Added 1 second to the duration of the cache for revoked tokens to prevent them from still being valid for 1 second after the expiration date of the access token.
Closes#26113
Signed-off-by: graziang <g.graziano94@gmail.com>
The role is encoded to avoid template resolution by the URIBuilder. This fix avoids the exception when creating roles with names containing {patterns}.
Closes#27514
Signed-off-by: graziang <g.graziano94@gmail.com>
Force consent for device verification flow when there are no client scopes to approve by adding a default client scope to approve
Closes#26100
Signed-off-by: graziang <g.graziano94@gmail.com>
List Google Authenticator as supported when
- hash algorithm is SHA256 or SHA512
- number of digits is 8
- OTP type is hotp
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Fix ClientScopesClientRegistrationPolicy.beforeUpdate because it was modifying the original clientRepresentation.
Add updateClientScopes method to set client scopes in Client Update Request in DCR.
Closes#24361
Signed-off-by: graziang <g.graziano94@gmail.com>
Closes#25676
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Add an "Always use lightweight access token" option on the client's Advanced tab in the "Advanced Settings" section that uses the already existing Constants.USE_LIGHTWEIGHT_ACCESS_TOKEN_ENABLED to store a boolean client attribute.
The attribute value is used to enable or disable the lightweight access token.
Closes#27238
Signed-off-by: graziang <g.graziano94@gmail.com>
Using an auth note to store the totpSecret and passing its value in the TotpBean constructor to keep the totpSecret on page reload
Closes#26052
Signed-off-by: graziang <g.graziano94@gmail.com>
Closes#23539
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Jon Koops <jonkoops@gmail.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
* chore: expose display name and locales when user has view-realm
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: supportedlocales are available as stream
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: tests
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
* fix: remove unnecessarily added ignore
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
---------
Signed-off-by: Peter Keuter <github@peterkeuter.nl>
`UpdatePassword.evaluateTriggers` adds the required-action to the user by evaluating the expiration password policy. Added a check that skips the evaluation if no password used during auth flow. This check uses the value of an auth note set in the `validatePassword` method of the `AbstractUsernameFormAuthenticator`.
Manually adding UPDATED_PASSWORD required-action to the user continues to trigger the action regardless of the authentication method.
Closes#17155
Signed-off-by: graziang <g.graziano94@gmail.com>
Closes#9758
Signed-off-by: vramik <vramik@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>