libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-380 Added OAuth2Constants

Browse source
This commit is contained in:
Stian Thorgersen 2014-03-15 10:43:52 +00:00
parent f9aaa16cfe
commit 331ab71427
33 changed files with 222 additions and 163 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
core/src/main/java/org/keycloak/AbstractOAuthClient.java
View file

@ -103,8 +103,8 @@ public class AbstractOAuthClient {
protected String stripOauthParametersFromRedirect(String uri) {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
.replaceQueryParam("code", null)
.replaceQueryParam("state", null);
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}

30
core/src/main/java/org/keycloak/OAuth2Constants.java Normal file
View file

@ -0,0 +1,30 @@
package org.keycloak;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public interface OAuth2Constants {
String CODE = "code";
String CLIENT_ID = "client_id";
String ERROR = "error";
String ERROR_DESCRIPTION = "error_description";
String REDIRECT_URI = "redirect_uri";
String SCOPE = "scope";
String STATE = "state";
String GRANT_TYPE = "grant_type";
String RESPONSE_TYPE = "response_type";
String REFRESH_TOKEN = "refresh_token";
}

2
examples/demo-template/customer-app-cli/src/main/resources/META-INF/keycloak.json
View file

@ -1,7 +1,7 @@
{
"realm" : "demo",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"auth-server-url" : "http://localhost:8080/auth",
"auth-server-url" : "http://localhost:8081/auth",
"ssl-not-required" : true,
"resource" : "customer-portal-cli",
"public-client" : true

7
examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java
View file

@ -14,6 +14,7 @@ import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.servlet.ServletOAuthClient;
@ -41,15 +42,15 @@ public class RefreshTokenFilter implements Filter {
HttpServletResponse response = (HttpServletResponse)resp;
Map<String, String[]> reqParams = request.getParameterMap();
if (reqParams.containsKey("code")) {
if (reqParams.containsKey(OAuth2Constants.CODE)) {
try {
String accessToken = oauthClient.getBearerToken(request).getToken();
userData.setAccessToken(accessToken);
} catch (ServerRequest.HttpFailure e) {
throw new ServletException(e);
}
} else if (reqParams.containsKey("error")) {
String oauthError = reqParams.get("error")[0];
} else if (reqParams.containsKey(OAuth2Constants.ERROR)) {
String oauthError = reqParams.get(OAuth2Constants.ERROR)[0];
request.setAttribute(OAUTH_ERROR_ATTR, oauthError);
}

5
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
View file

@ -2,6 +2,7 @@ package org.keycloak.login.freemarker;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.freemarker.FreeMarkerException;
import org.keycloak.freemarker.FreeMarkerUtil;
import org.keycloak.freemarker.Theme;
@ -125,7 +126,7 @@ public class FreeMarkerLoginForms implements LoginForms {
}
if (accessCode != null) {
uriBuilder.replaceQueryParam("code", accessCode);
uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
}
Map<String, Object> attributes = new HashMap<String, Object>();
@ -181,7 +182,7 @@ public class FreeMarkerLoginForms implements LoginForms {
attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested));
break;
case CODE:
attributes.put("code", new CodeBean(accessCode, messageType == MessageType.ERROR ? message : null));
attributes.put(OAuth2Constants.CODE, new CodeBean(accessCode, messageType == MessageType.ERROR ? message : null));
break;
}

3
integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
View file

@ -2,6 +2,7 @@ package org.keycloak.adapters;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.annotate.JsonSerialize;
import org.keycloak.OAuth2Constants;
import org.keycloak.ServiceUrlConstants;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.EnvUtil;
@ -66,7 +67,7 @@ public class KeycloakDeploymentBuilder {
String logoutUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(adapterConfig.getRealm()).toString();
String accountUrl = serverBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(adapterConfig.getRealm()).toString();
deployment.setAuthUrl(KeycloakUriBuilder.fromUri(authUrl).queryParam("client_id", deployment.getResourceName()));
deployment.setAuthUrl(KeycloakUriBuilder.fromUri(authUrl).queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName()));
deployment.setCodeUrl(tokenUrl);
deployment.setRefreshUrl(refreshUrl);
deployment.setLogoutUrl(KeycloakUriBuilder.fromUri(logoutUrl));

