Search in sources :

Example 1 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class ParseUtil method parseFileOrStdin.

public static CmdStdinContext parseFileOrStdin(String file, EndpointType type) {
    String content = readFileOrStdin(file).trim();
    ClientRepresentation client = null;
    OIDCClientRepresentation oidcClient = null;
    if (type == null) {
        // guess the correct endpoint from content of the file
        if (content.startsWith("<")) {
            // looks like XML
            type = EndpointType.SAML2;
        } else if (content.startsWith("{")) {
            // try parse as ClientRepresentation
            try {
                client = JsonSerialization.readValue(content, ClientRepresentation.class);
                type = EndpointType.DEFAULT;
            } catch (JsonParseException e) {
                throw new RuntimeException("Failed to read the input document as JSON: " + e.getMessage(), e);
            } catch (Exception ignored) {
            // deliberately not logged
            }
            if (client == null) {
                // try parse as OIDCClientRepresentation
                try {
                    oidcClient = JsonSerialization.readValue(content, OIDCClientRepresentation.class);
                    type = EndpointType.OIDC;
                } catch (IOException ne) {
                    throw new RuntimeException("Unable to determine input document type. Use -e TYPE to specify the registration endpoint to use");
                } catch (Exception e) {
                    throw new RuntimeException("Failed to read the input document as JSON", e);
                }
            }
        } else if (content.length() == 0) {
            throw new RuntimeException("Document provided by --file option is empty");
        } else {
            throw new RuntimeException("Unable to determine input document type. Use -e TYPE to specify the registration endpoint to use");
        }
    }
    // check content type, making sure it can be parsed into .json if it's not saml xml
    if (content != null) {
        try {
            if (type == EndpointType.DEFAULT && client == null) {
                client = JsonSerialization.readValue(content, ClientRepresentation.class);
            } else if (type == EndpointType.OIDC && oidcClient == null) {
                oidcClient = JsonSerialization.readValue(content, OIDCClientRepresentation.class);
            }
        } catch (JsonParseException e) {
            throw new RuntimeException("Not a valid JSON document - " + e.getMessage(), e);
        } catch (UnrecognizedPropertyException e) {
            throw new RuntimeException("Attribute '" + e.getPropertyName() + "' not supported on document type '" + type.getName() + "'", e);
        } catch (IOException e) {
            throw new RuntimeException("Not a valid JSON document", e);
        }
    }
    CmdStdinContext ctx = new CmdStdinContext();
    ctx.setEndpointType(type);
    ctx.setContent(content);
    ctx.setClient(client);
    ctx.setOidcClient(oidcClient);
    return ctx;
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) CmdStdinContext(org.keycloak.client.registration.cli.common.CmdStdinContext) UnrecognizedPropertyException(com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) UnrecognizedPropertyException(com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Example 2 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class ParseUtil method mergeAttributes.

public static CmdStdinContext mergeAttributes(CmdStdinContext ctx, List<AttributeOperation> attrs) {
    String content = ctx.getContent();
    ClientRepresentation client = ctx.getClient();
    OIDCClientRepresentation oidcClient = ctx.getOidcClient();
    EndpointType type = ctx.getEndpointType();
    try {
        if (content == null) {
            if (type == EndpointType.DEFAULT) {
                client = new ClientRepresentation();
            } else if (type == EndpointType.OIDC) {
                oidcClient = new OIDCClientRepresentation();
            }
        }
        Object rep = client != null ? client : oidcClient;
        if (rep != null) {
            try {
                setAttributes(rep, attrs);
            } catch (AttributeException e) {
                throw new RuntimeException("Failed to set attribute '" + e.getAttributeName() + "' on document type '" + type.getName() + "'", e);
            }
            content = JsonSerialization.writeValueAsString(rep);
        } else {
            throw new RuntimeException("Setting attributes is not supported for type: " + type.getName());
        }
    } catch (IOException e) {
        throw new RuntimeException("Failed to merge set attributes with configuration from file", e);
    }
    ctx.setContent(content);
    ctx.setClient(client);
    ctx.setOidcClient(oidcClient);
    return ctx;
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) EndpointType(org.keycloak.client.registration.cli.common.EndpointType) IOException(java.io.IOException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation)

Example 3 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class UpdateCmd method execute.

