set context session client equal to clientsession client (fromClientSessionAndScopeParameter method of DefaultClientSessionContext)

Closes #13162

services/src/main/java/org/keycloak/services/util/DefaultClientSessionContext.java

@@ -88,6 +88,7 @@ public class DefaultClientSessionContext implements ClientSessionContext {
     public static DefaultClientSessionContext fromClientSessionAndScopeParameter(AuthenticatedClientSessionModel clientSession, String scopeParam, KeycloakSession session) {
         Stream<ClientScopeModel> requestedClientScopes;
         if (Profile.isFeatureEnabled(Profile.Feature.DYNAMIC_SCOPES)) {
+            session.getContext().setClient(clientSession.getClient());
             requestedClientScopes = AuthorizationContextUtil.getClientScopesStreamFromAuthorizationRequestContextWithClient(session, scopeParam);
         } else {
             requestedClientScopes = TokenManager.getRequestedClientScopes(scopeParam, clientSession.getClient());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkTest.java

@@ -44,6 +44,7 @@ import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
 import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
 import org.keycloak.testsuite.broker.BrokerTestTools;
 import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
@@ -377,6 +378,14 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
         logoutAll();
     }
 
+    // TODO remove this once DYNAMIC_SCOPES feature is enabled by default
+    @Test
+    @EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
+    public void testErrorConditionsWithDynamicScope() throws Exception {
+        // Just use existing test with DYNAMIC_SCOPES feature enabled as it was failing with DYNAMIC_SCOPES
+        testErrorConditions();
+    }
+
     @Test
     public void testAccountLink() throws Exception {
         RealmResource realm = adminClient.realms().realm(CHILD_IDP);
@@ -431,6 +440,14 @@ public class ClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest
 
     }
 
+    // TODO remove this once DYNAMIC_SCOPES feature is enabled by default
+    @Test
+    @EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
+    public void testAccountLinkWithDynamicScope() throws Exception {
+        // Just use existing test with DYNAMIC_SCOPES feature enabled as it was failing with DYNAMIC_SCOPES
+        testAccountLink();
+    }
+
     private String getToken(OAuthClient.AccessTokenResponse response, Client httpClient) throws Exception {
         String idpToken =  httpClient.target(OAuthClient.AUTH_SERVER_ROOT)
                 .path("realms")