From b4d39ca06126d4156150198361681251b12f96ba Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Mon, 26 Jun 2017 20:22:01 +0200 Subject: [PATCH] KEYCLOAK-4984 Don't update client registration access token on read --- .../AbstractClientRegistrationProvider.java | 2 +- .../clientregistration/ClientRegistrationTokenUtils.java | 7 +++++++ .../clientregistration/policy/RegistrationAuth.java | 2 -- .../testsuite/client/OIDCClientRegistrationTest.java | 2 +- .../testsuite/client/RegistrationAccessTokenTest.java | 8 ++++---- 5 files changed, 13 insertions(+), 8 deletions(-) diff --git a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java index da693aa83c..909b5a6c2f 100755 --- a/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java +++ b/services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java @@ -99,7 +99,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist ClientRepresentation rep = ModelToRepresentation.toRepresentation(client); if (auth.isRegistrationAccessToken()) { - String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, client, auth.getRegistrationAuth()); + String registrationAccessToken = ClientRegistrationTokenUtils.getRegistrationAccessToken(session, client, auth.getRegistrationAuth()); rep.setRegistrationAccessToken(registrationAccessToken); } diff --git a/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java b/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java index e2d4846735..99ebfc983f 100755 --- a/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java +++ b/services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java @@ -44,6 +44,13 @@ public class ClientRegistrationTokenUtils { public static final String TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken"; public static final String TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken"; + public static String getRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) { + RegistrationAccessToken regToken = new RegistrationAccessToken(); + regToken.setRegistrationAuth(registrationAuth.toString().toLowerCase()); + + return setupToken(regToken, session, session.getContext().getRealm(), session.getContext().getUri(), client.getRegistrationToken(), TYPE_REGISTRATION_ACCESS_TOKEN, 0); + } + public static String updateRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) { return updateRegistrationAccessToken(session, session.getContext().getRealm(), session.getContext().getUri(), client, registrationAuth); } diff --git a/services/src/main/java/org/keycloak/services/clientregistration/policy/RegistrationAuth.java b/services/src/main/java/org/keycloak/services/clientregistration/policy/RegistrationAuth.java index eca5ca198e..bad5bc435f 100644 --- a/services/src/main/java/org/keycloak/services/clientregistration/policy/RegistrationAuth.java +++ b/services/src/main/java/org/keycloak/services/clientregistration/policy/RegistrationAuth.java @@ -17,8 +17,6 @@ package org.keycloak.services.clientregistration.policy; -import org.keycloak.services.clientregistration.RegistrationAccessToken; - /** * @author Marek Posolda */ diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCClientRegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCClientRegistrationTest.java index 4b4c9ba427..57f71b265d 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCClientRegistrationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCClientRegistrationTest.java @@ -139,7 +139,7 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest { OIDCClientRepresentation rep = reg.oidc().get(response.getClientId()); assertNotNull(rep); - assertNotEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); + assertEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none"), response.getResponseTypes())); assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN), response.getGrantTypes())); assertNotNull(response.getClientSecret()); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java index 3eb0d7e5ef..8b57ada8cb 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java @@ -84,11 +84,11 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest public void getClientWithRegistrationToken() throws ClientRegistrationException { ClientRepresentation rep = reg.get(client.getClientId()); assertNotNull(rep); - assertNotEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); + assertEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); + assertNotNull(rep.getRegistrationAccessToken()); - // check registration access token is updated - assertRead(client.getClientId(), client.getRegistrationAccessToken(), false); - assertRead(client.getClientId(), rep.getRegistrationAccessToken(), true); + // KEYCLOAK-4984 check registration access token is not updated + assertRead(client.getClientId(), client.getRegistrationAccessToken(), true); } @Test