17
integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
View file

@ -1,6 +1,7 @@
package org.keycloak.adapters;
import org.jboss.logging.Logger;
import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
@ -99,11 +100,11 @@ public abstract class OAuthRequestAuthenticator {
}
protected String getError() {
return getQueryParamValue("error");
return getQueryParamValue(OAuth2Constants.ERROR);
}
protected String getCode() {
return getQueryParamValue("code");
return getQueryParamValue(OAuth2Constants.CODE);
}
protected String getRedirectUri(String state) {
@ -120,9 +121,9 @@ public abstract class OAuthRequestAuthenticator {
url = secureUrl.build().toString();
}
return deployment.getAuthUrl().clone()
.queryParam("client_id", deployment.getResourceName())
.queryParam("redirect_uri", url)
.queryParam("state", state)
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
.queryParam(OAuth2Constants.REDIRECT_URI, url)
.queryParam(OAuth2Constants.STATE, state)
.queryParam("login", "true")
.build().toString();
}
@ -168,7 +169,7 @@ public abstract class OAuthRequestAuthenticator {
facade.getResponse().resetCookie(deployment.getStateCookieName(), stateCookie.getPath());
String stateCookieValue = getCookieValue(deployment.getStateCookieName());
String state = getQueryParamValue("state");
String state = getQueryParamValue(OAuth2Constants.STATE);
if (state == null) {
log.warn("state parameter was null");
return challenge(400);
@ -300,8 +301,8 @@ public abstract class OAuthRequestAuthenticator {
*/
protected String stripOauthParametersFromRedirect() {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(facade.getRequest().getURI())
.replaceQueryParam("code", null)
.replaceQueryParam("state", null);
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}

19
integration/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java
View file

@ -7,6 +7,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.util.BasicAuthHelper;
@ -57,9 +58,9 @@ public class ServerRequest {
public static AccessTokenResponse invokeAccessCodeToToken(HttpClient client, boolean publicClient, String code, String codeUrl, String redirectUri, String client_id, Map<String, String> credentials) throws IOException, HttpFailure {
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
redirectUri = stripOauthParametersFromRedirect(redirectUri);
formparams.add(new BasicNameValuePair("grant_type", "authorization_code"));
formparams.add(new BasicNameValuePair("code", code));
formparams.add(new BasicNameValuePair("redirect_uri", redirectUri));
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "authorization_code"));
formparams.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
formparams.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
HttpResponse response = null;
HttpPost post = new HttpPost(codeUrl);
if (!publicClient) {
@ -69,7 +70,7 @@ public class ServerRequest {
post.setHeader("Authorization", authorization);
}
} else {
formparams.add(new BasicNameValuePair("client_id", client_id));
formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, client_id));
}
UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
@ -120,8 +121,8 @@ public class ServerRequest {
for (Map.Entry<String, String> entry : credentials.entrySet()) {
formparams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
}
formparams.add(new BasicNameValuePair("grant_type", "refresh_token"));
formparams.add(new BasicNameValuePair("refresh_token", refreshToken));
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
HttpResponse response = null;
HttpPost post = new HttpPost(refreshUrl);
if (!publicClient) {
@ -131,7 +132,7 @@ public class ServerRequest {
post.setHeader("Authorization", authorization);
}
} else {
formparams.add(new BasicNameValuePair("client_id", client_id));
formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, client_id));
}
UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
@ -190,8 +191,8 @@ public class ServerRequest {
protected static String stripOauthParametersFromRedirect(String uri) {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
.replaceQueryParam("code", null)
.replaceQueryParam("state", null);
.replaceQueryParam(OAuth2Constants.CODE, null)
.replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}

19
integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
View file

@ -1,5 +1,6 @@
package org.keycloak.adapters.installed;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
@ -96,9 +97,9 @@ public class KeycloakInstalled {
String state = UUID.randomUUID().toString();
String authUrl = deployment.getAuthUrl().clone()
.queryParam("client_id", deployment.getResourceName())
.queryParam("redirect_uri", redirectUri)
.queryParam("state", state)
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam(OAuth2Constants.STATE, state)
.queryParam("login", "true")
.build().toString();
@ -130,7 +131,7 @@ public class KeycloakInstalled {
String redirectUri = "http://localhost:" + callback.server.getLocalPort();
String logoutUrl = deployment.getLogoutUrl()
.queryParam("redirect_uri", redirectUri)
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.build().toString();
Desktop.getDesktop().browse(new URI(logoutUrl));
@ -153,8 +154,8 @@ public class KeycloakInstalled {
String redirectUri = "urn:ietf:wg:oauth:2.0:oob";
String authUrl = deployment.getAuthUrl().clone()
.queryParam("client_id", deployment.getResourceName())
.queryParam("redirect_uri", redirectUri)
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam("login", "true")
.build().toString();
@ -281,13 +282,13 @@ public class KeycloakInstalled {
for (String param : params) {
String[] p = param.split("=");
if (p[0].equals("code")) {
if (p[0].equals(OAuth2Constants.CODE)) {
code = p[1];
} else if (p[0].equals("error")) {
} else if (p[0].equals(OAuth2Constants.ERROR)) {
error = p[1];
} else if (p[0].equals("error-description")) {
errorDescription = p[1];
} else if (p[0].equals("state")) {
} else if (p[0].equals(OAuth2Constants.STATE)) {
state = p[1];
}
}

