Examples with ClientScopeRepresentation org.keycloak.representations.idm.ClientScopeRepresentation used on opensource projects

Search in sources :

Example 66 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class AccountRestServiceTest method listApplicationsThirdParty.

@Test
public void listApplicationsThirdParty() throws Exception {
    String appId = "third-party";
    TokenUtil token = new TokenUtil("view-applications-access", "password");
    ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
    ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
    consentScopeRepresentation.setId(clientScopeRepresentation.getId());
    ConsentRepresentation requestedConsent = new ConsentRepresentation();
    requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
    SimpleHttp.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").json(requestedConsent).auth(token.getToken()).asJson(ConsentRepresentation.class);
    List<ClientRepresentation> applications = SimpleHttp.doGet(getAccountUrl("applications"), httpClient).header("Accept", "application/json").auth(token.getToken()).asJson(new TypeReference<List<ClientRepresentation>>() {
    });
    assertFalse(applications.isEmpty());
    SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").auth(token.getToken()).asResponse();
    Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
    Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client", "direct-grant"));
    ClientRepresentation app = apps.get(appId);
    assertClientRep(app, null, "A third party application", true, false, false, null, "http://localhost:8180/auth/realms/master/app/auth");
    assertFalse(app.getConsent().getGrantedScopes().isEmpty());
    ConsentScopeRepresentation grantedScope = app.getConsent().getGrantedScopes().get(0);
    assertEquals(clientScopeRepresentation.getId(), grantedScope.getId());
    assertEquals(clientScopeRepresentation.getName(), grantedScope.getName());
}
Also used : ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation) AssertEvents(org.keycloak.testsuite.AssertEvents) UserRepresentation(org.keycloak.representations.account.UserRepresentation) Messages(org.keycloak.services.messages.Messages) DefaultAuthenticationFlows(org.keycloak.models.utils.DefaultAuthenticationFlows) ResolveRelative(org.keycloak.services.util.ResolveRelative) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Assert.assertThat(org.junit.Assert.assertThat) SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp) Map(java.util.Map) AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) TypeReference(com.fasterxml.jackson.core.type.TypeReference) WebAuthnCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel) SessionRepresentation(org.keycloak.representations.account.SessionRepresentation) UserProfileAttributeMetadata(org.keycloak.representations.account.UserProfileAttributeMetadata) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) AccountCredentialResource(org.keycloak.services.resources.account.AccountCredentialResource) List(java.util.List) Response(javax.ws.rs.core.Response) Details(org.keycloak.events.Details) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Assert.assertFalse(org.junit.Assert.assertFalse) ClientRepresentation(org.keycloak.representations.account.ClientRepresentation) ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation) EmailValidator(org.keycloak.validate.validators.EmailValidator) WebAuthnRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory) OAuth2Constants(org.keycloak.OAuth2Constants) Profile(org.keycloak.common.Profile) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation) AccountRestApiVersion(org.keycloak.common.enums.AccountRestApiVersion) HashMap(java.util.HashMap) ObjectUtil(org.keycloak.common.util.ObjectUtil) ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) WebAuthnAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory) UserModel(org.keycloak.models.UserModel) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) UserBuilder(org.keycloak.testsuite.util.UserBuilder) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) WebAuthnPasswordlessRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory) UserResource(org.keycloak.admin.client.resource.UserResource) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) TokenUtil(org.keycloak.testsuite.util.TokenUtil) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) Assert.assertNotNull(org.junit.Assert.assertNotNull) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) WebAuthnPasswordlessAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.WebAuthnPasswordlessAuthenticatorFactory) EventType(org.keycloak.events.EventType) IOException(java.io.IOException) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest) Rule(org.junit.Rule) Assert.assertNull(org.junit.Assert.assertNull) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserProfileContext(org.keycloak.userprofile.UserProfileContext) CredentialTypeMetadata(org.keycloak.credential.CredentialTypeMetadata) Assert(org.junit.Assert) Collections(java.util.Collections) Assert.assertEquals(org.junit.Assert.assertEquals) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation) TokenUtil(org.keycloak.testsuite.util.TokenUtil) List(java.util.List) ClientRepresentation(org.keycloak.representations.account.ClientRepresentation) Test(org.junit.Test) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 67 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class AccountRestServiceTest method createConsentForClient.

