Change adapters to use auth and token endpoints
This commit is contained in:
parent
3d05f31202
commit
e2b02d414f
43 changed files with 192 additions and 196 deletions
|
@ -18,8 +18,7 @@ public class AbstractOAuthClient {
|
||||||
protected String clientId;
|
protected String clientId;
|
||||||
protected Map<String, String> credentials;
|
protected Map<String, String> credentials;
|
||||||
protected String authUrl;
|
protected String authUrl;
|
||||||
protected String codeUrl;
|
protected String tokenUrl;
|
||||||
protected String refreshUrl;
|
|
||||||
protected RelativeUrlsUsed relativeUrlsUsed;
|
protected RelativeUrlsUsed relativeUrlsUsed;
|
||||||
protected String scope;
|
protected String scope;
|
||||||
protected String stateCookieName = OAUTH_TOKEN_REQUEST_STATE;
|
protected String stateCookieName = OAUTH_TOKEN_REQUEST_STATE;
|
||||||
|
@ -54,20 +53,12 @@ public class AbstractOAuthClient {
|
||||||
this.authUrl = authUrl;
|
this.authUrl = authUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getCodeUrl() {
|
public String getTokenUrl() {
|
||||||
return codeUrl;
|
return tokenUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setCodeUrl(String codeUrl) {
|
public void setTokenUrl(String tokenUrl) {
|
||||||
this.codeUrl = codeUrl;
|
this.tokenUrl = tokenUrl;
|
||||||
}
|
|
||||||
|
|
||||||
public String getRefreshUrl() {
|
|
||||||
return refreshUrl;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setRefreshUrl(String refreshUrl) {
|
|
||||||
this.refreshUrl = refreshUrl;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getScope() {
|
public String getScope() {
|
||||||
|
|
|
@ -6,11 +6,9 @@ package org.keycloak.constants;
|
||||||
*/
|
*/
|
||||||
public interface ServiceUrlConstants {
|
public interface ServiceUrlConstants {
|
||||||
|
|
||||||
public static final String TOKEN_SERVICE_LOGIN_PATH = "/realms/{realm-name}/protocol/openid-connect/login";
|
public static final String AUTH_PATH = "/realms/{realm-name}/protocol/openid-connect/auth";
|
||||||
public static final String TOKEN_SERVICE_ACCESS_CODE_PATH = "/realms/{realm-name}/protocol/openid-connect/access/codes";
|
public static final String TOKEN_PATH = "/realms/{realm-name}/protocol/openid-connect/token";
|
||||||
public static final String TOKEN_SERVICE_REFRESH_PATH = "/realms/{realm-name}/protocol/openid-connect/refresh";
|
|
||||||
public static final String TOKEN_SERVICE_LOGOUT_PATH = "/realms/{realm-name}/protocol/openid-connect/logout";
|
public static final String TOKEN_SERVICE_LOGOUT_PATH = "/realms/{realm-name}/protocol/openid-connect/logout";
|
||||||
public static final String TOKEN_SERVICE_DIRECT_GRANT_PATH = "/realms/{realm-name}/protocol/openid-connect/grants/access";
|
|
||||||
public static final String ACCOUNT_SERVICE_PATH = "/realms/{realm-name}/account";
|
public static final String ACCOUNT_SERVICE_PATH = "/realms/{realm-name}/account";
|
||||||
public static final String REALM_INFO_PATH = "/realms/{realm-name}";
|
public static final String REALM_INFO_PATH = "/realms/{realm-name}";
|
||||||
public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "/realms/{realm-name}/clients-managements/register-node";
|
public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "/realms/{realm-name}/clients-managements/register-node";
|
||||||
|
|
|
@ -76,7 +76,7 @@ public class AdminClient {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
|
HttpPost post = new HttpPost(KeycloakUriBuilder.fromUri(getBaseUrl(request) + "/auth")
|
||||||
.path(ServiceUrlConstants.TOKEN_SERVICE_DIRECT_GRANT_PATH).build("demo"));
|
.path(ServiceUrlConstants.TOKEN_PATH).build("demo"));
|
||||||
List <NameValuePair> formparams = new ArrayList <NameValuePair>();
|
List <NameValuePair> formparams = new ArrayList <NameValuePair>();
|
||||||
formparams.add(new BasicNameValuePair("username", "admin"));
|
formparams.add(new BasicNameValuePair("username", "admin"));
|
||||||
formparams.add(new BasicNameValuePair("password", "password"));
|
formparams.add(new BasicNameValuePair("password", "password"));
|
||||||
|
|
|
@ -109,7 +109,7 @@ public class DatabaseClient {
|
||||||
return UriUtils.getOrigin(request.getRequestURL().toString());
|
return UriUtils.getOrigin(request.getRequestURL().toString());
|
||||||
case BROWSER_ONLY:
|
case BROWSER_ONLY:
|
||||||
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
||||||
return UriUtils.getOrigin(oauthClient.getCodeUrl());
|
return UriUtils.getOrigin(oauthClient.getTokenUrl());
|
||||||
case NEVER:
|
case NEVER:
|
||||||
return "";
|
return "";
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -104,7 +104,7 @@ public class ProductDatabaseClient {
|
||||||
return UriUtils.getOrigin(request.getRequestURL().toString());
|
return UriUtils.getOrigin(request.getRequestURL().toString());
|
||||||
case BROWSER_ONLY:
|
case BROWSER_ONLY:
|
||||||
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
||||||
return UriUtils.getOrigin(oAuthClient.getCodeUrl());
|
return UriUtils.getOrigin(oAuthClient.getTokenUrl());
|
||||||
case NEVER:
|
case NEVER:
|
||||||
return "";
|
return "";
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -26,7 +26,7 @@
|
||||||
<script src="${resourceUrl}/lib/fileupload/angular-file-upload.min.js"></script>
|
<script src="${resourceUrl}/lib/fileupload/angular-file-upload.min.js"></script>
|
||||||
<script src="${resourceUrl}/lib/filesaver/FileSaver.js"></script>
|
<script src="${resourceUrl}/lib/filesaver/FileSaver.js"></script>
|
||||||
|
|
||||||
<script src="/auth/js/keycloak.js" type="text/javascript"></script>
|
<script src="/auth/js/${resourceVersion}/keycloak.js" type="text/javascript"></script>
|
||||||
|
|
||||||
<script src="${resourceUrl}/js/app.js" type="text/javascript"></script>
|
<script src="${resourceUrl}/js/app.js" type="text/javascript"></script>
|
||||||
<script src="${resourceUrl}/js/controllers/realm.js" type="text/javascript"></script>
|
<script src="${resourceUrl}/js/controllers/realm.js" type="text/javascript"></script>
|
||||||
|
|
|
@ -168,13 +168,8 @@ public class AdapterDeploymentContext {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getCodeUrl() {
|
public String getTokenUrl() {
|
||||||
return (this.codeUrl != null) ? this.codeUrl : delegate.getCodeUrl();
|
return (this.tokenUrl != null) ? this.tokenUrl : delegate.getTokenUrl();
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getRefreshUrl() {
|
|
||||||
return (this.refreshUrl != null) ? this.refreshUrl : delegate.getRefreshUrl();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -38,7 +38,7 @@ public class AdapterUtils {
|
||||||
return UriUtils.getOrigin(browserRequestURL);
|
return UriUtils.getOrigin(browserRequestURL);
|
||||||
case BROWSER_ONLY:
|
case BROWSER_ONLY:
|
||||||
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
// Resolve baseURI from the codeURL (This is already non-relative and based on our hostname)
|
||||||
return UriUtils.getOrigin(deployment.getCodeUrl());
|
return UriUtils.getOrigin(deployment.getTokenUrl());
|
||||||
default:
|
default:
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
|
|
|
@ -69,8 +69,9 @@ public class BasicAuthRequestAuthenticator extends BearerTokenRequestAuthenticat
|
||||||
try {
|
try {
|
||||||
HttpPost post = new HttpPost(
|
HttpPost post = new HttpPost(
|
||||||
KeycloakUriBuilder.fromUri(deployment.getAuthServerBaseUrl())
|
KeycloakUriBuilder.fromUri(deployment.getAuthServerBaseUrl())
|
||||||
.path(ServiceUrlConstants.TOKEN_SERVICE_DIRECT_GRANT_PATH).build(deployment.getRealm()));
|
.path(ServiceUrlConstants.TOKEN_PATH).build(deployment.getRealm()));
|
||||||
java.util.List <NameValuePair> formparams = new java.util.ArrayList <NameValuePair>();
|
java.util.List <NameValuePair> formparams = new java.util.ArrayList <NameValuePair>();
|
||||||
|
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
|
||||||
formparams.add(new BasicNameValuePair("username", username));
|
formparams.add(new BasicNameValuePair("username", username));
|
||||||
formparams.add(new BasicNameValuePair("password", password));
|
formparams.add(new BasicNameValuePair("password", password));
|
||||||
|
|
||||||
|
|
|
@ -28,8 +28,7 @@ public class KeycloakDeployment {
|
||||||
protected String authServerBaseUrl;
|
protected String authServerBaseUrl;
|
||||||
protected String realmInfoUrl;
|
protected String realmInfoUrl;
|
||||||
protected KeycloakUriBuilder authUrl;
|
protected KeycloakUriBuilder authUrl;
|
||||||
protected String codeUrl;
|
protected String tokenUrl;
|
||||||
protected String refreshUrl;
|
|
||||||
protected KeycloakUriBuilder logoutUrl;
|
protected KeycloakUriBuilder logoutUrl;
|
||||||
protected String accountUrl;
|
protected String accountUrl;
|
||||||
protected String registerNodeUrl;
|
protected String registerNodeUrl;
|
||||||
|
@ -131,7 +130,7 @@ public class KeycloakDeployment {
|
||||||
log.debug("resolveBrowserUrls");
|
log.debug("resolveBrowserUrls");
|
||||||
}
|
}
|
||||||
|
|
||||||
String login = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(getRealm()).toString();
|
String login = authUrlBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(getRealm()).toString();
|
||||||
authUrl = KeycloakUriBuilder.fromUri(login);
|
authUrl = KeycloakUriBuilder.fromUri(login);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,11 +142,10 @@ public class KeycloakDeployment {
|
||||||
log.debug("resolveNonBrowserUrls");
|
log.debug("resolveNonBrowserUrls");
|
||||||
}
|
}
|
||||||
|
|
||||||
refreshUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(getRealm()).toString();
|
tokenUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_PATH).build(getRealm()).toString();
|
||||||
logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString());
|
logoutUrl = KeycloakUriBuilder.fromUri(authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(getRealm()).toString());
|
||||||
accountUrl = authUrlBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(getRealm()).toString();
|
accountUrl = authUrlBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(getRealm()).toString();
|
||||||
realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString();
|
realmInfoUrl = authUrlBuilder.clone().path(ServiceUrlConstants.REALM_INFO_PATH).build(getRealm()).toString();
|
||||||
codeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(getRealm()).toString();
|
|
||||||
registerNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_REGISTER_NODE_PATH).build(getRealm()).toString();
|
registerNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_REGISTER_NODE_PATH).build(getRealm()).toString();
|
||||||
unregisterNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH).build(getRealm()).toString();
|
unregisterNodeUrl = authUrlBuilder.clone().path(ServiceUrlConstants.CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH).build(getRealm()).toString();
|
||||||
}
|
}
|
||||||
|
@ -164,12 +162,8 @@ public class KeycloakDeployment {
|
||||||
return authUrl;
|
return authUrl;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getCodeUrl() {
|
public String getTokenUrl() {
|
||||||
return codeUrl;
|
return tokenUrl;
|
||||||
}
|
|
||||||
|
|
||||||
public String getRefreshUrl() {
|
|
||||||
return refreshUrl;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public KeycloakUriBuilder getLogoutUrl() {
|
public KeycloakUriBuilder getLogoutUrl() {
|
||||||
|
|
|
@ -85,7 +85,7 @@ public class KeycloakDeploymentBuilder {
|
||||||
}
|
}
|
||||||
deployment.setAuthServerBaseUrl(adapterConfig);
|
deployment.setAuthServerBaseUrl(adapterConfig);
|
||||||
|
|
||||||
log.debug("Use authServerUrl: " + deployment.getAuthServerBaseUrl() + ", codeUrl: " + deployment.getCodeUrl() + ", relativeUrls: " + deployment.getRelativeUrls());
|
log.debug("Use authServerUrl: " + deployment.getAuthServerBaseUrl() + ", tokenUrl: " + deployment.getTokenUrl() + ", relativeUrls: " + deployment.getRelativeUrls());
|
||||||
return deployment;
|
return deployment;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -136,6 +136,7 @@ public class OAuthRequestAuthenticator {
|
||||||
url = UriUtils.stripQueryParam(url, K_IDP_HINT);
|
url = UriUtils.stripQueryParam(url, K_IDP_HINT);
|
||||||
|
|
||||||
KeycloakUriBuilder redirectUriBuilder = deployment.getAuthUrl().clone()
|
KeycloakUriBuilder redirectUriBuilder = deployment.getAuthUrl().clone()
|
||||||
|
.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE)
|
||||||
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, url)
|
.queryParam(OAuth2Constants.REDIRECT_URI, url)
|
||||||
.queryParam(OAuth2Constants.STATE, state)
|
.queryParam(OAuth2Constants.STATE, state)
|
||||||
|
|
|
@ -87,15 +87,15 @@ public class ServerRequest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AccessTokenResponse invokeAccessCodeToToken(KeycloakDeployment deployment, String code, String redirectUri, String sessionId) throws HttpFailure, IOException {
|
public static AccessTokenResponse invokeAccessCodeToToken(KeycloakDeployment deployment, String code, String redirectUri, String sessionId) throws HttpFailure, IOException {
|
||||||
String codeUrl = deployment.getCodeUrl();
|
String tokenUrl = deployment.getTokenUrl();
|
||||||
String client_id = deployment.getResourceName();
|
String client_id = deployment.getResourceName();
|
||||||
Map<String, String> credentials = deployment.getResourceCredentials();
|
Map<String, String> credentials = deployment.getResourceCredentials();
|
||||||
HttpClient client = deployment.getClient();
|
HttpClient client = deployment.getClient();
|
||||||
|
|
||||||
return invokeAccessCodeToToken(client, deployment.isPublicClient(), code, codeUrl, redirectUri, client_id, credentials, sessionId);
|
return invokeAccessCodeToToken(client, deployment.isPublicClient(), code, tokenUrl, redirectUri, client_id, credentials, sessionId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AccessTokenResponse invokeAccessCodeToToken(HttpClient client, boolean publicClient, String code, String codeUrl, String redirectUri, String client_id, Map<String, String> credentials, String sessionId) throws IOException, HttpFailure {
|
public static AccessTokenResponse invokeAccessCodeToToken(HttpClient client, boolean publicClient, String code, String tokenUrl, String redirectUri, String client_id, Map<String, String> credentials, String sessionId) throws IOException, HttpFailure {
|
||||||
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
||||||
redirectUri = stripOauthParametersFromRedirect(redirectUri);
|
redirectUri = stripOauthParametersFromRedirect(redirectUri);
|
||||||
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "authorization_code"));
|
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "authorization_code"));
|
||||||
|
@ -106,7 +106,7 @@ public class ServerRequest {
|
||||||
formparams.add(new BasicNameValuePair(AdapterConstants.APPLICATION_SESSION_HOST, HostUtils.getHostName()));
|
formparams.add(new BasicNameValuePair(AdapterConstants.APPLICATION_SESSION_HOST, HostUtils.getHostName()));
|
||||||
}
|
}
|
||||||
HttpResponse response = null;
|
HttpResponse response = null;
|
||||||
HttpPost post = new HttpPost(codeUrl);
|
HttpPost post = new HttpPost(tokenUrl);
|
||||||
if (!publicClient) {
|
if (!publicClient) {
|
||||||
String clientSecret = credentials.get(CredentialRepresentation.SECRET);
|
String clientSecret = credentials.get(CredentialRepresentation.SECRET);
|
||||||
if (clientSecret != null) {
|
if (clientSecret != null) {
|
||||||
|
@ -152,15 +152,15 @@ public class ServerRequest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static AccessTokenResponse invokeRefresh(KeycloakDeployment deployment, String refreshToken) throws IOException, HttpFailure {
|
public static AccessTokenResponse invokeRefresh(KeycloakDeployment deployment, String refreshToken) throws IOException, HttpFailure {
|
||||||
String refreshUrl = deployment.getRefreshUrl();
|
String tokenUrl = deployment.getTokenUrl();
|
||||||
String client_id = deployment.getResourceName();
|
String client_id = deployment.getResourceName();
|
||||||
Map<String, String> credentials = deployment.getResourceCredentials();
|
Map<String, String> credentials = deployment.getResourceCredentials();
|
||||||
HttpClient client = deployment.getClient();
|
HttpClient client = deployment.getClient();
|
||||||
return invokeRefresh(client, deployment.isPublicClient(), refreshToken, refreshUrl, client_id, credentials);
|
return invokeRefresh(client, deployment.isPublicClient(), refreshToken, tokenUrl, client_id, credentials);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public static AccessTokenResponse invokeRefresh(HttpClient client, boolean publicClient, String refreshToken, String refreshUrl, String client_id, Map<String, String> credentials) throws IOException, HttpFailure {
|
public static AccessTokenResponse invokeRefresh(HttpClient client, boolean publicClient, String refreshToken, String tokenUrl, String client_id, Map<String, String> credentials) throws IOException, HttpFailure {
|
||||||
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
||||||
for (Map.Entry<String, String> entry : credentials.entrySet()) {
|
for (Map.Entry<String, String> entry : credentials.entrySet()) {
|
||||||
formparams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
|
formparams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
|
||||||
|
@ -168,7 +168,7 @@ public class ServerRequest {
|
||||||
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
|
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
|
||||||
formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
|
formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
|
||||||
HttpResponse response = null;
|
HttpResponse response = null;
|
||||||
HttpPost post = new HttpPost(refreshUrl);
|
HttpPost post = new HttpPost(tokenUrl);
|
||||||
if (!publicClient) {
|
if (!publicClient) {
|
||||||
String clientSecret = credentials.get(CredentialRepresentation.SECRET);
|
String clientSecret = credentials.get(CredentialRepresentation.SECRET);
|
||||||
if (clientSecret != null) {
|
if (clientSecret != null) {
|
||||||
|
|
|
@ -64,10 +64,11 @@ public class DirectAccessGrantsLoginModule extends AbstractKeycloakLoginModule {
|
||||||
|
|
||||||
protected Auth directGrantAuth(String username, String password) throws IOException, VerificationException {
|
protected Auth directGrantAuth(String username, String password) throws IOException, VerificationException {
|
||||||
String authServerBaseUrl = deployment.getAuthServerBaseUrl();
|
String authServerBaseUrl = deployment.getAuthServerBaseUrl();
|
||||||
URI directGrantUri = KeycloakUriBuilder.fromUri(authServerBaseUrl).path(ServiceUrlConstants.TOKEN_SERVICE_DIRECT_GRANT_PATH).build(deployment.getRealm());
|
URI directGrantUri = KeycloakUriBuilder.fromUri(authServerBaseUrl).path(ServiceUrlConstants.TOKEN_PATH).build(deployment.getRealm());
|
||||||
HttpPost post = new HttpPost(directGrantUri);
|
HttpPost post = new HttpPost(directGrantUri);
|
||||||
|
|
||||||
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
|
||||||
|
formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
|
||||||
formparams.add(new BasicNameValuePair("username", username));
|
formparams.add(new BasicNameValuePair("username", username));
|
||||||
formparams.add(new BasicNameValuePair("password", password));
|
formparams.add(new BasicNameValuePair("password", password));
|
||||||
|
|
||||||
|
|
|
@ -20,7 +20,7 @@ public class KeycloakDeploymentBuilderTest {
|
||||||
assertEquals("demo", deployment.getRealm());
|
assertEquals("demo", deployment.getRealm());
|
||||||
assertEquals("customer-portal", deployment.getResourceName());
|
assertEquals("customer-portal", deployment.getResourceName());
|
||||||
assertEquals(PemUtils.decodePublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"), deployment.getRealmKey());
|
assertEquals(PemUtils.decodePublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB"), deployment.getRealmKey());
|
||||||
assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/login", deployment.getAuthUrl().build().toString());
|
assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/auth", deployment.getAuthUrl().build().toString());
|
||||||
assertEquals(SslRequired.EXTERNAL, deployment.getSslRequired());
|
assertEquals(SslRequired.EXTERNAL, deployment.getSslRequired());
|
||||||
assertTrue(deployment.isUseResourceRoleMappings());
|
assertTrue(deployment.isUseResourceRoleMappings());
|
||||||
assertTrue(deployment.isCors());
|
assertTrue(deployment.isCors());
|
||||||
|
@ -33,7 +33,7 @@ public class KeycloakDeploymentBuilderTest {
|
||||||
assertTrue(deployment.isExposeToken());
|
assertTrue(deployment.isExposeToken());
|
||||||
assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret"));
|
assertEquals("234234-234234-234234", deployment.getResourceCredentials().get("secret"));
|
||||||
assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal());
|
assertEquals(20, ((ThreadSafeClientConnManager) deployment.getClient().getConnectionManager()).getMaxTotal());
|
||||||
assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/refresh", deployment.getRefreshUrl());
|
assertEquals("https://localhost:8443/auth/realms/demo/protocol/openid-connect/token", deployment.getTokenUrl());
|
||||||
assertTrue(deployment.isAlwaysRefreshToken());
|
assertTrue(deployment.isAlwaysRefreshToken());
|
||||||
assertTrue(deployment.isRegisterNodeAtStartup());
|
assertTrue(deployment.isRegisterNodeAtStartup());
|
||||||
assertEquals(1000, deployment.getRegisterNodePeriod());
|
assertEquals(1000, deployment.getRegisterNodePeriod());
|
||||||
|
|
|
@ -97,6 +97,7 @@ public class KeycloakInstalled {
|
||||||
String state = UUID.randomUUID().toString();
|
String state = UUID.randomUUID().toString();
|
||||||
|
|
||||||
String authUrl = deployment.getAuthUrl().clone()
|
String authUrl = deployment.getAuthUrl().clone()
|
||||||
|
.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE)
|
||||||
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
||||||
.queryParam(OAuth2Constants.STATE, state)
|
.queryParam(OAuth2Constants.STATE, state)
|
||||||
|
@ -153,6 +154,7 @@ public class KeycloakInstalled {
|
||||||
String redirectUri = "urn:ietf:wg:oauth:2.0:oob";
|
String redirectUri = "urn:ietf:wg:oauth:2.0:oob";
|
||||||
|
|
||||||
String authUrl = deployment.getAuthUrl().clone()
|
String authUrl = deployment.getAuthUrl().clone()
|
||||||
|
.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE)
|
||||||
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
.queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
||||||
.build().toString();
|
.build().toString();
|
||||||
|
|
|
@ -53,7 +53,7 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
|
||||||
for (Map.Entry<String, String> entry : credentials.entrySet()) {
|
for (Map.Entry<String, String> entry : credentials.entrySet()) {
|
||||||
codeForm.param(entry.getKey(), entry.getValue());
|
codeForm.param(entry.getKey(), entry.getValue());
|
||||||
}
|
}
|
||||||
Response res = client.target(codeUrl).request().post(Entity.form(codeForm));
|
Response res = client.target(tokenUrl).request().post(Entity.form(codeForm));
|
||||||
try {
|
try {
|
||||||
if (res.getStatus() == 400) {
|
if (res.getStatus() == 400) {
|
||||||
throw new BadRequestException();
|
throw new BadRequestException();
|
||||||
|
|
|
@ -140,7 +140,7 @@
|
||||||
|
|
||||||
sessionStorage.oauthState = JSON.stringify({ state: state, redirectUri: encodeURIComponent(redirectUri) });
|
sessionStorage.oauthState = JSON.stringify({ state: state, redirectUri: encodeURIComponent(redirectUri) });
|
||||||
|
|
||||||
var action = 'login';
|
var action = 'auth';
|
||||||
if (options && options.action == 'register') {
|
if (options && options.action == 'register') {
|
||||||
action = 'registrations';
|
action = 'registrations';
|
||||||
}
|
}
|
||||||
|
@ -284,7 +284,7 @@
|
||||||
promise.setSuccess(false);
|
promise.setSuccess(false);
|
||||||
} else {
|
} else {
|
||||||
var params = 'grant_type=refresh_token&' + 'refresh_token=' + kc.refreshToken;
|
var params = 'grant_type=refresh_token&' + 'refresh_token=' + kc.refreshToken;
|
||||||
var url = getRealmUrl() + '/protocol/openid-connect/refresh';
|
var url = getRealmUrl() + '/protocol/openid-connect/token';
|
||||||
|
|
||||||
refreshQueue.push(promise);
|
refreshQueue.push(promise);
|
||||||
|
|
||||||
|
@ -358,8 +358,8 @@
|
||||||
var prompt = oauth.prompt;
|
var prompt = oauth.prompt;
|
||||||
|
|
||||||
if (code) {
|
if (code) {
|
||||||
var params = 'code=' + code;
|
var params = 'code=' + code + '&grant_type=authorization_code';
|
||||||
var url = getRealmUrl() + '/protocol/openid-connect/access/codes';
|
var url = getRealmUrl() + '/protocol/openid-connect/token';
|
||||||
|
|
||||||
var req = new XMLHttpRequest();
|
var req = new XMLHttpRequest();
|
||||||
req.open('POST', url, true);
|
req.open('POST', url, true);
|
||||||
|
|
|
@ -42,7 +42,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
||||||
|
|
||||||
private AccessTokenResponse resolveBearerToken(HttpServletRequest request, String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
|
private AccessTokenResponse resolveBearerToken(HttpServletRequest request, String redirectUri, String code) throws IOException, ServerRequest.HttpFailure {
|
||||||
// Don't send sessionId in oauth clients for now
|
// Don't send sessionId in oauth clients for now
|
||||||
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, getUrl(request, codeUrl, false), redirectUri, clientId, credentials, null);
|
return ServerRequest.invokeAccessCodeToToken(client, publicClient, code, getUrl(request, tokenUrl, false), redirectUri, clientId, credentials, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -148,7 +148,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public AccessTokenResponse refreshToken(HttpServletRequest request, String refreshToken) throws IOException, ServerRequest.HttpFailure {
|
public AccessTokenResponse refreshToken(HttpServletRequest request, String refreshToken) throws IOException, ServerRequest.HttpFailure {
|
||||||
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, getUrl(request, refreshUrl, false), clientId, credentials);
|
return ServerRequest.invokeRefresh(client, publicClient, refreshToken, getUrl(request, tokenUrl, false), clientId, credentials);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static IDToken extractIdToken(String idToken) {
|
public static IDToken extractIdToken(String idToken) {
|
||||||
|
|
|
@ -54,25 +54,20 @@ public class ServletOAuthClientBuilder {
|
||||||
RelativeUrlsUsed useRelative = relativeUrls(serverBuilder, adapterConfig);
|
RelativeUrlsUsed useRelative = relativeUrls(serverBuilder, adapterConfig);
|
||||||
oauthClient.setRelativeUrlsUsed(useRelative);
|
oauthClient.setRelativeUrlsUsed(useRelative);
|
||||||
|
|
||||||
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGIN_PATH).build(adapterConfig.getRealm()).toString();
|
String authUrl = serverBuilder.clone().path(ServiceUrlConstants.AUTH_PATH).build(adapterConfig.getRealm()).toString();
|
||||||
|
|
||||||
KeycloakUriBuilder tokenUrlBuilder;
|
KeycloakUriBuilder tokenUrlBuilder;
|
||||||
KeycloakUriBuilder refreshUrlBuilder;
|
|
||||||
|
|
||||||
if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
|
if (useRelative == RelativeUrlsUsed.BROWSER_ONLY) {
|
||||||
// Use absolute URI for refreshToken and codeToToken requests
|
// Use absolute URI for refreshToken and codeToToken requests
|
||||||
KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
|
KeycloakUriBuilder nonBrowsersServerBuilder = KeycloakUriBuilder.fromUri(adapterConfig.getAuthServerUrlForBackendRequests());
|
||||||
tokenUrlBuilder = nonBrowsersServerBuilder.clone();
|
tokenUrlBuilder = nonBrowsersServerBuilder.clone();
|
||||||
refreshUrlBuilder = nonBrowsersServerBuilder.clone();
|
|
||||||
} else {
|
} else {
|
||||||
tokenUrlBuilder = serverBuilder.clone();
|
tokenUrlBuilder = serverBuilder.clone();
|
||||||
refreshUrlBuilder = serverBuilder.clone();
|
|
||||||
}
|
}
|
||||||
String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_ACCESS_CODE_PATH).build(adapterConfig.getRealm()).toString();
|
String tokenUrl = tokenUrlBuilder.path(ServiceUrlConstants.TOKEN_PATH).build(adapterConfig.getRealm()).toString();
|
||||||
String refreshUrl = refreshUrlBuilder.path(ServiceUrlConstants.TOKEN_SERVICE_REFRESH_PATH).build(adapterConfig.getRealm()).toString();
|
|
||||||
