Fixed bug on client credentials grant when encryption key not found
Closes #12348
This commit is contained in:
parent
f8a7c8e160
commit
c5d5659100
2 changed files with 19 additions and 5 deletions
|
@ -734,8 +734,17 @@ public class TokenEndpoint {
|
|||
}
|
||||
|
||||
// TODO : do the same as codeToToken()
|
||||
AccessTokenResponse res = responseBuilder.build();
|
||||
|
||||
AccessTokenResponse res = null;
|
||||
try {
|
||||
res = responseBuilder.build();
|
||||
} catch (RuntimeException re) {
|
||||
if ("can not get encryption KEK".equals(re.getMessage())) {
|
||||
throw new CorsErrorResponseException(cors, OAuthErrorException.INVALID_REQUEST,
|
||||
"can not get encryption KEK", Response.Status.BAD_REQUEST);
|
||||
} else {
|
||||
throw re;
|
||||
}
|
||||
}
|
||||
event.success();
|
||||
|
||||
return cors.builder(Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).build();
|
||||
|
|
|
@ -90,7 +90,7 @@ public class IdTokenEncryptionTest extends AbstractTestRealmKeycloakTest {
|
|||
|
||||
@Before
|
||||
public void clientConfiguration() {
|
||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
|
||||
ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true).setServiceAccountsEnabled(true);
|
||||
/*
|
||||
* Configure the default client ID. Seems like OAuthClient is keeping the state of clientID
|
||||
* For example: If some test case configure oauth.clientId("sample-public-client"), other tests
|
||||
|
@ -297,7 +297,7 @@ public class IdTokenEncryptionTest extends AbstractTestRealmKeycloakTest {
|
|||
|
||||
@Test
|
||||
@UncaughtServerErrorExpected
|
||||
public void testIdTokenEncryptionWithoutEncryptionKEK() {
|
||||
public void testIdTokenEncryptionWithoutEncryptionKEK() throws Exception{
|
||||
ClientResource clientResource = null;
|
||||
ClientRepresentation clientRep = null;
|
||||
try {
|
||||
|
@ -323,6 +323,11 @@ public class IdTokenEncryptionTest extends AbstractTestRealmKeycloakTest {
|
|||
Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, atr.getError());
|
||||
Assert.assertEquals("can not get encryption KEK", atr.getErrorDescription());
|
||||
|
||||
// get id token but failed with client_credentials grant type
|
||||
oauth.scope("openid");
|
||||
OAuthClient.AccessTokenResponse responseClientCredentials = oauth.doClientCredentialsGrantAccessTokenRequest(clientRep.getSecret());
|
||||
Assert.assertEquals(OAuthErrorException.INVALID_REQUEST, responseClientCredentials.getError());
|
||||
Assert.assertEquals("can not get encryption KEK", responseClientCredentials.getErrorDescription());
|
||||
} finally {
|
||||
// Revert
|
||||
clientResource = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
|
||||
|
|
Loading…
Reference in a new issue