KEYCLOAK-8414 use the clientId when the ClientScopeModel is an instance of ClientModel

server-spi-private/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java

@@ -570,7 +570,14 @@ public final class KeycloakModelUtils {
                 return clientScope;
             }
         }
-
+        // check if we are referencing a client instead of a scope
+        if (realm.getClients() != null) {
+            for (ClientModel client : realm.getClients()) {
+                if (clientScopeName.equals(client.getClientId())) {
+                    return client;
+                }
+            }
+        }
         return null;
     }
 

server-spi-private/src/main/java/org/keycloak/models/utils/ModelToRepresentation.java

@@ -660,7 +660,11 @@ public class ModelToRepresentation {
 
         List<String> grantedClientScopes = new LinkedList<>();
         for (ClientScopeModel clientScope : model.getGrantedClientScopes()) {
-            grantedClientScopes.add(clientScope.getName());
+            if (clientScope instanceof ClientModel) {
+                grantedClientScopes.add(((ClientModel) clientScope).getClientId());
+            } else {
+                grantedClientScopes.add(clientScope.getName());
+            }
         }
 
         UserConsentRepresentation consentRep = new UserConsentRepresentation();

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/exportimport/ExportImportUtil.java

@@ -59,6 +59,7 @@ import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.util.RealmRepUtil;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.LinkedList;
@@ -368,7 +369,7 @@ public class ExportImportUtil {
 
         Map<String, Object> appAdminConsent = findConsentByClientId(consents, application.getClientId());
         Assert.assertNotNull(appAdminConsent);
-        Assert.assertTrue(isClientScopeGranted(appAdminConsent, OAuth2Constants.OFFLINE_ACCESS));
+        Assert.assertTrue(isClientScopeGranted(appAdminConsent, OAuth2Constants.OFFLINE_ACCESS, "roles", "profile", "email", "account", "web-origins"));
 
         Map<String, Object> otherAppAdminConsent = findConsentByClientId(consents, otherApp.getClientId());//admin.getConsentByClient(otherApp.getId());
         Assert.assertFalse(isClientScopeGranted(otherAppAdminConsent, OAuth2Constants.OFFLINE_ACCESS));
@@ -392,9 +393,9 @@ public class ExportImportUtil {
     }
 
 
-    private static boolean isClientScopeGranted(Map<String, Object> consent, String clientScopeName) {
+    private static boolean isClientScopeGranted(Map<String, Object> consent, String... clientScopeNames) {
         if (consent.get("grantedClientScopes") == null) return false;
-        return ((List)consent.get("grantedClientScopes")).contains(clientScopeName);
+        return ((List)consent.get("grantedClientScopes")).containsAll(Arrays.asList(clientScopeNames));
     }
 
 

testsuite/integration-arquillian/tests/base/src/test/resources/model/testrealm.json

@@ -179,7 +179,8 @@
                     "grantedRealmRoles": [ "offline_access" ],
                     "grantedClientRoles": {
                         "Application": [ "app-admin" ]
-                    }
+                    },
+                    "grantedClientScopes" : [ "roles", "profile", "email", "account", "web-origins" ]
                 },
                 {
                     "clientId": "OtherApp",
@@ -535,6 +536,4 @@
         ]
 
     }
-
-
 }