Examples with EnableFeature org.keycloak.testsuite.arquillian.annotation.EnableFeature used on opensource projects

Example 1 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class OIDCProtocolMappersTest method executeTokenMappersOnDynamicScopes.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void executeTokenMappersOnDynamicScopes() {
    ClientResource clientResource = findClientResourceByClientId(adminClient.realm("test"), "test-app");
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dyn-scope-with-mapper");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dyn-scope-with-mapper:*");
        }
    });
    // create the attribute mapper
    ProtocolMapperRepresentation protocolMapperRepresentation = createHardcodedClaim("dynamic-scope-hardcoded-mapper", "hardcoded-foo", "hardcoded-bar", "String", true, true);
    scopeRep.setProtocolMappers(Collections.singletonList(protocolMapperRepresentation));
    try (Response resp = adminClient.realm("test").clientScopes().create(scopeRep)) {
        assertEquals(201, resp.getStatus());
        String clientScopeId = ApiUtil.getCreatedId(resp);
        getCleanup().addClientScopeId(clientScopeId);
        clientResource.addOptionalClientScope(clientScopeId);
    }
    oauth.scope("openid dyn-scope-with-mapper:value");
    OAuthClient.AccessTokenResponse response = browserLogin("password", "test-user@localhost", "password");
    IDToken idToken = oauth.verifyIDToken(response.getIdToken());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    assertNotNull(idToken.getOtherClaims());
    assertNotNull(idToken.getOtherClaims().get("hardcoded-foo"));
    assertTrue(idToken.getOtherClaims().get("hardcoded-foo") instanceof String);
    assertEquals("hardcoded-bar", idToken.getOtherClaims().get("hardcoded-foo"));
    assertNotNull(accessToken.getOtherClaims());
    assertNotNull(accessToken.getOtherClaims().get("hardcoded-foo"));
    assertTrue(accessToken.getOtherClaims().get("hardcoded-foo") instanceof String);
    assertEquals("hardcoded-bar", accessToken.getOtherClaims().get("hardcoded-foo"));
}

Example 2 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ResourceOwnerPasswordCredentialsGrantTest method grantAccessTokenWithDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void grantAccessTokenWithDynamicScope() throws Exception {
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("dynamic-scope");
    clientScope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope:*");
        }
    });
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    RealmResource realmResource = adminClient.realm("test");
    try (Response response = realmResource.clientScopes().create(clientScope)) {
        String scopeId = ApiUtil.getCreatedId(response);
        getCleanup().addClientScopeId(scopeId);
        ClientResource resourceOwnerPublicClient = ApiUtil.findClientByClientId(realmResource, "resource-owner-public");
        ClientRepresentation testAppRep = resourceOwnerPublicClient.toRepresentation();
        resourceOwnerPublicClient.update(testAppRep);
        resourceOwnerPublicClient.addOptionalClientScope(scopeId);
    }
    oauth.scope("dynamic-scope:123");
    oauth.clientId("resource-owner-public");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "direct-login", "password");
    assertTrue(response.getScope().contains("dynamic-scope:123"));
    assertEquals(200, response.getStatusCode());
    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    events.expectLogin().client("resource-owner-public").user(userId).session(accessToken.getSessionState()).detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD).detail(Details.TOKEN_ID, accessToken.getId()).detail(Details.REFRESH_TOKEN_ID, refreshToken.getId()).detail(Details.USERNAME, "direct-login").removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent();
    assertTrue(accessToken.getScope().contains("dynamic-scope:123"));
}

Example 3 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method dynamicClientScopeCannotBeAssignedAsDefaultClientScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void dynamicClientScopeCannotBeAssignedAsDefaultClientScope() {
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId("dyn-scope-client");
    clientRep.setProtocol("openid-connect");
    String clientUuid = createClient(clientRep);
    getCleanup().addClientUuid(clientUuid);
    ClientScopeRepresentation optionalClientScope = new ClientScopeRepresentation();
    optionalClientScope.setName("optional-dynamic-client-scope");
    optionalClientScope.setProtocol("openid-connect");
    optionalClientScope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*");
        }
    });
    String optionalClientScopeId = createClientScope(optionalClientScope);
    getCleanup().addClientScopeId(optionalClientScopeId);
    try {
        ClientResource clientResource = testRealmResource().clients().get(clientUuid);
        clientResource.addDefaultClientScope(optionalClientScopeId);
        Assert.fail("A Dynamic Scope shouldn't not be assigned as a default scope to a client");
    } catch (ClientErrorException ex) {
        MatcherAssert.assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.BAD_REQUEST));
    }
}

Example 4 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method testCreateValidDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateValidDynamicScope() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dynamic-scope-def");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*");
        }
    });
    String scopeDefId = createClientScope(scopeRep);
    getCleanup().addClientScopeId(scopeDefId);
    // Assert updated attributes
    scopeRep = clientScopes().get(scopeDefId).toRepresentation();
    assertEquals("dynamic-scope-def", scopeRep.getName());
    assertEquals("true", scopeRep.getAttributes().get(ClientScopeModel.IS_DYNAMIC_SCOPE));
    assertEquals("dynamic-scope-def:*", scopeRep.getAttributes().get(ClientScopeModel.DYNAMIC_SCOPE_REGEXP));
}

Example 5 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class PartialImportTest method testAddClientsSkipWithServiceAccountsAndAuthorization.

@EnableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
@Test
public void testAddClientsSkipWithServiceAccountsAndAuthorization() throws IOException {
    addClients(true);
    setSkip();
    PartialImportResults results = doImport();
    assertEquals(NUM_ENTITIES * 2, results.getAdded());
    results = doImport();
    assertEquals(NUM_ENTITIES * 2, results.getSkipped());
}