libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper

Browse source
This commit is contained in:
carlChen 2021-08-01 16:55:30 +08:00 committed by Marek Posolda
parent 65480cb5a1
commit a0b01b6ef4
2 changed files with 35 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
services/src/main/java/org/keycloak/protocol/oidc/AccessTokenIntrospectionProvider.java
View file

@ -25,6 +25,7 @@ import org.keycloak.crypto.SignatureProvider;
import org.keycloak.crypto.SignatureVerifierContext; import org.keycloak.crypto.SignatureVerifierContext;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.services.Urls; import org.keycloak.services.Urls;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -56,7 +57,17 @@ public class AccessTokenIntrospectionProvider implements TokenIntrospectionProvi
if (accessToken != null) { if (accessToken != null) {
tokenMetadata = JsonSerialization.createObjectNode(accessToken); tokenMetadata = JsonSerialization.createObjectNode(accessToken);
tokenMetadata.put("client_id", accessToken.getIssuedFor()); tokenMetadata.put("client_id", accessToken.getIssuedFor());
tokenMetadata.put("username", accessToken.getPreferredUsername());
if (!tokenMetadata.has("username")) {
if (accessToken.getPreferredUsername() != null) {
tokenMetadata.put("username", accessToken.getPreferredUsername());
} else {
UserModel userModel = session.users().getUserById(realm, accessToken.getSubject());
if (userModel != null) {
tokenMetadata.put("username", userModel.getUsername());
}
}
}
} else { } else {
tokenMetadata = JsonSerialization.createObjectNode(); tokenMetadata = JsonSerialization.createObjectNode();
} }

24
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java
View file

@ -31,15 +31,17 @@ import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.OAuth2Constants; import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException; import org.keycloak.OAuthErrorException;
import org.keycloak.admin.client.resource.ClientScopesResource;
import org.keycloak.crypto.Algorithm; import org.keycloak.crypto.Algorithm;
import org.keycloak.events.Errors; import org.keycloak.events.Errors;
import org.keycloak.jose.jws.JWSInput; import org.keycloak.jose.jws.JWSInput;
import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation; import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation; import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation; import org.keycloak.representations.oidc.TokenMetadataRepresentation;
@ -62,6 +64,7 @@ import java.io.UnsupportedEncodingException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.Map;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
@ -106,6 +109,25 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
testRealm.getUsers().add(user); testRealm.getUsers().add(user);
} }
@Override
protected void afterAbstractKeycloakTestRealmImport() {
ClientScopesResource clientScopesResource = testRealm().clientScopes();
List<ClientScopeRepresentation> clientScopeRepresentations = clientScopesResource.findAll();
for (ClientScopeRepresentation scope : clientScopeRepresentations) {
List<ProtocolMapperRepresentation> mappers = scope.getProtocolMappers();
if (mappers != null) {
for (ProtocolMapperRepresentation mapper : mappers) {
if ("username".equals(mapper.getName())) {
Map<String, String> config = mapper.getConfig();
config.put("user.attribute", "username");
config.put("claim.name", "preferred_username12");
clientScopesResource.get(scope.getId()).getProtocolMappers().update(mapper.getId(), mapper);
}
}
}
}
}
@Test @Test
public void testConfidentialClientCredentialsBasicAuthentication() throws Exception { public void testConfidentialClientCredentialsBasicAuthentication() throws Exception {
oauth.doLogin("test-user@localhost", "password"); oauth.doLogin("test-user@localhost", "password");