From 23c575c23693fe04aab3d473f2a0060d5d6f7273 Mon Sep 17 00:00:00 2001 From: Johannes Knutsen Date: Mon, 31 Aug 2020 12:55:40 +0200 Subject: [PATCH] KEYCLOAK-15399: Wrong token type in token response. bearer vs Bearer --- .../org/keycloak/protocol/oidc/TokenManager.java | 2 +- .../composites/CompositeImportRoleTest.java | 10 +++++----- .../testsuite/composites/CompositeRoleTest.java | 10 +++++----- .../java/org/keycloak/testsuite/hok/HoKTest.java | 12 ++++++------ .../keycloak/testsuite/oauth/AccessTokenTest.java | 4 ++-- .../oauth/OAuthProofKeyForCodeExchangeTest.java | 4 ++-- .../keycloak/testsuite/oauth/RefreshTokenTest.java | 8 ++++---- 7 files changed, 25 insertions(+), 25 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java index 436e3f8743..62a273a08e 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/TokenManager.java @@ -962,7 +962,7 @@ public class TokenManager { if (accessToken != null) { String encodedToken = session.tokens().encode(accessToken); res.setToken(encodedToken); - res.setTokenType("bearer"); + res.setTokenType(TokenUtil.TOKEN_TYPE_BEARER); res.setSessionState(accessToken.getSessionState()); if (accessToken.getExpiration() != 0) { res.setExpiresIn(accessToken.getExpiration() - Time.currentTime()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java index e2951882f6..fed80c6206 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java @@ -59,7 +59,7 @@ public class CompositeImportRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -83,7 +83,7 @@ public class CompositeImportRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -106,7 +106,7 @@ public class CompositeImportRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -128,7 +128,7 @@ public class CompositeImportRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -149,7 +149,7 @@ public class CompositeImportRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java index 9eede4a5e9..e66d9bc667 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java @@ -231,7 +231,7 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -258,7 +258,7 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -282,7 +282,7 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -307,7 +307,7 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); @@ -331,7 +331,7 @@ public class CompositeRoleTest extends AbstractCompositeKeycloakTest { Assert.assertEquals(200, response.getStatusCode()); - Assert.assertEquals("bearer", response.getTokenType()); + Assert.assertEquals("Bearer", response.getTokenType()); AccessToken token = oauth.verifyToken(response.getAccessToken()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/hok/HoKTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/hok/HoKTest.java index 467f34d770..71d7e0034d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/hok/HoKTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/hok/HoKTest.java @@ -213,7 +213,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300))); Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800))); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId(); @@ -319,7 +319,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { EventRepresentation tokenEvent = events.expectCodeToToken(codeId, sessionId).assertEvent(); Assert.assertNotNull(refreshTokenString); - assertEquals("bearer", tokenResponse.getTokenType()); + assertEquals("Bearer", tokenResponse.getTokenType()); Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350))); int actual = refreshToken.getExpiration() - getCurrentTime(); Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW))); @@ -356,7 +356,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { RefreshToken refreshToken = oauth.parseRefreshToken(refreshTokenString); Assert.assertNotNull(refreshTokenString); - assertEquals("bearer", tokenResponse.getTokenType()); + assertEquals("Bearer", tokenResponse.getTokenType()); Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350))); int actual = refreshToken.getExpiration() - getCurrentTime(); Assert.assertThat(actual, allOf(greaterThanOrEqualTo(1799 - RefreshTokenTest.ALLOWED_CLOCK_SKEW), lessThanOrEqualTo(1800 + RefreshTokenTest.ALLOWED_CLOCK_SKEW))); @@ -403,7 +403,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { Assert.assertNotEquals(token.getId(), refreshedToken.getId()); Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId()); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); assertEquals(findUserByUsername(adminClient.realm("test"), username).getId(), refreshedToken.getSubject()); Assert.assertNotEquals(username, refreshedToken.getSubject()); @@ -452,7 +452,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { Response response = null; try { userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client); - response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "bearer " + tokenResponse.getAccessToken()).get(); + response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get(); testSuccessfulUserInfoResponse(response); } finally { response.close(); @@ -487,7 +487,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { Response response = null; try { userInfoTarget = UserInfoClientUtil.getUserInfoWebTarget(client); - response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "bearer " + tokenResponse.getAccessToken()).get(); + response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get(); assertEquals(401, response.getStatus()); } finally { response.close(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java index 002845e86f..17d1554021 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java @@ -192,7 +192,7 @@ public class AccessTokenTest extends AbstractKeycloakTest { Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300))); Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800))); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId(); @@ -1307,7 +1307,7 @@ public class AccessTokenTest extends AbstractKeycloakTest { assertEquals(200, response.getStatusCode()); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); JWSHeader header = new JWSInput(response.getAccessToken()).getHeader(); assertEquals(expectedAccessAlg, header.getAlgorithm().name()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthProofKeyForCodeExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthProofKeyForCodeExchangeTest.java index cee9197520..c4130e3419 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthProofKeyForCodeExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthProofKeyForCodeExchangeTest.java @@ -417,7 +417,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest { assertEquals(200, response.getStatusCode()); Assert.assertThat(response.getExpiresIn(), allOf(greaterThanOrEqualTo(250), lessThanOrEqualTo(300))); Assert.assertThat(response.getRefreshExpiresIn(), allOf(greaterThanOrEqualTo(1750), lessThanOrEqualTo(1800))); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); String expectedKid = oauth.doCertsRequest("test").getKeys()[0].getKeyId(); @@ -485,7 +485,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest { Assert.assertNotEquals(token.getId(), refreshedToken.getId()); Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId()); - assertEquals("bearer", refreshResponse.getTokenType()); + assertEquals("Bearer", refreshResponse.getTokenType()); assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), refreshedToken.getSubject()); Assert.assertNotEquals("test-user@localhost", refreshedToken.getSubject()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java index e8cadd0673..8c226d56a5 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java @@ -218,7 +218,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest { assertNotNull(refreshTokenString); - assertEquals("bearer", tokenResponse.getTokenType()); + assertEquals("Bearer", tokenResponse.getTokenType()); Assert.assertThat(token.getExpiration() - getCurrentTime(), allOf(greaterThanOrEqualTo(200), lessThanOrEqualTo(350))); int actual = refreshToken.getExpiration() - getCurrentTime(); @@ -250,7 +250,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest { Assert.assertNotEquals(token.getId(), refreshedToken.getId()); Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId()); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), refreshedToken.getSubject()); Assert.assertNotEquals("test-user@localhost", refreshedToken.getSubject()); @@ -1247,7 +1247,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest { assertNotNull(refreshTokenString); - assertEquals("bearer", tokenResponse.getTokenType()); + assertEquals("Bearer", tokenResponse.getTokenType()); assertEquals(sessionId, refreshToken.getSessionState()); @@ -1269,7 +1269,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest { Assert.assertNotEquals(token.getId(), refreshedToken.getId()); Assert.assertNotEquals(refreshToken.getId(), refreshedRefreshToken.getId()); - assertEquals("bearer", response.getTokenType()); + assertEquals("Bearer", response.getTokenType()); assertEquals(findUserByUsername(adminClient.realm("test"), "test-user@localhost").getId(), refreshedToken.getSubject()); Assert.assertNotEquals("test-user@localhost", refreshedToken.getSubject());