Examples with ClientScopeResource org.keycloak.admin.client.resource.ClientScopeResource used on opensource projects

Search in sources :

Example 6 with ClientScopeResource

use of org.keycloak.admin.client.resource.ClientScopeResource in project keycloak by keycloak.

the class OIDCScopeTest method testOptionalScopesWithConsentRequired.

@Test
public void testOptionalScopesWithConsentRequired() throws Exception {
    // Remove "displayOnConsentScreen" from address
    ClientScopeResource addressScope = ApiUtil.findClientScopeByName(testRealm(), "address");
    ClientScopeRepresentation addressScopeRep = addressScope.toRepresentation();
    addressScopeRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "false");
    addressScope.update(addressScopeRep);
    oauth.clientId("third-party");
    oauth.doLoginGrant("john", "password");
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
    grantPage.accept();
    EventRepresentation loginEvent = events.expectLogin().user(userId).client("third-party").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile", "third-party");
    IDToken idToken = tokens.idToken;
    assertProfile(idToken, true);
    assertEmail(idToken, true);
    assertAddress(idToken, false);
    assertPhone(idToken, false);
    // Logout
    oauth.doLogout(tokens.refreshToken, "password");
    events.expectLogout(idToken.getSessionState()).client("third-party").user(userId).removeDetail(Details.REDIRECT_URI).assertEvent();
    // Login with optional scopes. Grant screen should have just "phone"
    oauth.scope("openid address phone");
    oauth.doLoginGrant("john", "password");
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PHONE_CONSENT_TEXT);
    grantPage.accept();
    loginEvent = events.expectLogin().client("third-party").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).user(userId).assertEvent();
    tokens = sendTokenRequest(loginEvent, userId, "openid email profile address phone", "third-party");
    idToken = tokens.idToken;
    assertProfile(idToken, true);
    assertEmail(idToken, true);
    assertAddress(idToken, true);
    assertPhone(idToken, true);
    // Revert
    addressScopeRep.getAttributes().put(ClientScopeModel.DISPLAY_ON_CONSENT_SCREEN, "true");
    addressScope.update(addressScopeRep);
}
Also used : ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) Test(org.junit.Test)

Example 7 with ClientScopeResource

use of org.keycloak.admin.client.resource.ClientScopeResource in project keycloak by keycloak.

the class AudienceTest method testAudienceProtocolMapperWithClientAudience.

@Test
public void testAudienceProtocolMapperWithClientAudience() throws Exception {
    // Add audience protocol mapper to the clientScope "audience-scope"
    ProtocolMapperRepresentation audienceMapper = ProtocolMapperUtil.createAudienceMapper("audience mapper", "service-client", null, true, false);
    ClientScopeResource clientScope = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
    Response resp = clientScope.getProtocolMappers().createMapper(audienceMapper);
    String mapperId = ApiUtil.getCreatedId(resp);
    resp.close();
    // Login and check audiences in the token (just accessToken contains it)
    oauth.scope("openid audience-scope");
    oauth.doLogin("john", "password");
    EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
    Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
    assertAudiences(tokens.accessToken, "service-client");
    assertAudiences(tokens.idToken, "test-app");
    // Revert
    clientScope.getProtocolMappers().delete(mapperId);
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test)

Example 8 with ClientScopeResource

use of org.keycloak.admin.client.resource.ClientScopeResource in project keycloak by keycloak.

the class AudienceTest method beforeTest.

@Before
public void beforeTest() {
    // Check if already exists
    ClientScopeResource clientScopeRes = ApiUtil.findClientScopeByName(testRealm(), "audience-scope");
    if (clientScopeRes != null) {
        return;
    }
    // Create client scope 'audience-scope' and add as optional scope to the 'test-app' client
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("audience-scope");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Response resp = testRealm().clientScopes().create(clientScope);
    String clientScopeId = ApiUtil.getCreatedId(resp);
    resp.close();
    ClientResource client = ApiUtil.findClientByClientId(testRealm(), "test-app");
    client.addOptionalClientScope(clientScopeId);
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeResource(org.keycloak.admin.client.resource.ClientScopeResource) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Before(org.junit.Before)

Aggregations

ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)8 Test (org.junit.Test)7 Response (javax.ws.rs.core.Response)5 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)5 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)4 RealmResource (org.keycloak.admin.client.resource.RealmResource)3 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)3 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)3 ClientResource (org.keycloak.admin.client.resource.ClientResource)2 AccessToken (org.keycloak.representations.AccessToken)2 IDToken (org.keycloak.representations.IDToken)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 OAuthClient (org.keycloak.testsuite.util.OAuthClient)2 URI (java.net.URI)1 HashMap (java.util.HashMap)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Map (java.util.Map)1 Client (javax.ws.rs.client.Client)1 WebTarget (javax.ws.rs.client.WebTarget)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial