parent
2f617bd28e
commit
6498b5baf3
3 changed files with 61 additions and 0 deletions
|
@ -102,6 +102,9 @@ public class OIDCClientRepresentation {
|
||||||
|
|
||||||
private String tls_client_auth_subject_dn;
|
private String tls_client_auth_subject_dn;
|
||||||
|
|
||||||
|
// OAuth 2.0 DPoP
|
||||||
|
private Boolean dpop_bound_access_tokens;
|
||||||
|
|
||||||
// OIDC Session Management
|
// OIDC Session Management
|
||||||
private List<String> post_logout_redirect_uris;
|
private List<String> post_logout_redirect_uris;
|
||||||
|
|
||||||
|
@ -476,6 +479,14 @@ public class OIDCClientRepresentation {
|
||||||
this.tls_client_certificate_bound_access_tokens = tls_client_certificate_bound_access_tokens;
|
this.tls_client_certificate_bound_access_tokens = tls_client_certificate_bound_access_tokens;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Boolean getDpopBoundAccessTokens() {
|
||||||
|
return dpop_bound_access_tokens;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDpopBoundAccessTokens(Boolean dpop_bound_access_tokens) {
|
||||||
|
this.dpop_bound_access_tokens = dpop_bound_access_tokens;
|
||||||
|
}
|
||||||
|
|
||||||
public String getBackchannelLogoutUri() {
|
public String getBackchannelLogoutUri() {
|
||||||
return backchannel_logout_uri;
|
return backchannel_logout_uri;
|
||||||
}
|
}
|
||||||
|
|
|
@ -212,6 +212,13 @@ public class DescriptionConverter {
|
||||||
configWrapper.setPostLogoutRedirectUris(clientOIDC.getPostLogoutRedirectUris());
|
configWrapper.setPostLogoutRedirectUris(clientOIDC.getPostLogoutRedirectUris());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// OAuth 2.0 DPoP
|
||||||
|
Boolean dpopBoundAccessTokens = clientOIDC.getDpopBoundAccessTokens();
|
||||||
|
if (dpopBoundAccessTokens != null) {
|
||||||
|
if (dpopBoundAccessTokens.booleanValue()) configWrapper.setUseDPoP(true);
|
||||||
|
else configWrapper.setUseDPoP(false);
|
||||||
|
}
|
||||||
|
|
||||||
// CIBA
|
// CIBA
|
||||||
String backchannelTokenDeliveryMode = clientOIDC.getBackchannelTokenDeliveryMode();
|
String backchannelTokenDeliveryMode = clientOIDC.getBackchannelTokenDeliveryMode();
|
||||||
if (backchannelTokenDeliveryMode != null) {
|
if (backchannelTokenDeliveryMode != null) {
|
||||||
|
@ -413,6 +420,11 @@ public class DescriptionConverter {
|
||||||
response.setBackchannelLogoutUri(config.getBackchannelLogoutUrl());
|
response.setBackchannelLogoutUri(config.getBackchannelLogoutUrl());
|
||||||
response.setBackchannelLogoutSessionRequired(config.isBackchannelLogoutSessionRequired());
|
response.setBackchannelLogoutSessionRequired(config.isBackchannelLogoutSessionRequired());
|
||||||
response.setBackchannelLogoutSessionRequired(config.getBackchannelLogoutRevokeOfflineTokens());
|
response.setBackchannelLogoutSessionRequired(config.getBackchannelLogoutRevokeOfflineTokens());
|
||||||
|
if (config.isUseDPoP()) {
|
||||||
|
response.setDpopBoundAccessTokens(Boolean.TRUE);
|
||||||
|
} else {
|
||||||
|
response.setDpopBoundAccessTokens(Boolean.FALSE);
|
||||||
|
}
|
||||||
|
|
||||||
if (client.getAttributes() != null) {
|
if (client.getAttributes() != null) {
|
||||||
String mode = client.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_TOKEN_DELIVERY_MODE_PER_CLIENT);
|
String mode = client.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_TOKEN_DELIVERY_MODE_PER_CLIENT);
|
||||||
|
|
|
@ -356,6 +356,44 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDPoPHoKTokenEnabled() throws Exception {
|
||||||
|
// create (no specification)
|
||||||
|
OIDCClientRepresentation clientRep = createRep();
|
||||||
|
|
||||||
|
OIDCClientRepresentation response = reg.oidc().create(clientRep);
|
||||||
|
Assert.assertEquals(Boolean.FALSE, response.getDpopBoundAccessTokens());
|
||||||
|
Assert.assertNotNull(response.getClientSecret());
|
||||||
|
|
||||||
|
// Test Keycloak representation
|
||||||
|
ClientRepresentation kcClient = getClient(response.getClientId());
|
||||||
|
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
|
||||||
|
assertTrue(!config.isUseDPoP());
|
||||||
|
|
||||||
|
// update (true)
|
||||||
|
reg.auth(Auth.token(response));
|
||||||
|
response.setDpopBoundAccessTokens(Boolean.TRUE);
|
||||||
|
OIDCClientRepresentation updated = reg.oidc().update(response);
|
||||||
|
assertTrue(updated.getDpopBoundAccessTokens().booleanValue());
|
||||||
|
|
||||||
|
// Test Keycloak representation
|
||||||
|
kcClient = getClient(updated.getClientId());
|
||||||
|
config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
|
||||||
|
assertTrue(config.isUseDPoP());
|
||||||
|
|
||||||
|
// update (false)
|
||||||
|
reg.auth(Auth.token(updated));
|
||||||
|
updated.setDpopBoundAccessTokens(Boolean.FALSE);
|
||||||
|
OIDCClientRepresentation reUpdated = reg.oidc().update(updated);
|
||||||
|
assertTrue(!reUpdated.getDpopBoundAccessTokens().booleanValue());
|
||||||
|
|
||||||
|
// Test Keycloak representation
|
||||||
|
kcClient = getClient(reUpdated.getClientId());
|
||||||
|
config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
|
||||||
|
assertTrue(!config.isUseDPoP());
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testUserInfoEncryptedResponse() throws Exception {
|
public void testUserInfoEncryptedResponse() throws Exception {
|
||||||
OIDCClientRepresentation response = null;
|
OIDCClientRepresentation response = null;
|
||||||
|
|
Loading…
Reference in a new issue