Example 11 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class ClientScopeTest method testRenameScope.
@Test
public void testRenameScope() {
// Create two scopes
ClientScopeRepresentation scope1Rep = new ClientScopeRepresentation();
scope1Rep.setName("scope1");
scope1Rep.setDescription("scope1-desc");
scope1Rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
createClientScope(scope1Rep);
ClientScopeRepresentation scope2Rep = new ClientScopeRepresentation();
scope2Rep.setName("scope2");
scope2Rep.setDescription("scope2-desc");
scope2Rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
String scope2Id = createClientScope(scope2Rep);
// Test updating
scope2Rep.setName("scope1");
try {
clientScopes().get(scope2Id).update(scope2Rep);
} catch (ClientErrorException ex) {
assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.CONFLICT));
}
}
Also used :
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientErrorException(javax.ws.rs.ClientErrorException)
Test(org.junit.Test)
Example 12 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class DynamicScopesRARParseTest method generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes.
@Test
public void generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes() {
Response response = createScope("static-scope", false);
String scopeId = ApiUtil.getCreatedId(response);
getCleanup().addClientScopeId(scopeId);
response.close();
ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
ClientRepresentation testAppRep = testApp.toRepresentation();
testApp.update(testAppRep);
testApp.addDefaultClientScope(scopeId);
List<ClientScopeRepresentation> defScopes = testApp.getDefaultClientScopes();
oauth.openLoginForm();
oauth.scope("openid static-scope");
oauth.doLogin("rar-test", "password");
events.expectLogin().user(userId).assertEvent();
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE)).collect(Collectors.toList());
assertEquals(defScopes.size(), authorizationRequestHolders.size());
assertEquals(defScopes.stream().map(ClientScopeRepresentation::getName).collect(Collectors.toSet()), authorizationRequestHolders.stream().map(authorizationRequestHolder -> authorizationRequestHolder.getAuthorizationDetails().getScopeNameFromCustomData()).collect(Collectors.toSet()));
Assert.assertTrue(authorizationRequestHolders.stream().map(AuthorizationRequestContextHolder.AuthorizationRequestHolder::getAuthorizationDetails).allMatch(rep -> rep.getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.STATIC_SCOPE_RAR_TYPE)));
testApp.removeOptionalClientScope(scopeId);
}
Also used :
Response(javax.ws.rs.core.Response)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
Profile(org.keycloak.common.Profile)
AuthorizationDetailsJSONRepresentation(org.keycloak.representations.AuthorizationDetailsJSONRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Test(org.junit.Test)
HashMap(java.util.HashMap)
Collectors(java.util.stream.Collectors)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
List(java.util.List)
Ignore(org.junit.Ignore)
EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)
Response(javax.ws.rs.core.Response)
AuthorizationRequestSource(org.keycloak.rar.AuthorizationRequestSource)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
Optional(java.util.Optional)
Assert(org.junit.Assert)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Assert.assertEquals(org.junit.Assert.assertEquals)
ApiUtil(org.keycloak.testsuite.admin.ApiUtil)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Example 13 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class DynamicScopesRARParseTest method createScope.
private Response createScope(String scopeName, boolean dynamic) {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName(scopeName);
if (dynamic) {
clientScope.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, String.format("%1s:*", scopeName));
}
});
}
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
return testRealm().clientScopes().create(clientScope);
}
Also used :
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Example 14 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class OpenShiftTokenReviewEndpointTest method customScopes.
@Test
public void customScopes() {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setProtocol("openid-connect");
clientScope.setName("user:info");
String id;
try (Response r = testRealm().clientScopes().create(clientScope)) {
id = ApiUtil.getCreatedId(r);
}
ClientRepresentation clientRep = testRealm().clients().findByClientId("test-app").get(0);
testRealm().clients().get(clientRep.getId()).addOptionalClientScope(id);
try {
oauth.scope("user:info");
new Review().invoke().assertSuccess().assertScope("openid", "user:info", "profile", "email");
} finally {
testRealm().clients().get(clientRep.getId()).removeOptionalClientScope(id);
}
}
Also used :
Response(javax.ws.rs.core.Response)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 15 with ClientScopeRepresentation
use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.
@Test
public void processClaimsRequestParamSupported() throws Exception {
String clientScopeId = null;
try {
for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
if (rep.getName().equals("profile")) {
clientScopeId = rep.getId();
break;
}
}
findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
ProtocolMappersResource res = app.getProtocolMappers();
res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
Map<String, Object> oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
String request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
assertEquals("test-user@localhost", idToken.getEmail());
assertEquals("test-user@localhost", idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertEquals("Tom Brady", idToken.getName());
Client client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertEquals("Brady", userInfo.getFamilyName());
assertEquals("Tom", userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
client.close();
}
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
oidcRequest = new HashMap<>();
oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth = oauth.request(request);
oauth.doLogin("test-user@localhost", "password");
loginEvent = events.expectLogin().assertEvent();
accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
// "email" default scope still remains
assertEquals("test-user@localhost", idToken.getEmail());
assertNull(idToken.getPreferredUsername());
assertNull(idToken.getFamilyName());
assertNull(idToken.getGivenName());
assertNull(idToken.getName());
client = AdminClientUtil.createResteasyClient();
try {
Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
UserInfo userInfo = response.readEntity(UserInfo.class);
assertEquals("test-user@localhost", userInfo.getEmail());
assertNull(userInfo.getPreferredUsername());
assertNull(userInfo.getFamilyName());
assertNull(userInfo.getGivenName());
assertNull(userInfo.getName());
} finally {
client.close();
}
} finally {
// revert "profile" default client scope
findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
}
}
Also used :
HashMap(java.util.HashMap)
MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
UserInfo(org.keycloak.representations.UserInfo)
JWSBuilder(org.keycloak.jose.jws.JWSBuilder)
Response(javax.ws.rs.core.Response)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
IDToken(org.keycloak.representations.IDToken)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Client(javax.ws.rs.client.Client)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Aggregations
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75
Test (org.junit.Test)62
Response (javax.ws.rs.core.Response)27
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27
ClientResource (org.keycloak.admin.client.resource.ClientResource)25
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16
RealmResource (org.keycloak.admin.client.resource.RealmResource)15
EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13
ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11
ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11
ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11
TokenUtil (org.keycloak.testsuite.util.TokenUtil)11
HashMap (java.util.HashMap)10
RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10
OAuthClient (org.keycloak.testsuite.util.OAuthClient)10
List (java.util.List)8
ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6
SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6
