libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #4258 from stianst/KEYCLOAK-4984

Browse source 
KEYCLOAK-4984 Don't update client registration access token on read
This commit is contained in:
Stian Thorgersen 2017-06-27 10:44:06 +02:00 committed by GitHub
commit fa165806f9
5 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/services/clientregistration/AbstractClientRegistrationProvider.java
View file

@ -99,7 +99,7 @@ public abstract class AbstractClientRegistrationProvider implements ClientRegist
ClientRepresentation rep = ModelToRepresentation.toRepresentation(client); ClientRepresentation rep = ModelToRepresentation.toRepresentation(client);
if (auth.isRegistrationAccessToken()) { if (auth.isRegistrationAccessToken()) {
String registrationAccessToken = ClientRegistrationTokenUtils.updateRegistrationAccessToken(session, client, auth.getRegistrationAuth()); String registrationAccessToken = ClientRegistrationTokenUtils.getRegistrationAccessToken(session, client, auth.getRegistrationAuth());
rep.setRegistrationAccessToken(registrationAccessToken); rep.setRegistrationAccessToken(registrationAccessToken);
} }

7
services/src/main/java/org/keycloak/services/clientregistration/ClientRegistrationTokenUtils.java
View file

@ -44,6 +44,13 @@ public class ClientRegistrationTokenUtils {
public static final String TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken"; public static final String TYPE_INITIAL_ACCESS_TOKEN = "InitialAccessToken";
public static final String TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken"; public static final String TYPE_REGISTRATION_ACCESS_TOKEN = "RegistrationAccessToken";
public static String getRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) {
RegistrationAccessToken regToken = new RegistrationAccessToken();
regToken.setRegistrationAuth(registrationAuth.toString().toLowerCase());
return setupToken(regToken, session, session.getContext().getRealm(), session.getContext().getUri(), client.getRegistrationToken(), TYPE_REGISTRATION_ACCESS_TOKEN, 0);
}
public static String updateRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) { public static String updateRegistrationAccessToken(KeycloakSession session, ClientModel client, RegistrationAuth registrationAuth) {
return updateRegistrationAccessToken(session, session.getContext().getRealm(), session.getContext().getUri(), client, registrationAuth); return updateRegistrationAccessToken(session, session.getContext().getRealm(), session.getContext().getUri(), client, registrationAuth);
} }

2
services/src/main/java/org/keycloak/services/clientregistration/policy/RegistrationAuth.java
View file

@ -17,8 +17,6 @@
package org.keycloak.services.clientregistration.policy; package org.keycloak.services.clientregistration.policy;
import org.keycloak.services.clientregistration.RegistrationAccessToken;
/** /**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a> * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/ */

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OIDCClientRegistrationTest.java
View file

@ -139,7 +139,7 @@ public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
OIDCClientRepresentation rep = reg.oidc().get(response.getClientId()); OIDCClientRepresentation rep = reg.oidc().get(response.getClientId());
assertNotNull(rep); assertNotNull(rep);
assertNotEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); assertEquals(response.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none"), response.getResponseTypes())); assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none"), response.getResponseTypes()));
assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN), response.getGrantTypes())); assertTrue(CollectionUtil.collectionEquals(Arrays.asList(OAuth2Constants.AUTHORIZATION_CODE, OAuth2Constants.REFRESH_TOKEN), response.getGrantTypes()));
assertNotNull(response.getClientSecret()); assertNotNull(response.getClientSecret());

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/RegistrationAccessTokenTest.java
View file

@ -84,11 +84,11 @@ public class RegistrationAccessTokenTest extends AbstractClientRegistrationTest
public void getClientWithRegistrationToken() throws ClientRegistrationException { public void getClientWithRegistrationToken() throws ClientRegistrationException {
ClientRepresentation rep = reg.get(client.getClientId()); ClientRepresentation rep = reg.get(client.getClientId());
assertNotNull(rep); assertNotNull(rep);
assertNotEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken()); assertEquals(client.getRegistrationAccessToken(), rep.getRegistrationAccessToken());
assertNotNull(rep.getRegistrationAccessToken());
// check registration access token is updated // KEYCLOAK-4984 check registration access token is not updated
assertRead(client.getClientId(), client.getRegistrationAccessToken(), false); assertRead(client.getClientId(), client.getRegistrationAccessToken(), true);
assertRead(client.getClientId(), rep.getRegistrationAccessToken(), true);
} }
@Test @Test