use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class RealmTest method convertKeycloakClientDescription.
@Test
public void convertKeycloakClientDescription() throws IOException {
ClientRepresentation description = new ClientRepresentation();
description.setClientId("client-id");
description.setRedirectUris(Collections.singletonList("http://localhost"));
ClientRepresentation converted = realm.convertClientDescription(JsonSerialization.writeValueAsString(description));
assertEquals("client-id", converted.getClientId());
assertEquals("http://localhost", converted.getRedirectUris().get(0));
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole.
// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required client role "child-client-role-1" from "test-app" client and an OTP authenticator
// "child-client-role-1" is a client role included in composite client role "composite-client-role-1"
// user-with-two-configured-otp has the "composite-client-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole() {
String clientName = "test-app";
ClientRepresentation testClient = testRealm().clients().findByClientId(clientName).get(0);
// Create composite-client-role-1
String compositeClientRoleName = "composite-client-role-1";
testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(compositeClientRoleName).build());
// Create child-client-role-1
String childClientRoleName = "child-client-role-1";
testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(childClientRoleName).build());
// Make child-client-role-1 a member of composite-client-role-1
testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).addComposites(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(childClientRoleName).toRepresentation()));
// Add composite-client-role-1 to user "user-with-two-configured-otp"
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
userResource.roles().clientLevel(testClient.getId()).add(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).toRepresentation()));
// A browser flow is configured with an OTPForm for users having the role "test-app.child-client-role-1"
configureBrowserFlowOTPNeedsRole(clientName + "." + childClientRoleName);
try {
// user-with-two-configured-otp has been configured with role "test-app.child-client-role-1". He should be asked for an OTP code
provideUsernamePassword("user-with-two-configured-otp");
Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
loginTotpPage.assertCurrent();
loginTotpPage.assertOtpCredentialSelectorAvailability(true);
// user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
provideUsernamePassword("user-with-one-configured-otp");
Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
Assert.assertFalse(loginTotpPage.isCurrent());
} finally {
testRealm().clients().get(testClient.getId()).roles().deleteRole(childClientRoleName);
testRealm().clients().get(testClient.getId()).roles().deleteRole(compositeClientRoleName);
revertFlows("browser - rule");
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class MultipleTabsLoginTest method testEmptyBaseUrl.
// KEYCLOAK-12161
@Test
public void testEmptyBaseUrl() throws Exception {
String clientUuid = KeycloakModelUtils.generateId();
ClientRepresentation emptyBaseclient = ClientBuilder.create().clientId("empty-baseurl-client").id(clientUuid).enabled(true).baseUrl("").addRedirectUri("*").secret("password").build();
testRealm().clients().create(emptyBaseclient);
getCleanup().addClientUuid(clientUuid);
oauth.clientId("empty-baseurl-client");
oauth.openLoginForm();
loginPage.assertCurrent();
loginPage.login("login-test", "password");
updatePasswordPage.assertCurrent();
String tab1Url = driver.getCurrentUrl();
// Simulate login in different browser tab tab2. I will be on loginPage again.
oauth.openLoginForm();
loginPage.assertCurrent();
// Login in tab2
loginPage.login("login-test", "password");
updatePasswordPage.assertCurrent();
updatePasswordPage.changePassword("password", "password");
updateProfilePage.update("John", "Doe3", "john@doe3.com");
appPage.assertCurrent();
// Try to go back to tab 1. We should have ALREADY_LOGGED_IN info page
driver.navigate().to(tab1Url);
infoPage.assertCurrent();
Assert.assertEquals("You are already logged in.", infoPage.getInfo());
try {
infoPage.clickBackToApplicationLink();
fail();
} catch (NoSuchElementException ex) {
}
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class LoginTest method loginSuccessfulWithDynamicScope.
@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void loginSuccessfulWithDynamicScope() {
ProfileAssume.assumeFeatureEnabled(DYNAMIC_SCOPES);
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("dynamic");
clientScope.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic:*");
}
});
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Response response = testRealm().clientScopes().create(clientScope);
String scopeId = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scopeId);
response.close();
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
ClientRepresentation testAppRep = testApp.toRepresentation();
testApp.update(testAppRep);
testApp.addOptionalClientScope(scopeId);
oauth.scope("dynamic:scope");
oauth.doLogin("login@test.com", "password");
events.expectLogin().user(userId).assertEvent();
}
use of org.keycloak.representations.idm.ClientRepresentation in project keycloak by keycloak.
the class LoginTest method loginExpiredCodeAndExpiredCookies.
@Test
public void loginExpiredCodeAndExpiredCookies() {
loginPage.open();
driver.manage().deleteAllCookies();
// Cookies are expired including KC_RESTART. No way to continue login. Error page must be shown with the "back to application" link
loginPage.login("login@test.com", "password");
errorPage.assertCurrent();
String link = errorPage.getBackToApplicationLink();
ClientRepresentation thirdParty = findClientByClientId(adminClient.realm("test"), "third-party").toRepresentation();
Assert.assertNotNull(link, thirdParty.getBaseUrl());
}
Aggregations