Check username on social login

testsuite/src/test/java/org/keycloak/testsuite/OAuthClient.java

@@ -24,6 +24,7 @@ package org.keycloak.testsuite;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.Charset;
+import java.security.PublicKey;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -40,8 +41,11 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URLEncodedUtils;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.message.BasicNameValuePair;
+import org.jboss.resteasy.security.PemUtils;
 import org.json.JSONObject;
 import org.junit.Assert;
+import org.keycloak.RSATokenVerifier;
+import org.keycloak.representations.SkeletonKeyToken;
 import org.openqa.selenium.By;
 import org.openqa.selenium.WebDriver;
 
@@ -68,8 +72,13 @@ public class OAuthClient {
 
     private String state;
 
-    public OAuthClient(WebDriver driver) {
+    private PublicKey realmPublicKey;
+
+    public OAuthClient(WebDriver driver) throws Exception {
         this.driver = driver;
+
+        JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json")));
+        realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey"));
     }
 
     public AuthorizationCodeResponse doLogin(String username, String password) {
@@ -109,6 +118,10 @@ public class OAuthClient {
         return new AccessTokenResponse(client.execute(post));
     }
 
+    public SkeletonKeyToken verifyToken(String token) throws Exception {
+        return RSATokenVerifier.verifyToken(token, realmPublicKey, realm);
+    }
+
     public boolean isAuthorizationResponse() {
         return getCurrentRequest().equals(redirectUri) && getCurrentQuery().containsKey("code");
     }

testsuite/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java

@@ -21,17 +21,10 @@
  */
 package org.keycloak.testsuite.oauth;
 
-import java.security.PublicKey;
-
-import org.apache.commons.io.IOUtils;
-import org.jboss.resteasy.security.PemUtils;
-import org.json.JSONObject;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
-import org.keycloak.RSATokenVerifier;
 import org.keycloak.representations.SkeletonKeyToken;
 import org.keycloak.testsuite.OAuthClient;
 import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
@@ -61,14 +54,6 @@ public class AccessTokenTest {
     @WebResource
     protected LoginPage loginPage;
 
-    private PublicKey realmPublicKey;
-
-    @Before
-    public void before() throws Exception {
-        JSONObject realmJson = new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json")));
-        realmPublicKey = PemUtils.decodePublicKey(realmJson.getString("publicKey"));
-    }
-
     @Test
     public void accessTokenRequest() throws Exception {
         oauth.doLogin("test-user@localhost", "password");
@@ -82,7 +67,8 @@ public class AccessTokenTest {
 
         Assert.assertEquals("bearer", response.getTokenType());
 
-        SkeletonKeyToken token = RSATokenVerifier.verifyToken(response.getAccessToken(), realmPublicKey, oauth.getRealm());
+        SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
+
         Assert.assertEquals("test-user@localhost", token.getPrincipal());
 
         Assert.assertEquals(1, token.getRealmAccess().getRoles().size());

testsuite/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java

@@ -26,12 +26,15 @@ import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
+import org.keycloak.representations.SkeletonKeyToken;
 import org.keycloak.services.managers.RealmManager;
 import org.keycloak.models.RealmModel;
 import org.keycloak.testsuite.DummySocialServlet;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
 import org.keycloak.testsuite.pages.AppPage;
-import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.AppPage.RequestType;
+import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.rule.KeycloakRule;
 import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup;
 import org.keycloak.testsuite.rule.WebResource;
@@ -65,13 +68,16 @@ public class SocialLoginTest {
     @WebResource
     protected LoginPage loginPage;
 
+    @WebResource
+    protected OAuthClient oauth;
+
     @BeforeClass
     public static void before() {
         keycloakRule.deployServlet("dummy-social", "/dummy-social", DummySocialServlet.class);
     }
 
     @Test
-    public void loginSuccess() {
+    public void loginSuccess() throws Exception {
         loginPage.open();
 
         loginPage.clickSocial("dummy");
@@ -80,6 +86,15 @@ public class SocialLoginTest {
         driver.findElement(By.id("submit")).click();
 
         Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
+
+        AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
+
+        SkeletonKeyToken token = oauth.verifyToken(response.getAccessToken());
+
+        Assert.assertEquals("dummy-user", token.getPrincipal());
+
+        Assert.assertEquals(1, token.getRealmAccess().getRoles().size());
+        Assert.assertTrue(token.getRealmAccess().isUserInRole("user"));
     }
 
 }