@Test
public void createConsentForClient() throws IOException {
    TokenUtil token = new TokenUtil("manage-consent-access", "password");
    String appId = "security-admin-console";
    ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
    ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
    consentScopeRepresentation.setId(clientScopeRepresentation.getId());
    ConsentRepresentation requestedConsent = new ConsentRepresentation();
    requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
    ConsentRepresentation consentRepresentation = SimpleHttp.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").json(requestedConsent).auth(token.getToken()).asJson(ConsentRepresentation.class);
    assertTrue(consentRepresentation.getCreatedDate() > 0);
    assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
    assertEquals(1, consentRepresentation.getGrantedScopes().size());
    assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
}
Also used : ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation) TokenUtil(org.keycloak.testsuite.util.TokenUtil) Test(org.junit.Test) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 68 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testProviders.

@Test
public void testProviders() throws Exception {
    List<ComponentTypeRepresentation> reps = realmResource().clientRegistrationPolicy().getProviders();
    Map<String, ComponentTypeRepresentation> providersMap = reps.stream().collect(Collectors.toMap((ComponentTypeRepresentation rep) -> {
        return rep.getId();
    }, (ComponentTypeRepresentation rep) -> {
        return rep;
    }));
    // test that ProtocolMappersClientRegistrationPolicy provider contains available protocol mappers
    ComponentTypeRepresentation protMappersRep = providersMap.get(ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID);
    List<String> availableMappers = getProviderConfigProperty(protMappersRep, ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES);
    List<String> someExpectedMappers = Arrays.asList(UserAttributeStatementMapper.PROVIDER_ID, UserAttributeMapper.PROVIDER_ID, UserPropertyAttributeStatementMapper.PROVIDER_ID, UserPropertyMapper.PROVIDER_ID, HardcodedRole.PROVIDER_ID);
    availableMappers.containsAll(someExpectedMappers);
    // test that clientScope provider contains just the default client scopes
    ComponentTypeRepresentation clientScopeRep = providersMap.get(ClientScopesClientRegistrationPolicyFactory.PROVIDER_ID);
    List<String> clientScopes = getProviderConfigProperty(clientScopeRep, ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES);
    Assert.assertFalse(clientScopes.isEmpty());
    Assert.assertTrue(clientScopes.contains(OAuth2Constants.SCOPE_PROFILE));
    Assert.assertFalse(clientScopes.contains("foo"));
    Assert.assertFalse(clientScopes.contains("bar"));
    // Add some clientScopes
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("foo");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Response response = realmResource().clientScopes().create(clientScope);
    String fooScopeId = ApiUtil.getCreatedId(response);
    response.close();
    clientScope = new ClientScopeRepresentation();
    clientScope.setName("bar");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    response = realmResource().clientScopes().create(clientScope);
    String barScopeId = ApiUtil.getCreatedId(response);
    response.close();
    // send request again and test that clientScope provider contains added client scopes
    reps = realmResource().clientRegistrationPolicy().getProviders();
    clientScopeRep = reps.stream().filter((ComponentTypeRepresentation rep1) -> {
        return rep1.getId().equals(ClientScopesClientRegistrationPolicyFactory.PROVIDER_ID);
    }).findFirst().get();
    clientScopes = getProviderConfigProperty(clientScopeRep, ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES);
    Assert.assertTrue(clientScopes.contains("foo"));
    Assert.assertTrue(clientScopes.contains("bar"));
    // Revert client scopes
    realmResource().clientScopes().get(fooScopeId).remove();
    realmResource().clientScopes().get(barScopeId).remove();
}
Also used : Response(javax.ws.rs.core.Response) ComponentTypeRepresentation(org.keycloak.representations.idm.ComponentTypeRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Test(org.junit.Test)

