refactor model

forms/login-api/src/main/java/org/keycloak/login/LoginForms.java

@@ -1,47 +1,47 @@
-package org.keycloak.login;
-
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserModel;
-
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import java.util.List;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public interface LoginForms {
-
-    public Response createResponse(UserModel.RequiredAction action);
-
-    public Response createLogin();
-
-    public Response createPasswordReset();
-
-    public Response createLoginTotp();
-
-    public Response createRegistration();
-
-    public Response createErrorPage();
-
-    public Response createOAuthGrant();
-
-    public LoginForms setAccessCode(String accessCodeId, String accessCode);
-
-    public LoginForms setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String,RoleModel> resourceRolesRequested);
-
-    public LoginForms setError(String message);
-
-    public LoginForms setSuccess(String message);
-
-    public LoginForms setWarning(String message);
-
-    public LoginForms setUser(UserModel user);
-
-    public LoginForms setClient(UserModel client);
-
-    public LoginForms setFormData(MultivaluedMap<String, String> formData);
-
-    public LoginForms setStatus(Response.Status status);
-
-}
+package org.keycloak.login;
+
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserModel;
+
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface LoginForms {
+
+    public Response createResponse(UserModel.RequiredAction action);
+
+    public Response createLogin();
+
+    public Response createPasswordReset();
+
+    public Response createLoginTotp();
+
+    public Response createRegistration();
+
+    public Response createErrorPage();
+
+    public Response createOAuthGrant();
+
+    public LoginForms setAccessCode(String accessCodeId, String accessCode);
+
+    public LoginForms setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String,RoleModel> resourceRolesRequested);
+
+    public LoginForms setError(String message);
+
+    public LoginForms setSuccess(String message);
+
+    public LoginForms setWarning(String message);
+
+    public LoginForms setUser(UserModel user);
+
+    public LoginForms setClient(UserModel client);
+
+    public LoginForms setFormData(MultivaluedMap<String, String> formData);
+
+    public LoginForms setStatus(Response.Status status);
+
+}

forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java

@@ -1,273 +1,273 @@
-package org.keycloak.login.freemarker;
-
-import org.jboss.logging.Logger;
-import org.jboss.resteasy.spi.HttpRequest;
-import org.keycloak.freemarker.FreeMarkerException;
-import org.keycloak.freemarker.FreeMarkerUtil;
-import org.keycloak.freemarker.Theme;
-import org.keycloak.freemarker.ThemeLoader;
-import org.keycloak.login.LoginForms;
-import org.keycloak.login.LoginFormsPages;
-import org.keycloak.login.freemarker.model.LoginBean;
-import org.keycloak.login.freemarker.model.MessageBean;
-import org.keycloak.login.freemarker.model.OAuthGrantBean;
-import org.keycloak.login.freemarker.model.ProfileBean;
-import org.keycloak.login.freemarker.model.RealmBean;
-import org.keycloak.login.freemarker.model.RegisterBean;
-import org.keycloak.login.freemarker.model.SocialBean;
-import org.keycloak.login.freemarker.model.TotpBean;
-import org.keycloak.login.freemarker.model.UrlBean;
-import org.keycloak.models.RealmModel;
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserModel;
-import org.keycloak.services.email.EmailException;
-import org.keycloak.services.email.EmailSender;
-import org.keycloak.services.messages.Messages;
-
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-import java.io.IOException;
-import java.net.URI;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-/**
- * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
- */
-public class FreeMarkerLoginForms implements LoginForms {
-
-    private static final Logger logger = Logger.getLogger(FreeMarkerLoginForms.class);
-
-    private String message;
-    private String accessCodeId;
-    private String accessCode;
-    private Response.Status status = Response.Status.OK;
-    private List<RoleModel> realmRolesRequested;
-    private MultivaluedMap<String, RoleModel> resourceRolesRequested;
-
-    public static enum MessageType {SUCCESS, WARNING, ERROR}
-
-    private MessageType messageType = MessageType.ERROR;
-
-    private MultivaluedMap<String, String> formData;
-
-    private RealmModel realm;
-
-    // TODO Remove
-    private HttpRequest request;
-
-    private UserModel user;
-
-    private UserModel client;
-
-    private UriInfo uriInfo;
-
-    FreeMarkerLoginForms(RealmModel realm, org.jboss.resteasy.spi.HttpRequest request, UriInfo uriInfo) {
-        this.realm = realm;
-        this.request = request;
-        this.uriInfo = uriInfo;
-    }
-
-    public Response createResponse(UserModel.RequiredAction action) {
-        String actionMessage;
-        LoginFormsPages page;
-
-        switch (action) {
-            case CONFIGURE_TOTP:
-                actionMessage = Messages.ACTION_WARN_TOTP;
-                page = LoginFormsPages.LOGIN_CONFIG_TOTP;
-                break;
-            case UPDATE_PROFILE:
-                actionMessage = Messages.ACTION_WARN_PROFILE;
-                page = LoginFormsPages.LOGIN_UPDATE_PROFILE;
-                break;
-            case UPDATE_PASSWORD:
-                actionMessage = Messages.ACTION_WARN_PASSWD;
-                page = LoginFormsPages.LOGIN_UPDATE_PASSWORD;
-                break;
-            case VERIFY_EMAIL:
-                try {
-                    new EmailSender(realm.getSmtpConfig()).sendEmailVerification(user, realm, accessCodeId, uriInfo);
-                } catch (EmailException e) {
-                    return setError("emailSendError").createErrorPage();
-                }
-
-                actionMessage = Messages.ACTION_WARN_EMAIL;
-                page = LoginFormsPages.LOGIN_VERIFY_EMAIL;
-                break;
-            default:
-                return Response.serverError().build();
-        }
-
-        if (message == null) {
-            setWarning(actionMessage);
-        }
-
-        return createResponse(page);
-    }
-
-    private Response createResponse(LoginFormsPages page) {
-        MultivaluedMap<String, String> queryParameterMap = uriInfo.getQueryParameters();
-
-        String requestURI = uriInfo.getBaseUri().getPath();
-        UriBuilder uriBuilder = UriBuilder.fromUri(requestURI);
-
-        for (String k : queryParameterMap.keySet()) {
-            uriBuilder.replaceQueryParam(k, queryParameterMap.get(k).toArray());
-        }
-
-        if (accessCode != null) {
-            uriBuilder.replaceQueryParam("code", accessCode);
-        }
-
-        Map<String, Object> attributes = new HashMap<String, Object>();
-
-        Theme theme;
-        try {
-            theme = ThemeLoader.createTheme(realm.getLoginTheme(), Theme.Type.LOGIN);
-        } catch (FreeMarkerException e) {
-            logger.error("Failed to create theme", e);
-            return Response.serverError().build();
-        }
-
-        try {
-            attributes.put("properties", theme.getProperties());
-        } catch (IOException e) {
-            logger.warn("Failed to load properties", e);
-        }
-
-        Properties messages;
-        try {
-            messages = theme.getMessages();
-            attributes.put("rb", messages);
-        } catch (IOException e) {
-            logger.warn("Failed to load messages", e);
-            messages = new Properties();
-        }
-
-        if (message != null) {
-            attributes.put("message", new MessageBean(messages.containsKey(message) ? messages.getProperty(message) : message, messageType));
-        }
-
-        URI baseUri = uriBuilder.build();
-
-        if (realm != null) {
-            attributes.put("realm", new RealmBean(realm));
-            attributes.put("social", new SocialBean(realm, baseUri));
-            attributes.put("url", new UrlBean(realm, theme, baseUri));
-        }
-
-        attributes.put("login", new LoginBean(formData));
-
-        switch (page) {
-            case LOGIN_CONFIG_TOTP:
-                attributes.put("totp", new TotpBean(user, baseUri));
-                break;
-            case LOGIN_UPDATE_PROFILE:
-                attributes.put("user", new ProfileBean(user));
-                break;
-            case REGISTER:
-                attributes.put("register", new RegisterBean(formData));
-                break;
-            case OAUTH_GRANT:
-                attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested));
-                break;
-        }
-
-        try {
-            String result = FreeMarkerUtil.processTemplate(attributes, Templates.getTemplate(page), theme);
-            return Response.status(status).type(MediaType.TEXT_HTML).entity(result).build();
-        } catch (FreeMarkerException e) {
-            logger.error("Failed to process template", e);
-            return Response.serverError().build();
-        }
-    }
-
-    public Response createLogin() {
-        return createResponse(LoginFormsPages.LOGIN);
-    }
-
-    public Response createPasswordReset() {
-        return createResponse(LoginFormsPages.LOGIN_RESET_PASSWORD);
-    }
-
-    public Response createUsernameReminder() {
-        return createResponse(LoginFormsPages.LOGIN_USERNAME_REMINDER);
-    }
-
-    public Response createLoginTotp() {
-        return createResponse(LoginFormsPages.LOGIN_TOTP);
-    }
-
-    public Response createRegistration() {
-        return createResponse(LoginFormsPages.REGISTER);
-    }
-
-    public Response createErrorPage() {
-        setStatus(Response.Status.INTERNAL_SERVER_ERROR);
-        return createResponse(LoginFormsPages.ERROR);
-    }
-
-    public Response createOAuthGrant() {
-        return createResponse(LoginFormsPages.OAUTH_GRANT);
-    }
-
-    public FreeMarkerLoginForms setError(String message) {
-        this.message = message;
-        this.messageType = MessageType.ERROR;
-        return this;
-    }
-
-    public FreeMarkerLoginForms setSuccess(String message) {
-        this.message = message;
-        this.messageType = MessageType.SUCCESS;
-        return this;
-    }
-
-    public FreeMarkerLoginForms setWarning(String message) {
-        this.message = message;
-        this.messageType = MessageType.WARNING;
-        return this;
-    }
-
-    public FreeMarkerLoginForms setUser(UserModel user) {
-        this.user = user;
-        return this;
-    }
-
-    public FreeMarkerLoginForms setClient(UserModel client) {
-        this.client = client;
-        return this;
-    }
-
-    public FreeMarkerLoginForms setFormData(MultivaluedMap<String, String> formData) {
-        this.formData = formData;
-        return this;
-    }
-
-    @Override
-    public LoginForms setAccessCode(String accessCodeId, String accessCode) {
-        this.accessCodeId = accessCodeId;
-        this.accessCode = accessCode;
-        return this;
-    }
-
-    @Override
-    public LoginForms setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
-        this.realmRolesRequested = realmRolesRequested;
-        this.resourceRolesRequested = resourceRolesRequested;
-        return this;
-    }
-
-    @Override
-    public LoginForms setStatus(Response.Status status) {
-        this.status = status;
-        return this;
-    }
-
-}
+package org.keycloak.login.freemarker;
+
+import org.jboss.logging.Logger;
+import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.freemarker.FreeMarkerException;
+import org.keycloak.freemarker.FreeMarkerUtil;
+import org.keycloak.freemarker.Theme;
+import org.keycloak.freemarker.ThemeLoader;
+import org.keycloak.login.LoginForms;
+import org.keycloak.login.LoginFormsPages;
+import org.keycloak.login.freemarker.model.LoginBean;
+import org.keycloak.login.freemarker.model.MessageBean;
+import org.keycloak.login.freemarker.model.OAuthGrantBean;
+import org.keycloak.login.freemarker.model.ProfileBean;
+import org.keycloak.login.freemarker.model.RealmBean;
+import org.keycloak.login.freemarker.model.RegisterBean;
+import org.keycloak.login.freemarker.model.SocialBean;
+import org.keycloak.login.freemarker.model.TotpBean;
+import org.keycloak.login.freemarker.model.UrlBean;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.services.email.EmailException;
+import org.keycloak.services.email.EmailSender;
+import org.keycloak.services.messages.Messages;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+import java.io.IOException;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public class FreeMarkerLoginForms implements LoginForms {
+
+    private static final Logger logger = Logger.getLogger(FreeMarkerLoginForms.class);
+
+    private String message;
+    private String accessCodeId;
+    private String accessCode;
+    private Response.Status status = Response.Status.OK;
+    private List<RoleModel> realmRolesRequested;
+    private MultivaluedMap<String, RoleModel> resourceRolesRequested;
+
+    public static enum MessageType {SUCCESS, WARNING, ERROR}
+
+    private MessageType messageType = MessageType.ERROR;
+
+    private MultivaluedMap<String, String> formData;
+
+    private RealmModel realm;
+
+    // TODO Remove
+    private HttpRequest request;
+
+    private UserModel user;
+
+    private UserModel client;
+
+    private UriInfo uriInfo;
+
+    FreeMarkerLoginForms(RealmModel realm, org.jboss.resteasy.spi.HttpRequest request, UriInfo uriInfo) {
+        this.realm = realm;
+        this.request = request;
+        this.uriInfo = uriInfo;
+    }
+
+    public Response createResponse(UserModel.RequiredAction action) {
+        String actionMessage;
+        LoginFormsPages page;
+
+        switch (action) {
+            case CONFIGURE_TOTP:
+                actionMessage = Messages.ACTION_WARN_TOTP;
+                page = LoginFormsPages.LOGIN_CONFIG_TOTP;
+                break;
+            case UPDATE_PROFILE:
+                actionMessage = Messages.ACTION_WARN_PROFILE;
+                page = LoginFormsPages.LOGIN_UPDATE_PROFILE;
+                break;
+            case UPDATE_PASSWORD:
+                actionMessage = Messages.ACTION_WARN_PASSWD;
+                page = LoginFormsPages.LOGIN_UPDATE_PASSWORD;
+                break;
+            case VERIFY_EMAIL:
+                try {
+                    new EmailSender(realm.getSmtpConfig()).sendEmailVerification(user, realm, accessCodeId, uriInfo);
+                } catch (EmailException e) {
+                    return setError("emailSendError").createErrorPage();
+                }
+
+                actionMessage = Messages.ACTION_WARN_EMAIL;
+                page = LoginFormsPages.LOGIN_VERIFY_EMAIL;
+                break;
+            default:
+                return Response.serverError().build();
+        }
+
+        if (message == null) {
+            setWarning(actionMessage);
+        }
+
+        return createResponse(page);
+    }
+
+    private Response createResponse(LoginFormsPages page) {
+        MultivaluedMap<String, String> queryParameterMap = uriInfo.getQueryParameters();
+
+        String requestURI = uriInfo.getBaseUri().getPath();
+        UriBuilder uriBuilder = UriBuilder.fromUri(requestURI);
+
+        for (String k : queryParameterMap.keySet()) {
+            uriBuilder.replaceQueryParam(k, queryParameterMap.get(k).toArray());
+        }
+
+        if (accessCode != null) {
+            uriBuilder.replaceQueryParam("code", accessCode);
+        }
+
+        Map<String, Object> attributes = new HashMap<String, Object>();
+
+        Theme theme;
+        try {
+            theme = ThemeLoader.createTheme(realm.getLoginTheme(), Theme.Type.LOGIN);
+        } catch (FreeMarkerException e) {
+            logger.error("Failed to create theme", e);
+            return Response.serverError().build();
+        }
+
+        try {
+            attributes.put("properties", theme.getProperties());
+        } catch (IOException e) {
+            logger.warn("Failed to load properties", e);
+        }
+
+        Properties messages;
+        try {
+            messages = theme.getMessages();
+            attributes.put("rb", messages);
+        } catch (IOException e) {
+            logger.warn("Failed to load messages", e);
+            messages = new Properties();
+        }
+
+        if (message != null) {
+            attributes.put("message", new MessageBean(messages.containsKey(message) ? messages.getProperty(message) : message, messageType));
+        }
+
+        URI baseUri = uriBuilder.build();
+
+        if (realm != null) {
+            attributes.put("realm", new RealmBean(realm));
+            attributes.put("social", new SocialBean(realm, baseUri));
+            attributes.put("url", new UrlBean(realm, theme, baseUri));
+        }
+
+        attributes.put("login", new LoginBean(formData));
+
+        switch (page) {
+            case LOGIN_CONFIG_TOTP:
+                attributes.put("totp", new TotpBean(user, baseUri));
+                break;
+            case LOGIN_UPDATE_PROFILE:
+                attributes.put("user", new ProfileBean(user));
+                break;
+            case REGISTER:
+                attributes.put("register", new RegisterBean(formData));
+                break;
+            case OAUTH_GRANT:
+                attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested));
+                break;
+        }
+
+        try {
+            String result = FreeMarkerUtil.processTemplate(attributes, Templates.getTemplate(page), theme);
+            return Response.status(status).type(MediaType.TEXT_HTML).entity(result).build();
+        } catch (FreeMarkerException e) {
+            logger.error("Failed to process template", e);
+            return Response.serverError().build();
+        }
+    }
+
+    public Response createLogin() {
+        return createResponse(LoginFormsPages.LOGIN);
+    }
+
+    public Response createPasswordReset() {
+        return createResponse(LoginFormsPages.LOGIN_RESET_PASSWORD);
+    }
+
+    public Response createUsernameReminder() {
+        return createResponse(LoginFormsPages.LOGIN_USERNAME_REMINDER);
+    }
+
+    public Response createLoginTotp() {
+        return createResponse(LoginFormsPages.LOGIN_TOTP);
+    }
+
+    public Response createRegistration() {
+        return createResponse(LoginFormsPages.REGISTER);
+    }
+
+    public Response createErrorPage() {
+        setStatus(Response.Status.INTERNAL_SERVER_ERROR);
+        return createResponse(LoginFormsPages.ERROR);
+    }
+
+    public Response createOAuthGrant() {
+        return createResponse(LoginFormsPages.OAUTH_GRANT);
+    }
+
+    public FreeMarkerLoginForms setError(String message) {
+        this.message = message;
+        this.messageType = MessageType.ERROR;
+        return this;
+    }
+
+    public FreeMarkerLoginForms setSuccess(String message) {
+        this.message = message;
+        this.messageType = MessageType.SUCCESS;
+        return this;
+    }
+
+    public FreeMarkerLoginForms setWarning(String message) {
+        this.message = message;
+        this.messageType = MessageType.WARNING;
+        return this;
+    }
+
+    public FreeMarkerLoginForms setUser(UserModel user) {
+        this.user = user;
+        return this;
+    }
+
+    public FreeMarkerLoginForms setClient(UserModel client) {
+        this.client = client;
+        return this;
+    }
+
+    public FreeMarkerLoginForms setFormData(MultivaluedMap<String, String> formData) {
+        this.formData = formData;
+        return this;
+    }
+
+    @Override
+    public LoginForms setAccessCode(String accessCodeId, String accessCode) {
+        this.accessCodeId = accessCodeId;
+        this.accessCode = accessCode;
+        return this;
+    }
+
+    @Override
+    public LoginForms setAccessRequest(List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
+        this.realmRolesRequested = realmRolesRequested;
+        this.resourceRolesRequested = resourceRolesRequested;
+        return this;
+    }
+
+    @Override
+    public LoginForms setStatus(Response.Status status) {
+        this.status = status;
+        return this;
+    }
+
+}

forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/model/OAuthGrantBean.java

@@ -1,66 +1,66 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.keycloak.login.freemarker.model;
-
-import org.keycloak.models.RoleModel;
-import org.keycloak.models.UserModel;
-
-import javax.ws.rs.core.MultivaluedMap;
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author <a href="mailto:vrockai@redhat.com">Viliam Rockai</a>
- */
-public class OAuthGrantBean {
-
-    private List<RoleModel> realmRolesRequested;
-    private MultivaluedMap<String, RoleModel> resourceRolesRequested;
-    private String code;
-    private UserModel client;
-    private String oAuthCode;
-    private String action;
-
-    public OAuthGrantBean(String code, UserModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
-        this.code = code;
-        this.client = client;
-        this.realmRolesRequested = realmRolesRequested;
-        this.resourceRolesRequested = resourceRolesRequested;
-    }
-
-    public String getCode() {
-        return code;
-    }
-
-    public MultivaluedMap<String, RoleModel> getResourceRolesRequested() {
-        return resourceRolesRequested;
-    }
-
-    public List<RoleModel> getRealmRolesRequested() {
-        return realmRolesRequested;
-    }
-
-    public String getClient() {
-        return client.getLoginName();
-    }
-
-}
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.login.freemarker.model;
+
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserModel;
+
+import javax.ws.rs.core.MultivaluedMap;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:vrockai@redhat.com">Viliam Rockai</a>
+ */
+public class OAuthGrantBean {
+
+    private List<RoleModel> realmRolesRequested;
+    private MultivaluedMap<String, RoleModel> resourceRolesRequested;
+    private String code;
+    private UserModel client;
+    private String oAuthCode;
+    private String action;
+
+    public OAuthGrantBean(String code, UserModel client, List<RoleModel> realmRolesRequested, MultivaluedMap<String, RoleModel> resourceRolesRequested) {
+        this.code = code;
+        this.client = client;
+        this.realmRolesRequested = realmRolesRequested;
+        this.resourceRolesRequested = resourceRolesRequested;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public MultivaluedMap<String, RoleModel> getResourceRolesRequested() {
+        return resourceRolesRequested;
+    }
+
+    public List<RoleModel> getRealmRolesRequested() {
+        return realmRolesRequested;
+    }
+
+    public String getClient() {
+        return client.getLoginName();
+    }
+
+}

model/api/src/main/java/org/keycloak/models/ApplicationModel.java

@@ -7,13 +7,9 @@ import java.util.Set;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public interface ApplicationModel extends RoleContainerModel, ClaimRequesterModel {
+public interface ApplicationModel extends RoleContainerModel, ClientModel {
     void updateApplication();
 