23
integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
View file

@ -4,6 +4,7 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.util.BasicAuthHelper;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
@ -49,10 +50,10 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
public String resolveBearerToken(String redirectUri, String code) {
redirectUri = stripOauthParametersFromRedirect(redirectUri);
Form codeForm = new Form()
.param("grant_type", "authorization_code")
.param("code", code)
.param("client_id", clientId)
.param("redirect_uri", redirectUri);
.param(OAuth2Constants.GRANT_TYPE, "authorization_code")
.param(OAuth2Constants.CODE, code)
.param(OAuth2Constants.CLIENT_ID, clientId)
.param(OAuth2Constants.REDIRECT_URI, redirectUri);
for (Map.Entry<String, String> entry : credentials.entrySet()) {
codeForm.param(entry.getKey(), entry.getValue());
}
@ -73,11 +74,11 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
String state = getStateCode();
UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
.queryParam("client_id", clientId)
.queryParam("redirect_uri", redirectUri)
.queryParam("state", state);
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam(OAuth2Constants.STATE, state);
if (scope != null) {
uriBuilder.queryParam("scope", scope);
uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
}
URI url = uriBuilder.build();
@ -105,17 +106,17 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
}
public String getError(UriInfo uriInfo) {
return uriInfo.getQueryParameters().getFirst("error");
return uriInfo.getQueryParameters().getFirst(OAuth2Constants.ERROR);
}
public String getAccessCode(UriInfo uriInfo) {
return uriInfo.getQueryParameters().getFirst("code");
return uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE);
}
public void checkStateCookie(UriInfo uriInfo, HttpHeaders headers) {
Cookie stateCookie = headers.getCookies().get(stateCookieName);
if (stateCookie == null) throw new BadRequestException("state cookie not set");
String state = uriInfo.getQueryParameters().getFirst("state");
String state = uriInfo.getQueryParameters().getFirst(OAuth2Constants.STATE);
if (state == null) throw new BadRequestException("state parameter was null");
if (!state.equals(stateCookie.getValue())) {
throw new BadRequestException("state parameter invalid");

17
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
View file

@ -2,6 +2,7 @@ package org.keycloak.servlet;
import org.apache.http.client.HttpClient;
import org.keycloak.AbstractOAuthClient;
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.jose.jws.JWSInput;
@ -75,11 +76,11 @@ public class ServletOAuthClient extends AbstractOAuthClient {
String state = getStateCode();
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl)
.queryParam("client_id", clientId)
.queryParam("redirect_uri", redirectUri)
.queryParam("state", state);
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam(OAuth2Constants.STATE, state);
if (scope != null) {
uriBuilder.queryParam("scope", scope);
uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
}
URI url = uriBuilder.build();
@ -111,7 +112,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
int eq = param.indexOf('=');
if (eq == -1) continue;
String name = param.substring(0, eq);
if (!name.equals("code")) continue;
if (!name.equals(OAuth2Constants.CODE)) continue;
return param.substring(eq + 1);
}
return null;
@ -128,14 +129,14 @@ public class ServletOAuthClient extends AbstractOAuthClient {
* @throws org.keycloak.adapters.ServerRequest.HttpFailure
*/
public AccessTokenResponse getBearerToken(HttpServletRequest request) throws IOException, ServerRequest.HttpFailure {
String error = request.getParameter("error");
String error = request.getParameter(OAuth2Constants.ERROR);
if (error != null) throw new IOException("OAuth error: " + error);
String redirectUri = request.getRequestURL().append("?").append(request.getQueryString()).toString();
String stateCookie = getCookieValue(stateCookieName, request);
if (stateCookie == null) throw new IOException("state cookie not set");
// we can call get parameter as this should be a redirect
String state = request.getParameter("state");
String code = request.getParameter("code");
String state = request.getParameter(OAuth2Constants.STATE);
String code = request.getParameter(OAuth2Constants.CODE);
if (state == null) throw new IOException("state parameter was null");
if (!state.equals(stateCookie)) {