@Override
public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
    List<AttributeOperation> attrs = new LinkedList<>();
    try {
        if (printHelp()) {
            return help ? CommandResult.SUCCESS : CommandResult.FAILURE;
        }
        processGlobalOptions();
        String clientId = null;
        if (args != null) {
            Iterator<String> it = args.iterator();
            if (!it.hasNext()) {
                throw new IllegalArgumentException("CLIENT_ID not specified");
            }
            clientId = it.next();
            if (clientId.startsWith("-")) {
                warnfErr(ParseUtil.CLIENT_OPTION_WARN, clientId);
            }
            while (it.hasNext()) {
                String option = it.next();
                switch(option) {
                    case "-s":
                    case "--set":
                        {
                            if (!it.hasNext()) {
                                throw new IllegalArgumentException("Option " + option + " requires a value");
                            }
                            String[] keyVal = parseKeyVal(it.next());
                            attrs.add(new AttributeOperation(SET, keyVal[0], keyVal[1]));
                            break;
                        }
                    case "-d":
                    case "--delete":
                        {
                            attrs.add(new AttributeOperation(DELETE, it.next()));
                            break;
                        }
                    default:
                        {
                            throw new IllegalArgumentException("Unsupported option: " + option);
                        }
                }
            }
        }
        if (file == null && attrs.size() == 0) {
            throw new IllegalArgumentException("No file nor attribute values specified");
        }
        // 
        if (file == null && attrs.size() > 0) {
            mergeMode = true;
        }
        CmdStdinContext ctx = new CmdStdinContext();
        if (file != null) {
            ctx = parseFileOrStdin(file, regType);
            regType = ctx.getEndpointType();
        }
        if (regType == null) {
            regType = DEFAULT;
            ctx.setEndpointType(regType);
        } else if (regType != DEFAULT && regType != OIDC) {
            throw new RuntimeException("Update not supported for endpoint type: " + regType.getEndpoint());
        }
        // initialize config only after reading from stdin,
        // to allow proper operation when piping 'get' - which consumes the old
        // registration access token, and saves the new one to the config
        ConfigData config = loadConfig();
        config = copyWithServerInfo(config);
        final String server = config.getServerUrl();
        final String realm = config.getRealm();
        if (token == null) {
            // if registration access token is not set via --token, see if it's in the body of any input file
            // but first see if it's overridden by --set, or maybe deliberately muted via -d registrationAccessToken
            boolean processed = false;
            for (AttributeOperation op : attrs) {
                if ("registrationAccessToken".equals(op.getKey().toString())) {
                    processed = true;
                    if (op.getType() == AttributeOperation.Type.SET) {
                        token = op.getValue();
                    }
                    // otherwise it's delete - meaning it should stay null
                    break;
                }
            }
            if (!processed) {
                token = ctx.getRegistrationAccessToken();
            }
        }
        if (token == null) {
            // if registration access token is not set, try use the one from configuration
            token = getRegistrationToken(config.sessionRealmConfigData(), clientId);
        }
        setupTruststore(config, commandInvocation);
        String auth = token;
        if (auth == null) {
            config = ensureAuthInfo(config, commandInvocation);
            config = copyWithServerInfo(config);
            if (credentialsAvailable(config)) {
                auth = ensureToken(config);
            }
        }
        auth = auth != null ? "Bearer " + auth : null;
        if (mergeMode) {
            InputStream response = doGet(server + "/realms/" + realm + "/clients-registrations/" + regType.getEndpoint() + "/" + urlencode(clientId), APPLICATION_JSON, auth);
            String json = readFully(response);
            CmdStdinContext ctxremote = new CmdStdinContext();
            ctxremote.setContent(json);
            ctxremote.setEndpointType(regType);
            try {
                if (regType == DEFAULT) {
                    ctxremote.setClient(JsonSerialization.readValue(json, ClientRepresentation.class));
                    token = ctxremote.getClient().getRegistrationAccessToken();
                } else if (regType == OIDC) {
                    ctxremote.setOidcClient(JsonSerialization.readValue(json, OIDCClientRepresentation.class));
                    token = ctxremote.getOidcClient().getRegistrationAccessToken();
                }
            } catch (JsonParseException e) {
                throw new RuntimeException("Not a valid JSON document. " + e.getMessage(), e);
            } catch (IOException e) {
                throw new RuntimeException("Not a valid JSON document", e);
            }
            // that ensures optimistic locking semantics
            if (token != null) {
                // we use auth with doPost later
                auth = "Bearer " + token;
                String newToken = token;
                String clientToUpdate = clientId;
                saveMergeConfig(cfg -> {
                    setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
                });
            }
            // merge local representation over remote one
            if (ctx.getClient() != null) {
                ReflectionUtil.merge(ctx.getClient(), ctxremote.getClient());
            } else if (ctx.getOidcClient() != null) {
                ReflectionUtil.merge(ctx.getOidcClient(), ctxremote.getOidcClient());
            }
            ctx = ctxremote;
        }
        if (attrs.size() > 0) {
            ctx = mergeAttributes(ctx, attrs);
        }
        // now update
        InputStream response = doPut(server + "/realms/" + realm + "/clients-registrations/" + regType.getEndpoint() + "/" + urlencode(clientId), APPLICATION_JSON, APPLICATION_JSON, ctx.getContent(), auth);
        try {
            if (regType == DEFAULT) {
                ClientRepresentation clirep = JsonSerialization.readValue(response, ClientRepresentation.class);
                outputResult(clirep);
                token = clirep.getRegistrationAccessToken();
            } else if (regType == OIDC) {
                OIDCClientRepresentation clirep = JsonSerialization.readValue(response, OIDCClientRepresentation.class);
                outputResult(clirep);
                token = clirep.getRegistrationAccessToken();
            }
            String newToken = token;
            String clientToUpdate = clientId;
            saveMergeConfig(cfg -> {
                setRegistrationToken(cfg.ensureRealmConfigData(server, realm), clientToUpdate, newToken);
            });
        } catch (IOException e) {
            throw new RuntimeException("Failed to process HTTP response", e);
        }
        return CommandResult.SUCCESS;
    } catch (IllegalArgumentException e) {
        throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
    } finally {
        commandInvocation.stop();
    }
}
Also used : AttributeOperation(org.keycloak.client.registration.cli.common.AttributeOperation) InputStream(java.io.InputStream) IOException(java.io.IOException) JsonParseException(com.fasterxml.jackson.core.JsonParseException) LinkedList(java.util.LinkedList) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ConfigData(org.keycloak.client.registration.cli.config.ConfigData) CmdStdinContext(org.keycloak.client.registration.cli.common.CmdStdinContext)

