Allow updating authz settings via default client registration provider

Closes #9008
This commit is contained in:
Pedro Igor 2022-08-31 17:48:09 -03:00 committed by Václav Muzikář
parent 25ea487510
commit 782d145cef
2 changed files with 49 additions and 0 deletions

View file

@ -19,7 +19,9 @@ package org.keycloak.services.clientregistration;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@ -68,7 +70,9 @@ public class DefaultClientRegistrationProvider extends AbstractClientRegistratio
@Produces(MediaType.APPLICATION_JSON)
public Response updateDefault(@PathParam("clientId") String clientId, ClientRepresentation client) {
DefaultClientRegistrationContext context = new DefaultClientRegistrationContext(session, client, this);
ResourceServerRepresentation authorizationSettings = client.getAuthorizationSettings();
client = update(clientId, context);
updateAuthorizationSettings(client, authorizationSettings);
validateClient(client, false);
return Response.ok(client).build();
}
@ -78,4 +82,10 @@ public class DefaultClientRegistrationProvider extends AbstractClientRegistratio
public void deleteDefault(@PathParam("clientId") String clientId) {
delete(clientId);
}
private void updateAuthorizationSettings(ClientRepresentation rep, ResourceServerRepresentation authorizationSettings) {
rep.setAuthorizationSettings(authorizationSettings);
ClientModel client = session.getContext().getRealm().getClientByClientId(rep.getClientId());
RepresentationToModel.importAuthorizationSettings(rep, client, session);
}
}

View file

@ -33,11 +33,15 @@ import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.models.Constants;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.util.JsonSerialization;
@ -59,6 +63,7 @@ import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.hamcrest.core.Is.is;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@ -231,6 +236,40 @@ public class ClientRegistrationTest extends AbstractClientRegistrationTest {
);
}
@Test
public void testUpdateAuthorizationSettings() throws ClientRegistrationException {
authManageClients();
ClientRepresentation clientRep = buildClient();
clientRep.setAuthorizationServicesEnabled(true);
ClientRepresentation rep = registerClient(clientRep);
rep = adminClient.realm("test").clients().get(rep.getId()).toRepresentation();
assertTrue(rep.getAuthorizationServicesEnabled());
ResourceServerRepresentation authzSettings = new ResourceServerRepresentation();
authzSettings.setAllowRemoteResourceManagement(false);
authzSettings.setResources(List.of(new ResourceRepresentation("foo", "scope-a", "scope-b")));
PolicyRepresentation permission = new PolicyRepresentation();
permission.setName(KeycloakModelUtils.generateId());
permission.setType("resource");
permission.setResources(Collections.singleton("foo"));
authzSettings.setPolicies(List.of(permission));
rep.setAuthorizationSettings(authzSettings);
reg.update(rep);
authzSettings = adminClient.realm("test").clients().get(rep.getId()).authorization().exportSettings();
assertFalse(authzSettings.getResources().isEmpty());
assertFalse(authzSettings.getScopes().isEmpty());
assertFalse(authzSettings.getPolicies().isEmpty());
}
private void testClientUriValidation(String expectedRootUrlError, String expectedBaseUrlError, String expectedBackchannelLogoutUrlError, String expectedRedirectUrisError, String... testUrls) {
testClientUriValidation(true, expectedRootUrlError, expectedBaseUrlError, expectedBackchannelLogoutUrlError, expectedRedirectUrisError, testUrls);
testClientUriValidation(false, expectedRootUrlError, expectedBaseUrlError, expectedBackchannelLogoutUrlError, expectedRedirectUrisError, testUrls);