-    UserModel getApplicationUser();
-
-    String getId();
-
     String getName();
 
     void setName(String name);

model/api/src/main/java/org/keycloak/models/ClientModel.java

@@ -4,8 +4,12 @@ package org.keycloak.models;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public interface ClaimRequesterModel {
+public interface ClientModel {
     long getAllowedClaimsMask();
 
     void setAllowedClaimsMask(long mask);
+
+    UserModel getAgent();
+
+    String getId();
 }

model/api/src/main/java/org/keycloak/models/OAuthClientModel.java

@@ -4,9 +4,6 @@ package org.keycloak.models;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public interface OAuthClientModel extends ClaimRequesterModel {
-    String getId();
-
-    UserModel getOAuthAgent();
+public interface OAuthClientModel extends ClientModel {
 
 }

model/jpa/src/main/java/org/keycloak/models/jpa/ApplicationAdapter.java

@@ -6,17 +6,13 @@ import org.keycloak.models.RoleContainerModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.jpa.entities.*;
-import org.keycloak.representations.idm.ApplicationMappingsRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
 
 import javax.persistence.EntityManager;
 import javax.persistence.TypedQuery;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 
 /**
@@ -41,7 +37,7 @@ public class ApplicationAdapter implements ApplicationModel {
     }
 
     @Override
-    public UserModel getApplicationUser() {
+    public UserModel getAgent() {
         return new UserAdapter(application.getApplicationUser());
     }
 
@@ -276,7 +272,7 @@ public class ApplicationAdapter implements ApplicationModel {
 
     @Override
     public void addScope(RoleModel role) {
-        realm.addScopeMapping(getApplicationUser(), role);
+        realm.addScopeMapping(getAgent(), role);
     }
 
     public boolean equals(Object o) {

model/jpa/src/main/java/org/keycloak/models/jpa/OAuthClientAdapter.java

@@ -25,7 +25,7 @@ public class OAuthClientAdapter implements OAuthClientModel {
     }
 
     @Override
-    public UserModel getOAuthAgent() {
+    public UserModel getAgent() {
         return new UserAdapter(entity.getAgent());
     }
     @Override

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/ApplicationAdapter.java

@@ -41,7 +41,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
     }
 
     @Override
-    public UserAdapter getApplicationUser() {
+    public UserAdapter getAgent() {
         // This is not thread-safe. Assumption is that ApplicationAdapter instance is per-client object
         if (resourceUser == null) {
             UserEntity userEntity = getMongoStore().loadEntity(UserEntity.class, application.getResourceUserId(), invocationContext);
@@ -196,7 +196,7 @@ public class ApplicationAdapter extends AbstractAdapter implements ApplicationMo
 
     @Override
     public void addScope(RoleModel role) {
-        UserAdapter appUser = getApplicationUser();
+        UserAdapter appUser = getAgent();
         getMongoStore().pushItemToList(appUser.getUser(), "scopeIds", role.getId(), true, invocationContext);
     }
 

model/mongo/src/main/java/org/keycloak/models/mongo/keycloak/adapters/OAuthClientAdapter.java

@@ -41,7 +41,7 @@ public class OAuthClientAdapter extends AbstractAdapter implements OAuthClientMo
     }
 
     @Override
-    public UserModel getOAuthAgent() {
+    public UserModel getAgent() {
         // This is not thread-safe. Assumption is that OAuthClientAdapter instance is per-client object
         if (oauthAgent == null) {
             UserEntity user = getMongoStore().loadEntity(UserEntity.class, delegate.getOauthAgentId(), invocationContext);

model/tests/src/test/java/org/keycloak/model/test/AdapterTest.java

@@ -1,7 +1,6 @@
 package org.keycloak.model.test;
 
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.FixMethodOrder;
 import org.junit.Test;
 import org.junit.runners.MethodSorters;
@@ -15,7 +14,6 @@ import org.keycloak.models.SocialLinkModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.services.managers.ApplianceBootstrap;
 import org.keycloak.services.managers.OAuthClientManager;
 import org.keycloak.services.managers.RealmManager;
 
@@ -141,7 +139,7 @@ public class AdapterTest extends AbstractModelTest {
 
         OAuthClientModel oauth = new OAuthClientManager(realmModel).create("oauth-client");
         oauth = realmModel.getOAuthClient("oauth-client");
-        Assert.assertTrue(realmModel.hasRole(oauth.getOAuthAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
+        Assert.assertTrue(realmModel.hasRole(oauth.getAgent(), realmModel.getRole(Constants.IDENTITY_REQUESTER_ROLE)));
 
 
     }
@@ -186,10 +184,10 @@ public class AdapterTest extends AbstractModelTest {
 
         RoleModel appRole = app.addRole("test");
         realmModel.grantRole(user, appRole);
-        realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
+        realmModel.addScopeMapping(client.getAgent(), appRole);
 
         RoleModel realmRole = realmModel.addRole("test");
-        realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
+        realmModel.addScopeMapping(app.getAgent(), realmRole);
 
         Assert.assertTrue(realmModel.removeApplication(app.getId()));
         Assert.assertFalse(realmModel.removeApplication(app.getId()));
@@ -214,10 +212,10 @@ public class AdapterTest extends AbstractModelTest {
 
         RoleModel appRole = app.addRole("test");
         realmModel.grantRole(user, appRole);
-        realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
+        realmModel.addScopeMapping(client.getAgent(), appRole);
 
         RoleModel realmRole = realmModel.addRole("test");
-        realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
+        realmModel.addScopeMapping(app.getAgent(), realmRole);
 
         Assert.assertTrue(identitySession.removeRealm(realmModel.getId()));
         Assert.assertFalse(identitySession.removeRealm(realmModel.getId()));
@@ -237,10 +235,10 @@ public class AdapterTest extends AbstractModelTest {
 
         RoleModel appRole = app.addRole("test");
         realmModel.grantRole(user, appRole);
-        realmModel.addScopeMapping(client.getOAuthAgent(), appRole);
+        realmModel.addScopeMapping(client.getAgent(), appRole);
 
         RoleModel realmRole = realmModel.addRole("test");
-        realmModel.addScopeMapping(app.getApplicationUser(), realmRole);
+        realmModel.addScopeMapping(app.getAgent(), realmRole);
 
         Assert.assertTrue(realmModel.removeRoleById(realmRole.getId()));
         Assert.assertFalse(realmModel.removeRoleById(realmRole.getId()));

model/tests/src/test/java/org/keycloak/model/test/ApplicationModelTest.java

@@ -37,11 +37,11 @@ public class ApplicationModelTest extends AbstractModelTest {
         application.addDefaultRole("role-1");
         application.addDefaultRole("role-2");
 
-        application.getApplicationUser().addRedirectUri("redirect-1");
-        application.getApplicationUser().addRedirectUri("redirect-2");
+        application.getAgent().addRedirectUri("redirect-1");
+        application.getAgent().addRedirectUri("redirect-2");
 
-        application.getApplicationUser().addWebOrigin("origin-1");
-        application.getApplicationUser().addWebOrigin("origin-2");
+        application.getAgent().addWebOrigin("origin-1");
+        application.getAgent().addWebOrigin("origin-2");
 
         application.updateApplication();
     }
@@ -69,8 +69,8 @@ public class ApplicationModelTest extends AbstractModelTest {
         Assert.assertEquals(expected.getManagementUrl(), actual.getManagementUrl());
         Assert.assertEquals(expected.getDefaultRoles(), actual.getDefaultRoles());
 
