diff --git a/core/src/main/java/org/keycloak/OAuth2Constants.java b/core/src/main/java/org/keycloak/OAuth2Constants.java index 70105f7074..6de35b8b67 100644 --- a/core/src/main/java/org/keycloak/OAuth2Constants.java +++ b/core/src/main/java/org/keycloak/OAuth2Constants.java @@ -101,7 +101,7 @@ public interface OAuth2Constants { String REFRESH_TOKEN_TYPE="urn:ietf:params:oauth:token-type:refresh_token"; String JWT_TOKEN_TYPE="urn:ietf:params:oauth:token-type:jwt"; String ID_TOKEN_TYPE="urn:ietf:params:oauth:token-type:id_token"; - String TOKEN_EXCHANGEABLE ="token-exchangeable"; + String TOKEN_EXCHANGER ="token-exchanger"; } diff --git a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java index 69499175e7..cb5b5ae05e 100644 --- a/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java @@ -602,8 +602,8 @@ public class TokenEndpoint { boolean allowed = false; UserModel serviceAccount = session.users().getServiceAccount(client); if (serviceAccount != null) { - RoleModel exchangeable = targetClient.getRole(OAuth2Constants.TOKEN_EXCHANGEABLE); - RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().getRole(OAuth2Constants.TOKEN_EXCHANGEABLE); + RoleModel exchangeable = targetClient.getRole(OAuth2Constants.TOKEN_EXCHANGER); + RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().getRole(OAuth2Constants.TOKEN_EXCHANGER); allowed = (exchangeable != null && serviceAccount.hasRole(exchangeable)) || (realmExchangeable != null && serviceAccount.hasRole(realmExchangeable)); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java index 5a6e3bb211..ff82166f63 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenExchangeTest.java @@ -17,48 +17,27 @@ package org.keycloak.testsuite.oauth; -import org.apache.http.HttpResponse; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.impl.client.DefaultHttpClient; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; import org.keycloak.TokenVerifier; -import org.keycloak.admin.client.resource.RealmResource; -import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator; -import org.keycloak.events.Details; -import org.keycloak.events.Errors; import org.keycloak.models.ClientModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.models.utils.TimeBasedOTP; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.representations.AccessToken; -import org.keycloak.representations.RefreshToken; -import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.services.resources.admin.permissions.AdminPermissions; import org.keycloak.testsuite.AbstractKeycloakTest; import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.admin.FineGrainAdminUnitTest; import org.keycloak.testsuite.runonserver.RunOnServerDeployment; -import org.keycloak.testsuite.util.ClientBuilder; -import org.keycloak.testsuite.util.ClientManager; import org.keycloak.testsuite.util.OAuthClient; -import org.keycloak.testsuite.util.RealmBuilder; -import org.keycloak.testsuite.util.RealmManager; -import org.keycloak.testsuite.util.UserBuilder; -import org.keycloak.testsuite.util.UserManager; -import org.keycloak.util.JsonSerialization; import java.util.List; @@ -89,7 +68,7 @@ public class TokenExchangeTest extends AbstractKeycloakTest { public static void setupRealm(KeycloakSession session) { RealmModel realm = session.realms().getRealmByName(TEST); - RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().addRole(OAuth2Constants.TOKEN_EXCHANGEABLE); + RoleModel realmExchangeable = AdminPermissions.management(session, realm).getRealmManagementClient().addRole(OAuth2Constants.TOKEN_EXCHANGER); RoleModel exampleRole = realm.addRole("example"); @@ -100,7 +79,7 @@ public class TokenExchangeTest extends AbstractKeycloakTest { target.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); target.setFullScopeAllowed(false); target.addScopeMapping(exampleRole); - RoleModel targetExchangeable = target.addRole(OAuth2Constants.TOKEN_EXCHANGEABLE); + RoleModel targetExchangeable = target.addRole(OAuth2Constants.TOKEN_EXCHANGER); target = realm.addClient("realm-exchanger"); target.setClientId("realm-exchanger");