Example 4 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class CIBATest method testSecureCibaAuthenticationRequestSigningAlgorithmEnforceExecutor.

@Test
public void testSecureCibaAuthenticationRequestSigningAlgorithmEnforceExecutor() throws Exception {
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen").addExecutor(SecureCibaAuthenticationRequestSigningAlgorithmExecutorFactory.PROVIDER_ID, null).toRepresentation()).toString();
    updateProfiles(json);
    // register policies
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forsta Policyn", Boolean.TRUE).addCondition(ClientUpdaterContextConditionFactory.PROVIDER_ID, createClientUpdateContextConditionConfig(Arrays.asList(ClientUpdaterContextConditionFactory.BY_AUTHENTICATED_USER, ClientUpdaterContextConditionFactory.BY_INITIAL_ACCESS_TOKEN, ClientUpdaterContextConditionFactory.BY_REGISTRATION_ACCESS_TOKEN))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    // create by Admin REST API - fail
    try {
        createClientByAdmin(generateSuffixedName("App-by-Admin"), (ClientRepresentation clientRep) -> {
            clientRep.setSecret("secret");
            clientRep.setAttributes(new HashMap<>());
            clientRep.getAttributes().put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, "none");
        });
        fail();
    } catch (ClientPolicyException e) {
        assertEquals(OAuthErrorException.INVALID_REQUEST, e.getMessage());
    }
    // create by Admin REST API - success
    String cAppAdminId = createClientByAdmin(generateSuffixedName("App-by-Admin"), (ClientRepresentation clientRep) -> {
        clientRep.setAttributes(new HashMap<>());
        clientRep.getAttributes().put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, org.keycloak.crypto.Algorithm.ES256);
    });
    ClientRepresentation cRep = getClientByAdmin(cAppAdminId);
    assertEquals(org.keycloak.crypto.Algorithm.ES256, cRep.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG));
    // create by Admin REST API - success, PS256 enforced
    String cAppAdmin2Id = createClientByAdmin(generateSuffixedName("App-by-Admin2"), (ClientRepresentation client2Rep) -> {
    });
    ClientRepresentation cRep2 = getClientByAdmin(cAppAdmin2Id);
    assertEquals(org.keycloak.crypto.Algorithm.PS256, cRep2.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG));
    // update by Admin REST API - fail
    try {
        updateClientByAdmin(cAppAdminId, (ClientRepresentation clientRep) -> {
            clientRep.setAttributes(new HashMap<>());
            clientRep.getAttributes().put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, org.keycloak.crypto.Algorithm.RS512);
        });
    } catch (ClientPolicyException cpe) {
        assertEquals(Errors.INVALID_REQUEST, cpe.getError());
    }
    cRep = getClientByAdmin(cAppAdminId);
    assertEquals(org.keycloak.crypto.Algorithm.ES256, cRep.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG));
    // update by Admin REST API - success
    updateClientByAdmin(cAppAdminId, (ClientRepresentation clientRep) -> {
        clientRep.setAttributes(new HashMap<>());
        clientRep.getAttributes().put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, org.keycloak.crypto.Algorithm.PS384);
    });
    cRep = getClientByAdmin(cAppAdminId);
    assertEquals(org.keycloak.crypto.Algorithm.PS384, cRep.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG));
    // update profiles, ES256 enforced
    json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen").addExecutor(SecureCibaAuthenticationRequestSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureCibaAuthenticationRequestSigningAlgorithmExecutorConfig(org.keycloak.crypto.Algorithm.ES256)).toRepresentation()).toString();
    updateProfiles(json);
    // update by Admin REST API - success
    updateClientByAdmin(cAppAdmin2Id, (ClientRepresentation client2Rep) -> {
        client2Rep.getAttributes().remove(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG);