oauthClient.setAuthUrl(authUrl);
|
oauthClient.setAuthUrl(authUrl);
|
||||||
oauthClient.setCodeUrl(tokenUrl);
|
oauthClient.setTokenUrl(tokenUrl);
|
||||||
oauthClient.setRefreshUrl(refreshUrl);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
|
private static RelativeUrlsUsed relativeUrls(KeycloakUriBuilder serverBuilder, AdapterConfig adapterConfig) {
|
||||||
|
|
|
@ -86,9 +86,19 @@ public class OIDCLoginProtocolService {
|
||||||
return baseUriBuilder.path(RealmsResource.class).path("{realm}/protocol/" + OIDCLoginProtocol.LOGIN_PROTOCOL);
|
return baseUriBuilder.path(RealmsResource.class).path("{realm}/protocol/" + OIDCLoginProtocol.LOGIN_PROTOCOL);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder accessCodeToTokenUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder authUrl(UriInfo uriInfo) {
|
||||||
|
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
||||||
|
return authUrl(baseUriBuilder);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static UriBuilder authUrl(UriBuilder baseUriBuilder) {
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "accessCodeToToken");
|
return uriBuilder.path(OIDCLoginProtocolService.class, "auth");
|
||||||
|
}
|
||||||
|
|
||||||
|
public static UriBuilder tokenUrl(UriBuilder baseUriBuilder) {
|
||||||
|
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
||||||
|
return uriBuilder.path(OIDCLoginProtocolService.class, "token");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder validateAccessTokenUrl(UriBuilder baseUriBuilder) {
|
public static UriBuilder validateAccessTokenUrl(UriBuilder baseUriBuilder) {
|
||||||
|
@ -96,21 +106,6 @@ public class OIDCLoginProtocolService {
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "validateAccessToken");
|
return uriBuilder.path(OIDCLoginProtocolService.class, "validateAccessToken");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder grantAccessTokenUrl(UriBuilder baseUriBuilder) {
|
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "grantAccessToken");
|
|
||||||
}
|
|
||||||
|
|
||||||
public static UriBuilder loginPageUrl(UriInfo uriInfo) {
|
|
||||||
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
|
||||||
return loginPageUrl(baseUriBuilder);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static UriBuilder loginPageUrl(UriBuilder baseUriBuilder) {
|
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "loginPage");
|
|
||||||
}
|
|
||||||
|
|
||||||
public static UriBuilder logoutUrl(UriInfo uriInfo) {
|
public static UriBuilder logoutUrl(UriInfo uriInfo) {
|
||||||
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
UriBuilder baseUriBuilder = uriInfo.getBaseUriBuilder();
|
||||||
return logoutUrl(baseUriBuilder);
|
return logoutUrl(baseUriBuilder);
|
||||||
|
@ -121,11 +116,6 @@ public class OIDCLoginProtocolService {
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "logout");
|
return uriBuilder.path(OIDCLoginProtocolService.class, "logout");
|
||||||
}
|
}
|
||||||
|
|
||||||
public static UriBuilder refreshUrl(UriBuilder baseUriBuilder) {
|
|
||||||
UriBuilder uriBuilder = tokenServiceBaseUrl(baseUriBuilder);
|
|
||||||
return uriBuilder.path(OIDCLoginProtocolService.class, "refreshAccessToken");
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authorization endpoint
|
* Authorization endpoint
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -106,8 +106,7 @@ public class AuthorizationEndpoint {
|
||||||
* @deprecated
|
* @deprecated
|
||||||
*/
|
*/
|
||||||
public AuthorizationEndpoint legacy(String legacyResponseType) {
|
public AuthorizationEndpoint legacy(String legacyResponseType) {
|
||||||
// TODO Change to warn once adapters has been updated
|
logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
|
||||||
logger.debugv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
|
|
||||||
this.legacyResponseType = legacyResponseType;
|
this.legacyResponseType = legacyResponseType;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,6 +47,8 @@ import java.util.Map;
|
||||||
public class TokenEndpoint {
|
public class TokenEndpoint {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(TokenEndpoint.class);
|
private static final Logger logger = Logger.getLogger(TokenEndpoint.class);
|
||||||
|
private MultivaluedMap<String, String> formParams;
|
||||||
|
private ClientModel client;
|
||||||
|
|
||||||
private enum Action {
|
private enum Action {
|
||||||
AUTHORIZATION_CODE, REFRESH_TOKEN, PASSWORD
|
AUTHORIZATION_CODE, REFRESH_TOKEN, PASSWORD
|
||||||
|
@ -74,10 +76,7 @@ public class TokenEndpoint {
|
||||||
|
|
||||||
private Action action;
|
private Action action;
|
||||||
|
|
||||||
private String clientId;
|
|
||||||
private String grantType;
|
private String grantType;
|
||||||
private String code;
|
|
||||||
private String redirectUri;
|
|
||||||
|
|
||||||
private String legacyGrantType;
|
private String legacyGrantType;
|
||||||
|
|
||||||
|
@ -89,15 +88,14 @@ public class TokenEndpoint {
|
||||||
}
|
}
|
||||||
|
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
public Response build() {
|
||||||
public Response build(final MultivaluedMap<String, String> formData) {
|
|
||||||
switch (action) {
|
switch (action) {
|
||||||
case AUTHORIZATION_CODE:
|
case AUTHORIZATION_CODE:
|
||||||
return buildAuthorizationCodeAccessTokenResponse(formData);
|
return buildAuthorizationCodeAccessTokenResponse();
|
||||||
case REFRESH_TOKEN:
|
case REFRESH_TOKEN:
|
||||||
return buildRefreshToken(formData);
|
return buildRefreshToken();
|
||||||
case PASSWORD:
|
case PASSWORD:
|
||||||
return buildResourceOwnerPasswordCredentialsGrant(formData);
|
return buildResourceOwnerPasswordCredentialsGrant();
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new RuntimeException("Unknown action " + action);
|
throw new RuntimeException("Unknown action " + action);
|
||||||
|
@ -115,23 +113,19 @@ public class TokenEndpoint {
|
||||||
* @deprecated
|
* @deprecated
|
||||||
*/
|
*/
|
||||||
public TokenEndpoint legacy(String legacyGrantType) {
|
public TokenEndpoint legacy(String legacyGrantType) {
|
||||||
// TODO Change to warn once adapters has been updated
|
logger.warnv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
|
||||||
logger.debugv("Invoking deprecated endpoint {0}", uriInfo.getRequestUri());
|
|
||||||
this.legacyGrantType = legacyGrantType;
|
this.legacyGrantType = legacyGrantType;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public TokenEndpoint init() {
|
public TokenEndpoint init() {
|
||||||
MultivaluedMap<String, String> params = uriInfo.getQueryParameters();
|
formParams = request.getDecodedFormParameters();
|
||||||
|
grantType = formParams.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
|
||||||
clientId = params.getFirst(OIDCLoginProtocol.CLIENT_ID_PARAM);
|
|
||||||
grantType = params.getFirst(OIDCLoginProtocol.GRANT_TYPE_PARAM);
|
|
||||||
code = params.getFirst(OIDCLoginProtocol.CODE_PARAM);
|
|
||||||
redirectUri = params.getFirst(OIDCLoginProtocol.REDIRECT_URI_PARAM);
|
|
||||||
|
|
||||||
checkSsl();
|
checkSsl();
|
||||||
checkRealm();
|
checkRealm();
|
||||||
checkGrantType();
|
checkGrantType();
|
||||||
|
checkClient();
|
||||||
|
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
@ -148,15 +142,13 @@ public class TokenEndpoint {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private ClientModel authorizeClient(final MultivaluedMap<String, String> formData) {
|
private void checkClient() {
|
||||||
String authorizationHeader = headers.getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
|
String authorizationHeader = headers.getRequestHeaders().getFirst(HttpHeaders.AUTHORIZATION);
|
||||||
ClientModel client = AuthorizeClientUtil.authorizeClient(authorizationHeader, formData, event, realm);
|
client = AuthorizeClientUtil.authorizeClient(authorizationHeader, formParams, event, realm);
|
||||||
|
|
||||||
if ((client instanceof ApplicationModel) && ((ApplicationModel) client).isBearerOnly()) {
|
if ((client instanceof ApplicationModel) && ((ApplicationModel) client).isBearerOnly()) {
|
||||||
throw new ErrorResponseException("invalid_client", "Bearer-only not allowed", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_client", "Bearer-only not allowed", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
return client;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkGrantType() {
|
private void checkGrantType() {
|
||||||
|
@ -182,8 +174,8 @@ public class TokenEndpoint {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response buildAuthorizationCodeAccessTokenResponse(final MultivaluedMap<String, String> formData) {
|
public Response buildAuthorizationCodeAccessTokenResponse() {
|
||||||
String code = formData.getFirst(OAuth2Constants.CODE);
|
String code = formParams.getFirst(OAuth2Constants.CODE);
|
||||||
if (code == null) {
|
if (code == null) {
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
throw new ErrorResponseException("invalid_request", "Missing parameter: " + OAuth2Constants.CODE, Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_request", "Missing parameter: " + OAuth2Constants.CODE, Response.Status.BAD_REQUEST);
|
||||||
|
@ -214,10 +206,8 @@ public class TokenEndpoint {
|
||||||
event.user(userSession.getUser());
|
event.user(userSession.getUser());
|
||||||
event.session(userSession.getId());
|
event.session(userSession.getId());
|
||||||
|
|
||||||
ClientModel client = authorizeClient(formData);
|
|
||||||
|
|
||||||
String redirectUri = clientSession.getNote(OIDCLoginProtocol.REDIRECT_URI_PARAM);