Example 69 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testClientScopesPolicy.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientScopesPolicy() throws Exception {
    setTrustedHost("localhost");
    // Add some clientScope through Admin REST
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("foo");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Response response = realmResource().clientScopes().create(clientScope);
    String clientScopeId = ApiUtil.getCreatedId(response);
    response.close();
    // I can't register new client with this scope
    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setDefaultClientScopes(Collections.singletonList("foo"));
    assertFail(ClientRegOp.CREATE, clientRep, 403, "Not permitted to use specified clientScope");
    // Register client without scope - should success
    clientRep.setDefaultClientScopes(null);
    ClientRepresentation registeredClient = reg.create(clientRep);
    reg.auth(Auth.token(registeredClient));
    // Try to update client with scope - should fail
    registeredClient.setDefaultClientScopes(Collections.singletonList("foo"));
    assertFail(ClientRegOp.UPDATE, registeredClient, 403, "Not permitted to use specified clientScope");
    // Update client with the clientScope via Admin REST
    ClientResource client = ApiUtil.findClientByClientId(realmResource(), "test-app");
    client.addDefaultClientScope(clientScopeId);
    // Now the update via clientRegistration is permitted too as scope was already set
    reg.update(registeredClient);
    // Revert client scope
    realmResource().clients().get(client.toRepresentation().getId()).remove();
    realmResource().clientScopes().get(clientScopeId).remove();
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 70 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class OIDCProtocolMappersTest method testRolesAndAllowedOriginsRemovedFromAccessToken.

@Test
public void testRolesAndAllowedOriginsRemovedFromAccessToken() throws Exception {
    RealmResource realm = adminClient.realm("test");
    ClientScopeRepresentation allowedOriginsScope = ApiUtil.findClientScopeByName(realm, OIDCLoginProtocolFactory.WEB_ORIGINS_SCOPE).toRepresentation();
    ClientScopeRepresentation rolesScope = ApiUtil.findClientScopeByName(realm, OIDCLoginProtocolFactory.ROLES_SCOPE).toRepresentation();
    // Remove 'roles' and 'web-origins' scope from the client
    ClientResource testApp = ApiUtil.findClientByClientId(realm, "test-app");
    testApp.removeDefaultClientScope(allowedOriginsScope.getId());
    testApp.removeDefaultClientScope(rolesScope.getId());
    try {
        OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
        AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
        // Assert web origins are not in the token
        Assert.assertNull(accessToken.getAllowedOrigins());
        // Assert roles are not in the token
        Assert.assertNull(accessToken.getRealmAccess());
        Assert.assertTrue(accessToken.getResourceAccess().isEmpty());
        // Assert client not in the token audience. Just in "issuedFor"
        Assert.assertEquals("test-app", accessToken.getIssuedFor());
        Assert.assertFalse(accessToken.hasAudience("test-app"));
        // Assert IDToken still has "test-app" as an audience
        IDToken idToken = oauth.verifyIDToken(response.getIdToken());
        Assert.assertEquals("test-app", idToken.getIssuedFor());
        Assert.assertTrue(idToken.hasAudience("test-app"));
    } finally {
        // Revert
        testApp.addDefaultClientScope(allowedOriginsScope.getId());
        testApp.addDefaultClientScope(rolesScope.getId());
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) AccessToken(org.keycloak.representations.AccessToken) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Aggregations

ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75 Test (org.junit.Test)62 Response (javax.ws.rs.core.Response)27 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)25 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16 RealmResource (org.keycloak.admin.client.resource.RealmResource)15 EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13 ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11 ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11 TokenUtil (org.keycloak.testsuite.util.TokenUtil)11 HashMap (java.util.HashMap)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 OAuthClient (org.keycloak.testsuite.util.OAuthClient)10 List (java.util.List)8 ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6 SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial