From 33bb1fda38544a6a15c71bf67fae4ea70d01d38f Mon Sep 17 00:00:00 2001 From: Michito Okai Date: Wed, 27 Jan 2021 15:48:13 +0900 Subject: [PATCH] KEYCLOAK-16931 Authorization Server Metadata of introspection_endpoint_auth_methods_supported and introspection_endpoint_auth_signing_alg_values_supported --- .../OIDCConfigurationRepresentation.java | 23 +++++++++++++++++++ .../protocol/oidc/OIDCWellKnownProvider.java | 2 ++ .../oidc/OIDCWellKnownProviderTest.java | 5 ++++ 3 files changed, 30 insertions(+) diff --git a/core/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java b/core/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java index c9d10978fe..593679cb2b 100755 --- a/core/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java +++ b/core/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java @@ -91,6 +91,12 @@ public class OIDCConfigurationRepresentation { @JsonProperty("token_endpoint_auth_signing_alg_values_supported") private List tokenEndpointAuthSigningAlgValuesSupported; + @JsonProperty("introspection_endpoint_auth_methods_supported") + private List introspectionEndpointAuthMethodsSupported; + + @JsonProperty("introspection_endpoint_auth_signing_alg_values_supported") + private List introspectionEndpointAuthSigningAlgValuesSupported; + @JsonProperty("claims_supported") private List claimsSupported; @@ -298,6 +304,23 @@ public class OIDCConfigurationRepresentation { this.tokenEndpointAuthSigningAlgValuesSupported = tokenEndpointAuthSigningAlgValuesSupported; } + public List getIntrospectionEndpointAuthMethodsSupported() { + return introspectionEndpointAuthMethodsSupported; + } + + public void setIntrospectionEndpointAuthMethodsSupported(List introspectionEndpointAuthMethodsSupported) { + this.introspectionEndpointAuthMethodsSupported = introspectionEndpointAuthMethodsSupported; + } + + public List getIntrospectionEndpointAuthSigningAlgValuesSupported() { + return introspectionEndpointAuthSigningAlgValuesSupported; + } + + public void setIntrospectionEndpointAuthSigningAlgValuesSupported( + List introspectionEndpointAuthSigningAlgValuesSupported) { + this.introspectionEndpointAuthSigningAlgValuesSupported = introspectionEndpointAuthSigningAlgValuesSupported; + } + public List getClaimsSupported() { return claimsSupported; } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java index b660257952..a04d4f114b 100755 --- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java @@ -122,6 +122,8 @@ public class OIDCWellKnownProvider implements WellKnownProvider { config.setTokenEndpointAuthMethodsSupported(getClientAuthMethodsSupported()); config.setTokenEndpointAuthSigningAlgValuesSupported(getSupportedClientSigningAlgorithms(false)); + config.setIntrospectionEndpointAuthMethodsSupported(getClientAuthMethodsSupported()); + config.setIntrospectionEndpointAuthSigningAlgValuesSupported(getSupportedClientSigningAlgorithms(false)); config.setClaimsSupported(DEFAULT_CLAIMS_SUPPORTED); config.setClaimTypesSupported(DEFAULT_CLAIM_TYPES_SUPPORTED); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java index ddeccf9566..2b2d20a137 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java @@ -138,6 +138,11 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest { // Client authentication Assert.assertNames(oidcConfig.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt", "client_secret_jwt", "tls_client_auth"); Assert.assertNames(oidcConfig.getTokenEndpointAuthSigningAlgValuesSupported(), Algorithm.PS256, Algorithm.PS384, Algorithm.PS512, Algorithm.RS256, Algorithm.RS384, Algorithm.RS512, Algorithm.ES256, Algorithm.ES384, Algorithm.ES512, Algorithm.HS256, Algorithm.HS384, Algorithm.HS512); + Assert.assertNames(oidcConfig.getIntrospectionEndpointAuthMethodsSupported(), "client_secret_basic", + "client_secret_post", "private_key_jwt", "client_secret_jwt", "tls_client_auth"); + Assert.assertNames(oidcConfig.getIntrospectionEndpointAuthSigningAlgValuesSupported(), Algorithm.PS256, + Algorithm.PS384, Algorithm.PS512, Algorithm.RS256, Algorithm.RS384, Algorithm.RS512, Algorithm.ES256, + Algorithm.ES384, Algorithm.ES512, Algorithm.HS256, Algorithm.HS384, Algorithm.HS512); // Claims assertContains(oidcConfig.getClaimsSupported(), IDToken.NAME, IDToken.EMAIL, IDToken.PREFERRED_USERNAME, IDToken.FAMILY_NAME, IDToken.ACR);