Search in sources :

Example 11 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class ClientScopeTest method testRenameScope.

@Test
public void testRenameScope() {
    // Create two scopes
    ClientScopeRepresentation scope1Rep = new ClientScopeRepresentation();
    scope1Rep.setName("scope1");
    scope1Rep.setDescription("scope1-desc");
    scope1Rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    createClientScope(scope1Rep);
    ClientScopeRepresentation scope2Rep = new ClientScopeRepresentation();
    scope2Rep.setName("scope2");
    scope2Rep.setDescription("scope2-desc");
    scope2Rep.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    String scope2Id = createClientScope(scope2Rep);
    // Test updating
    scope2Rep.setName("scope1");
    try {
        clientScopes().get(scope2Id).update(scope2Rep);
    } catch (ClientErrorException ex) {
        assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.CONFLICT));
    }
}
Also used : ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientErrorException(javax.ws.rs.ClientErrorException) Test(org.junit.Test)

Example 12 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class DynamicScopesRARParseTest method generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes.

@Test
public void generatedAuthorizationRequestsShouldMatchRequestedAndDefaultScopes() {
    Response response = createScope("static-scope", false);
    String scopeId = ApiUtil.getCreatedId(response);
    getCleanup().addClientScopeId(scopeId);
    response.close();
    ClientResource testApp = ApiUtil.findClientByClientId(testRealm(), "test-app");
    ClientRepresentation testAppRep = testApp.toRepresentation();
    testApp.update(testAppRep);
    testApp.addDefaultClientScope(scopeId);
    List<ClientScopeRepresentation> defScopes = testApp.getDefaultClientScopes();
    oauth.openLoginForm();
    oauth.scope("openid static-scope");
    oauth.doLogin("rar-test", "password");
    events.expectLogin().user(userId).assertEvent();
    AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
    List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream().filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE)).collect(Collectors.toList());
    assertEquals(defScopes.size(), authorizationRequestHolders.size());
    assertEquals(defScopes.stream().map(ClientScopeRepresentation::getName).collect(Collectors.toSet()), authorizationRequestHolders.stream().map(authorizationRequestHolder -> authorizationRequestHolder.getAuthorizationDetails().getScopeNameFromCustomData()).collect(Collectors.toSet()));
    Assert.assertTrue(authorizationRequestHolders.stream().map(AuthorizationRequestContextHolder.AuthorizationRequestHolder::getAuthorizationDetails).allMatch(rep -> rep.getType().equalsIgnoreCase(AuthorizationDetailsJSONRepresentation.STATIC_SCOPE_RAR_TYPE)));
    testApp.removeOptionalClientScope(scopeId);
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeModel(org.keycloak.models.ClientScopeModel) Profile(org.keycloak.common.Profile) AuthorizationDetailsJSONRepresentation(org.keycloak.representations.AuthorizationDetailsJSONRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Test(org.junit.Test) HashMap(java.util.HashMap) Collectors(java.util.stream.Collectors) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) List(java.util.List) Ignore(org.junit.Ignore) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) Response(javax.ws.rs.core.Response) AuthorizationRequestSource(org.keycloak.rar.AuthorizationRequestSource) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) Optional(java.util.Optional) Assert(org.junit.Assert) ClientResource(org.keycloak.admin.client.resource.ClientResource) Assert.assertEquals(org.junit.Assert.assertEquals) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 13 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class DynamicScopesRARParseTest method createScope.

private Response createScope(String scopeName, boolean dynamic) {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName(scopeName);
    if (dynamic) {
        clientScope.setAttributes(new HashMap<String, String>() {

            {
                put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
                put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, String.format("%1s:*", scopeName));
            }
        });
    }
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    return testRealm().clientScopes().create(clientScope);
}
Also used : ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)

Example 14 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class OpenShiftTokenReviewEndpointTest method customScopes.

@Test
public void customScopes() {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setProtocol("openid-connect");
    clientScope.setName("user:info");
    String id;
    try (Response r = testRealm().clientScopes().create(clientScope)) {
        id = ApiUtil.getCreatedId(r);
    }
    ClientRepresentation clientRep = testRealm().clients().findByClientId("test-app").get(0);
    testRealm().clients().get(clientRep.getId()).addOptionalClientScope(id);
    try {
        oauth.scope("user:info");
        new Review().invoke().assertSuccess().assertScope("openid", "user:info", "profile", "email");
    } finally {
        testRealm().clients().get(clientRep.getId()).removeOptionalClientScope(id);
    }
}
Also used : Response(javax.ws.rs.core.Response) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 15 with ClientScopeRepresentation

use of org.keycloak.representations.idm.ClientScopeRepresentation in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method processClaimsRequestParamSupported.

@Test
public void processClaimsRequestParamSupported() throws Exception {
    String clientScopeId = null;
    try {
        for (ClientScopeRepresentation rep : adminClient.realm("test").clientScopes().findAll()) {
            if (rep.getName().equals("profile")) {
                clientScopeId = rep.getId();
                break;
            }
        }
        findClientResourceByClientId(adminClient.realm("test"), "test-app").removeDefaultClientScope(clientScopeId);
        ClientResource app = findClientResourceByClientId(adminClient.realm("test"), "test-app");
        ProtocolMappersResource res = app.getProtocolMappers();
        res.createMapper(ModelToRepresentation.toRepresentation(ClaimsParameterTokenMapper.createMapper("claimsParameterTokenMapper", true, false))).close();
        Map<String, Object> claims = ImmutableMap.of("id_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", false), "given_name", ImmutableMap.of("wesentlich", true), "name", ImmutableMap.of("essential", true)), "userinfo", ImmutableMap.of("preferred_username", ImmutableMap.of("essential", "Ja"), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true)));
        Map<String, Object> oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        String request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        OAuthClient.AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        assertEquals("test-user@localhost", idToken.getEmail());
        assertEquals("test-user@localhost", idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertEquals("Tom Brady", idToken.getName());
        Client client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertEquals("Brady", userInfo.getFamilyName());
            assertEquals("Tom", userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            events.expect(EventType.USER_INFO_REQUEST).session(accessTokenResponse.getSessionState()).client("test-app").assertEvent();
            client.close();
        }
        oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
        events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
        claims = ImmutableMap.of("id_token", ImmutableMap.of("test_claim", ImmutableMap.of("essential", true)), "access_token", ImmutableMap.of("email", ImmutableMap.of("essential", true), "preferred_username", ImmutableMap.of("essential", true), "family_name", ImmutableMap.of("essential", true), "given_name", ImmutableMap.of("essential", true), "name", ImmutableMap.of("essential", true)));
        oidcRequest = new HashMap<>();
        oidcRequest.put(OIDCLoginProtocol.CLIENT_ID_PARAM, "test-app");
        oidcRequest.put(OIDCLoginProtocol.RESPONSE_TYPE_PARAM, OAuth2Constants.CODE);
        oidcRequest.put(OIDCLoginProtocol.REDIRECT_URI_PARAM, oauth.getRedirectUri());
        oidcRequest.put(OIDCLoginProtocol.CLAIMS_PARAM, claims);
        oidcRequest.put(OIDCLoginProtocol.SCOPE_PARAM, "openid");
        request = new JWSBuilder().jsonContent(oidcRequest).none();
        oauth = oauth.request(request);
        oauth.doLogin("test-user@localhost", "password");
        loginEvent = events.expectLogin().assertEvent();
        accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
        idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
        // "email" default scope still remains
        assertEquals("test-user@localhost", idToken.getEmail());
        assertNull(idToken.getPreferredUsername());
        assertNull(idToken.getFamilyName());
        assertNull(idToken.getGivenName());
        assertNull(idToken.getName());
        client = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.executeUserInfoRequest_getMethod(client, accessTokenResponse.getAccessToken());
            UserInfo userInfo = response.readEntity(UserInfo.class);
            assertEquals("test-user@localhost", userInfo.getEmail());
            assertNull(userInfo.getPreferredUsername());
            assertNull(userInfo.getFamilyName());
            assertNull(userInfo.getGivenName());
            assertNull(userInfo.getName());
        } finally {
            client.close();
        }
    } finally {
        // revert "profile" default client scope
        findClientResourceByClientId(adminClient.realm("test"), "test-app").addDefaultClientScope(clientScopeId);
    }
}
Also used : HashMap(java.util.HashMap) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) UserInfo(org.keycloak.representations.UserInfo) JWSBuilder(org.keycloak.jose.jws.JWSBuilder) Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) IDToken(org.keycloak.representations.IDToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) ProtocolMappersResource(org.keycloak.admin.client.resource.ProtocolMappersResource) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)75 Test (org.junit.Test)62 Response (javax.ws.rs.core.Response)27 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)25 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)16 RealmResource (org.keycloak.admin.client.resource.RealmResource)15 EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)13 ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)11 ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)11 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)11 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)11 TokenUtil (org.keycloak.testsuite.util.TokenUtil)11 HashMap (java.util.HashMap)10 RoleRepresentation (org.keycloak.representations.idm.RoleRepresentation)10 OAuthClient (org.keycloak.testsuite.util.OAuthClient)10 List (java.util.List)8 ClientScopeResource (org.keycloak.admin.client.resource.ClientScopeResource)6 SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)6 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6