keycloak-memoizeit
Changes
authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java 2(+2 -0)
Details
diff --git a/authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java b/authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java
index eabf085..93897fe 100644
--- a/authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java
+++ b/authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java
@@ -18,11 +18,13 @@ package org.keycloak.authorization.client.representation;
import java.util.List;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
+@JsonIgnoreProperties(ignoreUnknown = true)
public class ServerConfiguration {
@JsonProperty("issuer")
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
index 079db31..0903f0d 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java
@@ -40,6 +40,10 @@ public class OIDCConfigurationRepresentation {
@JsonProperty("token_endpoint")
private String tokenEndpoint;
+ /**
+ * The name 'token_introspection_endpoint' is deprecated and will be replaced by 'introspection_endpoint' as defined by RFC-8414.
+ * Until there, we just add {@code getIntrospectionEndpoint} claim to avoid breaking backward compatibility.
+ */
@JsonProperty("token_introspection_endpoint")
private String tokenIntrospectionEndpoint;
@@ -142,6 +146,16 @@ public class OIDCConfigurationRepresentation {
return this.tokenIntrospectionEndpoint;
}
+ /**
+ * See KEYCLOAK-8308. This method should be removed once the standard name is used to advertise the introspection endpoint.
+ * @return
+ */
+ @Deprecated
+ @JsonProperty("introspection_endpoint")
+ private String getIntrospectionEndpoint() {
+ return getTokenIntrospectionEndpoint();
+ }
+
public void setTokenIntrospectionEndpoint(String tokenIntrospectionEndpoint) {
this.tokenIntrospectionEndpoint = tokenIntrospectionEndpoint;
}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
index 4dd97dd..c8084e0 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java
@@ -17,6 +17,7 @@
package org.keycloak.testsuite.oidc;
+import com.fasterxml.jackson.databind.node.ObjectNode;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.junit.After;
@@ -42,6 +43,7 @@ import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.TokenSignatureUtil;
+import org.keycloak.util.JsonSerialization;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
@@ -99,7 +101,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
public void testDiscovery() {
Client client = ClientBuilder.newClient();
try {
- OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryConfiguration(client);
+ OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client);
// URIs are filled
assertEquals(oidcConfig.getAuthorizationEndpoint(), OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build("test").toString());
@@ -165,7 +167,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
Client client = ClientBuilder.newClient();
try {
- OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryConfiguration(client);
+ OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client);
// assert issuer matches
assertEquals(idToken.getIssuer(), oidcConfig.getIssuer());
@@ -200,7 +202,26 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
assertEquals(2, jsonWebKeySet.getKeys().length);
}
- private OIDCConfigurationRepresentation getOIDCDiscoveryConfiguration(Client client) {
+ @Test
+ public void testIntrospectionEndpointClaim() throws IOException {
+ Client client = ClientBuilder.newClient();
+ try {
+ ObjectNode oidcConfig = JsonSerialization.readValue(getOIDCDiscoveryConfiguration(client), ObjectNode.class);
+ assertEquals(oidcConfig.get("introspection_endpoint").asText(), getOIDCDiscoveryRepresentation(client).getTokenIntrospectionEndpoint());
+ } finally {
+ client.close();
+ }
+ }
+
+ private OIDCConfigurationRepresentation getOIDCDiscoveryRepresentation(Client client) {
+ try {
+ return JsonSerialization.readValue(getOIDCDiscoveryConfiguration(client), OIDCConfigurationRepresentation.class);
+ } catch (IOException cause) {
+ throw new RuntimeException("Failed to parse OIDC configuration", cause);
+ }
+ }
+
+ private String getOIDCDiscoveryConfiguration(Client client) {
UriBuilder builder = UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT);
URI oidcDiscoveryUri = RealmsResource.wellKnownProviderUrl(builder).build("test", OIDCWellKnownProviderFactory.PROVIDER_ID);
WebTarget oidcDiscoveryTarget = client.target(oidcDiscoveryUri);
@@ -209,7 +230,7 @@ public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
assertEquals("no-cache, must-revalidate, no-transform, no-store", response.getHeaders().getFirst("Cache-Control"));
- return response.readEntity(OIDCConfigurationRepresentation.class);
+ return response.readEntity(String.class);
}
private void assertContains(List<String> actual, String... expected) {