-        UserModel auser = actual.getApplicationUser();
-        UserModel euser = expected.getApplicationUser();
+        UserModel auser = actual.getAgent();
+        UserModel euser = expected.getAgent();
 
         Assert.assertTrue(euser.getRedirectUris().containsAll(auser.getRedirectUris()));
         Assert.assertTrue(euser.getWebOrigins().containsAll(auser.getWebOrigins()));

model/tests/src/test/java/org/keycloak/model/test/CompositeRolesModelTest.java

@@ -60,7 +60,7 @@ public class CompositeRolesModelTest extends AbstractModelTest {
         ApplicationModel application = realm.getApplicationByName(applicationName);
 
         Set<RoleModel> roleMappings = realm.getRoleMappings(user);
-        Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getApplicationUser());
+        Set<RoleModel> scopeMappings = realm.getScopeMappings(application.getAgent());
         Set<RoleModel> appRoles = application.getRoles();
         if (appRoles != null) scopeMappings.addAll(appRoles);
 

services/src/main/java/org/keycloak/services/managers/ApplicationManager.java

@@ -58,7 +58,7 @@ public class ApplicationManager {
         applicationModel.setBaseUrl(resourceRep.getBaseUrl());
         applicationModel.updateApplication();
 
-        UserModel resourceUser = applicationModel.getApplicationUser();
+        UserModel resourceUser = applicationModel.getAgent();
         if (resourceRep.getCredentials() != null && resourceRep.getCredentials().size() > 0) {
             for (CredentialRepresentation cred : resourceRep.getCredentials()) {
                 UserCredentialModel credential = new UserCredentialModel();
@@ -136,7 +136,7 @@ public class ApplicationManager {
     public ApplicationModel createApplication(RealmModel realm, String name) {
         RoleModel loginRole = realm.getRole(Constants.APPLICATION_ROLE);
         ApplicationModel app = realm.addApplication(name);
-        realm.grantRole(app.getApplicationUser(), loginRole);
+        realm.grantRole(app.getAgent(), loginRole);
         generateSecret(realm, app);
 
         return app;
@@ -144,7 +144,7 @@ public class ApplicationManager {
 
     public UserCredentialModel generateSecret(RealmModel realm, ApplicationModel app) {
         UserCredentialModel secret = UserCredentialModel.generateSecret();
-        realm.updateCredential(app.getApplicationUser(), secret);
+        realm.updateCredential(app.getAgent(), secret);
         return secret;
     }
 
@@ -162,12 +162,12 @@ public class ApplicationManager {
 
         List<String> redirectUris = rep.getRedirectUris();
         if (redirectUris != null) {
-            resource.getApplicationUser().setRedirectUris(new HashSet<String>(redirectUris));
+            resource.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
         }
 
         List<String> webOrigins = rep.getWebOrigins();
         if (webOrigins != null) {
-            resource.getApplicationUser().setWebOrigins(new HashSet<String>(webOrigins));
+            resource.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
         }
 
         if (rep.getClaims() != null) {
@@ -184,12 +184,12 @@ public class ApplicationManager {
         rep.setSurrogateAuthRequired(applicationModel.isSurrogateAuthRequired());
         rep.setBaseUrl(applicationModel.getBaseUrl());
 
-        Set<String> redirectUris = applicationModel.getApplicationUser().getRedirectUris();
+        Set<String> redirectUris = applicationModel.getAgent().getRedirectUris();
         if (redirectUris != null) {
             rep.setRedirectUris(new LinkedList<String>(redirectUris));
         }
 
-        Set<String> webOrigins = applicationModel.getApplicationUser().getWebOrigins();
+        Set<String> webOrigins = applicationModel.getAgent().getWebOrigins();
         if (webOrigins != null) {
             rep.setWebOrigins(new LinkedList<String>(webOrigins));
         }
@@ -251,7 +251,7 @@ public class ApplicationManager {
         rep.setResource(applicationModel.getName());
 
         Map<String, String> creds = new HashMap<String, String>();
-        String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue();
+        String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
         creds.put(CredentialRepresentation.SECRET, cred);
         rep.setCredentials(creds);
 
@@ -266,7 +266,7 @@ public class ApplicationManager {
         buffer.append("    <auth-server-url>").append(baseUri.toString()).append("</auth-server-url>\n");
         buffer.append("    <ssl-not-required>").append(realmModel.isSslNotRequired()).append("</ssl-not-required>\n");
         buffer.append("    <resource>").append(applicationModel.getName()).append("</resource>\n");
-        String cred = realmModel.getSecret(applicationModel.getApplicationUser()).getValue();
+        String cred = realmModel.getSecret(applicationModel.getAgent()).getValue();
         buffer.append("    <credential name=\"secret\">").append(cred).append("</credential>\n");
         buffer.append("</secure-deployment>\n");
         return buffer.toString();

services/src/main/java/org/keycloak/services/managers/ClaimManager.java

@@ -1,7 +1,7 @@
 package org.keycloak.services.managers;
 
 import org.keycloak.models.ClaimMask;
-import org.keycloak.models.ClaimRequesterModel;
+import org.keycloak.models.ClientModel;
 import org.keycloak.representations.idm.ClaimRepresentation;
 
 /**
@@ -9,7 +9,7 @@ import org.keycloak.representations.idm.ClaimRepresentation;
  * @version $Revision: 1 $
  */
 public class ClaimManager {
-    public static void setClaims(ClaimRequesterModel model, ClaimRepresentation rep) {
+    public static void setClaims(ClientModel model, ClaimRepresentation rep) {
         long mask = model.getAllowedClaimsMask();
         if (rep.getAddress()) {
             mask |= ClaimMask.ADDRESS;

services/src/main/java/org/keycloak/services/managers/ModelToRepresentation.java

@@ -2,7 +2,7 @@ package org.keycloak.services.managers;
 
 import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.ClaimMask;
-import org.keycloak.models.ClaimRequesterModel;
+import org.keycloak.models.ClientModel;
 import org.keycloak.models.Constants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
@@ -114,7 +114,7 @@ public class ModelToRepresentation {
         return rep;
     }
 
-    public static ClaimRepresentation toRepresentation(ClaimRequesterModel model) {
+    public static ClaimRepresentation toRepresentation(ClientModel model) {
         ClaimRepresentation rep = new ClaimRepresentation();
         rep.setAddress(ClaimMask.hasAddress(model.getAllowedClaimsMask()));
         rep.setEmail(ClaimMask.hasEmail(model.getAllowedClaimsMask()));

services/src/main/java/org/keycloak/services/managers/OAuthClientManager.java

@@ -2,7 +2,6 @@ package org.keycloak.services.managers;
 
 import org.codehaus.jackson.annotate.JsonProperty;
 import org.codehaus.jackson.annotate.JsonPropertyOrder;
-import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.ClaimMask;
 import org.keycloak.models.Constants;
 import org.keycloak.models.OAuthClientModel;
@@ -10,11 +9,9 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
-import org.keycloak.representations.adapters.config.BaseAdapterConfig;
 import org.keycloak.representations.adapters.config.BaseRealmConfig;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.OAuthClientRepresentation;
-import org.keycloak.services.resources.flows.Urls;
 
 import java.net.URI;
 import java.util.HashMap;
@@ -37,7 +34,7 @@ public class OAuthClientManager {
 
     public UserCredentialModel generateSecret(RealmModel realm, OAuthClientModel app) {
         UserCredentialModel secret = UserCredentialModel.generateSecret();
-        realm.updateCredential(app.getOAuthAgent(), secret);
+        realm.updateCredential(app.getAgent(), secret);
         return secret;
     }
 