2
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java
View file

@ -25,7 +25,7 @@ public class ScopeRelationship extends AbstractAttributedType implements Relatio
@Override
public String getName() {
return "scope";
return OAuth2Constants.SCOPE;
}
};

3
services/src/main/java/org/keycloak/services/resources/AccountService.java
View file

@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.account.Account;
import org.keycloak.account.AccountLoader;
import org.keycloak.account.AccountPages;
@ -291,7 +292,7 @@ public class AccountService {
return Flows.social(socialRequestManager, realm, uriInfo, provider)
.putClientAttribute("realm", realm.getName())
.putClientAttribute("clientId", Constants.ACCOUNT_MANAGEMENT_APP)
.putClientAttribute("state", UUID.randomUUID().toString()).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute(OAuth2Constants.STATE, UUID.randomUUID().toString()).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute("userId", user.getId())
.redirectToSocialProvider();
} catch (SocialProviderException spe) {

11
services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
View file

@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.login.LoginForms;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
@ -241,10 +242,10 @@ public class RequiredActionsService {
public Response sendPasswordReset(final MultivaluedMap<String, String> formData) {
String username = formData.getFirst("username");
String scopeParam = uriInfo.getQueryParameters().getFirst("scope");
String state = uriInfo.getQueryParameters().getFirst("state");
String redirect = uriInfo.getQueryParameters().getFirst("redirect_uri");
String clientId = uriInfo.getQueryParameters().getFirst("client_id");
String scopeParam = uriInfo.getQueryParameters().getFirst(OAuth2Constants.SCOPE);
String state = uriInfo.getQueryParameters().getFirst(OAuth2Constants.STATE);
String redirect = uriInfo.getQueryParameters().getFirst(OAuth2Constants.REDIRECT_URI);
String clientId = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CLIENT_ID);
ClientModel client = realm.findClient(clientId);
if (client == null) {
@ -283,7 +284,7 @@ public class RequiredActionsService {
}
private AccessCodeEntry getAccessCodeEntry(RequiredAction requiredAction) {
String code = uriInfo.getQueryParameters().getFirst("code");
String code = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE);
if (code == null) {
logger.debug("getAccessCodeEntry code as not in query param");
return null;

25
services/src/main/java/org/keycloak/services/resources/SocialResource.java
View file

