From 7c69c857a1216cf2af07c4d2859fc961817f530a Mon Sep 17 00:00:00 2001 From: Ingrid Kamga Date: Wed, 24 Jul 2024 17:06:26 +0100 Subject: [PATCH] Add a media type to error responses on OID4VC endpoints Closes #31585 Signed-off-by: Ingrid Kamga --- .../oid4vc/issuance/OID4VCIssuerEndpoint.java | 6 +++++- .../issuance/signing/OID4VCJWTIssuerEndpointTest.java | 11 ++++++++--- .../signing/OID4VCSdJwtIssuingEndpointTest.java | 2 +- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java index 7fd3aa67e2..b1973d35a9 100644 --- a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java +++ b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OID4VCIssuerEndpoint.java @@ -494,7 +494,11 @@ public class OID4VCIssuerEndpoint { private Response getErrorResponse(ErrorType errorType) { var errorResponse = new ErrorResponse(); errorResponse.setError(errorType); - return Response.status(Response.Status.BAD_REQUEST).entity(errorResponse).build(); + return Response + .status(Response.Status.BAD_REQUEST) + .entity(errorResponse) + .type(MediaType.APPLICATION_JSON) + .build(); } // Return all {@link OID4VCClient}s that support the given scope and format diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCJWTIssuerEndpointTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCJWTIssuerEndpointTest.java index 31c8d5b056..f9ac2a22cf 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCJWTIssuerEndpointTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCJWTIssuerEndpointTest.java @@ -20,6 +20,7 @@ import jakarta.ws.rs.BadRequestException; import jakarta.ws.rs.client.Entity; import jakarta.ws.rs.client.WebTarget; import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import org.apache.commons.io.IOUtils; import org.apache.http.HttpStatus; @@ -102,7 +103,9 @@ public class OID4VCJWTIssuerEndpointTest extends OID4VCIssuerEndpointTest { AppAuthManager.BearerTokenAuthenticator authenticator = new AppAuthManager.BearerTokenAuthenticator(session); authenticator.setTokenString("invalid-token"); OID4VCIssuerEndpoint oid4VCIssuerEndpoint = prepareIssuerEndpoint(session, authenticator); - oid4VCIssuerEndpoint.getCredentialOfferURI("test-credential", OfferUriType.URI, 0, 0); + Response response = oid4VCIssuerEndpoint + .getCredentialOfferURI("test-credential", OfferUriType.URI, 0, 0); + assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getMediaType()); }))); } @@ -141,7 +144,8 @@ public class OID4VCJWTIssuerEndpointTest extends OID4VCIssuerEndpointTest { AppAuthManager.BearerTokenAuthenticator authenticator = new AppAuthManager.BearerTokenAuthenticator(session); authenticator.setTokenString(null); OID4VCIssuerEndpoint issuerEndpoint = prepareIssuerEndpoint(session, authenticator); - issuerEndpoint.getCredentialOffer("nonce"); + Response response = issuerEndpoint.getCredentialOffer("nonce"); + assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getMediaType()); }); }); } @@ -244,9 +248,10 @@ public class OID4VCJWTIssuerEndpointTest extends OID4VCIssuerEndpointTest { AppAuthManager.BearerTokenAuthenticator authenticator = new AppAuthManager.BearerTokenAuthenticator(session); authenticator.setTokenString(null); OID4VCIssuerEndpoint issuerEndpoint = prepareIssuerEndpoint(session, authenticator); - issuerEndpoint.requestCredential(new CredentialRequest() + Response response = issuerEndpoint.requestCredential(new CredentialRequest() .setFormat(Format.JWT_VC) .setCredentialIdentifier("test-credential")); + assertEquals(MediaType.APPLICATION_JSON_TYPE, response.getMediaType()); })); }); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCSdJwtIssuingEndpointTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCSdJwtIssuingEndpointTest.java index 8939a349bb..2f81287e69 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCSdJwtIssuingEndpointTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCSdJwtIssuingEndpointTest.java @@ -370,7 +370,7 @@ public class OID4VCSdJwtIssuingEndpointTest extends OID4VCIssuerEndpointTest { protected void handleCredentialResponse(CredentialResponse credentialResponse) throws VerificationException { // SDJWT have a special format. SdJwtVP sdJwtVP = SdJwtVP.of(credentialResponse.getCredential().toString()); - JsonWebToken jsonWebToken = TokenVerifier.create(sdJwtVP.getIssuerSignedJWT().getJwsString(), JsonWebToken.class).getToken(); + JsonWebToken jsonWebToken = TokenVerifier.create(sdJwtVP.getIssuerSignedJWT().toJws(), JsonWebToken.class).getToken(); assertNotNull("A valid credential string should have been responded", jsonWebToken); assertNotNull("The credentials should be included at the vct-claim.", jsonWebToken.getOtherClaims().get("vct"));