[KEYCLOAK-4166] - Export/Import clients functionality not working as expected

services/src/main/java/org/keycloak/authorization/admin/ResourceServerService.java

@@ -74,8 +74,15 @@ public class ResourceServerService {
 
     public void create() {
         this.auth.requireManage();
+
+        UserModel serviceAccount = this.session.users().getServiceAccount(client);
+
+        if (serviceAccount == null) {
+            throw new RuntimeException("Client does not have a service account.");
+        }
+
         this.resourceServer = this.authorization.getStoreFactory().getResourceServerStore().create(this.client.getId());
-        createDefaultRoles();
+        createDefaultRoles(serviceAccount);
         createDefaultPermission(createDefaultResource(), createDefaultPolicy());
     }
 
@@ -215,15 +222,13 @@ public class ResourceServerService {
         return defaultResource;
     }
 
-    private void createDefaultRoles() {
+    private void createDefaultRoles(UserModel serviceAccount) {
         RoleModel umaProtectionRole = client.getRole(Constants.AUTHZ_UMA_PROTECTION);
 
         if (umaProtectionRole == null) {
             umaProtectionRole = client.addRole(Constants.AUTHZ_UMA_PROTECTION);
         }
 
-        UserModel serviceAccount = this.session.users().getServiceAccount(client);
-
         if (!serviceAccount.hasRole(umaProtectionRole)) {
             serviceAccount.grantRole(umaProtectionRole);
         }

services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java

@@ -154,8 +154,12 @@ public class ClientResource {
     }
 
     public void updateClientFromRep(ClientRepresentation rep, ClientModel client, KeycloakSession session) throws ModelDuplicateException {
-        if (TRUE.equals(rep.isServiceAccountsEnabled()) && !client.isServiceAccountsEnabled()) {
-            new ClientManager(new RealmManager(session)).enableServiceAccount(client);
+        if (TRUE.equals(rep.isServiceAccountsEnabled())) {
+            UserModel serviceAccount = this.session.users().getServiceAccount(client);
+
+            if (serviceAccount == null) {
+                new ClientManager(new RealmManager(session)).enableServiceAccount(client);
+            }
         }
 
         if (!rep.getClientId().equals(client.getClientId())) {

services/src/main/java/org/keycloak/services/resources/admin/ClientsResource.java

@@ -16,20 +16,26 @@
  */
 package org.keycloak.services.resources.admin;
 
+import static java.lang.Boolean.TRUE;
+
 import org.jboss.logging.Logger;
 import org.jboss.resteasy.annotations.cache.NoCache;
 import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.keycloak.authorization.admin.AuthorizationService;
+import org.keycloak.common.Profile;
 import org.keycloak.events.admin.OperationType;
 import org.keycloak.events.admin.ResourceType;
 import org.keycloak.models.ClientModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.ModelDuplicateException;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
 import org.keycloak.models.utils.ModelToRepresentation;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.ErrorResponseException;
 import org.keycloak.services.managers.ClientManager;
+import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.validation.ClientValidator;
 import org.keycloak.services.validation.PairwiseClientValidator;
 import org.keycloak.services.validation.ValidationMessages;
@@ -93,7 +99,17 @@ public class ClientsResource {
             boolean view = auth.hasView();
             for (ClientModel clientModel : clientModels) {
                 if (view) {
-                    rep.add(ModelToRepresentation.toRepresentation(clientModel));
+                    ClientRepresentation representation = ModelToRepresentation.toRepresentation(clientModel);
+
+                    if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
+                        AuthorizationService authorizationService = getAuthorizationService(clientModel);
+
+                        if (authorizationService.isEnabled()) {
+                            representation.setAuthorizationServicesEnabled(true);
+                        }
+                    }
+
+                    rep.add(representation);
                 } else {
                     ClientRepresentation client = new ClientRepresentation();
                     client.setId(clientModel.getId());
@@ -111,6 +127,10 @@ public class ClientsResource {
         return rep;
     }
 
+    private AuthorizationService getAuthorizationService(ClientModel clientModel) {
+        return new AuthorizationService(session, clientModel, auth);
+    }
+
     /**
      * Create a new client
      *
@@ -138,6 +158,20 @@ public class ClientsResource {
         try {
             ClientModel clientModel = ClientManager.createClient(session, realm, rep, true);
 
+            if (TRUE.equals(rep.isServiceAccountsEnabled())) {
+                UserModel serviceAccount = session.users().getServiceAccount(clientModel);
+
+                if (serviceAccount == null) {
+                    new ClientManager(new RealmManager(session)).enableServiceAccount(clientModel);
+                }
+            }
+
+            if (Profile.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
+                if (TRUE.equals(rep.getAuthorizationServicesEnabled())) {
+                    getAuthorizationService(clientModel).enable();
+                }
+            }
+
             adminEvent.operation(OperationType.CREATE).resourcePath(uriInfo, clientModel.getId()).representation(rep).success();
 
             return Response.created(uriInfo.getAbsolutePathBuilder().path(clientModel.getId()).build()).build();