@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@ -141,11 +142,11 @@ public class SocialResource {
socialUser = provider.processCallback(config, callback);
} catch (SocialAccessDeniedException e) {
MultivaluedHashMap<String, String> queryParms = new MultivaluedHashMap<String, String>();
queryParms.putSingle("client_id", requestData.getClientAttribute("clientId"));
queryParms.putSingle("state", requestData.getClientAttribute("state"));
queryParms.putSingle("scope", requestData.getClientAttribute("scope"));
queryParms.putSingle("redirect_uri", requestData.getClientAttribute("redirectUri"));
queryParms.putSingle("response_type", requestData.getClientAttribute("responseType"));
queryParms.putSingle(OAuth2Constants.CLIENT_ID, requestData.getClientAttribute("clientId"));
queryParms.putSingle(OAuth2Constants.STATE, requestData.getClientAttribute(OAuth2Constants.STATE));
queryParms.putSingle(OAuth2Constants.SCOPE, requestData.getClientAttribute(OAuth2Constants.SCOPE));
queryParms.putSingle(OAuth2Constants.REDIRECT_URI, requestData.getClientAttribute("redirectUri"));
queryParms.putSingle(OAuth2Constants.RESPONSE_TYPE, requestData.getClientAttribute("responseType"));
return Flows.forms(realm, request, uriInfo).setQueryParams(queryParms).setWarning("Access denied").createLogin();
} catch (SocialProviderException e) {
logger.warn("Failed to process social callback", e);
@ -204,8 +205,8 @@ public class SocialResource {
return oauth.forwardToSecurityFailure("Your account is not enabled.");
}
String scope = requestData.getClientAttributes().get("scope");
String state = requestData.getClientAttributes().get("state");
String scope = requestData.getClientAttributes().get(OAuth2Constants.SCOPE);
String state = requestData.getClientAttributes().get(OAuth2Constants.STATE);
String redirectUri = requestData.getClientAttributes().get("redirectUri");
return oauth.processAccessCode(scope, state, redirectUri, client, user);
@ -214,7 +215,7 @@ public class SocialResource {
@GET
@Path("{realm}/login")
public Response redirectToProviderAuth(@PathParam("realm") final String realmName,
@QueryParam("provider_id") final String providerId, @QueryParam("client_id") final String clientId,
@QueryParam("provider_id") final String providerId, @QueryParam(OAuth2Constants.CLIENT_ID) final String clientId,
@QueryParam("scope") final String scope, @QueryParam("state") final String state,
@QueryParam("redirect_uri") String redirectUri, @QueryParam("response_type") String responseType) {
RealmManager realmManager = new RealmManager(session);
@ -243,8 +244,8 @@ public class SocialResource {
try {
return Flows.social(socialRequestManager, realm, uriInfo, provider)
.putClientAttribute("realm", realmName)
.putClientAttribute("clientId", clientId).putClientAttribute("scope", scope)
.putClientAttribute("state", state).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute("clientId", clientId).putClientAttribute(OAuth2Constants.SCOPE, scope)
.putClientAttribute(OAuth2Constants.STATE, state).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute("responseType", responseType).redirectToSocialProvider();
} catch (Throwable t) {
return Flows.forms(realm, request, uriInfo).setError("Failed to redirect to social auth").createErrorPage();
@ -253,8 +254,8 @@ public class SocialResource {
private RequestDetails getRequestDetails(Map<String, String[]> queryParams) {
String requestId = null;
if (queryParams.containsKey("state")) {
requestId = queryParams.get("state")[0];
if (queryParams.containsKey(OAuth2Constants.STATE)) {
requestId = queryParams.get(OAuth2Constants.STATE)[0];
} else if (queryParams.containsKey("oauth_token")) {
requestId = queryParams.get("oauth_token")[0];
} else if (queryParams.containsKey("denied")) {

57
services/src/main/java/org/keycloak/services/resources/TokenService.java
View file

@ -4,6 +4,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
@ -165,7 +166,7 @@ public class TokenService {
if (authManager.authenticateForm(realm, user, form) != AuthenticationStatus.SUCCESS) {
throw new NotAuthorizedException("Auth failed");
}
String scope = form.getFirst("scope");
String scope = form.getFirst(OAuth2Constants.SCOPE);
AccessTokenResponse res = tokenManager.responseBuilder(realm, client)
.generateAccessToken(scope, client, user)
.generateIDToken()
@ -185,14 +186,14 @@ public class TokenService {
}
ClientModel client = authorizeClient(authorizationHeader, form);
String refreshToken = form.getFirst("refresh_token");
String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
AccessToken accessToken = null;
try {
accessToken = tokenManager.refreshAccessToken(realm, client, refreshToken);
} catch (OAuthErrorException e) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", e.getError());
if (e.getDescription() != null) error.put("error_description", e.getDescription());
error.put(OAuth2Constants.ERROR, e.getError());
if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(), e);
}
@ -372,11 +373,11 @@ public class TokenService {
ClientModel client = authorizeClient(authorizationHeader, formData);
String code = formData.getFirst("code");
String code = formData.getFirst(OAuth2Constants.CODE);
if (code == null) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_request");
error.put("error_description", "code not specified");
error.put(OAuth2Constants.ERROR, "invalid_request");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "code not specified");
throw new BadRequestException("Code not specified", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@ -390,8 +391,8 @@ public class TokenService {
}
if (!verifiedCode) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Unable to verify code signature");
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Unable to verify code signature");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@ -399,29 +400,29 @@ public class TokenService {
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Code not found");
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code not found");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (accessCode.isExpired()) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Code is expired");
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code is expired");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (!accessCode.getToken().isActive()) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Token expired");
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Token expired");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
Map<String, String> res = new HashMap<String, String>();
res.put("error", "invalid_grant");
res.put("error_description", "Auth error");
res.put(OAuth2Constants.ERROR, "invalid_grant");
res.put(OAuth2Constants.ERROR_DESCRIPTION, "Auth error");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@ -446,36 +447,36 @@ public class TokenService {
clientSecret = usernameSecret[1];
} else {
logger.info("no authorization header");
client_id = formData.getFirst("client_id");
client_id = formData.getFirst(OAuth2Constants.CLIENT_ID);
clientSecret = formData.getFirst("client_secret");
}
if (client_id == null) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_client");
error.put("error_description", "Could not find client");
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
ClientModel client = realm.findClient(client_id);
if (client == null) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_client");
error.put("error_description", "Could not find client");
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
if (!client.isEnabled()) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "invalid_client");
error.put("error_description", "Client is not enabled");
error.put(OAuth2Constants.ERROR, "invalid_client");
error.put(OAuth2Constants.ERROR_DESCRIPTION, "Client is not enabled");
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
if (!client.isPublicClient()) {
if (!client.validateSecret(clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
error.put("error", "unauthorized_client");
error.put(OAuth2Constants.ERROR, "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
}
@ -599,7 +600,7 @@ public class TokenService {
return oauth.forwardToSecurityFailure("HTTPS required");
}
String code = formData.getFirst("code");
String code = formData.getFirst(OAuth2Constants.CODE);
JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
@ -628,9 +629,9 @@ public class TokenService {
}
protected Response redirectAccessDenied(String redirect, String state) {
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", "access_denied");
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, "access_denied");
if (state != null)
redirectUri.queryParam("state", state);
redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
return location.build();
}