|
String redirectUri = clientSession.getNote(OIDCLoginProtocol.REDIRECT_URI_PARAM);
|
||||||
if (redirectUri != null && !redirectUri.equals(formData.getFirst(OAuth2Constants.REDIRECT_URI))) {
|
if (redirectUri != null && !redirectUri.equals(formParams.getFirst(OAuth2Constants.REDIRECT_URI))) {
|
||||||
event.error(Errors.INVALID_CODE);
|
event.error(Errors.INVALID_CODE);
|
||||||
throw new ErrorResponseException("invalid_grant", "Incorrect redirect_uri", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_grant", "Incorrect redirect_uri", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
@ -243,9 +233,9 @@ public class TokenEndpoint {
|
||||||
throw new ErrorResponseException("invalid_grant", "Session not active", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException("invalid_grant", "Session not active", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
String adapterSessionId = formData.getFirst(AdapterConstants.APPLICATION_SESSION_STATE);
|
String adapterSessionId = formParams.getFirst(AdapterConstants.APPLICATION_SESSION_STATE);
|
||||||
if (adapterSessionId != null) {
|
if (adapterSessionId != null) {
|
||||||
String adapterSessionHost = formData.getFirst(AdapterConstants.APPLICATION_SESSION_HOST);
|
String adapterSessionHost = formParams.getFirst(AdapterConstants.APPLICATION_SESSION_HOST);
|
||||||
logger.debugf("Adapter Session '%s' saved in ClientSession for client '%s'. Host is '%s'", adapterSessionId, client.getClientId(), adapterSessionHost);
|
logger.debugf("Adapter Session '%s' saved in ClientSession for client '%s'. Host is '%s'", adapterSessionId, client.getClientId(), adapterSessionHost);
|
||||||
|
|
||||||
event.detail(AdapterConstants.APPLICATION_SESSION_STATE, adapterSessionId);
|
event.detail(AdapterConstants.APPLICATION_SESSION_STATE, adapterSessionId);
|
||||||
|
@ -266,10 +256,8 @@ public class TokenEndpoint {
|
||||||
return Cors.add(request, Response.ok(res).type(MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
return Cors.add(request, Response.ok(res).type(MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response buildRefreshToken(final MultivaluedMap<String, String> formData) {
|
public Response buildRefreshToken() {
|
||||||
ClientModel client = authorizeClient(formData);
|
String refreshToken = formParams.getFirst(OAuth2Constants.REFRESH_TOKEN);
|
||||||
|
|
||||||
String refreshToken = formData.getFirst(OAuth2Constants.REFRESH_TOKEN);
|
|
||||||
if (refreshToken == null) {
|
if (refreshToken == null) {
|
||||||
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "No refresh token", Response.Status.BAD_REQUEST);
|
throw new ErrorResponseException(OAuthErrorException.INVALID_REQUEST, "No refresh token", Response.Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
@ -287,14 +275,14 @@ public class TokenEndpoint {
|
||||||
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
return Cors.add(request, Response.ok(res, MediaType.APPLICATION_JSON_TYPE)).auth().allowedOrigins(client).allowedMethods("POST").exposedHeaders(Cors.ACCESS_CONTROL_ALLOW_METHODS).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Response buildResourceOwnerPasswordCredentialsGrant(final MultivaluedMap<String, String> formData) {
|
public Response buildResourceOwnerPasswordCredentialsGrant() {
|
||||||
if (!realm.isPasswordCredentialGrantAllowed()) {
|
if (!realm.isPasswordCredentialGrantAllowed()) {
|
||||||
throw new ErrorResponseException("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
|
throw new ErrorResponseException("not_enabled", "Direct Grant REST API not enabled", Response.Status.FORBIDDEN);
|
||||||
}
|
}
|
||||||
|
|
||||||
event.detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");
|
event.detail(Details.AUTH_METHOD, "oauth_credentials").detail(Details.RESPONSE_TYPE, "token");
|
||||||
|
|
||||||
String username = formData.getFirst(AuthenticationManager.FORM_USERNAME);
|
String username = formParams.getFirst(AuthenticationManager.FORM_USERNAME);
|
||||||
if (username == null) {
|
if (username == null) {
|
||||||
event.error(Errors.USERNAME_MISSING);
|
event.error(Errors.USERNAME_MISSING);
|
||||||
throw new ErrorResponseException("invalid_request", "Missing parameter: username", Response.Status.UNAUTHORIZED);
|
throw new ErrorResponseException("invalid_request", "Missing parameter: username", Response.Status.UNAUTHORIZED);
|
||||||
|
@ -304,9 +292,7 @@ public class TokenEndpoint {
|
||||||
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
|
UserModel user = KeycloakModelUtils.findUserByNameOrEmail(session, realm, username);
|
||||||
if (user != null) event.user(user);
|
if (user != null) event.user(user);
|
||||||
|
|
||||||
ClientModel client = authorizeClient(formData);
|
AuthenticationManager.AuthenticationStatus authenticationStatus = authManager.authenticateForm(session, clientConnection, realm, formParams);
|
||||||
|
|
||||||
AuthenticationManager.AuthenticationStatus authenticationStatus = authManager.authenticateForm(session, clientConnection, realm, formData);
|
|
||||||
Map<String, String> err;
|
Map<String, String> err;
|
||||||
|
|
||||||
switch (authenticationStatus) {
|
switch (authenticationStatus) {
|
||||||
|
@ -324,7 +310,7 @@ public class TokenEndpoint {
|
||||||
throw new ErrorResponseException("invalid_grant", "Invalid user credentials", Response.Status.UNAUTHORIZED);
|
throw new ErrorResponseException("invalid_grant", "Invalid user credentials", Response.Status.UNAUTHORIZED);
|
||||||
}
|
}
|
||||||
|
|
||||||
String scope = formData.getFirst(OAuth2Constants.SCOPE);
|
String scope = formParams.getFirst(OAuth2Constants.SCOPE);
|
||||||
|
|
||||||
UserSessionProvider sessions = session.sessions();
|
UserSessionProvider sessions = session.sessions();
|
||||||
|
|
||||||
|
|
|
@ -25,6 +25,7 @@ import org.jboss.logging.Logger;
|
||||||
import org.jboss.resteasy.spi.BadRequestException;
|
import org.jboss.resteasy.spi.BadRequestException;
|
||||||
import org.jboss.resteasy.spi.HttpRequest;
|
import org.jboss.resteasy.spi.HttpRequest;
|
||||||
import org.keycloak.ClientConnection;
|
import org.keycloak.ClientConnection;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.account.AccountPages;
|
import org.keycloak.account.AccountPages;
|
||||||
import org.keycloak.account.AccountProvider;
|
import org.keycloak.account.AccountProvider;
|
||||||
import org.keycloak.events.Details;
|
import org.keycloak.events.Details;
|
||||||
|
@ -763,7 +764,7 @@ public class AccountService {
|
||||||
|
|
||||||
private Response login(String path) {
|
private Response login(String path) {
|
||||||
OAuthRedirect oauth = new OAuthRedirect();
|
OAuthRedirect oauth = new OAuthRedirect();
|
||||||
String authUrl = OIDCLoginProtocolService.loginPageUrl(uriInfo).build(realm.getName()).toString();
|
String authUrl = OIDCLoginProtocolService.authUrl(uriInfo).build(realm.getName()).toString();
|
||||||
oauth.setAuthUrl(authUrl);
|
oauth.setAuthUrl(authUrl);
|
||||||
|
|
||||||
oauth.setClientId(Constants.ACCOUNT_MANAGEMENT_APP);
|
oauth.setClientId(Constants.ACCOUNT_MANAGEMENT_APP);
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
package org.keycloak.services.resources;
|
package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
|
import org.keycloak.Version;
|
||||||
|
|
||||||
import javax.ws.rs.GET;
|
import javax.ws.rs.GET;
|
||||||
import javax.ws.rs.Path;
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.CacheControl;
|
import javax.ws.rs.core.CacheControl;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -38,6 +40,17 @@ public class JsResource {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/{version}/keycloak.js")
|
||||||
|
@Produces("text/javascript")
|
||||||
|
public Response getJsWithVersion(@PathParam("version") String version) {
|
||||||
|
if (!version.equals(Version.RESOURCES_VERSION)) {
|
||||||
|
return Response.status(Response.Status.NOT_FOUND).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
return getJs();
|
||||||
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("/keycloak.min.js")
|
@Path("/keycloak.min.js")
|
||||||
@Produces("text/javascript")
|
@Produces("text/javascript")
|
||||||
|
@ -54,4 +67,15 @@ public class JsResource {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/{version}/keycloak.min.js")
|
||||||
|
@Produces("text/javascript")
|
||||||
|
public Response getMinJsWithVersion(@PathParam("version") String version) {
|
||||||
|
if (!version.equals(Version.RESOURCES_VERSION)) {
|
||||||
|
return Response.status(Response.Status.NOT_FOUND).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
return getMinJs();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@ package org.keycloak.services.resources;
|
||||||
|
|
||||||
import org.jboss.logging.Logger;
|
import org.jboss.logging.Logger;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
|
import org.keycloak.Version;
|
||||||
import org.keycloak.freemarker.Theme;
|
import org.keycloak.freemarker.Theme;
|
||||||
import org.keycloak.freemarker.ThemeProvider;
|
import org.keycloak.freemarker.ThemeProvider;
|
||||||
import org.keycloak.models.KeycloakSession;
|
import org.keycloak.models.KeycloakSession;
|
||||||
|
@ -38,7 +39,11 @@ public class ThemeResource {
|
||||||
*/
|
*/
|
||||||
@GET
|
@GET
|
||||||
@Path("/{version}/{themeType}/{themeName}/{path:.*}")
|
@Path("/{version}/{themeType}/{themeName}/{path:.*}")
|
||||||
