public class UmaDiscoveryEndpoint {
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
-	
+
 	@RequestMapping(".well-known/uma-configuration")
 	public String umaConfiguration(Model model) {
 
@@ -69,12 +69,12 @@ public class UmaDiscoveryEndpoint {
 		m.put("resource_set_registration_endpoint", issuer + ResourceSetRegistrationEndpoint.DISCOVERY_URL);
 		m.put("permission_registration_endpoint", issuer + PermissionRegistrationEndpoint.URL);
 		m.put("rpt_endpoint", issuer + AuthorizationRequestEndpoint.URL);
-		
-		
-		
+
+
+
 		model.addAttribute("entity", m);
 		return JsonEntityView.VIEWNAME;
 	}
-	
+
 
 }
diff --git a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java b/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java
index 7221a5432..5e61ed17f 100644
--- a/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/UserClaimSearchHelper.java
@@ -55,22 +55,22 @@ import com.google.common.collect.ImmutableSet;
 public class UserClaimSearchHelper {
 
 	public static final String URL = RootController.API_URL + "/emailsearch";
-	
+
 	private WebfingerIssuerService webfingerIssuerService = new WebfingerIssuerService();
-	
+
 	@Autowired
 	private UserInfoService userInfoService;
-	
+
 	@Autowired
 	private ConfigurationPropertiesBean config;
 
-	
+
 	@RequestMapping(method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String search(@RequestParam(value = "identifier") String email, Model m, Authentication auth, HttpServletRequest req) {
-		
+
 		// check locally first
 		UserInfo localUser = userInfoService.getByEmailAddress(email);
-		
+
 		if (localUser != null) {
 			Map<String, Object> e = new HashMap<>();
 			e.put("issuer", ImmutableSet.of(config.getIssuer()));
@@ -90,22 +90,22 @@ public class UserClaimSearchHelper {
 			m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev, s));
 			return JsonEntityView.VIEWNAME;
 		} else {
-		
+
 			// otherwise do a webfinger lookup
 			IssuerServiceResponse resp = webfingerIssuerService.getIssuer(req);
-			
+
 			if (resp != null && resp.getIssuer() != null) {
 				// we found an issuer, return that
 				Map<String, Object> e = new HashMap<>();
 				e.put("issuer", ImmutableSet.of(resp.getIssuer()));
 				e.put("name", "email");
 				e.put("value", email);
-	
+
 				Map<String, Object> ev = new HashMap<>();
 				ev.put("issuer", ImmutableSet.of(resp.getIssuer()));
 				ev.put("name", "email_verified");
 				ev.put("value", true);
-	
+
 				m.addAttribute(JsonEntityView.ENTITY, ImmutableSet.of(e, ev));
 				return JsonEntityView.VIEWNAME;
 			} else {
@@ -114,5 +114,5 @@ public class UserClaimSearchHelper {
 			}
 		}
 	}
-	
+
 }
diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java
index 01a06e8d9..2e6ee8100 100644
--- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java
+++ b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultPermissionService.java
@@ -29,8 +29,8 @@ import org.mitre.uma.model.ResourceSet;
 import org.mitre.uma.repository.PermissionRepository;
 import org.mockito.AdditionalAnswers;
 import org.mockito.InjectMocks;
+import org.mockito.Matchers;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.mockito.stubbing.Answer;
@@ -57,16 +57,16 @@ public class TestDefaultPermissionService {
 
 	@Mock
 	private PermissionRepository permissionRepository;
-	
+
 	@Mock
 	private SystemScopeService scopeService;
-	
+
 	@InjectMocks
 	private DefaultPermissionService permissionService;
-	
+
 	private Set<String> scopes1 = ImmutableSet.of("foo", "bar", "baz");
 	private Set<String> scopes2 = ImmutableSet.of("alpha", "beta", "betest");
-	
+
 	private ResourceSet rs1;
 	private ResourceSet rs2;
 
@@ -77,8 +77,8 @@ public class TestDefaultPermissionService {
 	private String rs2Name = "resource set 2";
 	private String rs2Owner = "resource set owner 2";
 	private Long rs2Id = 2L;
-	
-	
+
+
 	@Before
 	public void prepare() {
 		rs1 = new ResourceSet();
@@ -86,7 +86,7 @@ public class TestDefaultPermissionService {
 		rs1.setOwner(rs1Owner);
 		rs1.setId(rs1Id );
 		rs1.setScopes(scopes1);
-		
+
 		rs2 = new ResourceSet();
 		rs2.setName(rs2Name);
 		rs2.setOwner(rs2Owner);
@@ -94,8 +94,8 @@ public class TestDefaultPermissionService {
 		rs2.setScopes(scopes2);
 