5
services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
View file

@ -5,6 +5,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
import org.keycloak.OAuth2Constants;
import org.keycloak.jaxrs.JaxrsOAuthClient;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
@ -319,8 +320,8 @@ public class AdminService {
}
protected Response redirectOnLoginError(String message) {
URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam("error", message).build();
URI logout = TokenService.logoutUrl(uriInfo).queryParam("redirect_uri", uri.toString()).build(Config.getAdminRealm());
URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam(OAuth2Constants.ERROR, message).build();
URI logout = TokenService.logoutUrl(uriInfo).queryParam(OAuth2Constants.REDIRECT_URI, uri.toString()).build(Config.getAdminRealm());
return Response.status(302).location(logout).build();
}

9
services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
View file

@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@ -85,10 +86,10 @@ public class OAuthFlows {
if (Constants.INSTALLED_APP_URN.equals(redirect)) {
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), code).createCode();
} else {
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("code", code);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code);
log.debug("redirectAccessCode: state: {0}", state);
if (state != null)
redirectUri.queryParam("state", state);
redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
rememberMe = rememberMe || remember != null;
@ -101,9 +102,9 @@ public class OAuthFlows {
if (Constants.INSTALLED_APP_URN.equals(redirect)) {
return Flows.forms(realm, request, uriInfo).setError(error).createCode();
} else {
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, error);
if (state != null) {
redirectUri.queryParam("state", state);
redirectUri.queryParam(OAuth2Constants.STATE, state);
}
return Response.status(302).location(redirectUri.build()).build();
}

3
social/core/src/main/java/org/keycloak/social/AbstractOAuth2Provider.java
View file

@ -1,6 +1,7 @@
package org.keycloak.social;
import org.json.JSONObject;
import org.keycloak.OAuth2Constants;
import org.keycloak.social.utils.SimpleHttp;
import java.io.IOException;
@ -51,7 +52,7 @@ public abstract class AbstractOAuth2Provider implements SocialProvider {
@Override
public SocialUser processCallback(SocialProviderConfig config, AuthCallback callback) throws SocialProviderException {
String error = callback.getQueryParam("error");
String error = callback.getQueryParam(OAuth2Constants.ERROR);
if (error != null) {
if (error.equals("access_denied")) {
throw new SocialAccessDeniedException();

9
testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocial.java
View file

@ -1,5 +1,6 @@
package org.keycloak.testsuite;
import org.keycloak.OAuth2Constants;
import org.keycloak.social.AuthCallback;
import org.keycloak.social.AuthRequest;
import org.keycloak.social.SocialAccessDeniedException;
@ -23,8 +24,8 @@ public class DummySocial implements SocialProvider {
public AuthRequest getAuthUrl(SocialProviderConfig config) throws SocialProviderException {
String state = UUID.randomUUID().toString();
return AuthRequest.create(state, AUTH_PATH).setQueryParam("response_type", "token")
.setQueryParam("redirect_uri", config.getCallbackUrl()).setQueryParam("state", state).setAttribute("state", state).build();
return AuthRequest.create(state, AUTH_PATH).setQueryParam(OAuth2Constants.RESPONSE_TYPE, "token")
.setQueryParam(OAuth2Constants.REDIRECT_URI, config.getCallbackUrl()).setQueryParam(OAuth2Constants.STATE, state).setAttribute(OAuth2Constants.STATE, state).build();
}
@Override
@ -34,12 +35,12 @@ public class DummySocial implements SocialProvider {
@Override
public SocialUser processCallback(SocialProviderConfig config, AuthCallback callback) throws SocialProviderException {
String error = callback.getQueryParam("error");
String error = callback.getQueryParam(OAuth2Constants.ERROR);
if (error != null) {
throw new SocialAccessDeniedException();
}
if (!callback.getQueryParam("state").equals(callback.getAttribute("state"))) {
if (!callback.getQueryParam(OAuth2Constants.STATE).equals(callback.getAttribute(OAuth2Constants.STATE))) {
throw new SocialProviderException("Invalid state");
}

