Grant urn:ietf:params:oauth:grant-type:pre-authorized_code was enabled even if oid4vc_vci feature is disabled

closes #28968 Signed-off-by: mposolda <mposolda@gmail.com>
2024-04-22 14:04:10 +02:00 · 2024-04-22 14:04:10 +02:00 · 337a337bf9
commit 337a337bf9
parent eac4b53751
4 changed files with 66 additions and 9 deletions
--- a/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java
+++ b/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java
@ -28,7 +28,7 @@ import org.keycloak.provider.Spi;
 */
 public class OAuth2GrantTypeSpi implements Spi {

-    private static final String SPI_NAME = "oauth2-grant-type";
+    public static final String SPI_NAME = "oauth2-grant-type";

    @Override
    public boolean isInternal() {
--- a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java
@ -40,7 +40,7 @@ import org.keycloak.utils.MediaType;

 import java.util.UUID;

-public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase implements EnvironmentDependentProviderFactory {
+public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase {

    private static final Logger LOGGER = Logger.getLogger(PreAuthorizedCodeGrantType.class);

@ -96,12 +96,6 @@ public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase implements E
        return cors.allowAllOrigins().builder(Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE)).build();
    }

-
-    @Override
-    public boolean isSupported(Config.Scope config) {
-        return Profile.isFeatureEnabled(Profile.Feature.OID4VC_VCI);
-    }
-
    @Override
    public EventType getEventType() {
        return EventType.CODE_TO_TOKEN;
--- a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java
@ -18,15 +18,17 @@
 package org.keycloak.protocol.oidc.grants;

 import org.keycloak.Config;
+import org.keycloak.common.Profile;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.EnvironmentDependentProviderFactory;

 /**
 * Factory for Pre-Authorized Code Grant
 *
 * @author <a href="https://github.com/wistefan">Stefan Wiedemann</a>
 */
-public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory {
+public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory, EnvironmentDependentProviderFactory {

    public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:pre-authorized_code";

@ -52,4 +54,9 @@ public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory
        return GRANT_TYPE;
    }

+    @Override
+    public boolean isSupported(Config.Scope config) {
+        return Profile.isFeatureEnabled(Profile.Feature.OID4VC_VCI);
+    }
+
 }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java
@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ *  and other contributors as indicated by the @author tags.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.keycloak.testsuite.oid4vc.issuance.signing;
+
+import org.junit.Test;
+import org.keycloak.common.Profile;
+import org.keycloak.protocol.oidc.grants.OAuth2GrantTypeSpi;
+import org.keycloak.protocol.oidc.grants.PreAuthorizedCodeGrantTypeFactory;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
+import org.keycloak.testsuite.feature.AbstractFeatureStateTest;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class OID4VCGrantFeatureTest extends AbstractFeatureStateTest {
+
+    @Override
+    public String getFeatureProviderId() {
+        return PreAuthorizedCodeGrantTypeFactory.GRANT_TYPE;
+    }
+
+    @Override
+    public String getFeatureSpiName() {
+        return OAuth2GrantTypeSpi.SPI_NAME;
+    }
+
+    @Test
+    @EnableFeature(value = Profile.Feature.OID4VC_VCI, skipRestart = true)
+    public void featureEnabled() {
+        testFeatureAvailability(true);
+    }
+
+    @Test
+    @DisableFeature(value = Profile.Feature.OID4VC_VCI, skipRestart = true)
+    public void featureDisabled() {
+        testFeatureAvailability(false);
+    }
+}