 		// have the repository just pass the argument through
-		when(permissionRepository.save(Mockito.any(PermissionTicket.class))).then(AdditionalAnswers.returnsFirstArg());
-		
+		when(permissionRepository.save(Matchers.any(PermissionTicket.class))).then(AdditionalAnswers.returnsFirstArg());
+
 		when(scopeService.scopesMatch(anySetOf(String.class), anySetOf(String.class))).then(new Answer<Boolean>() {
 
 			@Override
@@ -105,65 +105,65 @@ public class TestDefaultPermissionService {
 				Set<String> expected = (Set<String>) arguments[0];
 				@SuppressWarnings("unchecked")
 				Set<String> actual = (Set<String>) arguments[1];
-				
+
 				return expected.containsAll(actual);
 			}
 		});
-		
+
 	}
-	
-	
+
+
 	/**
 	 * Test method for {@link org.mitre.uma.service.impl.DefaultPermissionService#createTicket(org.mitre.uma.model.ResourceSet, java.util.Set)}.
 	 */
 	@Test
 	public void testCreate_ticket() {
-		
+
 		PermissionTicket perm = permissionService.createTicket(rs1, scopes1);
-		
+
 		// we want there to be a non-null ticket
 		assertNotNull(perm.getTicket());
 	}
-	
+
 	@Test
 	public void testCreate_uuid() {
 		PermissionTicket perm = permissionService.createTicket(rs1, scopes1);
 
 		// we expect this to be a UUID
 		UUID uuid = UUID.fromString(perm.getTicket());
-		
+
 		assertNotNull(uuid);
-		
+
 	}
-	
+
 	@Test
 	public void testCreate_differentTicketsSameClient() {
-		
+
 		PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1);
 		PermissionTicket perm2 = permissionService.createTicket(rs1, scopes1);
-		
+
 		assertNotNull(perm1.getTicket());
 		assertNotNull(perm2.getTicket());
 
 		// make sure these are different from each other
 		assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket())));
-		
+
 	}
-	
+
 	@Test
 	public void testCreate_differentTicketsDifferentClient() {
-		
+
 		PermissionTicket perm1 = permissionService.createTicket(rs1, scopes1);
 		PermissionTicket perm2 = permissionService.createTicket(rs2, scopes2);
-		
+
 		assertNotNull(perm1.getTicket());
 		assertNotNull(perm2.getTicket());
 
 		// make sure these are different from each other
 		assertThat(perm1.getTicket(), not(equalTo(perm2.getTicket())));
-		
+
 	}
-	
+
 	@Test(expected = InsufficientScopeException.class)
 	public void testCreate_scopeMismatch() {
 		@SuppressWarnings("unused")
diff --git a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java
index 0a5445aca..60979d5b1 100644
--- a/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java
+++ b/uma-server/src/test/java/org/mitre/uma/service/impl/TestDefaultResourceSetService.java
@@ -40,18 +40,18 @@ public class TestDefaultResourceSetService {
 
 	@Mock
 	private ResourceSetRepository repository;
-	
+
 	@InjectMocks
 	private DefaultResourceSetService resourceSetService;
-	
+
 	/**
 	 * @throws java.lang.Exception
 	 */
 	@Before
 	public void setUp() throws Exception {
-		
+
 		when(repository.save(any(ResourceSet.class))).then(AdditionalAnswers.returnsFirstArg());
-		
+
 	}
 
 	/**
@@ -59,34 +59,34 @@ public class TestDefaultResourceSetService {
 	 */
 	@Test(expected = IllegalArgumentException.class)
 	public void testSaveNew_hasId() {
-		
+
 		ResourceSet rs = new ResourceSet();
 		rs.setId(1L);
-	
+
 		resourceSetService.saveNew(rs);
-		
+
 	}
-	
+
 	@Test(expected = IllegalArgumentException.class)
 	public void testUpdate_nullId() {
 		ResourceSet rs = new ResourceSet();
 		rs.setId(1L);
 
 		ResourceSet rs2 = new ResourceSet();
-		
+
 		resourceSetService.update(rs, rs2);
 	}
-	
+
 	@Test(expected = IllegalArgumentException.class)
 	public void testUpdate_nullId2() {
 		ResourceSet rs = new ResourceSet();
 
 		ResourceSet rs2 = new ResourceSet();
 		rs2.setId(1L);
-		
+
 		resourceSetService.update(rs, rs2);
 	}
-	
+
 	@Test(expected = IllegalArgumentException.class)
 	public void testUpdate_mismatchedIds() {
 		ResourceSet rs = new ResourceSet();
@@ -94,7 +94,7 @@ public class TestDefaultResourceSetService {
 
 		ResourceSet rs2 = new ResourceSet();
 		rs2.setId(2L);
-		
+
 		resourceSetService.update(rs, rs2);
 
 	}