From 3047749890ce3b5e130c4036515593cf288ea433 Mon Sep 17 00:00:00 2001 From: Erik Jan de Wit Date: Wed, 1 Feb 2023 18:19:04 +0100 Subject: [PATCH] Add missing OAuth 2.0 fields to token settings (#4253) --- .../resources/en/realm-settings-help.json | 2 + .../public/resources/en/realm-settings.json | 2 + .../admin-ui/src/realm-settings/TokensTab.tsx | 71 +++++++++++++++---- .../src/defs/realmRepresentation.ts | 2 + 4 files changed, 65 insertions(+), 12 deletions(-) diff --git a/apps/admin-ui/public/resources/en/realm-settings-help.json b/apps/admin-ui/public/resources/en/realm-settings-help.json index acf2a1e095..ca22873ce4 100644 --- a/apps/admin-ui/public/resources/en/realm-settings-help.json +++ b/apps/admin-ui/public/resources/en/realm-settings-help.json @@ -66,6 +66,8 @@ "clientLoginTimeout": "Max time a client has to finish the access token protocol. This should normally be 1 minute.", "userInitiatedActionLifespan": "Maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired. This value is recommended to be short because it's expected that the user would react to self-created action quickly.", "defaultAdminInitiatedActionLifespan": "Maximum time before an action permit sent to a user by administrator is expired. This value is recommended to be long to allow administrators to send e-mails for users that are currently offline. The default timeout can be overridden immediately before issuing the token.", + "oAuthDeviceCodeLifespan": "Max time before the device code and user code are expired. This value needs to be a long enough lifetime to be usable (allowing the user to retrieve their secondary device, navigate to the verification URI, login, etc.), but should be sufficiently short to limit the usability of a code obtained for phishing.", + "oAuthDevicePollingInterval": "The minimum amount of time in seconds that the client should wait between polling requests to the token endpoint.", "shortVerificationUriTooltip": "If set, this value will be return as verification_uri in Device Authorization flow. This uri need to redirect to {server-root}/realms/{realm}/device", "overrideActionTokens": "Override default settings of maximum time before an action permit sent by a user (such as a forgot password e-mail) is expired for specific action. This value is recommended to be short because it's expected that the user would react to self-created action quickly.", "internationalization": "If enabled, you can choose which locales you support for this realm and which locale is the default.", diff --git a/apps/admin-ui/public/resources/en/realm-settings.json b/apps/admin-ui/public/resources/en/realm-settings.json index 64953f1e93..4543e95932 100644 --- a/apps/admin-ui/public/resources/en/realm-settings.json +++ b/apps/admin-ui/public/resources/en/realm-settings.json @@ -202,6 +202,8 @@ "clientLoginTimeout": "Client Login Timeout", "userInitiatedActionLifespan": "User-Initiated Action Lifespan", "defaultAdminInitiated": "Default Admin-Initiated Action Lifespan", + "oAuthDeviceCodeLifespan": "OAuth 2.0 Device Code Lifespan", + "oAuthDevicePollingInterval": "OAuth 2.0 Device Polling Interval", "shortVerificationUri": "Short verification_uri in Device Authorization flow", "emailVerification": "Email Verification", "idpAccountEmailVerification": "IdP account email verification", diff --git a/apps/admin-ui/src/realm-settings/TokensTab.tsx b/apps/admin-ui/src/realm-settings/TokensTab.tsx index 15bd09c9e2..e864158126 100644 --- a/apps/admin-ui/src/realm-settings/TokensTab.tsx +++ b/apps/admin-ui/src/realm-settings/TokensTab.tsx @@ -140,6 +140,61 @@ export const RealmSettingsTokensTab = ({ /> + + } + > + ( + + )} + /> + + + } + > + ( + field.onChange(field.value || 0 + 1)} + onMinus={() => field.onChange(field.value || 0 - 1)} + onChange={(event) => { + const newValue = Number(event.currentTarget.value); + field.onChange(!isNaN(newValue) ? newValue : 0); + }} + placeholder={t("oAuthDevicePollingInterval")} + /> + )} + /> + } > - ( - - )} + diff --git a/libs/keycloak-admin-client/src/defs/realmRepresentation.ts b/libs/keycloak-admin-client/src/defs/realmRepresentation.ts index 97f764f374..6681704d54 100644 --- a/libs/keycloak-admin-client/src/defs/realmRepresentation.ts +++ b/libs/keycloak-admin-client/src/defs/realmRepresentation.ts @@ -75,6 +75,8 @@ export default interface RealmRepresentation { maxFailureWaitSeconds?: number; minimumQuickLoginWaitSeconds?: number; notBefore?: number; + oauth2DeviceCodeLifespan?: number; + oauth2DevicePollingInterval?: number; offlineSessionIdleTimeout?: number; offlineSessionMaxLifespan?: number; offlineSessionMaxLifespanEnabled?: boolean;