parent
dceb2f96b2
commit
c73859794e
4 changed files with 45 additions and 5 deletions
|
@ -80,6 +80,8 @@ public class DeviceEndpoint extends AuthorizationEndpointBase implements RealmRe
|
||||||
|
|
||||||
protected static final Logger logger = Logger.getLogger(DeviceEndpoint.class);
|
protected static final Logger logger = Logger.getLogger(DeviceEndpoint.class);
|
||||||
|
|
||||||
|
public static final String SHORT_VERIFICATION_URI = "shortVerificationUri";
|
||||||
|
|
||||||
private final HttpRequest request;
|
private final HttpRequest request;
|
||||||
|
|
||||||
private Cors cors;
|
private Cors cors;
|
||||||
|
@ -168,7 +170,7 @@ public class DeviceEndpoint extends AuthorizationEndpointBase implements RealmRe
|
||||||
singleUseStore.put(userCode.serializeKey(), lifespanSeconds, userCode.serializeValue());
|
singleUseStore.put(userCode.serializeKey(), lifespanSeconds, userCode.serializeValue());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
String deviceUrl = DeviceGrantType.oauth2DeviceVerificationUrl(session.getContext().getUri()).build(realm.getName())
|
String deviceUrl = realm.getAttribute(SHORT_VERIFICATION_URI) != null ? realm.getAttribute(SHORT_VERIFICATION_URI) : DeviceGrantType.oauth2DeviceVerificationUrl(session.getContext().getUri()).build(realm.getName())
|
||||||
.toString();
|
.toString();
|
||||||
|
|
||||||
OAuth2DeviceAuthorizationResponse response = new OAuth2DeviceAuthorizationResponse();
|
OAuth2DeviceAuthorizationResponse response = new OAuth2DeviceAuthorizationResponse();
|
||||||
|
|
|
@ -33,6 +33,7 @@ import org.keycloak.models.ClientScopeModel;
|
||||||
import org.keycloak.models.OAuth2DeviceConfig;
|
import org.keycloak.models.OAuth2DeviceConfig;
|
||||||
import org.keycloak.models.utils.KeycloakModelUtils;
|
import org.keycloak.models.utils.KeycloakModelUtils;
|
||||||
import org.keycloak.protocol.oidc.OIDCConfigAttributes;
|
import org.keycloak.protocol.oidc.OIDCConfigAttributes;
|
||||||
|
import org.keycloak.protocol.oidc.grants.device.endpoints.DeviceEndpoint;
|
||||||
import org.keycloak.representations.AccessToken;
|
import org.keycloak.representations.AccessToken;
|
||||||
import org.keycloak.representations.UserInfo;
|
import org.keycloak.representations.UserInfo;
|
||||||
import org.keycloak.representations.idm.ClientRepresentation;
|
import org.keycloak.representations.idm.ClientRepresentation;
|
||||||
|
@ -71,10 +72,11 @@ public class OAuth2DeviceAuthorizationGrantTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
private static String userId;
|
private static String userId;
|
||||||
|
|
||||||
public static final String REALM_NAME = "test";
|
private static final String REALM_NAME = "test";
|
||||||
public static final String DEVICE_APP = "test-device";
|
private static final String DEVICE_APP = "test-device";
|
||||||
public static final String DEVICE_APP_PUBLIC = "test-device-public";
|
private static final String DEVICE_APP_PUBLIC = "test-device-public";
|
||||||
public static final String DEVICE_APP_PUBLIC_CUSTOM_CONSENT = "test-device-public-custom-consent";
|
private static final String DEVICE_APP_PUBLIC_CUSTOM_CONSENT = "test-device-public-custom-consent";
|
||||||
|
private static final String SHORT_DEVICE_FLOW_URL = "https://keycloak.org/device";
|
||||||
|
|
||||||
@Rule
|
@Rule
|
||||||
public AssertEvents events = new AssertEvents(this);
|
public AssertEvents events = new AssertEvents(this);
|
||||||
|
@ -217,6 +219,32 @@ public class OAuth2DeviceAuthorizationGrantTest extends AbstractKeycloakTest {
|
||||||
assertNotNull(token);
|
