KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients

This commit is contained in:
mposolda 2021-02-10 10:44:11 +01:00 committed by Stian Thorgersen
parent 9b0e1fff8d
commit 4dacbb9e0b
4 changed files with 22 additions and 7 deletions

View file

@ -492,7 +492,7 @@ public class AccountRestService {
realm.getAlwaysDisplayInConsoleClientsStream().forEach(clients::add);
return clients.stream().filter(client -> !client.isBearerOnly() && client.getBaseUrl() != null && !client.getClientId().isEmpty())
return clients.stream().filter(client -> !client.isBearerOnly() && !client.getClientId().isEmpty())
.filter(client -> matches(client, name))
.map(client -> modelToRepresentation(client, inUseClients, offlineClients, consentModels));
}

View file

@ -104,6 +104,13 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
.secret("secret1").build();
testRealm.getClients().add(offlineApp);
org.keycloak.representations.idm.ClientRepresentation offlineApp2 = ClientBuilder.create().clientId("offline-client-without-base-url")
.id(KeycloakModelUtils.generateId())
.name("Offline Client Without Base URL")
.directAccessGrants()
.secret("secret1").build();
testRealm.getClients().add(offlineApp2);
org.keycloak.representations.idm.ClientRepresentation alwaysDisplayApp = ClientBuilder.create().clientId("always-display-client")
.id(KeycloakModelUtils.generateId())
.name("Always Display Client")

View file

@ -778,10 +778,11 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertFalse(applications.isEmpty());
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder("in-use-client", "always-display-client"));
Assert.assertThat(apps.keySet(), containsInAnyOrder("in-use-client", "always-display-client", "direct-grant"));
assertClientRep(apps.get("in-use-client"), "In Use Client", null, false, true, false, null, inUseClientAppUri);
assertClientRep(apps.get("always-display-client"), "Always Display Client", null, false, false, false, null, alwaysDisplayClientAppUri);
assertClientRep(apps.get("direct-grant"), null, null, false, true, false, null, null);
}
@Test
@ -813,6 +814,10 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
OAuthClient.AccessTokenResponse offlineTokenResponse = oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password");
assertNull(offlineTokenResponse.getErrorDescription());
oauth.clientId("offline-client-without-base-url");
offlineTokenResponse = oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password");
assertNull(offlineTokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password");
List<ClientRepresentation> applications = SimpleHttp
.doGet(getAccountUrl("applications"), httpClient)
@ -823,9 +828,10 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertFalse(applications.isEmpty());
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client"));
Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "offline-client-without-base-url", "always-display-client", "direct-grant"));
assertClientRep(apps.get("offline-client"), "Offline Client", null, false, true, true, null, offlineClientAppUri);
assertClientRep(apps.get("offline-client-without-base-url"), "Offline Client Without Base URL", null, false, true, true, null, null);
}
@Test
@ -861,7 +867,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
.asResponse();
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client"));
Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client", "direct-grant"));
ClientRepresentation app = apps.get(appId);
assertClientRep(app, null, "A third party application", true, false, false, null, "http://localhost:8180/auth/realms/master/app/auth");
@ -887,7 +893,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertFalse(applications.isEmpty());
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "always-display-client"));
Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "always-display-client", "direct-grant"));
assertClientRep(apps.get("root-url-client"), null, null, false, true, false, "http://localhost:8180/foo/bar", "/baz");
}
@ -1308,7 +1314,7 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertFalse(applications.isEmpty());
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client"));
Assert.assertThat(apps.keySet(), containsInAnyOrder("offline-client", "always-display-client", "direct-grant"));
assertClientRep(apps.get("offline-client"), "Offline Client", null, false, true, false, null, offlineClientAppUri);
}

View file

@ -181,7 +181,9 @@ export class ApplicationsPage extends React.Component<ApplicationsPageProps, App
{application.description &&
<GridItem><strong>{Msg.localize('description') + ': '}</strong> {application.description}</GridItem>
}
<GridItem><strong>URL: </strong> <span id={this.elementId('effectiveurl', application)}>{application.effectiveUrl.split('"')}</span></GridItem>
{application.effectiveUrl &&
<GridItem><strong>URL: </strong> <span id={this.elementId('effectiveurl', application)}>{application.effectiveUrl.split('"')}</span></GridItem>
}
{application.consent &&
<React.Fragment>
<GridItem span={12}>