Merge pull request #4258 from stianst/KEYCLOAK-4984
KEYCLOAK-4984 Don't update client registration access token on read
This commit is contained in:
commit
fa165806f9
5 changed files with 13 additions and 8 deletions
|
@ -99,7 +99,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
|
|||
ClientRepresentation rep = ModelToRepresentation.toRepresentation(client);
|
||||
|
||||
if (auth.isRegistrationAccessToken()) {
|
||||
String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, client, auth.getRegistrationAuth());
|
||||
String registrationAccessToken = ClientRegistrationTokenUtils.getRegistrationAccessToken(session, client, auth.getRegistrationAuth());
|
||||
rep.setRegistrationAccessToken(registrationAccessToken);
|
||||
}
|
||||
|
||||
|
|
|
@ -44,6 +44,13 @@ public class ClientRegistrationTokenUtils {
|
|||
public static final String TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken";
|
||||
public static final String TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken";
|
||||
|
||||
public static String getRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) {
|
||||
RegistrationAccessToken regToken = new RegistrationAccessToken();
|
||||
regToken.setRegistrationAuth(registrationAuth.toString().toLowerCase());
|
||||
|
||||
return setupToken(regToken, session, session.getContext().getRealm(), session.getContext().getUri(), client.getRegistrationToken(), TYPE_REGISTRATION_ACCESS_TOKEN, 0);
|
||||
}
|
||||
|
||||
public static String updateRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) {
|
||||
return updateRegistrationAccessToken(session, session.getContext().getRealm(), session.getContext().getUri(), client, registrationAuth);
|
||||
}
|
||||
|
|
|
@ -17,8 +17,6 @@
|
|||
|
||||
package org.keycloak.services.clientregistration.policy;
|
||||
|
||||
import org.keycloak.services.clientregistration.RegistrationAccessToken;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
|
||||
*/
|
||||
|
|
|
@ -139,7 +139,7 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
|
|||
|
||||
OIDCClientRepresentation rep = reg.oidc().get(response.getClientId());
|
||||
assertNotNull(rep);
|
||||
assertNotEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
|
||||
assertEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
|
||||
assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none"), response.getResponseTypes()));
|
||||
assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN), response.getGrantTypes()));
|
||||
assertNotNull(response.getClientSecret());
|
||||
|
|
|
@ -84,11 +84,11 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
|
|||
public void getClientWithRegistrationToken() throws ClientRegistrationException {
|
||||
ClientRepresentation rep = reg.get(client.getClientId());
|
||||
assertNotNull(rep);
|
||||
assertNotEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
|
||||
assertEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
|
||||
assertNotNull(rep.getRegistrationAccessToken());
|
||||
|
||||
// check registration access token is updated
|
||||
assertRead(client.getClientId(), client.getRegistrationAccessToken(), false);
|
||||
assertRead(client.getClientId(), rep.getRegistrationAccessToken(), true);
|
||||
// KEYCLOAK-4984 check registration access token is not updated
|
||||
assertRead(client.getClientId(), client.getRegistrationAccessToken(), true);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in a new issue