    });
    cRep2 = getClientByAdmin(cAppAdmin2Id);
    assertEquals(org.keycloak.crypto.Algorithm.ES256, cRep2.getAttributes().get(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG));
    // update profiles, fall back to PS256
    json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen").addExecutor(SecureCibaAuthenticationRequestSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureCibaAuthenticationRequestSigningAlgorithmExecutorConfig(org.keycloak.crypto.Algorithm.RS512)).toRepresentation()).toString();
    updateProfiles(json);
    // create dynamically - fail
    try {
        createClientByAdmin(generateSuffixedName("App-in-Dynamic"), (ClientRepresentation clientRep) -> {
            clientRep.setSecret("secret");
            clientRep.setAttributes(new HashMap<>());
            clientRep.getAttributes().put(CibaConfig.CIBA_BACKCHANNEL_AUTH_REQUEST_SIGNING_ALG, org.keycloak.crypto.Algorithm.RS384);
        });
        fail();
    } catch (ClientPolicyException e) {
        assertEquals(OAuthErrorException.INVALID_REQUEST, e.getMessage());
    }
    // create dynamically - success
    String cAppDynamicClientId = createClientDynamically(generateSuffixedName("App-in-Dynamic"), (OIDCClientRepresentation clientRep) -> {
        clientRep.setBackchannelAuthenticationRequestSigningAlg(org.keycloak.crypto.Algorithm.ES256);
    });
    events.expect(EventType.CLIENT_REGISTER).client(cAppDynamicClientId).user(org.hamcrest.Matchers.isEmptyOrNullString()).assertEvent();
    // update dynamically - fail
    try {
        updateClientDynamically(cAppDynamicClientId, (OIDCClientRepresentation clientRep) -> {
            clientRep.setBackchannelAuthenticationRequestSigningAlg(org.keycloak.crypto.Algorithm.RS256);
        });
        fail();
    } catch (ClientRegistrationException e) {
        assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
    }
    assertEquals(org.keycloak.crypto.Algorithm.ES256, getClientDynamically(cAppDynamicClientId).getBackchannelAuthenticationRequestSigningAlg());
    // update dynamically - success
    updateClientDynamically(cAppDynamicClientId, (OIDCClientRepresentation clientRep) -> {
        clientRep.setBackchannelAuthenticationRequestSigningAlg(org.keycloak.crypto.Algorithm.ES384);
    });
    assertEquals(org.keycloak.crypto.Algorithm.ES384, getClientDynamically(cAppDynamicClientId).getBackchannelAuthenticationRequestSigningAlg());
    // create dynamically - success, PS256 enforced
    restartAuthenticatedClientRegistrationSetting();
    String cAppDynamicClient2Id = createClientDynamically(generateSuffixedName("App-in-Dynamic"), (OIDCClientRepresentation client2Rep) -> {
    });
    OIDCClientRepresentation cAppDynamicClient2Rep = getClientDynamically(cAppDynamicClient2Id);
    assertEquals(org.keycloak.crypto.Algorithm.PS256, cAppDynamicClient2Rep.getBackchannelAuthenticationRequestSigningAlg());
    // update profiles, enforce ES256
    json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Den Forsta Profilen").addExecutor(SecureCibaAuthenticationRequestSigningAlgorithmExecutorFactory.PROVIDER_ID, createSecureCibaAuthenticationRequestSigningAlgorithmExecutorConfig(org.keycloak.crypto.Algorithm.ES256)).toRepresentation()).toString();
    updateProfiles(json);
    // update dynamically - success, ES256 enforced
    updateClientDynamically(cAppDynamicClient2Id, (OIDCClientRepresentation client2Rep) -> {
        client2Rep.setBackchannelAuthenticationRequestSigningAlg(null);
    });
    cAppDynamicClient2Rep = getClientDynamically(cAppDynamicClient2Id);
    assertEquals(org.keycloak.crypto.Algorithm.ES256, cAppDynamicClient2Rep.getBackchannelAuthenticationRequestSigningAlg());
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) Matchers.containsString(org.hamcrest.Matchers.containsString) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) Test(org.junit.Test)

