added more missing fields (#2329)

fixes: #1385
2022-03-29 09:55:05 +02:00 · 2022-03-29 09:55:05 +02:00 · 6857d62545
commit 6857d62545
parent 78bdf2d2ec
4 changed files with 59 additions and 0 deletions
--- a/src/clients/ClientDetails.tsx
+++ b/src/clients/ClientDetails.tsx
@ -68,6 +68,7 @@ import {
 } from "./routes/AuthenticationTab";
 import { toClientScopesTab } from "./routes/ClientScopeTab";
 import { AuthorizationExport } from "./authorization/AuthorizationExport";
+import { arrayToAttributes } from "../components/attribute-form/attribute-convert";

 type ClientDetailHeaderProps = {
  onChange: (value: boolean) => void;
@ -222,6 +223,14 @@ export default function ClientDetails() {
      "attributes.request.uris",
      stringToMultiline(client.attributes?.["request.uris"])
    );
+    if (client.attributes?.["acr.loa.map"]) {
+      form.setValue(
+        "attributes.acr.loa.map",
+        Object.entries(JSON.parse(client.attributes["acr.loa.map"])).flatMap(
+          ([key, value]) => ({ key, value })
+        )
+      );
+    }
  };

  useFetch(
@ -263,6 +272,12 @@ export default function ClientDetails() {
      const submittedClient =
        convertFormValuesToObject<ClientRepresentation>(values);

+      if (submittedClient.attributes?.["acr.loa.map"]) {
+        submittedClient.attributes["acr.loa.map"] = JSON.stringify(
+          arrayToAttributes(submittedClient.attributes["acr.loa.map"])
+        );
+      }
+
      try {
        const newClient: ClientRepresentation = {
          ...client,
--- a/src/clients/advanced/AdvancedSettings.tsx
+++ b/src/clients/advanced/AdvancedSettings.tsx
@ -15,6 +15,7 @@ import { FormAccess } from "../../components/form-access/FormAccess";
 import { HelpItem } from "../../components/help-enabler/HelpItem";
 import { TimeSelector } from "../../components/time-selector/TimeSelector";
 import { TokenLifespan } from "./TokenLifespan";
+import { AttributeInput } from "../../components/attribute-input/AttributeInput";

 type AdvancedSettingsProps = {
  control: Control<Record<string, any>>;
@ -130,6 +131,43 @@ export const AdvancedSettings = ({
              )}
            />
          </FormGroup>
+          <FormGroup
+            label={t("pushedAuthorizationRequestRequired")}
+            fieldId="pushedAuthorizationRequestRequired"
+            labelIcon={
+              <HelpItem
+                helpText="clients-help:pushedAuthorizationRequestRequired"
+                fieldLabelId="clients:pushedAuthorizationRequestRequired"
+              />
+            }
+          >
+            <Controller
+              name="attributes.require.pushed.authorization.requests"
+              defaultValue="false"
+              control={control}
+              render={({ onChange, value }) => (
+                <Switch
+                  id="pushedAuthorizationRequestRequired"
+                  label={t("common:on")}
+                  labelOff={t("common:off")}
+                  isChecked={value === "true"}
+                  onChange={(value) => onChange(value.toString())}
+                />
+              )}
+            />
+          </FormGroup>
+          <FormGroup
+            label={t("acrToLoAMapping")}
+            fieldId="acrToLoAMapping"
+            labelIcon={
+              <HelpItem
+                helpText="clients-help:acrToLoAMapping"
+                fieldLabelId="clients:acrToLoAMapping"
+              />
+            }
+          >
+            <AttributeInput name="attributes.acr.loa.map" />
+          </FormGroup>
        </>
      )}
      <ActionGroup>
--- a/src/clients/help.ts
+++ b/src/clients/help.ts
@ -176,6 +176,10 @@ export default {
      "This enables support for OAuth 2.0 Mutual TLS Certificate Bound Access Tokens, which means that keycloak bind an access token and a refresh token with a X.509 certificate of a token requesting client exchanged in mutual TLS between keycloak's Token Endpoint and this client. These tokens can be treated as Holder-of-Key tokens instead of bearer tokens.",
    keyForCodeExchange:
      "Choose which code challenge method for PKCE is used. If not specified, keycloak does not applies PKCE to a client unless the client sends an authorization request with appropriate code challenge and code exchange method.",
+    pushedAuthorizationRequestRequired:
+      "Boolean parameter indicating whether the authorization server accepts authorization request data only via the pushed authorization request method.",
+    acrToLoAMapping:
+      "Define which ACR (Authentication Context Class Reference) value is mapped to which LoA (Level of Authentication). The ACR can be any value, whereas the LoA must be numeric.",
    assertionConsumerServicePostBindingURL:
      "SAML POST Binding URL for the client's assertion consumer service (login responses). You can leave this blank if you do not have a URL for this binding.",
    assertionConsumerServiceRedirectBindingURL:
--- a/src/clients/messages.ts
+++ b/src/clients/messages.ts
@ -529,6 +529,8 @@ export default {
    accessTokenLifespan: "Access Token Lifespan",
    oAuthMutual: "OAuth 2.0 Mutual TLS Certificate Bound Access Tokens Enabled",
    keyForCodeExchange: "Proof Key for Code Exchange Code Challenge Method",
+    pushedAuthorizationRequestRequired: "Pushed authorization request required",
+    acrToLoAMapping: "ACR to LoA Mapping",
    authenticationOverrides: "Authentication flow overrides",
    browserFlow: "Browser Flow",
    directGrant: "Direct Grant Flow",