From 0ca117b8e998c08fa5d6687f9020a74dc8edea59 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Wed, 4 May 2016 20:48:57 +0200 Subject: [PATCH] KEYCLOAK-2865 Extend coverage of client admin endpoints --- .../admin/client/resource/ClientResource.java | 4 +- .../resources/admin/ClientResource.java | 2 + .../rest/TestApplicationResourceProvider.java | 20 ++- ...estApplicationResourceProviderFactory.java | 4 +- .../resources/TestApplicationResource.java | 6 + .../keycloak/testsuite/util/OAuthClient.java | 25 ++- .../testsuite/AbstractKeycloakTest.java | 3 +- .../keycloak/testsuite/admin/ClientTest.java | 164 ++++++++++++++++++ .../testsuite/admin/client/ClientTest.java | 24 --- .../org/keycloak/testsuite/forms/SSOTest.java | 3 +- .../oauth/ClientAuthSignedJWTTest.java | 2 +- .../testsuite/util/ClientBuilder.java | 11 ++ 12 files changed, 227 insertions(+), 41 deletions(-) diff --git a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java index b88937c6fa..ca1745d05c 100755 --- a/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java +++ b/integration/admin-client/src/main/java/org/keycloak/admin/client/resource/ClientResource.java @@ -113,7 +113,8 @@ public interface ClientResource { @POST @Path("push-revocation") - public void pushRevocation(); + @Produces(MediaType.APPLICATION_JSON) + void pushRevocation(); @Path("/scope-mappings") public RoleMappingResource getScopeMappings(); @@ -138,6 +139,7 @@ public interface ClientResource { @Path("test-nodes-available") @GET + @Produces(MediaType.APPLICATION_JSON) GlobalRequestResult testNodesAvailable(); } \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java index a1978ac7bf..53045ba2d7 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java @@ -324,6 +324,7 @@ public class ClientResource { */ @Path("push-revocation") @POST + @Produces(MediaType.APPLICATION_JSON) public GlobalRequestResult pushRevocation() { auth.requireManage(); @@ -522,6 +523,7 @@ public class ClientResource { @Path("test-nodes-available") @GET @NoCache + @Produces(MediaType.APPLICATION_JSON) public GlobalRequestResult testNodesAvailable() { auth.requireManage(); diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java index 54149d930c..f75d93c68c 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProvider.java @@ -22,6 +22,7 @@ import org.keycloak.jose.jws.JWSInputException; import org.keycloak.models.KeycloakSession; import org.keycloak.representations.adapters.action.LogoutAction; import org.keycloak.representations.adapters.action.PushNotBeforeAction; +import org.keycloak.representations.adapters.action.TestAvailabilityAction; import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resources.RealmsResource; import org.keycloak.testsuite.events.EventsListenerProvider; @@ -48,12 +49,15 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { private final BlockingQueue adminLogoutActions; private final BlockingQueue adminPushNotBeforeActions; + private final BlockingQueue adminTestAvailabilityAction; public TestApplicationResourceProvider(KeycloakSession session, BlockingQueue adminLogoutActions, - BlockingQueue adminPushNotBeforeActions) { + BlockingQueue adminPushNotBeforeActions, + BlockingQueue adminTestAvailabilityAction) { this.session = session; this.adminLogoutActions = adminLogoutActions; this.adminPushNotBeforeActions = adminPushNotBeforeActions; + this.adminTestAvailabilityAction = adminTestAvailabilityAction; } @POST @@ -70,6 +74,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { adminPushNotBeforeActions.add(new JWSInput(data).readJsonContent(PushNotBeforeAction.class)); } + @POST + @Consumes(MediaType.TEXT_PLAIN) + @Path("/admin/k_test_available") + public void testAvailable(String data) throws JWSInputException { + adminTestAvailabilityAction.add(new JWSInput(data).readJsonContent(TestAvailabilityAction.class)); + } + @GET @Produces(MediaType.APPLICATION_JSON) @Path("/poll-admin-logout") @@ -84,6 +95,13 @@ public class TestApplicationResourceProvider implements RealmResourceProvider { return adminPushNotBeforeActions.poll(10, TimeUnit.SECONDS); } + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("/poll-test-available") + public TestAvailabilityAction getTestAvailable() throws InterruptedException { + return adminTestAvailabilityAction.poll(10, TimeUnit.SECONDS); + } + @POST @Path("/clear-admin-actions") public Response clearAdminActions() { diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProviderFactory.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProviderFactory.java index 40d6e2d759..98ca2baa74 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProviderFactory.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestApplicationResourceProviderFactory.java @@ -24,6 +24,7 @@ import org.keycloak.models.KeycloakSessionFactory; import org.keycloak.representations.adapters.action.AdminAction; import org.keycloak.representations.adapters.action.LogoutAction; import org.keycloak.representations.adapters.action.PushNotBeforeAction; +import org.keycloak.representations.adapters.action.TestAvailabilityAction; import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.resource.RealmResourceProviderFactory; @@ -37,10 +38,11 @@ public class TestApplicationResourceProviderFactory implements RealmResourceProv private BlockingQueue adminLogoutActions = new LinkedBlockingDeque<>(); private BlockingQueue pushNotBeforeActions = new LinkedBlockingDeque<>(); + private BlockingQueue testAvailabilityActions = new LinkedBlockingDeque<>(); @Override public RealmResourceProvider create(KeycloakSession session) { - return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions); + return new TestApplicationResourceProvider(session, adminLogoutActions, pushNotBeforeActions, testAvailabilityActions); } @Override diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java index 8fb9b4c8b9..2efc26b3f7 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestApplicationResource.java @@ -19,6 +19,7 @@ package org.keycloak.testsuite.client.resources; import org.keycloak.representations.adapters.action.LogoutAction; import org.keycloak.representations.adapters.action.PushNotBeforeAction; +import org.keycloak.representations.adapters.action.TestAvailabilityAction; import javax.ws.rs.GET; import javax.ws.rs.POST; @@ -43,6 +44,11 @@ public interface TestApplicationResource { @Path("/poll-admin-not-before") PushNotBeforeAction getAdminPushNotBefore(); + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("/poll-test-available") + TestAvailabilityAction getTestAvailable(); + @POST @Path("/clear-admin-actions") Response clearAdminActions(); diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java index 0ba382449b..bc70236caf 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/OAuthClient.java @@ -72,17 +72,17 @@ public class OAuthClient { private String baseUrl = AUTH_SERVER_ROOT; - private String realm = "test"; + private String realm; - private String clientId = "test-app"; + private String clientId; - private String redirectUri = APP_ROOT + "/auth"; + private String redirectUri; - private String state = "mystate"; + private String state; private String scope; - private String uiLocales = null; + private String uiLocales; private String clientSessionState; @@ -90,12 +90,19 @@ public class OAuthClient { private Map publicKeys = new HashMap<>(); - public void setAdminClient(Keycloak adminClient) { + public void init(Keycloak adminClient, WebDriver driver) { this.adminClient = adminClient; - } - - public void setDriver(WebDriver driver) { this.driver = driver; + + baseUrl = AUTH_SERVER_ROOT; + realm = "test"; + clientId = "test-app"; + redirectUri = APP_ROOT + "/auth"; + state = "mystate"; + scope = null; + uiLocales = null; + clientSessionState = null; + clientSessionHost = null; } public AuthorizationCodeResponse doLogin(String username, String password) { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java index 257512bae1..345843ae03 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/AbstractKeycloakTest.java @@ -151,8 +151,7 @@ public abstract class AbstractKeycloakTest { importTestRealms(); - oauth.setAdminClient(adminClient); - oauth.setDriver(driver); + oauth.init(adminClient, driver); } @After diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java index 507f90cc5f..e094aabd6a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java @@ -18,21 +18,37 @@ package org.keycloak.testsuite.admin; import org.junit.Test; +import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ProtocolMappersResource; +import org.keycloak.admin.client.resource.RoleMappingResource; +import org.keycloak.common.util.Time; +import org.keycloak.models.AccountRoles; import org.keycloak.models.Constants; import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory; +import org.keycloak.representations.adapters.action.GlobalRequestResult; +import org.keycloak.representations.adapters.action.PushNotBeforeAction; +import org.keycloak.representations.adapters.action.TestAvailabilityAction; import org.keycloak.representations.idm.*; import javax.ws.rs.NotFoundException; import javax.ws.rs.core.Response; +import java.io.IOException; +import java.util.Collections; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; +import org.keycloak.services.resources.admin.ScopeMappedResource; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.util.ClientBuilder; +import org.keycloak.testsuite.util.CredentialBuilder; import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse; +import org.keycloak.testsuite.util.RoleBuilder; +import org.keycloak.testsuite.util.UserBuilder; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; @@ -174,6 +190,154 @@ public class ClientTest extends AbstractAdminTest { assertClient(client, storedClient); } + @Test + public void serviceAccount() { + Response response = realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build()); + String id = ApiUtil.getCreatedId(response); + UserRepresentation userRep = realm.clients().get(id).getServiceAccountUser(); + assertEquals("service-account-serviceclient", userRep.getUsername()); + } + + @Test + public void pushRevocation() { + testingClient.testApp().clearAdminActions(); + + String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/"); + + ClientRepresentation client = new ClientRepresentation(); + client.setClientId("test-app"); + client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin"); + client.setRedirectUris(Collections.singletonList(redirectUri)); + client.setSecret("secret"); + + int notBefore = Time.currentTime() - 60; + + client.setNotBefore(notBefore); + Response response = realm.clients().create(client); + String id = ApiUtil.getCreatedId(response); + response.close(); + + realm.clients().get(id).pushRevocation(); + + PushNotBeforeAction pushNotBefore = testingClient.testApp().getAdminPushNotBefore(); + assertEquals(notBefore, pushNotBefore.getNotBefore()); + } + + @Test + public void nodes() { + testingClient.testApp().clearAdminActions(); + + String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/"); + + ClientRepresentation client = new ClientRepresentation(); + client.setClientId("test-app"); + client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin"); + client.setRedirectUris(Collections.singletonList(redirectUri)); + client.setSecret("secret"); + + Response response = realm.clients().create(client); + String id = ApiUtil.getCreatedId(response); + response.close(); + + realm.clients().get(id).registerNode(Collections.singletonMap("node", suiteContext.getAuthServerInfo().getContextRoot().getHost())); + realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid")); + + GlobalRequestResult result = realm.clients().get(id).testNodesAvailable(); + assertEquals(1, result.getSuccessRequests().size()); + assertEquals(1, result.getFailedRequests().size()); + + TestAvailabilityAction testAvailable = testingClient.testApp().getTestAvailable(); + assertEquals("test-app", testAvailable.getResource()); + + assertEquals(2, realm.clients().get(id).toRepresentation().getRegisteredNodes().size()); + + realm.clients().get(id).unregisterNode("invalid"); + + assertEquals(1, realm.clients().get(id).toRepresentation().getRegisteredNodes().size()); + } + + @Test + public void offlineUserSessions() throws IOException { + String redirectUri = oauth.getRedirectUri().replace("/master/", "/" + REALM_NAME + "/"); + + ClientRepresentation client = new ClientRepresentation(); + client.setClientId("test-app"); + client.setAdminUrl(suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin"); + client.setRedirectUris(Collections.singletonList(redirectUri)); + client.setSecret("secret"); + + Response response = realm.clients().create(client); + String id = ApiUtil.getCreatedId(response); + response.close(); + + response = realm.users().create(UserBuilder.create().username("testuser").build()); + String userId = ApiUtil.getCreatedId(response); + response.close(); + + realm.users().get(userId).resetPassword(CredentialBuilder.create().password("password").build()); + + Map offlineSessionCount = realm.clients().get(id).getOfflineSessionCount(); + assertEquals(new Long(0), offlineSessionCount.get("count")); + + oauth.realm(REALM_NAME); + oauth.redirectUri(redirectUri); + oauth.scope(OAuth2Constants.OFFLINE_ACCESS); + oauth.doLogin("testuser", "password"); + AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "secret"); + assertEquals(200, accessTokenResponse.getStatusCode()); + + offlineSessionCount = realm.clients().get(id).getOfflineSessionCount(); + assertEquals(new Long(1), offlineSessionCount.get("count")); + + List offlineUserSessions = realm.clients().get(id).getOfflineUserSessions(0, 100); + assertEquals(1, offlineUserSessions.size()); + assertEquals("testuser", offlineUserSessions.get(0).getUsername()); + } + + @Test + public void scopes() { + Response response = realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build()); + String id = ApiUtil.getCreatedId(response); + response.close(); + + RoleMappingResource scopesResource = realm.clients().get(id).getScopeMappings(); + + realm.roles().create(RoleBuilder.create().name("role1").build()); + realm.roles().create(RoleBuilder.create().name("role2").build()); + + RoleRepresentation roleRep1 = realm.roles().get("role1").toRepresentation(); + RoleRepresentation roleRep2 = realm.roles().get("role2").toRepresentation(); + + realm.roles().get("role1").addComposites(Collections.singletonList(roleRep2)); + + String accountMgmtId = realm.clients().findByClientId(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).get(0).getId(); + RoleRepresentation viewAccountRoleRep = realm.clients().get(accountMgmtId).roles().get(AccountRoles.VIEW_PROFILE).toRepresentation(); + + scopesResource.realmLevel().add(Collections.singletonList(roleRep1)); + scopesResource.clientLevel(accountMgmtId).add(Collections.singletonList(viewAccountRoleRep)); + + Assert.assertNames(scopesResource.realmLevel().listAll(), "role1"); + Assert.assertNames(scopesResource.realmLevel().listEffective(), "role1", "role2"); + Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access"); + + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll(), AccountRoles.VIEW_PROFILE); + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective(), AccountRoles.VIEW_PROFILE); + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.MANAGE_ACCOUNT); + + Assert.assertNames(scopesResource.getAll().getRealmMappings(), "role1"); + Assert.assertNames(scopesResource.getAll().getClientMappings().get(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).getMappings(), AccountRoles.VIEW_PROFILE); + + scopesResource.realmLevel().remove(Collections.singletonList(roleRep1)); + scopesResource.clientLevel(accountMgmtId).remove(Collections.singletonList(viewAccountRoleRep)); + + Assert.assertNames(scopesResource.realmLevel().listAll()); + Assert.assertNames(scopesResource.realmLevel().listEffective()); + Assert.assertNames(scopesResource.realmLevel().listAvailable(), "offline_access", "role1", "role2"); + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAll()); + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listAvailable(), AccountRoles.VIEW_PROFILE, AccountRoles.MANAGE_ACCOUNT); + Assert.assertNames(scopesResource.clientLevel(accountMgmtId).listEffective()); + } + public