@@ -45,7 +42,7 @@ public class OAuthClientManager {
     public OAuthClientModel create(String name) {
         OAuthClientModel model = realm.addOAuthClient(name);
         RoleModel role = realm.getRole(Constants.IDENTITY_REQUESTER_ROLE);
-        realm.grantRole(model.getOAuthAgent(), role);
+        realm.grantRole(model.getAgent(), role);
         generateSecret(realm, model);
         return model;
     }
@@ -53,7 +50,7 @@ public class OAuthClientManager {
     public OAuthClientModel create(OAuthClientRepresentation rep) {
         OAuthClientModel model = create(rep.getName());
         update(rep, model);
-        UserModel resourceUser = model.getOAuthAgent();
+        UserModel resourceUser = model.getAgent();
         if (rep.getCredentials() != null) {
             for (CredentialRepresentation cred : rep.getCredentials()) {
                 UserCredentialModel credential = new UserCredentialModel();
@@ -72,15 +69,15 @@ public class OAuthClientManager {
     }
 
     public void update(OAuthClientRepresentation rep, OAuthClientModel model) {
-        model.getOAuthAgent().setEnabled(rep.isEnabled());
+        model.getAgent().setEnabled(rep.isEnabled());
         List<String> redirectUris = rep.getRedirectUris();
         if (redirectUris != null) {
-            model.getOAuthAgent().setRedirectUris(new HashSet<String>(redirectUris));
+            model.getAgent().setRedirectUris(new HashSet<String>(redirectUris));
         }
 
         List<String> webOrigins = rep.getWebOrigins();
         if (webOrigins != null) {
-            model.getOAuthAgent().setWebOrigins(new HashSet<String>(webOrigins));
+            model.getAgent().setWebOrigins(new HashSet<String>(webOrigins));
         }
 
         if (rep.getClaims() != null) {
@@ -91,14 +88,14 @@ public class OAuthClientManager {
     public static OAuthClientRepresentation toRepresentation(OAuthClientModel model) {
         OAuthClientRepresentation rep = new OAuthClientRepresentation();
         rep.setId(model.getId());
-        rep.setName(model.getOAuthAgent().getLoginName());
-        rep.setEnabled(model.getOAuthAgent().isEnabled());
-        Set<String> redirectUris = model.getOAuthAgent().getRedirectUris();
+        rep.setName(model.getAgent().getLoginName());
+        rep.setEnabled(model.getAgent().isEnabled());
+        Set<String> redirectUris = model.getAgent().getRedirectUris();
         if (redirectUris != null) {
             rep.setRedirectUris(new LinkedList<String>(redirectUris));
         }
 
-        Set<String> webOrigins = model.getOAuthAgent().getWebOrigins();
+        Set<String> webOrigins = model.getAgent().getWebOrigins();
         if (webOrigins != null) {
             rep.setWebOrigins(new LinkedList<String>(webOrigins));
         }
@@ -138,10 +135,10 @@ public class OAuthClientManager {
         rep.setSslNotRequired(realmModel.isSslNotRequired());
         rep.setAuthServerUrl(baseUri.toString());
 
-        rep.setResource(model.getOAuthAgent().getLoginName());
+        rep.setResource(model.getAgent().getLoginName());
 
         Map<String, String> creds = new HashMap<String, String>();
-        creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getOAuthAgent()).getValue());
+        creds.put(CredentialRepresentation.SECRET, realmModel.getSecret(model.getAgent()).getValue());
         rep.setCredentials(creds);
 
         return rep;

services/src/main/java/org/keycloak/services/managers/RealmManager.java

@@ -255,7 +255,7 @@ public class RealmManager {
         if (rep.getApplications() != null) {
             Map<String, ApplicationModel> appMap = createApplications(rep, newRealm);
             for (ApplicationModel app : appMap.values()) {
-                userMap.put(app.getApplicationUser().getLoginName(), app.getApplicationUser());
+                userMap.put(app.getAgent().getLoginName(), app.getAgent());
             }
         }
 
@@ -308,7 +308,7 @@ public class RealmManager {
         if (rep.getOauthClients() != null) {
             Map<String, OAuthClientModel> oauthMap = createOAuthClients(rep, newRealm);
             for (OAuthClientModel app : oauthMap.values()) {
-                userMap.put(app.getOAuthAgent().getLoginName(), app.getOAuthAgent());
+                userMap.put(app.getAgent().getLoginName(), app.getAgent());
             }
 
         }
@@ -501,7 +501,7 @@ public class RealmManager {
         OAuthClientManager manager = new OAuthClientManager(realm);
         for (OAuthClientRepresentation rep : realmRep.getOauthClients()) {
             OAuthClientModel app = manager.create(rep);
-            appMap.put(app.getOAuthAgent().getLoginName(), app);
+            appMap.put(app.getAgent().getLoginName(), app);
         }
         return appMap;
     }

services/src/main/java/org/keycloak/services/managers/TokenManager.java

@@ -7,7 +7,7 @@ import org.keycloak.jose.jws.JWSInput;
 import org.keycloak.jose.jws.crypto.RSAProvider;
 import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.ClaimMask;
-import org.keycloak.models.ClaimRequesterModel;
+import org.keycloak.models.ClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RoleModel;
 import org.keycloak.models.UserModel;
@@ -17,7 +17,6 @@ import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.representations.IDToken;
 import org.keycloak.representations.RefreshToken;
-import org.keycloak.representations.idm.ClaimRepresentation;
 import org.keycloak.util.Base64Url;
 import org.keycloak.util.JsonSerialization;
 
@@ -25,7 +24,6 @@ import javax.ws.rs.core.MultivaluedHashMap;
 import javax.ws.rs.core.MultivaluedMap;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
-import java.security.PrivateKey;
 import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
@@ -182,7 +180,7 @@ public class TokenManager {
 
             }
         }
-        ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client);
+        ClientModel claimRequesterModel = getClaimRequester(realm, client);
 
         AccessToken accessToken = initToken(realm, claimRequesterModel, client, user);
         accessToken.setRealmAccess(refreshToken.getRealmAccess());
@@ -194,8 +192,8 @@ public class TokenManager {
         return createClientAccessToken(scopeParam, realm, client, user, new LinkedList<RoleModel>(), new MultivaluedHashMap<String, RoleModel>());
     }
 
-    protected ClaimRequesterModel getClaimRequester(RealmModel realm, UserModel client) {
-        ClaimRequesterModel model = realm.getApplicationByName(client.getLoginName());
+    protected ClientModel getClaimRequester(RealmModel realm, UserModel client) {
+        ClientModel model = realm.getApplicationByName(client.getLoginName());
         if (model != null) return model;
         return realm.getOAuthClient(client.getLoginName());
     }
@@ -208,7 +206,7 @@ public class TokenManager {
 