assertNotNull(token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCustomVerificationUri() throws Exception {
|
||||||
|
// Device Authorization Request from device
|
||||||
|
try {
|
||||||
|
RealmResource testRealm = adminClient.realm(REALM_NAME);
|
||||||
|
RealmRepresentation realmRep = testRealm.toRepresentation();
|
||||||
|
realmRep.getAttributes().put(DeviceEndpoint.SHORT_VERIFICATION_URI, SHORT_DEVICE_FLOW_URL);
|
||||||
|
testRealm.update(realmRep);
|
||||||
|
oauth.realm(REALM_NAME);
|
||||||
|
oauth.clientId(DEVICE_APP_PUBLIC);
|
||||||
|
OAuthClient.DeviceAuthorizationResponse response = oauth.doDeviceAuthorizationRequest(DEVICE_APP_PUBLIC, null);
|
||||||
|
|
||||||
|
Assert.assertEquals(200, response.getStatusCode());
|
||||||
|
assertNotNull(response.getDeviceCode());
|
||||||
|
assertNotNull(response.getUserCode());
|
||||||
|
Assert.assertEquals(SHORT_DEVICE_FLOW_URL,response.getVerificationUri());
|
||||||
|
Assert.assertEquals(SHORT_DEVICE_FLOW_URL + "?user_code=" + response.getUserCode(),response.getVerificationUriComplete());
|
||||||
|
} finally {
|
||||||
|
RealmResource testRealm = adminClient.realm(REALM_NAME);
|
||||||
|
RealmRepresentation realmRep = testRealm.toRepresentation();
|
||||||
|
realmRep.getAttributes().remove("shortVerificationUri");
|
||||||
|
testRealm.update(realmRep);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testPublicClientOptionalScope() throws Exception {
|
public void testPublicClientOptionalScope() throws Exception {
|
||||||
// Device Authorization Request from device - check giving optional scope phone
|
// Device Authorization Request from device - check giving optional scope phone
|
||||||
|
|
|
@ -474,6 +474,8 @@ policy-uri=Policy URL
|
||||||
policy-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used
|
policy-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the how the profile data will be used
|
||||||
tos-uri=Terms of service URL
|
tos-uri=Terms of service URL
|
||||||
tos-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service
|
tos-uri.tooltip=URL that the Relying Party Client provides to the End-User to read about the Relying Party's terms of service
|
||||||
|
short-verification-uri= Short verification_uri in Device Authorization flow
|
||||||
|
short-verification-uri.tooltip= If set, this value will be return as verification_uri in Device Authorization flow. This uri need to redirect to {server-root}/realms/{realm}/device
|
||||||
|
|
||||||
|
|
||||||
# client import
|
# client import
|
||||||
|
|
|
@ -387,6 +387,14 @@
|
||||||
<kc-tooltip>{{:: 'oauth2-device-polling-interval.tooltip' | translate}}</kc-tooltip>
|
<kc-tooltip>{{:: 'oauth2-device-polling-interval.tooltip' | translate}}</kc-tooltip>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<div class="form-group">
|
||||||
|
<label class="col-md-2 control-label" for="shortVerificationUri">{{:: 'short-verification-uri' | translate}}</label>
|
||||||
|
<div class="col-md-6">
|
||||||
|
<input class="form-control" id="shortVerificationUri" type="text" ng-model="realm.attributes.shortVerificationUri" name="shortVerificationUri">
|
||||||
|
</div>
|
||||||
|
<kc-tooltip>{{:: 'short-verification-uri.tooltip' | translate}}</kc-tooltip>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="col-md-10 col-md-offset-2" data-ng-show="access.manageRealm">
|
<div class="col-md-10 col-md-offset-2" data-ng-show="access.manageRealm">
|
||||||
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
<button kc-save data-ng-disabled="!changed">{{:: 'save' | translate}}</button>
|
||||||
|
|
Loading…
Reference in a new issue