static void protocolMappersTest(ProtocolMappersResource mappersResource) { // assert default mappers found List protocolMappers = mappersResource.getMappers(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java index 1670a6b80b..ecce3064d7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/ClientTest.java @@ -91,28 +91,4 @@ public class ClientTest extends AbstractClientTest { assertEqualClients(rep, gotById); } - /* DEPRECATED? - @Test - public void testAllowedOrigins() { - createOidcClient("originsClient"); - ClientResource client = findClientResource("originsClient"); - java.util.Set origins = client.getAllowedOrigins(); - assertEquals(1, origins.size()); - assertTrue(origins.contains("foo/*")); - - origins.add("bar/*"); - client.updateAllowedOrigins(origins); //<-- STACK OVERFLOW - origins = client.getAllowedOrigins(); - assertEquals(2, origins.size()); - assertTrue(origins.contains("foo/*")); - assertTrue(origins.contains("bar/*")); - - java.util.Set toRemove = new java.util.HashSet<>(); - toRemove.add("bar/*"); - client.removeAllowedOrigins(origins); - origins = client.getAllowedOrigins(); - assertEquals(1, origins.size()); - assertTrue(origins.contains("foo/*")); - } */ - } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java index ba561cc5c8..7a693c7c97 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java @@ -113,8 +113,7 @@ public class SSOTest extends TestRealmKeycloakTest { try { //OAuthClient oauth2 = new OAuthClient(driver2); OAuthClient oauth2 = new OAuthClient(); - oauth2.setDriver(driver2); - oauth2.setAdminClient(adminClient); + oauth2.init(adminClient, driver2); oauth2.state("mystate"); oauth2.doLogin("test-user@localhost", "password"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java index a65e4ccebc..985574049d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java @@ -95,7 +95,7 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest { .clientId("client2") .directAccessGrants() .serviceAccountsEnabled(true) - .redirectUris(oauth.getRedirectUri()) + .redirectUris(OAuthClient.APP_ROOT + "/auth") .attribute(JWTClientAuthenticator.CERTIFICATE_ATTR, "MIICnTCCAYUCBgFPPQDGxTANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdjbGllbnQxMB4XDTE1MDgxNzE4NTAwNVoXDTI1MDgxNzE4NTE0NVowEjEQMA4GA1UEAwwHY2xpZW50MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMw3PaBffWxgS2PYSDDBp6As+cNvv9kt2C4f/RDAGmvSIHPFev9kuQiKs3Oaws3ZsV4JG3qHEuYgnh9W4vfe3DwNwtD1bjL5FYBhPBFTw0lAQECYxaBHnkjHwUKp957FqdSPPICm3LjmTcEdlH+9dpp9xHCMbbiNiWDzWI1xSxC8Fs2d0hwz1sd+Q4QeTBPIBWcPM+ICZtNG5MN+ORfayu4X+Me5d0tXG2fQO//rAevk1i5IFjKZuOjTwyKB5SJIY4b8QTeg0g/50IU7Ht00Pxw6CK02dHS+FvXHasZlD3ckomqCDjStTBWdhJo5dST0CbOqalkkpLlCCbGA1yEQRsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAUIMeJ+EAo8eNpCG/nXImacjrKakbFnZYBGD/gqeTGaZynkX+jgBSructTHR83zSH+yELEhsAy+3BfK4EEihp+PEcRnK2fASVkHste8AQ7rlzC+HGGirlwrVhWCdizNUCGK80DE537IZ7nmZw6LFG9P5/Q2MvCsOCYjRUvMkukq6TdXBXR9tETwZ+0gpSfsOxjj0ZF7ftTRUSzx4rFfcbM9fRNdVizdOuKGc8HJPA5lLOxV6CyaYIvi3y5RlQI1OHeS34lE4w9CNPRFa/vdxXvN7ClyzA0HMFNWxBN7pC/Ht/FbhSvaAagJBHg+vCrcY5C26Oli7lAglf/zZrwUPs0w==") .authenticatorType(JWTClientAuthenticator.PROVIDER_ID) .build(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java index 8cd92bd8dd..b98877de2d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.util; +import org.keycloak.dom.saml.v2.ac.BooleanType; import org.keycloak.representations.idm.ClientRepresentation; import java.util.Arrays; @@ -58,11 +59,21 @@ public class ClientBuilder { return this; } + public ClientBuilder serviceAccount() { + rep.setServiceAccountsEnabled(true); + return this; + } + public ClientBuilder directAccessGrants() { rep.setDirectAccessGrantsEnabled(true); return this; } + public ClientBuilder fullScopeEnabled(Boolean fullScopeEnabled) { + rep.setFullScopeAllowed(fullScopeEnabled); + return this; + } + public ClientBuilder secret(String secret) { rep.setSecret(secret); return this;