diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
index 67d87b5..4d69f17 100644
--- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
+++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
@@ -15,6 +15,9 @@
  */
 package org.springframework.security.oauth2.server.authorization;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -40,11 +43,40 @@ import org.springframework.util.Assert;
 public final class InMemoryOAuth2AuthorizationService implements OAuth2AuthorizationService {
 	private final Map<String, OAuth2Authorization> authorizations = new ConcurrentHashMap<>();
 
+	/**
+	 * Constructs an {@code InMemoryOAuth2AuthorizationService}.
+	 */
+	public InMemoryOAuth2AuthorizationService() {
+		this(Collections.emptyList());
+	}
+
+	/**
+	 * Constructs an {@code InMemoryOAuth2AuthorizationService} using the provided parameters.
+	 *
+	 * @param authorizations the authorization(s)
+	 */
+	public InMemoryOAuth2AuthorizationService(OAuth2Authorization... authorizations) {
+		this(Arrays.asList(authorizations));
+	}
+
+	/**
+	 * Constructs an {@code InMemoryOAuth2AuthorizationService} using the provided parameters.
+	 *
+	 * @param authorizations the authorization(s)
+	 */
+	public InMemoryOAuth2AuthorizationService(List<OAuth2Authorization> authorizations) {
+		Assert.notNull(authorizations, "authorizations cannot be null");
+		authorizations.forEach(authorization -> {
+			Assert.notNull(authorization, "authorization cannot be null");
+			Assert.isTrue(!this.authorizations.containsKey(authorization.getId()),
+					"The authorization must be unique. Found duplicate identifier: " + authorization.getId());
+			this.authorizations.put(authorization.getId(), authorization);
+		});
+	}
+
 	@Override
 	public void save(OAuth2Authorization authorization) {
 		Assert.notNull(authorization, "authorization cannot be null");
-		Assert.isTrue(!this.authorizations.containsKey(authorization.getId()),
-				"The authorization must be unique. Found duplicate identifier: " + authorization.getId());
 		this.authorizations.put(authorization.getId(), authorization);
 	}
 
diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java
index 0d4593a..e4f0e81 100644
--- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java
+++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationServiceTests.java
@@ -17,6 +17,7 @@ package org.springframework.security.oauth2.server.authorization;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.List;
 
 import org.junit.Before;
 import org.junit.Test;
@@ -55,6 +56,34 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 		this.authorizationService = new InMemoryOAuth2AuthorizationService();
 	}
 
+	@Test
+	public void constructorVarargsWhenAuthorizationNullThenThrowIllegalArgumentException() {
+		assertThatThrownBy(() -> new InMemoryOAuth2AuthorizationService((OAuth2Authorization) null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("authorization cannot be null");
+	}
+
+	@Test
+	public void constructorListWhenAuthorizationsNullThenThrowIllegalArgumentException() {
+		assertThatThrownBy(() -> new InMemoryOAuth2AuthorizationService((List<OAuth2Authorization>) null))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("authorizations cannot be null");
+	}
+
+	@Test
+	public void constructorWhenDuplicateAuthorizationsThenThrowIllegalArgumentException() {
+		OAuth2Authorization authorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
+				.id(ID)
+				.principalName(PRINCIPAL_NAME)
+				.authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
+				.token(AUTHORIZATION_CODE)
+				.build();
+
+		assertThatThrownBy(() -> new InMemoryOAuth2AuthorizationService(authorization, authorization))
+				.isInstanceOf(IllegalArgumentException.class)
+				.hasMessage("The authorization must be unique. Found duplicate identifier: id");
+	}
+
 	@Test
 	public void saveWhenAuthorizationNullThenThrowIllegalArgumentException() {
 		assertThatThrownBy(() -> this.authorizationService.save(null))
@@ -63,7 +92,7 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 	}
 
 	@Test
-	public void saveWhenAuthorizationProvidedThenSaved() {
+	public void saveWhenAuthorizationNewThenSaved() {
 		OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
 				.id(ID)
 				.principalName(PRINCIPAL_NAME)
@@ -77,23 +106,30 @@ public class InMemoryOAuth2AuthorizationServiceTests {
 		assertThat(authorization).isEqualTo(expectedAuthorization);
 	}
 
+	// gh-222
 	@Test
-	public void saveWhenAuthorizationNotUniqueThenThrowIllegalArgumentException() {
-		OAuth2Authorization expectedAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
+	public void saveWhenAuthorizationExistsThenUpdated() {
+		OAuth2Authorization originalAuthorization = OAuth2Authorization.withRegisteredClient(REGISTERED_CLIENT)
 				.id(ID)
 				.principalName(PRINCIPAL_NAME)
 				.authorizationGrantType(AUTHORIZATION_GRANT_TYPE)
 				.token(AUTHORIZATION_CODE)
 				.build();
-		this.authorizationService.save(expectedAuthorization);
+		this.authorizationService.save(originalAuthorization);
 
 		OAuth2Authorization authorization = this.authorizationService.findById(
-				expectedAuthorization.getId());
-		assertThat(authorization).isEqualTo(expectedAuthorization);
+				originalAuthorization.getId());
+		assertThat(authorization).isEqualTo(originalAuthorization);
 
-		assertThatThrownBy(() -> this.authorizationService.save(authorization))
-				.isInstanceOf(IllegalArgumentException.class)
-				.hasMessage("The authorization must be unique. Found duplicate identifier: " + ID);
+		OAuth2Authorization updatedAuthorization = OAuth2Authorization.from(authorization)
+				.attribute("custom-name-1", "custom-value-1")
+				.build();
+		this.authorizationService.save(updatedAuthorization);
+
+		authorization = this.authorizationService.findById(
+				updatedAuthorization.getId());
+		assertThat(authorization).isEqualTo(updatedAuthorization);
+		assertThat(authorization).isNotEqualTo(originalAuthorization);
 	}
 
 	@Test