Example 5 with OIDCClientRepresentation

use of org.keycloak.representations.oidc.OIDCClientRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method testClientUpdateSourceRolesCondition.

@Test
public void testClientUpdateSourceRolesCondition() throws Exception {
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Il Primo Profilo").addExecutor(SecureClientAuthenticatorExecutorFactory.PROVIDER_ID, createSecureClientAuthenticatorExecutorConfig(Arrays.asList(JWTClientSecretAuthenticator.PROVIDER_ID), null)).toRepresentation()).toString();
    updateProfiles(json);
    // register policies
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "La Prima Politica", Boolean.TRUE).addCondition(ClientUpdaterSourceRolesConditionFactory.PROVIDER_ID, createClientUpdateSourceRolesConditionConfig(Arrays.asList(Constants.REALM_MANAGEMENT_CLIENT_ID + "." + AdminRoles.CREATE_CLIENT))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    try {
        authCreateClients();
        createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        });
        fail();
    } catch (ClientRegistrationException e) {
        assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
    }
    authManageClients();
    try {
        createClientDynamically(generateSuffixedName(CLIENT_NAME), (OIDCClientRepresentation clientRep) -> {
        });
    } catch (Exception e) {
        fail();
    }
}
Also used : ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) IOException(java.io.IOException) ClientPolicyException(org.keycloak.services.clientpolicy.ClientPolicyException) OAuthErrorException(org.keycloak.OAuthErrorException) BadRequestException(javax.ws.rs.BadRequestException) ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException) Test(org.junit.Test)

Aggregations

OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)118 Test (org.junit.Test)95 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)44 AbstractClientPoliciesTest (org.keycloak.testsuite.client.AbstractClientPoliciesTest)22 ParResponse (org.keycloak.testsuite.util.OAuthClient.ParResponse)21 TestOIDCEndpointsApplicationResource (org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource)16 OAuthClient (org.keycloak.testsuite.util.OAuthClient)16 OIDCAdvancedConfigWrapper (org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper)15 ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)11 IOException (java.io.IOException)10 ClientResource (org.keycloak.admin.client.resource.ClientResource)9 ArrayList (java.util.ArrayList)8 ClientPoliciesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder)7 ClientPolicyBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder)7 ClientProfileBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder)7 ClientProfilesBuilder (org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder)7 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)6 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)4 InputStream (java.io.InputStream)3 Produces (javax.ws.rs.Produces)3