remove changes from standard OIDC client registration, move constants
This commit is contained in:
parent
57f57f5c75
commit
82ba2b1b0d
7 changed files with 9 additions and 50 deletions
|
@ -86,8 +86,6 @@ public class OIDCClientRepresentation {
|
|||
|
||||
private String request_object_encryption_enc;
|
||||
|
||||
private String request_object_required;
|
||||
|
||||
private Integer default_max_age;
|
||||
|
||||
private Boolean require_auth_time;
|
||||
|
@ -339,14 +337,6 @@ public class OIDCClientRepresentation {
|
|||
this.request_object_encryption_enc = request_object_encryption_enc;
|
||||
}
|
||||
|
||||
public String getRequestObjectRequired() {
|
||||
return request_object_required;
|
||||
}
|
||||
|
||||
public void setRequestObjectRequired(String request_object_required) {
|
||||
this.request_object_required = request_object_required;
|
||||
}
|
||||
|
||||
public Integer getDefaultMaxAge() {
|
||||
return default_max_age;
|
||||
}
|
||||
|
|
|
@ -33,6 +33,9 @@ public class OIDCAdvancedConfigWrapper {
|
|||
private static final String REQUEST_OBJECT_SIGNATURE_ALG = "request.object.signature.alg";
|
||||
|
||||
private static final String REQUEST_OBJECT_REQUIRED = "request.object.required";
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI = "request or request_uri";
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST = "request only";
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_URI = "request_uri only";
|
||||
|
||||
private static final String JWKS_URL = "jwks.url";
|
||||
|
||||
|
|
|
@ -93,11 +93,6 @@ public class OIDCLoginProtocol implements LoginProtocol {
|
|||
public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
|
||||
public static final String PRIVATE_KEY_JWT = "private_key_jwt";
|
||||
|
||||
// Request object requirement options
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI = "request or request_uri";
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST = "request only";
|
||||
public static final String REQUEST_OBJECT_REQUIRED_REQUEST_URI = "request_uri only";
|
||||
|
||||
// https://tools.ietf.org/html/rfc7636#section-4.3
|
||||
public static final String CODE_CHALLENGE_PARAM = "code_challenge";
|
||||
public static final String CODE_CHALLENGE_METHOD_PARAM = "code_challenge_method";
|
||||
|
|
|
@ -32,9 +32,9 @@ import org.keycloak.services.messages.Messages;
|
|||
import javax.ws.rs.core.MultivaluedMap;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.io.InputStream;
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
|
|
|
@ -48,7 +48,6 @@ import java.io.IOException;
|
|||
import java.net.URI;
|
||||
import java.security.PublicKey;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
@ -116,17 +115,6 @@ public class DescriptionConverter {
|
|||
configWrapper.setRequestObjectSignatureAlg(algorithm);
|
||||
}
|
||||
|
||||
if (clientOIDC.getRequestObjectRequired() != null) {
|
||||
String requestObjectRequired = clientOIDC.getRequestObjectRequired();
|
||||
if (Arrays.asList(
|
||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI,
|
||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST,
|
||||
OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI)
|
||||
.contains(requestObjectRequired)) {
|
||||
configWrapper.setRequestObjectRequired(requestObjectRequired);
|
||||
}
|
||||
}
|
||||
|
||||
return client;
|
||||
}
|
||||
|
||||
|
@ -197,9 +185,6 @@ public class DescriptionConverter {
|
|||
if (config.getRequestObjectSignatureAlg() != null) {
|
||||
response.setRequestObjectSigningAlg(config.getRequestObjectSignatureAlg().toString());
|
||||
}
|
||||
if (config.getRequestObjectRequired() != null) {
|
||||
response.setRequestObjectRequired(config.getRequestObjectRequired());
|
||||
}
|
||||
if (config.isUseJwksUrl()) {
|
||||
response.setJwksUri(config.getJwksUrl());
|
||||
}
|
||||
|
|
|
@ -201,20 +201,6 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
|
|||
Assert.assertEquals(config.getRequestObjectSignatureAlg(), Algorithm.RS256);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRequestObjectRequired() throws Exception {
|
||||
OIDCClientRepresentation clientRep = createRep();
|
||||
clientRep.setRequestObjectRequired(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI);
|
||||
|
||||
OIDCClientRepresentation response = reg.oidc().create(clientRep);
|
||||
Assert.assertEquals(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI, response.getRequestObjectRequired());
|
||||
|
||||
// Test Keycloak representation
|
||||
ClientRepresentation kcClient = getClient(response.getClientId());
|
||||
OIDCAdvancedConfigWrapper config = OIDCAdvancedConfigWrapper.fromClientRepresentation(kcClient);
|
||||
Assert.assertEquals(OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI, config.getRequestObjectRequired());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void createClientImplicitFlow() throws ClientRegistrationException {
|
||||
OIDCClientRepresentation clientRep = createRep();
|
||||
|
|
|
@ -71,9 +71,9 @@ import static org.junit.Assert.assertEquals;
|
|||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||
import static org.keycloak.protocol.oidc.OIDCLoginProtocol.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_OR_REQUEST_URI;
|
||||
import static org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper.REQUEST_OBJECT_REQUIRED_REQUEST_URI;
|
||||
|
||||
/**
|
||||
* Test for supporting advanced parameters of OIDC specs (max_age, prompt, ...)
|
||||
|
|
Loading…
Reference in a new issue