public Response getResource(@PathParam("themeType") String themType, @PathParam("themeName") String themeName, @PathParam("path") String path) {
|
public Response getResource(@PathParam("version") String version, @PathParam("themeType") String themType, @PathParam("themeName") String themeName, @PathParam("path") String path) {
|
||||||
|
if (!version.equals(Version.RESOURCES_VERSION)) {
|
||||||
|
return Response.status(Response.Status.NOT_FOUND).build();
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
|
ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
|
||||||
Theme theme = themeProvider.getTheme(themeName, Theme.Type.valueOf(themType.toUpperCase()));
|
Theme theme = themeProvider.getTheme(themeName, Theme.Type.valueOf(themType.toUpperCase()));
|
||||||
|
|
|
@ -8,6 +8,7 @@ import org.jboss.resteasy.spi.HttpResponse;
|
||||||
import org.jboss.resteasy.spi.NotFoundException;
|
import org.jboss.resteasy.spi.NotFoundException;
|
||||||
import org.keycloak.ClientConnection;
|
import org.keycloak.ClientConnection;
|
||||||
import org.keycloak.Config;
|
import org.keycloak.Config;
|
||||||
|
import org.keycloak.Version;
|
||||||
import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
|
import org.keycloak.freemarker.BrowserSecurityHeaderSetup;
|
||||||
import org.keycloak.freemarker.FreeMarkerException;
|
import org.keycloak.freemarker.FreeMarkerException;
|
||||||
import org.keycloak.freemarker.FreeMarkerUtil;
|
import org.keycloak.freemarker.FreeMarkerUtil;
|
||||||
|
@ -290,6 +291,7 @@ public class AdminConsole {
|
||||||
|
|
||||||
map.put("authUrl", authUrl);
|
map.put("authUrl", authUrl);
|
||||||
map.put("resourceUrl", Urls.themeRoot(baseUri) + "/admin/" + adminTheme);
|
map.put("resourceUrl", Urls.themeRoot(baseUri) + "/admin/" + adminTheme);
|
||||||
|
map.put("resourceVersion", Version.RESOURCES_VERSION);
|
||||||
|
|
||||||
ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
|
ThemeProvider themeProvider = session.getProvider(ThemeProvider.class, "extending");
|
||||||
Theme theme = themeProvider.getTheme(realm.getAdminTheme(), Theme.Type.ADMIN);
|
Theme theme = themeProvider.getTheme(realm.getAdminTheme(), Theme.Type.ADMIN);
|
||||||
|
|
|
@ -34,7 +34,8 @@ public class OAuthRedirect extends AbstractOAuthClient {
|
||||||
UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
|
UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
|
||||||
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
|
.queryParam(OAuth2Constants.CLIENT_ID, clientId)
|
||||||
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
|
||||||
.queryParam(OAuth2Constants.STATE, state);
|
.queryParam(OAuth2Constants.STATE, state)
|
||||||
|
.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE);
|
||||||
if (scope != null) {
|
if (scope != null) {
|
||||||
uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
|
uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,12 +46,27 @@ import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
import java.util.Properties;
|
||||||
|
import java.util.concurrent.atomic.AtomicBoolean;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
|
||||||
*/
|
*/
|
||||||
public class KeycloakServer {
|
public class KeycloakServer {
|
||||||
|
|
||||||
|
static {
|
||||||
|
try {
|
||||||
|
File f = new File(System.getProperty("user.home"), ".keycloak-test.properties");
|
||||||
|
if (f.isFile()) {
|
||||||
|
Properties p = new Properties();
|
||||||
|
p.load(new FileInputStream(f));
|
||||||
|
System.getProperties().putAll(p);
|
||||||
|
}
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private static final Logger log = Logger.getLogger(KeycloakServer.class);
|
private static final Logger log = Logger.getLogger(KeycloakServer.class);
|
||||||
|
|
||||||
private boolean sysout = false;
|
private boolean sysout = false;
|
||||||
|
|
|
@ -67,10 +67,6 @@ public class OAuthClient {
|
||||||
|
|
||||||
private String realm = "test";
|
private String realm = "test";
|
||||||
|
|
||||||
private String responseType = OAuth2Constants.CODE;
|
|
||||||
|
|
||||||
private String grantType = "authorization_code";
|
|
||||||
|
|
||||||
private String clientId = "test-app";
|
private String clientId = "test-app";
|
||||||
|
|
||||||
private String redirectUri = "http://localhost:8081/app/auth";
|
private String redirectUri = "http://localhost:8081/app/auth";
|
||||||
|
@ -113,9 +109,8 @@ public class OAuthClient {
|
||||||
HttpPost post = new HttpPost(getAccessTokenUrl());
|
HttpPost post = new HttpPost(getAccessTokenUrl());
|
||||||
|
|
||||||
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
||||||
if (grantType != null) {
|
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.AUTHORIZATION_CODE));
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
|
|
||||||
}
|
|
||||||
if (code != null) {
|
if (code != null) {
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
|
parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
|
||||||
}
|
}
|
||||||
|
@ -153,6 +148,7 @@ public class OAuthClient {
|
||||||
post.setHeader("Authorization", authorization);
|
post.setHeader("Authorization", authorization);
|
||||||
|
|
||||||
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
||||||
|
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD));
|
||||||
parameters.add(new BasicNameValuePair("username", username));
|
parameters.add(new BasicNameValuePair("username", username));
|
||||||
parameters.add(new BasicNameValuePair("password", password));
|
parameters.add(new BasicNameValuePair("password", password));
|
||||||
|
|
||||||
|
@ -199,9 +195,8 @@ public class OAuthClient {
|
||||||
HttpPost post = new HttpPost(getRefreshTokenUrl());
|
HttpPost post = new HttpPost(getRefreshTokenUrl());
|
||||||
|
|
||||||
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
||||||
if (grantType != null) {
|
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
|
|
||||||
}
|
|
||||||
if (refreshToken != null) {
|
if (refreshToken != null) {
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
|
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
|
||||||
}
|
}
|
||||||
|
@ -290,10 +285,8 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl() {
|
public String getLoginFormUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, OAuth2Constants.CODE);
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
|
||||||
}
|
|
||||||
if (clientId != null) {
|
if (clientId != null) {
|
||||||
b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
|
b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
|
||||||
}
|
}
|
||||||
|
@ -307,7 +300,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAccessTokenUrl() {
|
public String getAccessTokenUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -323,12 +316,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRefreshTokenUrl() {
|
public String getRefreshTokenUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -351,11 +344,6 @@ public class OAuthClient {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public OAuthClient responseType(String responseType) {
|
|
||||||
this.responseType = responseType;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public OAuthClient state(String state) {
|
public OAuthClient state(String state) {
|
||||||
this.state = state;
|
this.state = state;
|
||||||
return this;
|
return this;
|
||||||
|
|
|
@ -92,7 +92,7 @@ public class AdapterTestStrategy extends ExternalResource {
|
||||||
@WebResource
|
@WebResource
|
||||||
protected InputPage inputPage;
|
protected InputPage inputPage;
|
||||||
|
|
||||||
protected String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
|
protected String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(AUTH_SERVER_URL)).build("demo").toString();
|
||||||
|
|
||||||
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
|
public AdapterTestStrategy(String AUTH_SERVER_URL, String APP_SERVER_BASE_URL, AbstractKeycloakRule keycloakRule) {
|
||||||
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
|
this.AUTH_SERVER_URL = AUTH_SERVER_URL;
|
||||||
|
@ -420,11 +420,12 @@ public class AdapterTestStrategy extends ExternalResource {
|
||||||
public void testBadUser() throws Exception {
|
public void testBadUser() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
|
UriBuilder builder = UriBuilder.fromUri(AUTH_SERVER_URL);
|
||||||
URI uri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("demo");
|
URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("demo");
|
||||||
WebTarget target = client.target(uri);
|
WebTarget target = client.target(uri);
|
||||||
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
String header = BasicAuthHelper.createHeader("customer-portal", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
form.param("username", "monkey@redhat.com")
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
|
||||||
|
.param("username", "monkey@redhat.com")
|
||||||
.param("password", "password");
|
.param("password", "password");
|
||||||
Response response = target.request()
|
Response response = target.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
|
|
@ -31,7 +31,7 @@ import org.openqa.selenium.WebDriver;
|
||||||
*/
|
*/
|
||||||
public class CookieTokenStoreAdapterTest {
|
public class CookieTokenStoreAdapterTest {
|
||||||
|
|
||||||
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
public static final String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
||||||
|
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule() {
|
||||||
|
|
|
@ -126,7 +126,7 @@ public class MultiTenancyTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void doTenantRequests(String tenant, boolean logout) {
|
private void doTenantRequests(String tenant, boolean logout) {
|
||||||
String tenantLoginUrl = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build(tenant).toString();
|
String tenantLoginUrl = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build(tenant).toString();
|
||||||
|
|
||||||
driver.navigate().to("http://localhost:8081/multi-tenant?realm="+tenant);
|
driver.navigate().to("http://localhost:8081/multi-tenant?realm="+tenant);
|
||||||
System.out.println("Current url: " + driver.getCurrentUrl());
|
System.out.println("Current url: " + driver.getCurrentUrl());
|
||||||
|
|
|
@ -66,7 +66,7 @@ import java.util.Map;
|
||||||
*/
|
*/
|
||||||
public class RelativeUriAdapterTest {
|
public class RelativeUriAdapterTest {
|
||||||
|
|
||||||
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
public static final String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
||||||
public static PublicKey realmPublicKey;
|
public static PublicKey realmPublicKey;
|
||||||
@ClassRule
|
@ClassRule
|
||||||
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
public static AbstractKeycloakRule keycloakRule = new AbstractKeycloakRule(){
|
||||||
|
|
|
@ -175,7 +175,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||||
driver.navigate().to("http://localhost:8081/test-app");
|
driver.navigate().to("http://localhost:8081/test-app");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
} finally {
|
} finally {
|
||||||
getRealm().setRegistrationEmailAsUsername(false);
|
getRealm().setRegistrationEmailAsUsername(false);
|
||||||
|
@ -215,7 +215,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app/");
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
this.driver.findElement(By.className(getProviderId()));
|
this.driver.findElement(By.className(getProviderId()));
|
||||||
|
@ -245,7 +245,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app/");
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
this.driver.findElement(By.className(getProviderId()));
|
this.driver.findElement(By.className(getProviderId()));
|
||||||
|
@ -267,7 +267,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
public void testUserAlreadyExistsWhenUpdatingProfile() {
|
public void testUserAlreadyExistsWhenUpdatingProfile() {
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app/");
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
// choose the identity provider
|
// choose the identity provider
|
||||||
this.loginPage.clickSocial(getProviderId());
|
this.loginPage.clickSocial(getProviderId());
|
||||||
|
@ -306,7 +306,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
|
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app/");
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
// choose the identity provider
|
// choose the identity provider
|
||||||
this.loginPage.clickSocial(getProviderId());
|
this.loginPage.clickSocial(getProviderId());
|
||||||
|
@ -374,7 +374,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
public void testIdentityProviderNotAllowed() {
|
public void testIdentityProviderNotAllowed() {
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app/");
|
this.driver.navigate().to("http://localhost:8081/test-app/");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
driver.findElement(By.className("model-oidc-idp"));
|
driver.findElement(By.className("model-oidc-idp"));
|
||||||
}
|
}
|
||||||
|
@ -438,7 +438,7 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||||
driver.navigate().to("http://localhost:8081/test-app");
|
driver.navigate().to("http://localhost:8081/test-app");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -533,13 +533,13 @@ public abstract class AbstractIdentityProviderTest {
|
||||||
driver.navigate().to("http://localhost:8081/test-app/logout");
|
driver.navigate().to("http://localhost:8081/test-app/logout");
|
||||||
driver.navigate().to("http://localhost:8081/test-app");
|
driver.navigate().to("http://localhost:8081/test-app");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
}
|
}
|
||||||
|
|
||||||
private void authenticateWithIdentityProvider(IdentityProviderModel identityProviderModel, String username) {
|
private void authenticateWithIdentityProvider(IdentityProviderModel identityProviderModel, String username) {
|
||||||
driver.navigate().to("http://localhost:8081/test-app");
|
driver.navigate().to("http://localhost:8081/test-app");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
// choose the identity provider
|
// choose the identity provider
|
||||||
this.loginPage.clickSocial(getProviderId());
|
this.loginPage.clickSocial(getProviderId());
|
||||||
|
|
|
@ -74,7 +74,7 @@ public class IdentityProviderHintTest {
|
||||||
public void testInvalidIdentityProviderHint() {
|
public void testInvalidIdentityProviderHint() {
|
||||||
this.driver.navigate().to("http://localhost:8081/test-app?k_idp_hint=invalid-idp-id");
|
this.driver.navigate().to("http://localhost:8081/test-app?k_idp_hint=invalid-idp-id");
|
||||||
|
|
||||||
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/login"));
|
assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
|
||||||
|
|
||||||
assertEquals("Could not find an identity provider with the identifier [invalid-idp-id].", this.driver.findElement(By.className("instruction")).getText());
|
assertEquals("Could not find an identity provider with the identifier [invalid-idp-id].", this.driver.findElement(By.className("instruction")).getText());
|
||||||
}
|
}
|
||||||
|
|
|
@ -149,7 +149,7 @@ public class AccessTokenTest {
|
||||||
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "invalid");
|
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "invalid");
|
||||||
Assert.assertEquals(400, response.getStatusCode());
|
Assert.assertEquals(400, response.getStatusCode());
|
||||||
|
|
||||||
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_client_credentials").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID);
|
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null);
|
||||||
expectedEvent.assertEvent();
|
expectedEvent.assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,7 +190,7 @@ public class AccessTokenTest {
|
||||||
assertNull(tokenResponse.getAccessToken());
|
assertNull(tokenResponse.getAccessToken());
|
||||||
assertNull(tokenResponse.getRefreshToken());
|
assertNull(tokenResponse.getRefreshToken());
|
||||||
|
|
||||||
events.expectCodeToToken(codeId, sessionId).removeDetail(Details.TOKEN_ID).client((String) null).user((String) null).session((String) null).removeDetail(Details.REFRESH_TOKEN_ID).error(Errors.INVALID_CODE).assertEvent();
|
events.expectCodeToToken(codeId, sessionId).removeDetail(Details.TOKEN_ID).user((String) null).session((String) null).removeDetail(Details.REFRESH_TOKEN_ID).error(Errors.INVALID_CODE).assertEvent();
|
||||||
|
|
||||||
events.clear();
|
events.clear();
|
||||||
}
|
}
|
||||||
|
@ -222,7 +222,7 @@ public class AccessTokenTest {
|
||||||
Assert.assertEquals(400, response.getStatusCode());
|
Assert.assertEquals(400, response.getStatusCode());
|
||||||
|
|
||||||
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
||||||
expectedEvent.error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).client((String) null).user((String) null);
|
expectedEvent.error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).user((String) null);
|
||||||
expectedEvent.assertEvent();
|
expectedEvent.assertEvent();
|
||||||
|
|
||||||
events.clear();
|
events.clear();
|
||||||
|
@ -254,7 +254,7 @@ public class AccessTokenTest {
|
||||||
Assert.assertEquals(400, response.getStatusCode());
|
Assert.assertEquals(400, response.getStatusCode());
|
||||||
|
|
||||||
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
||||||
expectedEvent.error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).client((String) null).user((String) null);
|
expectedEvent.error("invalid_code").removeDetail(Details.TOKEN_ID).removeDetail(Details.REFRESH_TOKEN_ID).user((String) null);
|
||||||
expectedEvent.assertEvent();
|
expectedEvent.assertEvent();
|
||||||
|
|
||||||
events.clear();
|
events.clear();
|
||||||
|
@ -335,7 +335,7 @@ public class AccessTokenTest {
|
||||||
public void testValidateAccessToken() throws Exception {
|
public void testValidateAccessToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI validateUri = OIDCLoginProtocolService.validateAccessTokenUrl(builder).build("test");
|
URI validateUri = OIDCLoginProtocolService.validateAccessTokenUrl(builder).build("test");
|
||||||
|
@ -392,7 +392,7 @@ public class AccessTokenTest {
|
||||||
public void testGrantAccessToken() throws Exception {
|
public void testGrantAccessToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
|
|
||||||
{ // test checkSsl
|
{ // test checkSsl
|
||||||
|
@ -421,6 +421,7 @@ public class AccessTokenTest {
|
||||||
{ // test null username
|
{ // test null username
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD);
|
||||||
form.param("password", "password");
|
form.param("password", "password");
|
||||||
Response response = grantTarget.request()
|
Response response = grantTarget.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
@ -432,6 +433,7 @@ public class AccessTokenTest {
|
||||||
{ // test no password
|
{ // test no password
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD);
|
||||||
form.param("username", "test-user@localhost");
|
form.param("username", "test-user@localhost");
|
||||||
Response response = grantTarget.request()
|
Response response = grantTarget.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
@ -443,6 +445,7 @@ public class AccessTokenTest {
|
||||||
{ // test invalid password
|
{ // test invalid password
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD);
|
||||||
form.param("username", "test-user@localhost");
|
form.param("username", "test-user@localhost");
|
||||||
form.param("password", "invalid");
|
form.param("password", "invalid");
|
||||||
Response response = grantTarget.request()
|
Response response = grantTarget.request()
|
||||||
|
@ -598,7 +601,7 @@ public class AccessTokenTest {
|
||||||
public void testTokenMapping() throws Exception {
|
public void testTokenMapping() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
{
|
{
|
||||||
KeycloakSession session = keycloakRule.startSession();
|
KeycloakSession session = keycloakRule.startSession();
|
||||||
|
@ -721,7 +724,8 @@ public class AccessTokenTest {
|
||||||
protected Response executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
protected Response executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
form.param("username", "test-user@localhost")
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
|
||||||
|
.param("username", "test-user@localhost")
|
||||||
.param("password", "password");
|
.param("password", "password");
|
||||||
return grantTarget.request()
|
return grantTarget.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
|
|
@ -97,7 +97,7 @@ public class RefreshTokenTest {
|
||||||
public void nullRefreshToken() throws Exception {
|
public void nullRefreshToken() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI uri = OIDCLoginProtocolService.refreshUrl(builder).build("test");
|
URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget target = client.target(uri);
|
WebTarget target = client.target(uri);
|
||||||
|
|
||||||
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
|
org.keycloak.representations.AccessTokenResponse tokenResponse = null;
|
||||||
|
@ -389,10 +389,10 @@ public class RefreshTokenTest {
|
||||||
public void testCheckSsl() throws Exception {
|
public void testCheckSsl() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI uri = OIDCLoginProtocolService.refreshUrl(builder).build("test");
|
URI uri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget refreshTarget = client.target(uri);
|
WebTarget refreshTarget = client.target(uri);
|
||||||
|
|
||||||
String refreshToken = null;
|
String refreshToken = null;
|
||||||
|
@ -452,6 +452,7 @@ public class RefreshTokenTest {
|
||||||
protected Response executeRefreshToken(WebTarget refreshTarget, String refreshToken) {
|
protected Response executeRefreshToken(WebTarget refreshTarget, String refreshToken) {
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN);
|
||||||
form.param("refresh_token", refreshToken);
|
form.param("refresh_token", refreshToken);
|
||||||
return refreshTarget.request()
|
return refreshTarget.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
@ -461,7 +462,8 @@ public class RefreshTokenTest {
|
||||||
protected Response executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
protected Response executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
form.param("username", "test-user@localhost")
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
|
||||||
|
.param("username", "test-user@localhost")
|
||||||
.param("password", "password");
|
.param("password", "password");
|
||||||
return grantTarget.request()
|
return grantTarget.request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, header)
|
.header(HttpHeaders.AUTHORIZATION, header)
|
||||||
|
|
|
@ -181,11 +181,9 @@ public class ResourceOwnerPasswordCredentialsGrantTest {
|
||||||
events.expectLogin()
|
events.expectLogin()
|
||||||
.client("resource-owner")
|
.client("resource-owner")
|
||||||
.session((String) null)
|
.session((String) null)
|
||||||
.detail(Details.AUTH_METHOD, "oauth_credentials")
|
.clearDetails()
|
||||||
.detail(Details.RESPONSE_TYPE, "token")
|
|
||||||
.removeDetail(Details.CODE_ID)
|
|
||||||
.removeDetail(Details.REDIRECT_URI)
|
|
||||||
.error(Errors.INVALID_CLIENT_CREDENTIALS)
|
.error(Errors.INVALID_CLIENT_CREDENTIALS)
|
||||||
|
.user((String) null)
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,7 @@ package org.keycloak.testsuite.oidc;
|
||||||
import org.junit.ClassRule;
|
import org.junit.ClassRule;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.keycloak.OAuth2Constants;
|
||||||
import org.keycloak.models.RealmModel;
|
import org.keycloak.models.RealmModel;
|
||||||
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
|
||||||
import org.keycloak.representations.AccessTokenResponse;
|
import org.keycloak.representations.AccessTokenResponse;
|
||||||
|
@ -68,7 +69,7 @@ public class UserInfoTest {
|
||||||
public void testSuccessfulUserInfoRequest() throws Exception {
|
public void testSuccessfulUserInfoRequest() throws Exception {
|
||||||
Client client = ClientBuilder.newClient();
|
Client client = ClientBuilder.newClient();
|
||||||
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
UriBuilder builder = UriBuilder.fromUri(org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT);
|
||||||
URI grantUri = OIDCLoginProtocolService.grantAccessTokenUrl(builder).build("test");
|
URI grantUri = OIDCLoginProtocolService.tokenUrl(builder).build("test");
|
||||||
WebTarget grantTarget = client.target(grantUri);
|
WebTarget grantTarget = client.target(grantUri);
|
||||||
AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(grantTarget);
|
AccessTokenResponse accessTokenResponse = executeGrantAccessTokenRequest(grantTarget);
|
||||||
Response response = executeUserInfoRequest(accessTokenResponse.getToken());
|
Response response = executeUserInfoRequest(accessTokenResponse.getToken());
|
||||||
|
@ -99,7 +100,8 @@ public class UserInfoTest {
|
||||||
private AccessTokenResponse executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
private AccessTokenResponse executeGrantAccessTokenRequest(WebTarget grantTarget) {
|
||||||
String header = BasicAuthHelper.createHeader("test-app", "password");
|
String header = BasicAuthHelper.createHeader("test-app", "password");
|
||||||
Form form = new Form();
|
Form form = new Form();
|
||||||
form.param("username", "test-user@localhost")
|
form.param(OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD)
|
||||||
|
.param("username", "test-user@localhost")
|
||||||
.param("password", "password");
|
.param("password", "password");
|
||||||
|
|
||||||
Response response = grantTarget.request()
|
Response response = grantTarget.request()
|
||||||
|
|
|
@ -136,7 +136,7 @@ public class AccessTokenPerfTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl(String state) {
|
public String getLoginFormUrl(String state) {
|
||||||
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
if (responseType != null) {
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
||||||
}
|
}
|
||||||
|
@ -204,7 +204,7 @@ public class AccessTokenPerfTest {
|
||||||
|
|
||||||
String authorization = BasicAuthHelper.createHeader(clientId, "password");
|
String authorization = BasicAuthHelper.createHeader(clientId, "password");
|
||||||
|
|
||||||
String res = client.target(OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
|
String res = client.target(OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
|
||||||
.header(HttpHeaders.AUTHORIZATION, authorization)
|
.header(HttpHeaders.AUTHORIZATION, authorization)
|
||||||
.post(Entity.form(form), String.class);
|
.post(Entity.form(form), String.class);
|
||||||
count.incrementAndGet();
|
count.incrementAndGet();
|
||||||
|
|
|
@ -199,7 +199,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getLoginFormUrl() {
|
public String getLoginFormUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(baseUrl));
|
||||||
if (responseType != null) {
|
if (responseType != null) {
|
||||||
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
|
||||||
}
|
}
|
||||||
|
@ -216,7 +216,7 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getAccessTokenUrl() {
|
public String getAccessTokenUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -232,12 +232,12 @@ public class OAuthClient {
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
public String getResourceOwnerPasswordCredentialGrantUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.grantAccessTokenUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getRefreshTokenUrl() {
|
public String getRefreshTokenUrl() {
|
||||||
UriBuilder b = OIDCLoginProtocolService.refreshUrl(UriBuilder.fromUri(baseUrl));
|
UriBuilder b = OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(baseUrl));
|
||||||
return b.build(realm).toString();
|
return b.build(realm).toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -188,7 +188,7 @@ public class ProxyTest {
|
||||||
@WebResource
|
@WebResource
|
||||||
protected LoginPage loginPage;
|
protected LoginPage loginPage;
|
||||||
|
|
||||||
public static final String LOGIN_URL = OIDCLoginProtocolService.loginPageUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
public static final String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri("http://localhost:8081/auth")).build("demo").toString();
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testHttp() throws Exception {
|
public void testHttp() throws Exception {
|
||||||
|
|
Loading…
Reference in a new issue