5
testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
View file

@ -2,6 +2,7 @@ package org.keycloak.testsuite;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.keycloak.OAuth2Constants;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@ -48,9 +49,9 @@ public class DummySocialServlet extends HttpServlet {
throw new RuntimeException(e);
}
for (NameValuePair p : query) {
if ("state".equals(p.getName())) {
if (OAuth2Constants.STATE.equals(p.getName())) {
state = p.getValue();
} else if ("redirect_uri".equals(p.getName())) {
} else if (OAuth2Constants.REDIRECT_URI.equals(p.getName())) {
redirectUri = p.getValue();
}
}

39
testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
View file

@ -33,6 +33,7 @@ import org.apache.http.message.BasicNameValuePair;
import org.jboss.resteasy.security.PemUtils;
import org.json.JSONObject;
import org.junit.Assert;
import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
@ -64,7 +65,7 @@ public class OAuthClient {
private String realm = "test";
private String responseType = "code";
private String responseType = OAuth2Constants.CODE;
private String grantType = "authorization_code";
@ -111,20 +112,20 @@ public class OAuthClient {
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (grantType != null) {
parameters.add(new BasicNameValuePair("grant_type", grantType));
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
}
if (code != null) {
parameters.add(new BasicNameValuePair("code", code));
parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
}
if (redirectUri != null) {
parameters.add(new BasicNameValuePair("redirect_uri", redirectUri));
parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
}
else if (clientId != null) {
parameters.add(new BasicNameValuePair("client_id", clientId));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
UrlEncodedFormEntity formEntity = null;
@ -148,17 +149,17 @@ public class OAuthClient {
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (grantType != null) {
parameters.add(new BasicNameValuePair("grant_type", grantType));
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
}
if (refreshToken != null) {
parameters.add(new BasicNameValuePair("refresh_token", refreshToken));
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
}
else if (clientId != null) {
parameters.add(new BasicNameValuePair("client_id", clientId));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
UrlEncodedFormEntity formEntity = null;
@ -234,7 +235,7 @@ public class OAuthClient {
public void openLogout() {
UriBuilder b = UriBuilder.fromUri(baseUrl + "/realms/" + realm + "/tokens/logout");
if (redirectUri != null) {
b.queryParam("redirect_uri", redirectUri);
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
driver.navigate().to(b.build().toString());
}
@ -246,16 +247,16 @@ public class OAuthClient {
public String getLoginFormUrl() {
UriBuilder b = UriBuilder.fromUri(baseUrl + "/realms/" + realm + "/tokens/login");
if (responseType != null) {
b.queryParam("response_type", responseType);
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
}
if (clientId != null) {
b.queryParam("client_id", clientId);
b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
}
if (redirectUri != null) {
b.queryParam("redirect_uri", redirectUri);
b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
if (state != null) {
b.queryParam("state", state);
b.queryParam(OAuth2Constants.STATE, state);
}
return b.build().toString();
}
@ -312,9 +313,9 @@ public class OAuthClient {
public AuthorizationCodeResponse(OAuthClient client) {
isRedirected = client.getCurrentRequest().equals(client.getRedirectUri());
code = client.getCurrentQuery().get("code");
state = client.getCurrentQuery().get("state");
error = client.getCurrentQuery().get("error");
code = client.getCurrentQuery().get(OAuth2Constants.CODE);
state = client.getCurrentQuery().get(OAuth2Constants.STATE);
error = client.getCurrentQuery().get(OAuth2Constants.ERROR);
}
public boolean isRedirected() {
@ -358,11 +359,11 @@ public class OAuthClient {
tokenType = responseJson.getString("token_type");
expiresIn = responseJson.getInt("expires_in");
if (responseJson.has("refresh_token")) {
refreshToken = responseJson.getString("refresh_token");
if (responseJson.has(OAuth2Constants.REFRESH_TOKEN)) {
refreshToken = responseJson.getString(OAuth2Constants.REFRESH_TOKEN);
}
} else {
error = responseJson.getString("error");
error = responseJson.getString(OAuth2Constants.ERROR);
}
}

13
testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
View file

@ -10,6 +10,7 @@ import org.json.JSONObject;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
@ -97,7 +98,7 @@ public class ProfileTest {
public void getProfile() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
@ -119,7 +120,7 @@ public class ProfileTest {
public void getProfileCors() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
driver.navigate().to("http://localtest.me:8081/app");
@ -132,7 +133,7 @@ public class ProfileTest {
public void getProfileCorsInvalidOrigin() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
driver.navigate().to("http://invalid.localtest.me:8081");
@ -166,7 +167,7 @@ public class ProfileTest {
public void getProfileNoAccess() throws Exception {
oauth.doLogin("test-user-no-access@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
@ -180,7 +181,7 @@ public class ProfileTest {
grantPage.accept();
String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password").getAccessToken();
String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
assertEquals(200, response.getStatusLine().getStatusCode());
@ -194,7 +195,7 @@ public class ProfileTest {
oauth.clientId("third-party");
oauth.doLoginGrant("test-user@localhost", "password");
String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password").getAccessToken();
String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
assertEquals(403, response.getStatusLine().getStatusCode());

3
testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@ -139,7 +140,7 @@ public class AdapterTest {
// test logout
String logoutUri = UriBuilder.fromUri("http://localhost:8081/auth/rest/realms/demo/tokens/logout")
.queryParam("redirect_uri", "http://localhost:8081/customer-portal").build().toString();
.queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build().toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to("http://localhost:8081/product-portal");

11
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
@ -81,7 +82,7 @@ public class CompositeImportRoleTest {
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -106,7 +107,7 @@ public class CompositeImportRoleTest {
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -130,7 +131,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -153,7 +154,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -175,7 +176,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());

11
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@ -159,7 +160,7 @@ public class CompositeRoleTest {
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -184,7 +185,7 @@ public class CompositeRoleTest {
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -208,7 +209,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -231,7 +232,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@ -253,7 +254,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());

7
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@ -101,7 +102,7 @@ public class LoginTest {
loginPage.login("login-test", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
@Test
@ -110,7 +111,7 @@ public class LoginTest {
loginPage.login("login@test.com", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
@Test
@ -120,7 +121,7 @@ public class LoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertEquals("access_denied", oauth.getCurrentQuery().get("error"));
Assert.assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
}
}

3
testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
@ -68,7 +69,7 @@ public class SSOTest {
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
appPage.open();

3
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
@ -62,7 +63,7 @@ public class AccessTokenTest {
public void accessTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());

3
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@ -87,7 +88,7 @@ public class AuthorizationCodeTest {
String title = driver.getTitle();
Assert.assertTrue(title.startsWith("Success code="));
String code = driver.findElement(By.id("code")).getText();
String code = driver.findElement(By.id(OAuth2Constants.CODE)).getText();
oauth.verifyCode(code);
}

9
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
View file

@ -28,6 +28,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.LoginPage;
@ -74,8 +75,8 @@ public class OAuthGrantTest {
grantPage.accept();
Assert.assertTrue(oauth.getCurrentQuery().containsKey("code"));
OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.CODE));
OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(accessToken.getAccessToken());
@ -100,7 +101,7 @@ public class OAuthGrantTest {
grantPage.cancel();
Assert.assertTrue(oauth.getCurrentQuery().containsKey("error"));
Assert.assertEquals("access_denied", oauth.getCurrentQuery().get("error"));
Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.ERROR));
Assert.assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
}
}

3
testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
View file

@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.testsuite.OAuthClient;
@ -64,7 +65,7 @@ public class RefreshTokenTest {
public void refreshTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.getCurrentQuery().get("code");
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());

5
testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
View file

@ -26,6 +26,7 @@ import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
@ -106,7 +107,7 @@ public class SocialLoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(36, token.getSubject().length());
@ -167,7 +168,7 @@ public class SocialLoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(response.getAccessToken());
UserRepresentation profile = keycloakRule.getUserById("test", token.getSubject());