see (https://issues.jboss.org/browse/KEYCLOAK-7354)
* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
* [master]: fix type for checkLoginIframeInterval
* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens
* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew
* [master]: KEYCLOAK-4538 Reverted wildcard imports
* [master]: fix unit test to use longer intervals to make test less fragile.
* KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn
OAuth2 endpoint
* KEYCLOAK-6849 - LinkedIn social login provider test updated
* KEYCLOAK-6849 - LinkedIn social login provider test updated to
conditionally handle consent page when shown only
* Simplify the LinkedIn app authorization
This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.
* Optimize loading. min bundles, stop double-loading, rxjs-system instead of
plain rxjs, clean up 404's
* Create module loading hierarchy. Allows for lazy loading.
* Upgrade NG, remove jquery, load keycloak.js only from auth/js
* Delay systemjs loading. Load home page instead of account.
* KEYCLOAK-6496: Cleanup and polish code after optimizations.
* Fix message bundle to be back the way it was.
* Remove unused png's. Remove comments in index.ftl. Remove javaMessages.
Identity token verification will now fetch the user from the session
state instead of relying on the sub provided in the token. Also done in
KeycloakIdentity.
Resolves: KEYCLOAK-6659
* [KEYCLOAK-3169] - UMA 2.0 Support
* [KEYCLOAK-3169] - Changes to account service and more tests
* [KEYCLOAK-3169] - Code cleanup and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - Changes to account service and tests
* [KEYCLOAK-3169] - More tests
* [KEYCLOAK-3169] - Changes to adapter configuration
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Reviewing UMA specs and more tests
* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring
* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests
* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers
* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console
* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console
* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests
* [KEYCLOAK-3169] - Removing more UMA 1.0 related code
* [KEYCLOAK-3169] - Only submit requests if ticket exists
* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - Removing unused code
* [KEYCLOAK-3169] - 403 response in case ticket is not created
* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent
* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
Github can send a null email on the user info endpoint if there is no public email on the user profile.
This commit look for email on the /user/emails endpoint, selecting the primary email.
We now provide a configurable way for dynamic proxy route selection
for the default HttpClient based on regex based targetHostname patterns.
Introduced `ProxyMapping` to describe a regex based mapping
between target hosts and the proxy URL to use.
A `ProxyMapping` can be build from an ordered list of string based
mapping representations, e.g:
```
^.*.(google.com|googleapis.com)$;http://localhost:8080
```
If the targetHost does not match a configured proxy mapping,
no proxy is used.
This can be configured via standalone.xml / jboss-cli, e.g.:
```
echo SETUP: Configure proxy routes for HttpClient SPI
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:add(enabled=true)
/subsystem=keycloak-server/spi=connectionsHttpClient/provider=default:write-attribute(name=properties.proxy-mappings,value=["^.*.(google.com|googleapis.com)$;http://www-proxy1:8080","^.*.facebook.com$;http://www-proxy2:8080"])
```
The new `ProxyMappingWareRoutePlanner` uses a configured `ProxyMapping`
to decide which proxy to use for a given request based on the target host
denoted by the HTTP request to execute.
I verified this manually with the BurpProxy Suite.
We now support multi-valued attribute values for the
`ScriptBasedOIDCProtocolMapper`.
Previously the `ScriptBasedOIDCProtocolMapper` only supported
single valued output. If a script returned a list of
output values then only the first value was emitted to the token.
By default multi-valued is set to `false` / `off`.