         Set<RoleModel> roleMappings = realm.getRoleMappings(user);
         Set<RoleModel> scopeMappings = realm.getScopeMappings(client);
-        ClaimRequesterModel claimRequesterModel = getClaimRequester(realm, client);
+        ClientModel claimRequesterModel = getClaimRequester(realm, client);
         ApplicationModel clientApp = realm.getApplicationByName(client.getLoginName());
         Set<RoleModel> clientAppRoles = clientApp == null ? null : clientApp.getRoles();
         if (clientAppRoles != null) scopeMappings.addAll(clientAppRoles);
@@ -253,7 +251,7 @@ public class TokenManager {
         return token;
     }
 
-    public void initClaims(IDToken token, ClaimRequesterModel model, UserModel user) {
+    public void initClaims(IDToken token, ClientModel model, UserModel user) {
         if (ClaimMask.hasUsername(model.getAllowedClaimsMask())) {
             token.setPreferredUsername(user.getLoginName());
         }
@@ -271,7 +269,7 @@ public class TokenManager {
         }
     }
 
-    protected IDToken initIDToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) {
+    protected IDToken initIDToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
         IDToken token = new IDToken();
         token.id(KeycloakModelUtils.generateId());
         token.subject(user.getId());
@@ -288,7 +286,7 @@ public class TokenManager {
 
 
 
-    protected AccessToken initToken(RealmModel realm, ClaimRequesterModel claimer, UserModel client, UserModel user) {
+    protected AccessToken initToken(RealmModel realm, ClientModel claimer, UserModel client, UserModel user) {
         AccessToken token = new AccessToken();
         token.id(KeycloakModelUtils.generateId());
         token.subject(user.getId());

services/src/main/java/org/keycloak/services/resources/AccountService.java

@@ -27,12 +27,9 @@ import org.keycloak.account.Account;
 import org.keycloak.account.AccountLoader;
 import org.keycloak.account.AccountPages;
 import org.keycloak.jaxrs.JaxrsOAuthClient;
-import org.keycloak.jose.jws.JWSInput;
-import org.keycloak.jose.jws.crypto.RSAProvider;
 import org.keycloak.models.*;
 import org.keycloak.models.utils.TimeBasedOTP;
 import org.keycloak.representations.idm.CredentialRepresentation;
-import org.keycloak.services.managers.AccessCodeEntry;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.Auth;
 import org.keycloak.services.managers.ModelToRepresentation;
@@ -257,7 +254,7 @@ public class AccountService {
                 logger.debug("realm not enabled");
                 throw new ForbiddenException();
             }
-            UserModel client = application.getApplicationUser();
+            UserModel client = application.getAgent();
             if (!client.isEnabled() || !application.isEnabled()) {
                 logger.debug("account management app not enabled");
                 throw new ForbiddenException();

services/src/main/java/org/keycloak/services/resources/admin/AdminService.java

@@ -325,7 +325,7 @@ public class AdminService {
                 return redirectOnLoginError("realm not enabled");
             }
             ApplicationModel adminConsole = adminRealm.getApplicationNameMap().get(Constants.ADMIN_CONSOLE_APPLICATION);
-            UserModel adminConsoleUser = adminConsole.getApplicationUser();
+            UserModel adminConsoleUser = adminConsole.getAgent();
             if (!adminConsole.isEnabled() || !adminConsoleUser.isEnabled()) {
                 logger.debug("admin app not enabled");
                 return redirectOnLoginError("admin app not enabled");

services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java

@@ -6,7 +6,6 @@ import org.keycloak.models.ApplicationModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
-import org.keycloak.representations.adapters.config.BaseAdapterConfig;
 import org.keycloak.representations.idm.ApplicationRepresentation;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.services.managers.ApplicationManager;
@@ -138,7 +137,7 @@ public class ApplicationResource {
         auth.requireView();
 
         logger.debug("getClientSecret");
-        UserCredentialModel model = realm.getSecret(application.getApplicationUser());
+        UserCredentialModel model = realm.getSecret(application.getAgent());
         if (model == null) throw new NotFoundException("Application does not have a secret");
         return ModelToRepresentation.toRepresentation(model);
     }
@@ -146,7 +145,7 @@ public class ApplicationResource {
 
     @Path("scope-mappings")
     public ScopeMappedResource getScopeMappedResource() {
-        return new ScopeMappedResource(realm, auth, application.getApplicationUser(), session);
+        return new ScopeMappedResource(realm, auth, application.getAgent(), session);
     }
 
     @Path("roles")
@@ -161,7 +160,7 @@ public class ApplicationResource {
     {
         auth.requireView();
 
-        return application.getApplicationUser().getWebOrigins();
+        return application.getAgent().getWebOrigins();
     }
 
     @Path("allowed-origins")
@@ -171,7 +170,7 @@ public class ApplicationResource {
     {
         auth.requireManage();
 
-        application.getApplicationUser().setWebOrigins(allowedOrigins);
+        application.getAgent().setWebOrigins(allowedOrigins);
     }
 
     @Path("allowed-origins")
@@ -182,7 +181,7 @@ public class ApplicationResource {
         auth.requireManage();
 
         for (String origin : allowedOrigins) {
-            application.getApplicationUser().removeWebOrigin(origin);
+            application.getAgent().removeWebOrigin(origin);
         }
     }
 

services/src/main/java/org/keycloak/services/resources/admin/ClaimResource.java

@@ -1,6 +1,6 @@
 package org.keycloak.services.resources.admin;
 
-import org.keycloak.models.ClaimRequesterModel;
+import org.keycloak.models.ClientModel;
 import org.keycloak.representations.idm.ClaimRepresentation;
 import org.keycloak.services.managers.ClaimManager;
 import org.keycloak.services.managers.ModelToRepresentation;
@@ -16,9 +16,9 @@ import javax.ws.rs.core.MediaType;
  * @version $Revision: 1 $
  */
 public class ClaimResource {
-    protected ClaimRequesterModel model;
+    protected ClientModel model;
 
-    public ClaimResource(ClaimRequesterModel model) {
+    public ClaimResource(ClientModel model) {
         this.model = model;
     }
 

services/src/main/java/org/keycloak/services/resources/admin/OAuthClientResource.java

@@ -6,13 +6,10 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.OAuthClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
-import org.keycloak.representations.adapters.config.BaseAdapterConfig;
 import org.keycloak.representations.idm.CredentialRepresentation;
 import org.keycloak.representations.idm.OAuthClientRepresentation;
-import org.keycloak.services.managers.ApplicationManager;
 import org.keycloak.services.managers.ModelToRepresentation;
 import org.keycloak.services.managers.OAuthClientManager;
-import org.keycloak.services.managers.RealmManager;
 import org.keycloak.services.resources.KeycloakApplication;
 import org.keycloak.util.JsonSerialization;
 
@@ -29,7 +26,6 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 import java.io.IOException;
-import java.util.List;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -116,7 +112,7 @@ public class OAuthClientResource  {
 
         logger.debug("regenerateSecret");
         UserCredentialModel cred = UserCredentialModel.generateSecret();
-        realm.updateCredential(oauthClient.getOAuthAgent(), cred);
+        realm.updateCredential(oauthClient.getAgent(), cred);
         CredentialRepresentation rep = ModelToRepresentation.toRepresentation(cred);
         return rep;
     }
@@ -128,14 +124,14 @@ public class OAuthClientResource  {
         auth.requireView();
 
         logger.debug("getClientSecret");
-        UserCredentialModel model = realm.getSecret(oauthClient.getOAuthAgent());
+        UserCredentialModel model = realm.getSecret(oauthClient.getAgent());
         if (model == null) throw new NotFoundException("Application does not have a secret");
         return ModelToRepresentation.toRepresentation(model);
     }
 
     @Path("scope-mappings")
     public ScopeMappedResource getScopeMappedResource() {
-        return new ScopeMappedResource(realm, auth, oauthClient.getOAuthAgent(), session);
+        return new ScopeMappedResource(realm, auth, oauthClient.getAgent(), session);
     }
 
 

services/src/main/java/org/keycloak/services/resources/admin/OAuthClientsResource.java

@@ -58,7 +58,7 @@ public class OAuthClientsResource {
                 rep.add(OAuthClientManager.toRepresentation(oauth));
             } else {
                 OAuthClientRepresentation client = new OAuthClientRepresentation();
-                client.setName(oauth.getOAuthAgent().getLoginName());
+                client.setName(oauth.getAgent().getLoginName());
                 rep.add(client);
             }
         }

services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java

@@ -24,6 +24,7 @@ package org.keycloak.services.resources.flows;
 import org.jboss.resteasy.logging.Logger;
 import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.models.Constants;
+import org.keycloak.models.OAuthClientModel;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.RequiredCredentialModel;
 import org.keycloak.models.RoleModel;
@@ -127,6 +128,7 @@ public class OAuthFlows {
 
         if (!isResource
                 && (accessCode.getRealmRolesRequested().size() > 0 || accessCode.getResourceRolesRequested().size() > 0)) {
+            OAuthClientModel oauthClient = realm.getOAuthClient(client.getLoginName());
             accessCode.setExpiration(System.currentTimeMillis() / 1000 + realm.getAccessCodeLifespanUserAction());
             return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), accessCode.getCode()).
                     setAccessRequest(accessCode.getRealmRolesRequested(), accessCode.getResourceRolesRequested()).

testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java

@@ -65,9 +65,9 @@ public class ProfileTest {
             appRealm.updateCredential(user2, creds);
 
             ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
-            appRealm.addScopeMapping(app.getApplicationUser(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
+            appRealm.addScopeMapping(app.getAgent(), accountApp.getRole(AccountRoles.VIEW_PROFILE));
 
-            app.getApplicationUser().addWebOrigin("http://localtest.me:8081");
+            app.getAgent().addWebOrigin("http://localtest.me:8081");
 
             UserModel thirdParty = appRealm.getUser("third-party");
             appRealm.addScopeMapping(thirdParty, accountApp.getRole(AccountRoles.VIEW_PROFILE));

testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java

@@ -86,21 +86,21 @@ public class CompositeRoleTest {
             realmComposite1Application.addScope(realmComposite1);
             realmComposite1Application.setBaseUrl("http://localhost:8081/app");
             realmComposite1Application.setManagementUrl("http://localhost:8081/app/logout");
-            realm.updateCredential(realmComposite1Application.getApplicationUser(), UserCredentialModel.secret("password"));
+            realm.updateCredential(realmComposite1Application.getAgent(), UserCredentialModel.secret("password"));
 
             final ApplicationModel realmRole1Application = new ApplicationManager(manager).createApplication(realm, "REALM_ROLE_1_APPLICATION");
             realmRole1Application.setEnabled(true);
             realmRole1Application.addScope(realmRole1);
             realmRole1Application.setBaseUrl("http://localhost:8081/app");
             realmRole1Application.setManagementUrl("http://localhost:8081/app/logout");
-            realm.updateCredential(realmRole1Application.getApplicationUser(), UserCredentialModel.secret("password"));
+            realm.updateCredential(realmRole1Application.getAgent(), UserCredentialModel.secret("password"));
 
 
             final ApplicationModel appRoleApplication = new ApplicationManager(manager).createApplication(realm, "APP_ROLE_APPLICATION");
             appRoleApplication.setEnabled(true);
             appRoleApplication.setBaseUrl("http://localhost:8081/app");
             appRoleApplication.setManagementUrl("http://localhost:8081/app/logout");
-            realm.updateCredential(appRoleApplication.getApplicationUser(), UserCredentialModel.secret("password"));
+            realm.updateCredential(appRoleApplication.getAgent(), UserCredentialModel.secret("password"));
             final RoleModel appRole1 = appRoleApplication.addRole("APP_ROLE_1");
             final RoleModel appRole2 = appRoleApplication.addRole("APP_ROLE_2");
 
@@ -121,7 +121,7 @@ public class CompositeRoleTest {
             appCompositeApplication.setEnabled(true);
             appCompositeApplication.setBaseUrl("http://localhost:8081/app");
             appCompositeApplication.setManagementUrl("http://localhost:8081/app/logout");
-            realm.updateCredential(appCompositeApplication.getApplicationUser(), UserCredentialModel.secret("password"));
+            realm.updateCredential(appCompositeApplication.getAgent(), UserCredentialModel.secret("password"));
             final RoleModel appCompositeRole = appCompositeApplication.addRole("APP_COMPOSITE_ROLE");
             appCompositeApplication.addScope(appRole2);
             appCompositeRole.addCompositeRole(realmRole1);

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java

@@ -82,7 +82,7 @@ public class AuthorizationCodeTest {
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
                 for (ApplicationModel app : appRealm.getApplications()) {
                     if (app.getName().equals("test-app")) {
-                        UserModel client = app.getApplicationUser();
+                        UserModel client = app.getAgent();
                         client.addRedirectUri(oauth.getRedirectUri());
                     }
                 }

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java

@@ -48,7 +48,7 @@ public class OAuthRedirectUriTest {
         @Override
         public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
             ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
-            app.getApplicationUser().addRedirectUri("http://localhost:8081/app");
+            app.getAgent().addRedirectUri("http://localhost:8081/app");
         }
     });
 
@@ -81,7 +81,7 @@ public class OAuthRedirectUriTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app2");
+                appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app2");
             }
         });
 
@@ -95,7 +95,7 @@ public class OAuthRedirectUriTest {
             keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                 @Override
                 public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app2");
+                    appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app2");
                 }
             });
         }
@@ -106,7 +106,7 @@ public class OAuthRedirectUriTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app");
+                appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
             }
         });
 
@@ -120,7 +120,7 @@ public class OAuthRedirectUriTest {
             keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                 @Override
                 public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app");
+                    appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
                 }
             });
         }
@@ -131,7 +131,7 @@ public class OAuthRedirectUriTest {
         keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
             @Override
             public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                appRealm.getApplicationNameMap().get("test-app").getApplicationUser().removeRedirectUri("http://localhost:8081/app");
+                appRealm.getApplicationNameMap().get("test-app").getAgent().removeRedirectUri("http://localhost:8081/app");
             }
         });
 
@@ -144,7 +144,7 @@ public class OAuthRedirectUriTest {
             keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
                 @Override
                 public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
-                    appRealm.getApplicationNameMap().get("test-app").getApplicationUser().addRedirectUri("http://localhost:8081/app");
+                    appRealm.getApplicationNameMap().get("test-app").getAgent().addRedirectUri("http://localhost:8081/app");
                 }
             });
         }