Commit graph

689 commits

Author SHA1 Message Date
Hiroyuki Wada
9d57b88dba KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
Author:    Hiroyuki Wada <h2-wada@nri.co.jp>
Date:      Thu May 2 00:22:24 2019 +0900

Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Yang Xie
2605eddbe7 KEYCLOAK-17300 Add a method to check if the token revocation request has duplicate parameters 2021-03-09 18:27:38 +01:00
Michal Hajas
fc29a39e5a KEYCLOAK-16592 Do not require destination with SOAP binding 2021-03-05 19:52:00 +01:00
mposolda
99c1ee7f5a KEYCLOAK-16793 KEYCLOAK-16948 Cors on error responses for logoutEndpoint and tokenEndpoint 2021-03-05 14:14:53 +01:00
Yang Xie
78754d1127 KEYCLOAK-17259 Add a method to check if the introspection request has duplicate parameters 2021-03-03 16:23:27 +01:00
Takashi Norimatsu
882f5ffea4 KEYCLOAK-15533 Client Policy : Extends Policy Interface to Migrate Client Registration Policies
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
2021-03-02 09:26:04 +01:00
Juan Manuel Rodriguez Alvarado
6255ebe6b5 [KEYCLOAK-16536] Implement Audit Events for Authorization Services requests 2021-02-22 17:28:59 -03:00
mposolda
ed8d5a257f KEYCLOAK-16517 Make sure that just real clients with standardFlow or implicitFlow enabled are considered for redirectUri during logout 2021-02-22 14:30:32 +01:00
mposolda
0058011265 KEYCLOAK-16006 User should not be required to re-authenticate after revoking consent to an application 2021-02-22 14:29:42 +01:00
Pedro Igor
ffadbc3ba3 [KEYCLOAK-17173] - Support for script providers in keycloak.x 2021-02-22 10:12:36 -03:00
Pedro Igor
9356843c6c [KEYCLOAK-16521] - Fixing secret for non-confidential clients 2021-02-19 08:38:49 +01:00
rmartinc
056b52fbbe KEYCLOAK-16800 userinfo fails with 500 Internal Server Error for service account token 2021-02-18 19:37:52 +01:00
Michito Okai
33bb1fda38 KEYCLOAK-16931 Authorization Server Metadata of
introspection_endpoint_auth_methods_supported and
introspection_endpoint_auth_signing_alg_values_supported
2021-02-11 14:53:49 +01:00
mposolda
456cdc51f2 KEYCLOAK-15719 CORS headers missing on userinfo error response 2021-02-11 13:37:42 +01:00
Yang Xie
cffe24f815 KECLOAK-16009 Add a method to check if the token request has duplicate parameters 2021-02-03 16:10:41 +01:00
Hynek Mlnarik
60e4bd622f KEYCLOAK-16828 Fix HttpClient failures and close HttpResponses 2021-01-28 08:38:34 +01:00
Martin Kanis
9f580e3ed8 KEYCLOAK-15695 Streamification cleanup 2021-01-20 14:39:53 +01:00
Michal Hajas
ba8e2fef6b KEYCLOAK-15524 Cleanup user related interfaces 2021-01-18 16:56:10 +01:00
mposolda
eac3329d22 KEYCLOAK-14019 Improvements for request_uri parameter
(cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)
2021-01-18 13:05:09 +01:00
Takashi Norimatsu
5f445ec18e KEYCLOAK-14200 Client Policy - Executor : Enforce Holder-of-Key Token
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
2021-01-12 11:21:41 +01:00
Thomas Darimont
1a7600e356
KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers (#7381)
* KEYCLOAK-13923 - Support PKCE for Identity Provider

We now support usage of PKCE for OIDC based Identity Providers.

* KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider

* KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure

* KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers

* KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-01-05 10:59:59 -03:00
mposolda
d4a36d0d9c KEYCLOAK-16350 invalid_scope error response should be displayed for openid-connect/auth 2021-01-05 12:55:53 +01:00
Stefan Guilhen
d6422e415c [KEYCLOAK-16508] Complement methods for accessing user sessions with Stream variants 2020-12-15 19:52:31 +01:00
Martin Kanis
3ddedc49f5 KEYCLOAK-11417 Internal server error on front channel logout with expired session 2020-12-09 14:45:04 +01:00
Thomas Riccardi
f45e187c35 Finish renaming 'application role' to 'client role' in help texts 2020-12-08 12:18:13 +01:00
Martin Kanis
f6be378eca KEYCLOAK-14556 Authentication session map store 2020-12-07 20:48:59 +01:00
Stefan Guilhen
73d0bb34c4 [KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants 2020-12-07 19:48:35 +01:00
vramik
bcfe985c24 KEYCLOAK-16543 fix compilation failure on keycloak-services 2020-12-04 13:01:22 +01:00
Ian
be4c99dfe5 KEYCLOAK-15287 Ability to add custom claims to the AccessTokenResponse 2020-12-03 17:28:03 +01:00
st
a7666d4ccf KEYCLOAK-11699 add support for 127.0.0.1 for native app 2020-11-20 11:03:29 +01:00
nkkumawat
43baf1bea7 KEYCLOAK-16381: error text moved to constants file 2020-11-18 21:05:58 +01:00
vmuzikar
01be601dbd KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)

Conflicts:
    testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
    testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
    services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
Martin Kanis
d9029b06b9 KEYCLOAK-15889 Streamification of ProtocolMappers 2020-11-10 16:40:34 +01:00
Martin Kanis
8d6577d66c KEYCLOAK-15898 Streamification of Keymanager 2020-11-10 14:43:23 +01:00
Thomas Darimont
de20830412 KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Johannes Knutsen
23c575c236 KEYCLOAK-15399: Wrong token type in token response. bearer vs Bearer 2020-10-28 10:38:22 -03:00
mposolda
7891daef73 KEYCLOAK-15998 Keycloak OIDC adapter broken when Keycloak server is on http 2020-10-21 08:36:08 +02:00
Martin Kanis
086f7b4696 KEYCLOAK-15450 Complement methods for accessing realms with Stream variants 2020-10-14 08:16:49 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
mposolda
ff05072c16 KEYCLOAK-15770 Skip creating session for docker protocol authentication 2020-10-09 07:53:26 +02:00
mposolda
d269af1b70 KEYCLOAK-15830 Remove authentication session after failed directGrant authentication 2020-10-07 18:13:21 +02:00
Michito Okai
eac3341241 KEYCLOAK-15779 Authorization Server Metadata for the URL of the
authorization server's JWK Set [JWK] document
2020-10-02 11:18:31 +02:00
Takashi Norimatsu
6596811d5d KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level 2020-09-25 08:31:14 +02:00
Pedro Igor
76dede0f1e [KEYCLOAK-14221] - Allow to map subject to userinfo response 2020-09-23 14:33:14 +02:00
Frode Ingebrigtsen
0a0b7da53e KEYCLOAK-15429 Add CORS origin on permission request with invalid access token 2020-09-22 08:56:21 -03:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c KEYCLOAK-9874 include realm and client roles in user info response 2020-09-16 10:01:02 +02:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
Sebastian Laskawiec
e01159a943 KEYCLOAK-14767 OpenShift Review Endpoint audience fix 2020-09-09 11:57:24 -03:00