remove changes from standard OIDC client registration, move constants
This commit is contained in:
parent
57f57f5c75
commit
82ba2b1b0d
7 changed files with 9 additions and 50 deletions
|
@ -86,8 +86,6 @@ public class OIDCClientRepresentation {
|
||||||
|
|
||||||
private String request_object_encryption_enc;
|
private String request_object_encryption_enc;
|
||||||
|
|
||||||
private String request_object_required;
|
|
||||||
|
|
||||||
private Integer default_max_age;
|
private Integer default_max_age;
|
||||||
|
|
||||||
private Boolean require_auth_time;
|
private Boolean require_auth_time;
|
||||||
|
@ -339,14 +337,6 @@ public class OIDCClientRepresentation {
|
||||||
this.request_object_encryption_enc = request_object_encryption_enc;
|
this.request_object_encryption_enc = request_object_encryption_enc;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRequestObjectRequired() {
|
|
||||||
return request_object_required;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRequestObjectRequired(String request_object_required) {
|
|
||||||
this.request_object_required = request_object_required;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Integer getDefaultMaxAge() {
|
public Integer getDefaultMaxAge() {
|
||||||
return default_max_age;
|
return default_max_age;
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,6 +33,9 @@ public class OIDCAdvancedConfigWrapper {
|
||||||
private static final String REQUEST_OBJECT_SIGNATURE_ALG = "request.object.signature.alg";
|
private static final String REQUEST_OBJECT_SIGNATURE_ALG = "request.object.signature.alg";
|
||||||
|
|
||||||
private static final String REQUEST_OBJECT_REQUIRED = "request.object.required";
|
private static final String REQUEST_OBJECT_REQUIRED = "request.object.required";
|
||||||
|
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI = "request or request_uri";
|
||||||
|
public static final String REQUEST_OBJECT_REQUIRED_REQUEST = "request only";
|
||||||
|
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_URI = "request_uri only";
|
||||||
|
|
||||||
private static final String JWKS_URL = "jwks.url";
|
private static final String JWKS_URL = "jwks.url";
|
||||||
|
|
||||||
|
|
|
@ -93,11 +93,6 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
||||||
public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
|
public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
|
||||||
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
|
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
|
||||||
|
|
||||||
// Request object requirement options
|
|
||||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI = "request or request_uri";
|
|
||||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST = "request only";
|
|
||||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_URI = "request_uri only";
|
|
||||||
|
|
||||||
// https://tools.ietf.org/html/rfc7636#section-4.3
|
// https://tools.ietf.org/html/rfc7636#section-4.3
|
||||||
public static final String CODE_CHALLENGE_PARAM = "code_challenge";
|
public static final String CODE_CHALLENGE_PARAM = "code_challenge";
|
||||||
public static final String CODE_CHALLENGE_METHOD_PARAM = "code_challenge_method";
|
public static final String CODE_CHALLENGE_METHOD_PARAM = "code_challenge_method";
|
||||||
|
|
|
@ -32,9 +32,9 @@ import org.keycloak.services.messages.Messages;
|
||||||
import javax.ws.rs.core.MultivaluedMap;
|
import javax.ws.rs.core.MultivaluedMap;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||||
|
|
|
@ -48,7 +48,6 @@ import java.io.IOException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
import java.security.PublicKey;
|
import java.security.PublicKey;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
@ -116,17 +115,6 @@ public class DescriptionConverter {
|
||||||
configWrapper.setRequestObjectSignatureAlg(algorithm);
|
configWrapper.setRequestObjectSignatureAlg(algorithm);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (clientOIDC.getRequestObjectRequired() != null) {
|
|
||||||
String requestObjectRequired = clientOIDC.getRequestObjectRequired();
|
|
||||||
if (Arrays.asList(
|
|
||||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI,
|
|
||||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST,
|
|
||||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI)
|
|
||||||
.contains(requestObjectRequired)) {
|
|
||||||
configWrapper.setRequestObjectRequired(requestObjectRequired);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return client;
|
return client;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -197,9 +185,6 @@ public class DescriptionConverter {
|
||||||
if (config.getRequestObjectSignatureAlg() != null) {
|
if (config.getRequestObjectSignatureAlg() != null) {
|
||||||
response.setRequestObjectSigningAlg(config.getRequestObjectSignatureAlg().toString());
|
response.setRequestObjectSigningAlg(config.getRequestObjectSignatureAlg().toString());
|
||||||
}
|
}
|
||||||
if (config.getRequestObjectRequired() != null) {
|
|
||||||
response.setRequestObjectRequired(config.getRequestObjectRequired());
|
|
||||||
}
|
|
||||||
if (config.isUseJwksUrl()) {
|
if (config.isUseJwksUrl()) {
|
||||||
response.setJwksUri(config.getJwksUrl());
|
response.setJwksUri(config.getJwksUrl());
|
||||||
}
|
}
|
||||||
|
|
|
@ -201,20 +201,6 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
|
||||||
Assert.assertEquals(config.getRequestObjectSignatureAlg(), Algorithm.RS256);
|
Assert.assertEquals(config.getRequestObjectSignatureAlg(), Algorithm.RS256);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testRequestObjectRequired() throws Exception {
|
|
||||||
OIDCClientRepresentation clientRep = createRep();
|
|
||||||
clientRep.setRequestObjectRequired(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI);
|
|
||||||
|
|
||||||
OIDCClientRepresentation response = reg.oidc().create(clientRep);
|
|
||||||
Assert.assertEquals(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI, response.getRequestObjectRequired());
|
|
||||||
|
|
||||||
// Test Keycloak representation
|
|
||||||
ClientRepresentation kcClient = getClient(response.getClientId());
|
|
||||||
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
|
|
||||||
Assert.assertEquals(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI, config.getRequestObjectRequired());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void createClientImplicitFlow() throws ClientRegistrationException {
|
public void createClientImplicitFlow() throws ClientRegistrationException {
|
||||||
OIDCClientRepresentation clientRep = createRep();
|
OIDCClientRepresentation clientRep = createRep();
|
||||||
|
|
|
@ -71,9 +71,9 @@ import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
|
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test for supporting advanced parameters of OIDC specs (max_age, prompt, ...)
|
* Test for supporting advanced parameters of OIDC specs (max_age, prompt, ...)
|
||||||
|
|
Loading…
Reference in a new issue