Adding revocation method into OAuthClient (#32260)

Signed-off-by: wojnarfilip <fwojnar@redhat.com>
Co-authored-by: wojnarfilip <fwojnar@redhat.com>
This commit is contained in:
fwojnar 2024-08-22 06:59:56 +02:00 committed by GitHub
parent c539a15ee5
commit 3b978c5a13
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 27 additions and 0 deletions

View file

@ -4,6 +4,7 @@ import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.TokenIntrospectionResponse; import com.nimbusds.oauth2.sdk.TokenIntrospectionResponse;
import com.nimbusds.oauth2.sdk.TokenResponse; import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.token.AccessToken; import com.nimbusds.oauth2.sdk.token.AccessToken;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
@ -72,6 +73,24 @@ public class OAuthClientTest {
Assertions.assertNotNull(tokenResponse.toSuccessResponse().getTokens().getAccessToken()); Assertions.assertNotNull(tokenResponse.toSuccessResponse().getTokens().getAccessToken());
} }
@Test
public void testAccessTokenRevocation() throws Exception {
TokenResponse tokenResponse = oAuthClient.clientCredentialGrant();
Assertions.assertTrue(tokenResponse.indicatesSuccess());
Assertions.assertNotNull(tokenResponse.toSuccessResponse().getTokens().getAccessToken());
AccessToken accessToken = tokenResponse.toSuccessResponse().getTokens().getAccessToken();
TokenIntrospectionResponse introspectionResponse = oAuthClient.introspection(accessToken);
Assertions.assertTrue(introspectionResponse.indicatesSuccess());
Assertions.assertNotNull(introspectionResponse.toSuccessResponse().getScope());
Assertions.assertEquals(Response.Status.OK.getStatusCode(), oAuthClient.revokeAccessToken(accessToken).getStatusCode());
introspectionResponse = oAuthClient.introspection(accessToken);
Assertions.assertTrue(introspectionResponse.indicatesSuccess());
Assertions.assertNull(introspectionResponse.toSuccessResponse().getScope());
}
public static class UserConfig implements org.keycloak.test.framework.realm.UserConfig { public static class UserConfig implements org.keycloak.test.framework.realm.UserConfig {
@Override @Override

View file

@ -11,9 +11,11 @@ import com.nimbusds.oauth2.sdk.TokenIntrospectionRequest;
import com.nimbusds.oauth2.sdk.TokenIntrospectionResponse; import com.nimbusds.oauth2.sdk.TokenIntrospectionResponse;
import com.nimbusds.oauth2.sdk.TokenRequest; import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse; import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.TokenRevocationRequest;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication; import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic; import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.Secret; import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPResponse;
import com.nimbusds.oauth2.sdk.id.ClientID; import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer; import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.State; import com.nimbusds.oauth2.sdk.id.State;
@ -79,6 +81,12 @@ public class OAuthClient {
return TokenIntrospectionResponse.parse(introspectionRequest.toHTTPRequest().send()); return TokenIntrospectionResponse.parse(introspectionRequest.toHTTPRequest().send());
} }
public HTTPResponse revokeAccessToken(AccessToken token) throws GeneralException, IOException {
URI revocationEndpoint = getOIDCProviderMetadata().getRevocationEndpointURI();
TokenRevocationRequest revocationRequest = new TokenRevocationRequest(revocationEndpoint, getClientAuthentication(), token);
return revocationRequest.toHTTPRequest().send();
}
public URL authorizationRequest() throws IOException, GeneralException { public URL authorizationRequest() throws IOException, GeneralException {
URI authorizationEndpoint = getOIDCProviderMetadata().getAuthorizationEndpointURI(); URI authorizationEndpoint = getOIDCProviderMetadata().getAuthorizationEndpointURI();
State state = new State(); State state = new State();