KEYCLOAK-4086 Client credentials missing in bearer-only Keycloak OIDC JSON
This commit is contained in:
Slawomir Dabek
parent
394676222f
commit
16fb1e2078
4 changed files with 57 additions and 3 deletions
|
|
@ -87,7 +87,7 @@ public class KeycloakOIDCClientInstallation implements ClientInstallationProvide
|
|||
return false;
|
||||
}
|
||||
|
||||
if (client.isBearerOnly() && client.getNodeReRegistrationTimeout() <= 0) {
|
||||
if (client.isBearerOnly() && !client.isServiceAccountsEnabled() && client.getNodeReRegistrationTimeout() <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -84,12 +84,32 @@ public abstract class AbstractClientTest extends AbstractAuthTest {
|
|||
}
|
||||
|
||||
protected String createOidcClient(String name) {
|
||||
return createClient(createOidcClientRep(name));
|
||||
}
|
||||
|
||||
protected String createOidcBearerOnlyClient(String name) {
|
||||
ClientRepresentation clientRep = createOidcClientRep(name);
|
||||
clientRep.setBearerOnly(Boolean.TRUE);
|
||||
clientRep.setPublicClient(Boolean.FALSE);
|
||||
return createClient(clientRep);
|
||||
}
|
||||
|
||||
protected String createOidcBearerOnlyClientWithAuthz(String name) {
|
||||
ClientRepresentation clientRep = createOidcClientRep(name);
|
||||
clientRep.setBearerOnly(Boolean.TRUE);
|
||||
clientRep.setPublicClient(Boolean.FALSE);
|
||||
clientRep.setAuthorizationServicesEnabled(Boolean.TRUE);
|
||||
clientRep.setServiceAccountsEnabled(Boolean.TRUE);
|
||||
return createClient(clientRep);
|
||||
}
|
||||
|
||||
protected ClientRepresentation createOidcClientRep(String name) {
|
||||
ClientRepresentation clientRep = new ClientRepresentation();
|
||||
clientRep.setClientId(name);
|
||||
clientRep.setName(name);
|
||||
clientRep.setRootUrl("foo");
|
||||
clientRep.setProtocol("openid-connect");
|
||||
return createClient(clientRep);
|
||||
clientRep.setProtocol("openid-connect");
|
||||
return clientRep;
|
||||
}
|
||||
|
||||
protected String createSamlClient(String name) {
|
||||
|
|
|
|||
|
|
@ -35,17 +35,28 @@ import static org.hamcrest.Matchers.*;
|
|||
public class InstallationTest extends AbstractClientTest {
|
||||
|
||||
private static final String OIDC_NAME = "oidcInstallationClient";
|
||||
private static final String OIDC_NAME_BEARER_ONLY_NAME = "oidcInstallationClientBearerOnly";
|
||||
private static final String OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME = "oidcInstallationClientBearerOnlyWithAuthz";
|
||||
private static final String SAML_NAME = "samlInstallationClient";
|
||||
|
||||
private ClientResource oidcClient;
|
||||
private String oidcClientId;
|
||||
private ClientResource oidcBearerOnlyClient;
|
||||
private String oidcBearerOnlyClientId;
|
||||
private ClientResource oidcBearerOnlyClientWithAuthz;
|
||||
private String oidcBearerOnlyClientWithAuthzId;
|
||||
private ClientResource samlClient;
|
||||
private String samlClientId;
|
||||
|
||||
@Before
|
||||
public void createClients() {
|
||||
oidcClientId = createOidcClient(OIDC_NAME);
|
||||
oidcBearerOnlyClientId = createOidcBearerOnlyClient(OIDC_NAME_BEARER_ONLY_NAME);
|
||||
oidcBearerOnlyClientWithAuthzId = createOidcBearerOnlyClientWithAuthz(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||
|
||||
oidcClient = findClientResource(OIDC_NAME);
|
||||
oidcBearerOnlyClient = findClientResource(OIDC_NAME_BEARER_ONLY_NAME);
|
||||
oidcBearerOnlyClientWithAuthz = findClientResource(OIDC_NAME_BEARER_ONLY_WITH_AUTHZ_NAME);
|
||||
|
||||
samlClientId = createSamlClient(SAML_NAME);
|
||||
samlClient = findClientResource(SAML_NAME);
|
||||
|
|
@ -54,6 +65,8 @@ public class InstallationTest extends AbstractClientTest {
|
|||
@After
|
||||
public void tearDown() {
|
||||
removeClient(oidcClientId);
|
||||
removeClient(oidcBearerOnlyClientId);
|
||||
removeClient(oidcBearerOnlyClientWithAuthzId);
|
||||
removeClient(samlClientId);
|
||||
}
|
||||
|
||||
|
|
@ -78,6 +91,25 @@ public class InstallationTest extends AbstractClientTest {
|
|||
assertOidcInstallationConfig(json);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOidcBearerOnlyJson() {
|
||||
String json = oidcBearerOnlyClient.getInstallationProvider("keycloak-oidc-keycloak-json");
|
||||
assertOidcInstallationConfig(json);
|
||||
assertThat(json, containsString("bearer-only"));
|
||||
assertThat(json, not(containsString("public-client")));
|
||||
assertThat(json, not(containsString("credentials")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testOidcBearerOnlyWithAuthzJson() {
|
||||
String json = oidcBearerOnlyClientWithAuthz.getInstallationProvider("keycloak-oidc-keycloak-json");
|
||||
assertOidcInstallationConfig(json);
|
||||
assertThat(json, containsString("bearer-only"));
|
||||
assertThat(json, not(containsString("public-client")));
|
||||
assertThat(json, containsString("credentials"));
|
||||
assertThat(json, containsString("secret"));
|
||||
}
|
||||
|
||||
private void assertOidcInstallationConfig(String config) {
|
||||
assertThat(config, containsString("master"));
|
||||
assertThat(config, not(containsString(ApiUtil.findActiveKey(testRealmResource()).getPublicKey())));
|
||||
|
|
|
|||
|
|
@ -1096,6 +1096,8 @@ module.controller('ClientDetailCtrl', function($scope, realm, client, templates,
|
|||
}
|
||||
$scope.client.publicClient = false;
|
||||
$scope.client.serviceAccountsEnabled = true;
|
||||
} else if ($scope.client.bearerOnly) {
|
||||
$scope.client.serviceAccountsEnabled = false;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue