keycloak-developers
Changes
examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java 7(+4 -3)
forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java 5(+3 -2)
integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java 3(+2 -1)
integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java 17(+9 -8)
integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java 19(+10 -9)
integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java 17(+9 -8)
model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java 2(+1 -1)
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java 11(+6 -5)
testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java 11(+6 -5)
Details
diff --git a/core/src/main/java/org/keycloak/AbstractOAuthClient.java b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
index 99abe30..9f082e9 100755
--- a/core/src/main/java/org/keycloak/AbstractOAuthClient.java
+++ b/core/src/main/java/org/keycloak/AbstractOAuthClient.java
@@ -103,8 +103,8 @@ public class AbstractOAuthClient {
protected String stripOauthParametersFromRedirect(String uri) {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
- .replaceQueryParam("code", null)
- .replaceQueryParam("state", null);
+ .replaceQueryParam(OAuth2Constants.CODE, null)
+ .replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}
diff --git a/core/src/main/java/org/keycloak/OAuth2Constants.java b/core/src/main/java/org/keycloak/OAuth2Constants.java
new file mode 100644
index 0000000..07071ff
--- /dev/null
+++ b/core/src/main/java/org/keycloak/OAuth2Constants.java
@@ -0,0 +1,30 @@
+package org.keycloak;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+public interface OAuth2Constants {
+
+ String CODE = "code";
+
+ String CLIENT_ID = "client_id";
+
+ String ERROR = "error";
+
+ String ERROR_DESCRIPTION = "error_description";
+
+ String REDIRECT_URI = "redirect_uri";
+
+ String SCOPE = "scope";
+
+ String STATE = "state";
+
+ String GRANT_TYPE = "grant_type";
+
+ String RESPONSE_TYPE = "response_type";
+
+ String REFRESH_TOKEN = "refresh_token";
+
+}
+
+
diff --git a/examples/demo-template/customer-app-cli/src/main/resources/META-INF/keycloak.json b/examples/demo-template/customer-app-cli/src/main/resources/META-INF/keycloak.json
index bf07380..fc1fab9 100644
--- a/examples/demo-template/customer-app-cli/src/main/resources/META-INF/keycloak.json
+++ b/examples/demo-template/customer-app-cli/src/main/resources/META-INF/keycloak.json
@@ -1,7 +1,7 @@
{
"realm" : "demo",
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
- "auth-server-url" : "http://localhost:8080/auth",
+ "auth-server-url" : "http://localhost:8081/auth",
"ssl-not-required" : true,
"resource" : "customer-portal-cli",
"public-client" : true
diff --git a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java
index 0bda551..ac85da2 100755
--- a/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java
+++ b/examples/demo-template/third-party-cdi/src/main/java/org/keycloak/example/oauth/RefreshTokenFilter.java
@@ -14,6 +14,7 @@ import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.servlet.ServletOAuthClient;
@@ -41,15 +42,15 @@ public class RefreshTokenFilter implements Filter {
HttpServletResponse response = (HttpServletResponse)resp;
Map<String, String[]> reqParams = request.getParameterMap();
- if (reqParams.containsKey("code")) {
+ if (reqParams.containsKey(OAuth2Constants.CODE)) {
try {
String accessToken = oauthClient.getBearerToken(request).getToken();
userData.setAccessToken(accessToken);
} catch (ServerRequest.HttpFailure e) {
throw new ServletException(e);
}
- } else if (reqParams.containsKey("error")) {
- String oauthError = reqParams.get("error")[0];
+ } else if (reqParams.containsKey(OAuth2Constants.ERROR)) {
+ String oauthError = reqParams.get(OAuth2Constants.ERROR)[0];
request.setAttribute(OAUTH_ERROR_ATTR, oauthError);
}
diff --git a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
index b8be174..6ca1565 100755
--- a/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
+++ b/forms/login-freemarker/src/main/java/org/keycloak/login/freemarker/FreeMarkerLoginForms.java
@@ -2,6 +2,7 @@ package org.keycloak.login.freemarker;
import org.jboss.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.OAuth2Constants;
import org.keycloak.freemarker.FreeMarkerException;
import org.keycloak.freemarker.FreeMarkerUtil;
import org.keycloak.freemarker.Theme;
@@ -125,7 +126,7 @@ public class FreeMarkerLoginForms implements LoginForms {
}
if (accessCode != null) {
- uriBuilder.replaceQueryParam("code", accessCode);
+ uriBuilder.replaceQueryParam(OAuth2Constants.CODE, accessCode);
}
Map<String, Object> attributes = new HashMap<String, Object>();
@@ -181,7 +182,7 @@ public class FreeMarkerLoginForms implements LoginForms {
attributes.put("oauth", new OAuthGrantBean(accessCode, client, realmRolesRequested, resourceRolesRequested));
break;
case CODE:
- attributes.put("code", new CodeBean(accessCode, messageType == MessageType.ERROR ? message : null));
+ attributes.put(OAuth2Constants.CODE, new CodeBean(accessCode, messageType == MessageType.ERROR ? message : null));
break;
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
index 3f5a4a4..297111a 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/KeycloakDeploymentBuilder.java
@@ -2,6 +2,7 @@ package org.keycloak.adapters;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.annotate.JsonSerialize;
+import org.keycloak.OAuth2Constants;
import org.keycloak.ServiceUrlConstants;
import org.keycloak.representations.adapters.config.AdapterConfig;
import org.keycloak.util.EnvUtil;
@@ -66,7 +67,7 @@ public class KeycloakDeploymentBuilder {
String logoutUrl = serverBuilder.clone().path(ServiceUrlConstants.TOKEN_SERVICE_LOGOUT_PATH).build(adapterConfig.getRealm()).toString();
String accountUrl = serverBuilder.clone().path(ServiceUrlConstants.ACCOUNT_SERVICE_PATH).build(adapterConfig.getRealm()).toString();
- deployment.setAuthUrl(KeycloakUriBuilder.fromUri(authUrl).queryParam("client_id", deployment.getResourceName()));
+ deployment.setAuthUrl(KeycloakUriBuilder.fromUri(authUrl).queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName()));
deployment.setCodeUrl(tokenUrl);
deployment.setRefreshUrl(refreshUrl);
deployment.setLogoutUrl(KeycloakUriBuilder.fromUri(logoutUrl));
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
index a948b03..c7ec9fc 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java
@@ -1,6 +1,7 @@
package org.keycloak.adapters;
import org.jboss.logging.Logger;
+import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
@@ -99,11 +100,11 @@ public abstract class OAuthRequestAuthenticator {
}
protected String getError() {
- return getQueryParamValue("error");
+ return getQueryParamValue(OAuth2Constants.ERROR);
}
protected String getCode() {
- return getQueryParamValue("code");
+ return getQueryParamValue(OAuth2Constants.CODE);
}
protected String getRedirectUri(String state) {
@@ -120,9 +121,9 @@ public abstract class OAuthRequestAuthenticator {
url = secureUrl.build().toString();
}
return deployment.getAuthUrl().clone()
- .queryParam("client_id", deployment.getResourceName())
- .queryParam("redirect_uri", url)
- .queryParam("state", state)
+ .queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
+ .queryParam(OAuth2Constants.REDIRECT_URI, url)
+ .queryParam(OAuth2Constants.STATE, state)
.queryParam("login", "true")
.build().toString();
}
@@ -168,7 +169,7 @@ public abstract class OAuthRequestAuthenticator {
facade.getResponse().resetCookie(deployment.getStateCookieName(), stateCookie.getPath());
String stateCookieValue = getCookieValue(deployment.getStateCookieName());
- String state = getQueryParamValue("state");
+ String state = getQueryParamValue(OAuth2Constants.STATE);
if (state == null) {
log.warn("state parameter was null");
return challenge(400);
@@ -300,8 +301,8 @@ public abstract class OAuthRequestAuthenticator {
*/
protected String stripOauthParametersFromRedirect() {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(facade.getRequest().getURI())
- .replaceQueryParam("code", null)
- .replaceQueryParam("state", null);
+ .replaceQueryParam(OAuth2Constants.CODE, null)
+ .replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}
diff --git a/integration/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java b/integration/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java
index 8146896..b1e6e99 100755
--- a/integration/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java
+++ b/integration/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java
@@ -7,6 +7,7 @@ import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicNameValuePair;
+import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.util.BasicAuthHelper;
@@ -57,9 +58,9 @@ public class ServerRequest {
public static AccessTokenResponse invokeAccessCodeToToken(HttpClient client, boolean publicClient, String code, String codeUrl, String redirectUri, String client_id, Map<String, String> credentials) throws IOException, HttpFailure {
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
redirectUri = stripOauthParametersFromRedirect(redirectUri);
- formparams.add(new BasicNameValuePair("grant_type", "authorization_code"));
- formparams.add(new BasicNameValuePair("code", code));
- formparams.add(new BasicNameValuePair("redirect_uri", redirectUri));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, "authorization_code"));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
HttpResponse response = null;
HttpPost post = new HttpPost(codeUrl);
if (!publicClient) {
@@ -69,7 +70,7 @@ public class ServerRequest {
post.setHeader("Authorization", authorization);
}
} else {
- formparams.add(new BasicNameValuePair("client_id", client_id));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, client_id));
}
UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
@@ -120,8 +121,8 @@ public class ServerRequest {
for (Map.Entry<String, String> entry : credentials.entrySet()) {
formparams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
}
- formparams.add(new BasicNameValuePair("grant_type", "refresh_token"));
- formparams.add(new BasicNameValuePair("refresh_token", refreshToken));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.REFRESH_TOKEN));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
HttpResponse response = null;
HttpPost post = new HttpPost(refreshUrl);
if (!publicClient) {
@@ -131,7 +132,7 @@ public class ServerRequest {
post.setHeader("Authorization", authorization);
}
} else {
- formparams.add(new BasicNameValuePair("client_id", client_id));
+ formparams.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, client_id));
}
UrlEncodedFormEntity form = new UrlEncodedFormEntity(formparams, "UTF-8");
@@ -190,8 +191,8 @@ public class ServerRequest {
protected static String stripOauthParametersFromRedirect(String uri) {
KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri)
- .replaceQueryParam("code", null)
- .replaceQueryParam("state", null);
+ .replaceQueryParam(OAuth2Constants.CODE, null)
+ .replaceQueryParam(OAuth2Constants.STATE, null);
return builder.build().toString();
}
diff --git a/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java b/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
index c0f7c27..910cd73 100644
--- a/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
+++ b/integration/installed/src/main/java/org/keycloak/adapters/installed/KeycloakInstalled.java
@@ -1,5 +1,6 @@
package org.keycloak.adapters.installed;
+import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
@@ -96,9 +97,9 @@ public class KeycloakInstalled {
String state = UUID.randomUUID().toString();
String authUrl = deployment.getAuthUrl().clone()
- .queryParam("client_id", deployment.getResourceName())
- .queryParam("redirect_uri", redirectUri)
- .queryParam("state", state)
+ .queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
+ .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
+ .queryParam(OAuth2Constants.STATE, state)
.queryParam("login", "true")
.build().toString();
@@ -130,7 +131,7 @@ public class KeycloakInstalled {
String redirectUri = "http://localhost:" + callback.server.getLocalPort();
String logoutUrl = deployment.getLogoutUrl()
- .queryParam("redirect_uri", redirectUri)
+ .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.build().toString();
Desktop.getDesktop().browse(new URI(logoutUrl));
@@ -153,8 +154,8 @@ public class KeycloakInstalled {
String redirectUri = "urn:ietf:wg:oauth:2.0:oob";
String authUrl = deployment.getAuthUrl().clone()
- .queryParam("client_id", deployment.getResourceName())
- .queryParam("redirect_uri", redirectUri)
+ .queryParam(OAuth2Constants.CLIENT_ID, deployment.getResourceName())
+ .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
.queryParam("login", "true")
.build().toString();
@@ -281,13 +282,13 @@ public class KeycloakInstalled {
for (String param : params) {
String[] p = param.split("=");
- if (p[0].equals("code")) {
+ if (p[0].equals(OAuth2Constants.CODE)) {
code = p[1];
- } else if (p[0].equals("error")) {
+ } else if (p[0].equals(OAuth2Constants.ERROR)) {
error = p[1];
} else if (p[0].equals("error-description")) {
errorDescription = p[1];
- } else if (p[0].equals("state")) {
+ } else if (p[0].equals(OAuth2Constants.STATE)) {
state = p[1];
}
}
diff --git a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
index 65c56e9..4207a02 100755
--- a/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
+++ b/integration/jaxrs-oauth-client/src/main/java/org/keycloak/jaxrs/JaxrsOAuthClient.java
@@ -4,6 +4,7 @@ import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.util.BasicAuthHelper;
import org.keycloak.AbstractOAuthClient;
+import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
@@ -49,10 +50,10 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
public String resolveBearerToken(String redirectUri, String code) {
redirectUri = stripOauthParametersFromRedirect(redirectUri);
Form codeForm = new Form()
- .param("grant_type", "authorization_code")
- .param("code", code)
- .param("client_id", clientId)
- .param("redirect_uri", redirectUri);
+ .param(OAuth2Constants.GRANT_TYPE, "authorization_code")
+ .param(OAuth2Constants.CODE, code)
+ .param(OAuth2Constants.CLIENT_ID, clientId)
+ .param(OAuth2Constants.REDIRECT_URI, redirectUri);
for (Map.Entry<String, String> entry : credentials.entrySet()) {
codeForm.param(entry.getKey(), entry.getValue());
}
@@ -73,11 +74,11 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
String state = getStateCode();
UriBuilder uriBuilder = UriBuilder.fromUri(authUrl)
- .queryParam("client_id", clientId)
- .queryParam("redirect_uri", redirectUri)
- .queryParam("state", state);
+ .queryParam(OAuth2Constants.CLIENT_ID, clientId)
+ .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
+ .queryParam(OAuth2Constants.STATE, state);
if (scope != null) {
- uriBuilder.queryParam("scope", scope);
+ uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
}
URI url = uriBuilder.build();
@@ -105,17 +106,17 @@ public class JaxrsOAuthClient extends AbstractOAuthClient {
}
public String getError(UriInfo uriInfo) {
- return uriInfo.getQueryParameters().getFirst("error");
+ return uriInfo.getQueryParameters().getFirst(OAuth2Constants.ERROR);
}
public String getAccessCode(UriInfo uriInfo) {
- return uriInfo.getQueryParameters().getFirst("code");
+ return uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE);
}
public void checkStateCookie(UriInfo uriInfo, HttpHeaders headers) {
Cookie stateCookie = headers.getCookies().get(stateCookieName);
if (stateCookie == null) throw new BadRequestException("state cookie not set");
- String state = uriInfo.getQueryParameters().getFirst("state");
+ String state = uriInfo.getQueryParameters().getFirst(OAuth2Constants.STATE);
if (state == null) throw new BadRequestException("state parameter was null");
if (!state.equals(stateCookie.getValue())) {
throw new BadRequestException("state parameter invalid");
diff --git a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
index 88bebd7..461b0bd 100755
--- a/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
+++ b/integration/servlet-oauth-client/src/main/java/org/keycloak/servlet/ServletOAuthClient.java
@@ -2,6 +2,7 @@ package org.keycloak.servlet;
import org.apache.http.client.HttpClient;
import org.keycloak.AbstractOAuthClient;
+import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.adapters.ServerRequest;
import org.keycloak.jose.jws.JWSInput;
@@ -75,11 +76,11 @@ public class ServletOAuthClient extends AbstractOAuthClient {
String state = getStateCode();
KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(authUrl)
- .queryParam("client_id", clientId)
- .queryParam("redirect_uri", redirectUri)
- .queryParam("state", state);
+ .queryParam(OAuth2Constants.CLIENT_ID, clientId)
+ .queryParam(OAuth2Constants.REDIRECT_URI, redirectUri)
+ .queryParam(OAuth2Constants.STATE, state);
if (scope != null) {
- uriBuilder.queryParam("scope", scope);
+ uriBuilder.queryParam(OAuth2Constants.SCOPE, scope);
}
URI url = uriBuilder.build();
@@ -111,7 +112,7 @@ public class ServletOAuthClient extends AbstractOAuthClient {
int eq = param.indexOf('=');
if (eq == -1) continue;
String name = param.substring(0, eq);
- if (!name.equals("code")) continue;
+ if (!name.equals(OAuth2Constants.CODE)) continue;
return param.substring(eq + 1);
}
return null;
@@ -128,14 +129,14 @@ public class ServletOAuthClient extends AbstractOAuthClient {
* @throws org.keycloak.adapters.ServerRequest.HttpFailure
*/
public AccessTokenResponse getBearerToken(HttpServletRequest request) throws IOException, ServerRequest.HttpFailure {
- String error = request.getParameter("error");
+ String error = request.getParameter(OAuth2Constants.ERROR);
if (error != null) throw new IOException("OAuth error: " + error);
String redirectUri = request.getRequestURL().append("?").append(request.getQueryString()).toString();
String stateCookie = getCookieValue(stateCookieName, request);
if (stateCookie == null) throw new IOException("state cookie not set");
// we can call get parameter as this should be a redirect
- String state = request.getParameter("state");
- String code = request.getParameter("code");
+ String state = request.getParameter(OAuth2Constants.STATE);
+ String code = request.getParameter(OAuth2Constants.CODE);
if (state == null) throw new IOException("state parameter was null");
if (!state.equals(stateCookie)) {
diff --git a/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java b/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java
index 65a1c7a..4931218 100755
--- a/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java
+++ b/model/picketlink/src/main/java/org/keycloak/models/picketlink/relationships/ScopeRelationship.java
@@ -25,7 +25,7 @@ public class ScopeRelationship extends AbstractAttributedType implements Relatio
@Override
public String getName() {
- return "scope";
+ return OAuth2Constants.SCOPE;
}
};
diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 43c309f..593f3d3 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.OAuth2Constants;
import org.keycloak.account.Account;
import org.keycloak.account.AccountLoader;
import org.keycloak.account.AccountPages;
@@ -291,7 +292,7 @@ public class AccountService {
return Flows.social(socialRequestManager, realm, uriInfo, provider)
.putClientAttribute("realm", realm.getName())
.putClientAttribute("clientId", Constants.ACCOUNT_MANAGEMENT_APP)
- .putClientAttribute("state", UUID.randomUUID().toString()).putClientAttribute("redirectUri", redirectUri)
+ .putClientAttribute(OAuth2Constants.STATE, UUID.randomUUID().toString()).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute("userId", user.getId())
.redirectToSocialProvider();
} catch (SocialProviderException spe) {
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
index 50ed5ea..4c413a1 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/AdminService.java
@@ -5,6 +5,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
+import org.keycloak.OAuth2Constants;
import org.keycloak.jaxrs.JaxrsOAuthClient;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ApplicationModel;
@@ -319,8 +320,8 @@ public class AdminService {
}
protected Response redirectOnLoginError(String message) {
- URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam("error", message).build();
- URI logout = TokenService.logoutUrl(uriInfo).queryParam("redirect_uri", uri.toString()).build(Config.getAdminRealm());
+ URI uri = uriInfo.getBaseUriBuilder().path(AdminService.class).path(AdminService.class, "errorOnLoginRedirect").queryParam(OAuth2Constants.ERROR, message).build();
+ URI logout = TokenService.logoutUrl(uriInfo).queryParam(OAuth2Constants.REDIRECT_URI, uri.toString()).build(Config.getAdminRealm());
return Response.status(302).location(logout).build();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
index 0a463e3..26e4888 100755
--- a/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
+++ b/services/src/main/java/org/keycloak/services/resources/flows/OAuthFlows.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources.flows;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@@ -85,10 +86,10 @@ public class OAuthFlows {
if (Constants.INSTALLED_APP_URN.equals(redirect)) {
return Flows.forms(realm, request, uriInfo).setAccessCode(accessCode.getId(), code).createCode();
} else {
- UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("code", code);
+ UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.CODE, code);
log.debug("redirectAccessCode: state: {0}", state);
if (state != null)
- redirectUri.queryParam("state", state);
+ redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
Cookie remember = request.getHttpHeaders().getCookies().get(AuthenticationManager.KEYCLOAK_REMEMBER_ME);
rememberMe = rememberMe || remember != null;
@@ -101,9 +102,9 @@ public class OAuthFlows {
if (Constants.INSTALLED_APP_URN.equals(redirect)) {
return Flows.forms(realm, request, uriInfo).setError(error).createCode();
} else {
- UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", error);
+ UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, error);
if (state != null) {
- redirectUri.queryParam("state", state);
+ redirectUri.queryParam(OAuth2Constants.STATE, state);
}
return Response.status(302).location(redirectUri.build()).build();
}
diff --git a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
index 5f5e252..a1409be 100755
--- a/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
+++ b/services/src/main/java/org/keycloak/services/resources/RequiredActionsService.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.OAuth2Constants;
import org.keycloak.login.LoginForms;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
@@ -241,10 +242,10 @@ public class RequiredActionsService {
public Response sendPasswordReset(final MultivaluedMap<String, String> formData) {
String username = formData.getFirst("username");
- String scopeParam = uriInfo.getQueryParameters().getFirst("scope");
- String state = uriInfo.getQueryParameters().getFirst("state");
- String redirect = uriInfo.getQueryParameters().getFirst("redirect_uri");
- String clientId = uriInfo.getQueryParameters().getFirst("client_id");
+ String scopeParam = uriInfo.getQueryParameters().getFirst(OAuth2Constants.SCOPE);
+ String state = uriInfo.getQueryParameters().getFirst(OAuth2Constants.STATE);
+ String redirect = uriInfo.getQueryParameters().getFirst(OAuth2Constants.REDIRECT_URI);
+ String clientId = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CLIENT_ID);
ClientModel client = realm.findClient(clientId);
if (client == null) {
@@ -283,7 +284,7 @@ public class RequiredActionsService {
}
private AccessCodeEntry getAccessCodeEntry(RequiredAction requiredAction) {
- String code = uriInfo.getQueryParameters().getFirst("code");
+ String code = uriInfo.getQueryParameters().getFirst(OAuth2Constants.CODE);
if (code == null) {
logger.debug("getAccessCodeEntry code as not in query param");
return null;
diff --git a/services/src/main/java/org/keycloak/services/resources/SocialResource.java b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
index d8ff9b1..45f9a0e 100755
--- a/services/src/main/java/org/keycloak/services/resources/SocialResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/SocialResource.java
@@ -23,6 +23,7 @@ package org.keycloak.services.resources;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
@@ -141,11 +142,11 @@ public class SocialResource {
socialUser = provider.processCallback(config, callback);
} catch (SocialAccessDeniedException e) {
MultivaluedHashMap<String, String> queryParms = new MultivaluedHashMap<String, String>();
- queryParms.putSingle("client_id", requestData.getClientAttribute("clientId"));
- queryParms.putSingle("state", requestData.getClientAttribute("state"));
- queryParms.putSingle("scope", requestData.getClientAttribute("scope"));
- queryParms.putSingle("redirect_uri", requestData.getClientAttribute("redirectUri"));
- queryParms.putSingle("response_type", requestData.getClientAttribute("responseType"));
+ queryParms.putSingle(OAuth2Constants.CLIENT_ID, requestData.getClientAttribute("clientId"));
+ queryParms.putSingle(OAuth2Constants.STATE, requestData.getClientAttribute(OAuth2Constants.STATE));
+ queryParms.putSingle(OAuth2Constants.SCOPE, requestData.getClientAttribute(OAuth2Constants.SCOPE));
+ queryParms.putSingle(OAuth2Constants.REDIRECT_URI, requestData.getClientAttribute("redirectUri"));
+ queryParms.putSingle(OAuth2Constants.RESPONSE_TYPE, requestData.getClientAttribute("responseType"));
return Flows.forms(realm, request, uriInfo).setQueryParams(queryParms).setWarning("Access denied").createLogin();
} catch (SocialProviderException e) {
logger.warn("Failed to process social callback", e);
@@ -204,8 +205,8 @@ public class SocialResource {
return oauth.forwardToSecurityFailure("Your account is not enabled.");
}
- String scope = requestData.getClientAttributes().get("scope");
- String state = requestData.getClientAttributes().get("state");
+ String scope = requestData.getClientAttributes().get(OAuth2Constants.SCOPE);
+ String state = requestData.getClientAttributes().get(OAuth2Constants.STATE);
String redirectUri = requestData.getClientAttributes().get("redirectUri");
return oauth.processAccessCode(scope, state, redirectUri, client, user);
@@ -214,7 +215,7 @@ public class SocialResource {
@GET
@Path("{realm}/login")
public Response redirectToProviderAuth(@PathParam("realm") final String realmName,
- @QueryParam("provider_id") final String providerId, @QueryParam("client_id") final String clientId,
+ @QueryParam("provider_id") final String providerId, @QueryParam(OAuth2Constants.CLIENT_ID) final String clientId,
@QueryParam("scope") final String scope, @QueryParam("state") final String state,
@QueryParam("redirect_uri") String redirectUri, @QueryParam("response_type") String responseType) {
RealmManager realmManager = new RealmManager(session);
@@ -243,8 +244,8 @@ public class SocialResource {
try {
return Flows.social(socialRequestManager, realm, uriInfo, provider)
.putClientAttribute("realm", realmName)
- .putClientAttribute("clientId", clientId).putClientAttribute("scope", scope)
- .putClientAttribute("state", state).putClientAttribute("redirectUri", redirectUri)
+ .putClientAttribute("clientId", clientId).putClientAttribute(OAuth2Constants.SCOPE, scope)
+ .putClientAttribute(OAuth2Constants.STATE, state).putClientAttribute("redirectUri", redirectUri)
.putClientAttribute("responseType", responseType).redirectToSocialProvider();
} catch (Throwable t) {
return Flows.forms(realm, request, uriInfo).setError("Failed to redirect to social auth").createErrorPage();
@@ -253,8 +254,8 @@ public class SocialResource {
private RequestDetails getRequestDetails(Map<String, String[]> queryParams) {
String requestId = null;
- if (queryParams.containsKey("state")) {
- requestId = queryParams.get("state")[0];
+ if (queryParams.containsKey(OAuth2Constants.STATE)) {
+ requestId = queryParams.get(OAuth2Constants.STATE)[0];
} else if (queryParams.containsKey("oauth_token")) {
requestId = queryParams.get("oauth_token")[0];
} else if (queryParams.containsKey("denied")) {
diff --git a/services/src/main/java/org/keycloak/services/resources/TokenService.java b/services/src/main/java/org/keycloak/services/resources/TokenService.java
index 5a3b239..2ba1c3d 100755
--- a/services/src/main/java/org/keycloak/services/resources/TokenService.java
+++ b/services/src/main/java/org/keycloak/services/resources/TokenService.java
@@ -4,6 +4,7 @@ import org.jboss.resteasy.annotations.cache.NoCache;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.HttpResponse;
+import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
@@ -165,7 +166,7 @@ public class TokenService {
if (authManager.authenticateForm(realm, user, form) != AuthenticationStatus.SUCCESS) {
throw new NotAuthorizedException("Auth failed");
}
- String scope = form.getFirst("scope");
+ String scope = form.getFirst(OAuth2Constants.SCOPE);
AccessTokenResponse res = tokenManager.responseBuilder(realm, client)
.generateAccessToken(scope, client, user)
.generateIDToken()
@@ -185,14 +186,14 @@ public class TokenService {
}
ClientModel client = authorizeClient(authorizationHeader, form);
- String refreshToken = form.getFirst("refresh_token");
+ String refreshToken = form.getFirst(OAuth2Constants.REFRESH_TOKEN);
AccessToken accessToken = null;
try {
accessToken = tokenManager.refreshAccessToken(realm, client, refreshToken);
} catch (OAuthErrorException e) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", e.getError());
- if (e.getDescription() != null) error.put("error_description", e.getDescription());
+ error.put(OAuth2Constants.ERROR, e.getError());
+ if (e.getDescription() != null) error.put(OAuth2Constants.ERROR_DESCRIPTION, e.getDescription());
throw new BadRequestException(Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build(), e);
}
@@ -372,11 +373,11 @@ public class TokenService {
ClientModel client = authorizeClient(authorizationHeader, formData);
- String code = formData.getFirst("code");
+ String code = formData.getFirst(OAuth2Constants.CODE);
if (code == null) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", "invalid_request");
- error.put("error_description", "code not specified");
+ error.put(OAuth2Constants.ERROR, "invalid_request");
+ error.put(OAuth2Constants.ERROR_DESCRIPTION, "code not specified");
throw new BadRequestException("Code not specified", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
@@ -390,8 +391,8 @@ public class TokenService {
}
if (!verifiedCode) {
Map<String, String> res = new HashMap<String, String>();
- res.put("error", "invalid_grant");
- res.put("error_description", "Unable to verify code signature");
+ res.put(OAuth2Constants.ERROR, "invalid_grant");
+ res.put(OAuth2Constants.ERROR_DESCRIPTION, "Unable to verify code signature");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -399,29 +400,29 @@ public class TokenService {
AccessCodeEntry accessCode = tokenManager.pullAccessCode(key);
if (accessCode == null) {
Map<String, String> res = new HashMap<String, String>();
- res.put("error", "invalid_grant");
- res.put("error_description", "Code not found");
+ res.put(OAuth2Constants.ERROR, "invalid_grant");
+ res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code not found");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (accessCode.isExpired()) {
Map<String, String> res = new HashMap<String, String>();
- res.put("error", "invalid_grant");
- res.put("error_description", "Code is expired");
+ res.put(OAuth2Constants.ERROR, "invalid_grant");
+ res.put(OAuth2Constants.ERROR_DESCRIPTION, "Code is expired");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (!accessCode.getToken().isActive()) {
Map<String, String> res = new HashMap<String, String>();
- res.put("error", "invalid_grant");
- res.put("error_description", "Token expired");
+ res.put(OAuth2Constants.ERROR, "invalid_grant");
+ res.put(OAuth2Constants.ERROR_DESCRIPTION, "Token expired");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
if (!client.getClientId().equals(accessCode.getClient().getClientId())) {
Map<String, String> res = new HashMap<String, String>();
- res.put("error", "invalid_grant");
- res.put("error_description", "Auth error");
+ res.put(OAuth2Constants.ERROR, "invalid_grant");
+ res.put(OAuth2Constants.ERROR_DESCRIPTION, "Auth error");
return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(res)
.build();
}
@@ -446,36 +447,36 @@ public class TokenService {
clientSecret = usernameSecret[1];
} else {
logger.info("no authorization header");
- client_id = formData.getFirst("client_id");
+ client_id = formData.getFirst(OAuth2Constants.CLIENT_ID);
clientSecret = formData.getFirst("client_secret");
}
if (client_id == null) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", "invalid_client");
- error.put("error_description", "Could not find client");
+ error.put(OAuth2Constants.ERROR, "invalid_client");
+ error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
ClientModel client = realm.findClient(client_id);
if (client == null) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", "invalid_client");
- error.put("error_description", "Could not find client");
+ error.put(OAuth2Constants.ERROR, "invalid_client");
+ error.put(OAuth2Constants.ERROR_DESCRIPTION, "Could not find client");
throw new BadRequestException("Could not find client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
if (!client.isEnabled()) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", "invalid_client");
- error.put("error_description", "Client is not enabled");
+ error.put(OAuth2Constants.ERROR, "invalid_client");
+ error.put(OAuth2Constants.ERROR_DESCRIPTION, "Client is not enabled");
throw new BadRequestException("Client is not enabled", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
if (!client.isPublicClient()) {
if (!client.validateSecret(clientSecret)) {
Map<String, String> error = new HashMap<String, String>();
- error.put("error", "unauthorized_client");
+ error.put(OAuth2Constants.ERROR, "unauthorized_client");
throw new BadRequestException("Unauthorized Client", Response.status(Response.Status.BAD_REQUEST).entity(error).type("application/json").build());
}
}
@@ -599,7 +600,7 @@ public class TokenService {
return oauth.forwardToSecurityFailure("HTTPS required");
}
- String code = formData.getFirst("code");
+ String code = formData.getFirst(OAuth2Constants.CODE);
JWSInput input = new JWSInput(code);
boolean verifiedCode = false;
try {
@@ -628,9 +629,9 @@ public class TokenService {
}
protected Response redirectAccessDenied(String redirect, String state) {
- UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam("error", "access_denied");
+ UriBuilder redirectUri = UriBuilder.fromUri(redirect).queryParam(OAuth2Constants.ERROR, "access_denied");
if (state != null)
- redirectUri.queryParam("state", state);
+ redirectUri.queryParam(OAuth2Constants.STATE, state);
Response.ResponseBuilder location = Response.status(302).location(redirectUri.build());
return location.build();
}
diff --git a/social/core/src/main/java/org/keycloak/social/AbstractOAuth2Provider.java b/social/core/src/main/java/org/keycloak/social/AbstractOAuth2Provider.java
index 7c6d2d7..92d6485 100644
--- a/social/core/src/main/java/org/keycloak/social/AbstractOAuth2Provider.java
+++ b/social/core/src/main/java/org/keycloak/social/AbstractOAuth2Provider.java
@@ -1,6 +1,7 @@
package org.keycloak.social;
import org.json.JSONObject;
+import org.keycloak.OAuth2Constants;
import org.keycloak.social.utils.SimpleHttp;
import java.io.IOException;
@@ -51,7 +52,7 @@ public abstract class AbstractOAuth2Provider implements SocialProvider {
@Override
public SocialUser processCallback(SocialProviderConfig config, AuthCallback callback) throws SocialProviderException {
- String error = callback.getQueryParam("error");
+ String error = callback.getQueryParam(OAuth2Constants.ERROR);
if (error != null) {
if (error.equals("access_denied")) {
throw new SocialAccessDeniedException();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
index b388bb3..d153a11 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java
@@ -10,6 +10,7 @@ import org.json.JSONObject;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientModel;
@@ -97,7 +98,7 @@ public class ProfileTest {
public void getProfile() throws Exception {
oauth.doLogin("test-user@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
@@ -119,7 +120,7 @@ public class ProfileTest {
public void getProfileCors() throws Exception {
oauth.doLogin("test-user@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
driver.navigate().to("http://localtest.me:8081/app");
@@ -132,7 +133,7 @@ public class ProfileTest {
public void getProfileCorsInvalidOrigin() throws Exception {
oauth.doLogin("test-user@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
driver.navigate().to("http://invalid.localtest.me:8081");
@@ -166,7 +167,7 @@ public class ProfileTest {
public void getProfileNoAccess() throws Exception {
oauth.doLogin("test-user-no-access@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String token = oauth.doAccessTokenRequest(code, "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
@@ -180,7 +181,7 @@ public class ProfileTest {
grantPage.accept();
- String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password").getAccessToken();
+ String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
assertEquals(200, response.getStatusLine().getStatusCode());
@@ -194,7 +195,7 @@ public class ProfileTest {
oauth.clientId("third-party");
oauth.doLoginGrant("test-user@localhost", "password");
- String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password").getAccessToken();
+ String token = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password").getAccessToken();
HttpResponse response = doGetProfile(token, null);
assertEquals(403, response.getStatusLine().getStatusCode());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
index d218cc8..3323d77 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/adapter/AdapterTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@@ -139,7 +140,7 @@ public class AdapterTest {
// test logout
String logoutUri = UriBuilder.fromUri("http://localhost:8081/auth/rest/realms/demo/tokens/logout")
- .queryParam("redirect_uri", "http://localhost:8081/customer-portal").build().toString();
+ .queryParam(OAuth2Constants.REDIRECT_URI, "http://localhost:8081/customer-portal").build().toString();
driver.navigate().to(logoutUri);
Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL));
driver.navigate().to("http://localhost:8081/product-portal");
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java
index 7a53ae0..d1f7d7d 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeImportRoleTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.RealmRepresentation;
@@ -81,7 +82,7 @@ public class CompositeImportRoleTest {
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -106,7 +107,7 @@ public class CompositeImportRoleTest {
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -130,7 +131,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -153,7 +154,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -175,7 +176,7 @@ public class CompositeImportRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
index eebe3ee..3ddf565 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/composites/CompositeRoleTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
@@ -159,7 +160,7 @@ public class CompositeRoleTest {
oauth.clientId("APP_COMPOSITE_APPLICATION");
oauth.doLogin("APP_COMPOSITE_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -184,7 +185,7 @@ public class CompositeRoleTest {
oauth.clientId("APP_ROLE_APPLICATION");
oauth.doLogin("REALM_APP_COMPOSITE_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -208,7 +209,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -231,7 +232,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_ROLE_1_APPLICATION");
oauth.doLogin("REALM_COMPOSITE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
@@ -253,7 +254,7 @@ public class CompositeRoleTest {
oauth.clientId("REALM_COMPOSITE_1_APPLICATION");
oauth.doLogin("REALM_ROLE_1_USER", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocial.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocial.java
index 5ad7cf6..b028e57 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocial.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocial.java
@@ -1,5 +1,6 @@
package org.keycloak.testsuite;
+import org.keycloak.OAuth2Constants;
import org.keycloak.social.AuthCallback;
import org.keycloak.social.AuthRequest;
import org.keycloak.social.SocialAccessDeniedException;
@@ -23,8 +24,8 @@ public class DummySocial implements SocialProvider {
public AuthRequest getAuthUrl(SocialProviderConfig config) throws SocialProviderException {
String state = UUID.randomUUID().toString();
- return AuthRequest.create(state, AUTH_PATH).setQueryParam("response_type", "token")
- .setQueryParam("redirect_uri", config.getCallbackUrl()).setQueryParam("state", state).setAttribute("state", state).build();
+ return AuthRequest.create(state, AUTH_PATH).setQueryParam(OAuth2Constants.RESPONSE_TYPE, "token")
+ .setQueryParam(OAuth2Constants.REDIRECT_URI, config.getCallbackUrl()).setQueryParam(OAuth2Constants.STATE, state).setAttribute(OAuth2Constants.STATE, state).build();
}
@Override
@@ -34,12 +35,12 @@ public class DummySocial implements SocialProvider {
@Override
public SocialUser processCallback(SocialProviderConfig config, AuthCallback callback) throws SocialProviderException {
- String error = callback.getQueryParam("error");
+ String error = callback.getQueryParam(OAuth2Constants.ERROR);
if (error != null) {
throw new SocialAccessDeniedException();
}
- if (!callback.getQueryParam("state").equals(callback.getAttribute("state"))) {
+ if (!callback.getQueryParam(OAuth2Constants.STATE).equals(callback.getAttribute(OAuth2Constants.STATE))) {
throw new SocialProviderException("Invalid state");
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
index e87ce1d..7ddf7ef 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/DummySocialServlet.java
@@ -2,6 +2,7 @@ package org.keycloak.testsuite;
import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
+import org.keycloak.OAuth2Constants;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -48,9 +49,9 @@ public class DummySocialServlet extends HttpServlet {
throw new RuntimeException(e);
}
for (NameValuePair p : query) {
- if ("state".equals(p.getName())) {
+ if (OAuth2Constants.STATE.equals(p.getName())) {
state = p.getValue();
- } else if ("redirect_uri".equals(p.getName())) {
+ } else if (OAuth2Constants.REDIRECT_URI.equals(p.getName())) {
redirectUri = p.getValue();
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
index 61a312e..c46a13a 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
@@ -101,7 +102,7 @@ public class LoginTest {
loginPage.login("login-test", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
+ Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
@Test
@@ -110,7 +111,7 @@ public class LoginTest {
loginPage.login("login@test.com", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
+ Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
}
@Test
@@ -120,7 +121,7 @@ public class LoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- Assert.assertEquals("access_denied", oauth.getCurrentQuery().get("error"));
+ Assert.assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
index 15fc2ba..a0adaf2 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
@@ -68,7 +69,7 @@ public class SSOTest {
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- Assert.assertNotNull(oauth.getCurrentQuery().get("code"));
+ Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
appPage.open();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
index db57c43..fa96732 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
@@ -62,7 +63,7 @@ public class AccessTokenTest {
public void accessTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
Assert.assertEquals(200, response.getStatusCode());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index 932c777..d76d189 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@@ -87,7 +88,7 @@ public class AuthorizationCodeTest {
String title = driver.getTitle();
Assert.assertTrue(title.startsWith("Success code="));
- String code = driver.findElement(By.id("code")).getText();
+ String code = driver.findElement(By.id(OAuth2Constants.CODE)).getText();
oauth.verifyCode(code);
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
index 54195cf..cd43cb4 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
@@ -28,6 +28,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.LoginPage;
@@ -74,8 +75,8 @@ public class OAuthGrantTest {
grantPage.accept();
- Assert.assertTrue(oauth.getCurrentQuery().containsKey("code"));
- OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
+ Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.CODE));
+ OAuthClient.AccessTokenResponse accessToken = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(accessToken.getAccessToken());
@@ -100,7 +101,7 @@ public class OAuthGrantTest {
grantPage.cancel();
- Assert.assertTrue(oauth.getCurrentQuery().containsKey("error"));
- Assert.assertEquals("access_denied", oauth.getCurrentQuery().get("error"));
+ Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.ERROR));
+ Assert.assertEquals("access_denied", oauth.getCurrentQuery().get(OAuth2Constants.ERROR));
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index 8e70fb8..5780874 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.testsuite.OAuthClient;
@@ -64,7 +65,7 @@ public class RefreshTokenTest {
public void refreshTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
- String code = oauth.getCurrentQuery().get("code");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
index a449918..d0119d4 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
@@ -33,6 +33,7 @@ import org.apache.http.message.BasicNameValuePair;
import org.jboss.resteasy.security.PemUtils;
import org.json.JSONObject;
import org.junit.Assert;
+import org.keycloak.OAuth2Constants;
import org.keycloak.RSATokenVerifier;
import org.keycloak.VerificationException;
import org.keycloak.jose.jws.JWSInput;
@@ -64,7 +65,7 @@ public class OAuthClient {
private String realm = "test";
- private String responseType = "code";
+ private String responseType = OAuth2Constants.CODE;
private String grantType = "authorization_code";
@@ -111,20 +112,20 @@ public class OAuthClient {
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (grantType != null) {
- parameters.add(new BasicNameValuePair("grant_type", grantType));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
}
if (code != null) {
- parameters.add(new BasicNameValuePair("code", code));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.CODE, code));
}
if (redirectUri != null) {
- parameters.add(new BasicNameValuePair("redirect_uri", redirectUri));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.REDIRECT_URI, redirectUri));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
}
else if (clientId != null) {
- parameters.add(new BasicNameValuePair("client_id", clientId));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
UrlEncodedFormEntity formEntity = null;
@@ -148,17 +149,17 @@ public class OAuthClient {
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
if (grantType != null) {
- parameters.add(new BasicNameValuePair("grant_type", grantType));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, grantType));
}
if (refreshToken != null) {
- parameters.add(new BasicNameValuePair("refresh_token", refreshToken));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
}
if (clientId != null && password != null) {
String authorization = BasicAuthHelper.createHeader(clientId, password);
post.setHeader("Authorization", authorization);
}
else if (clientId != null) {
- parameters.add(new BasicNameValuePair("client_id", clientId));
+ parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, clientId));
}
UrlEncodedFormEntity formEntity = null;
@@ -234,7 +235,7 @@ public class OAuthClient {
public void openLogout() {
UriBuilder b = UriBuilder.fromUri(baseUrl + "/realms/" + realm + "/tokens/logout");
if (redirectUri != null) {
- b.queryParam("redirect_uri", redirectUri);
+ b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
driver.navigate().to(b.build().toString());
}
@@ -246,16 +247,16 @@ public class OAuthClient {
public String getLoginFormUrl() {
UriBuilder b = UriBuilder.fromUri(baseUrl + "/realms/" + realm + "/tokens/login");
if (responseType != null) {
- b.queryParam("response_type", responseType);
+ b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
}
if (clientId != null) {
- b.queryParam("client_id", clientId);
+ b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
}
if (redirectUri != null) {
- b.queryParam("redirect_uri", redirectUri);
+ b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
}
if (state != null) {
- b.queryParam("state", state);
+ b.queryParam(OAuth2Constants.STATE, state);
}
return b.build().toString();
}
@@ -312,9 +313,9 @@ public class OAuthClient {
public AuthorizationCodeResponse(OAuthClient client) {
isRedirected = client.getCurrentRequest().equals(client.getRedirectUri());
- code = client.getCurrentQuery().get("code");
- state = client.getCurrentQuery().get("state");
- error = client.getCurrentQuery().get("error");
+ code = client.getCurrentQuery().get(OAuth2Constants.CODE);
+ state = client.getCurrentQuery().get(OAuth2Constants.STATE);
+ error = client.getCurrentQuery().get(OAuth2Constants.ERROR);
}
public boolean isRedirected() {
@@ -358,11 +359,11 @@ public class OAuthClient {
tokenType = responseJson.getString("token_type");
expiresIn = responseJson.getInt("expires_in");
- if (responseJson.has("refresh_token")) {
- refreshToken = responseJson.getString("refresh_token");
+ if (responseJson.has(OAuth2Constants.REFRESH_TOKEN)) {
+ refreshToken = responseJson.getString(OAuth2Constants.REFRESH_TOKEN);
}
} else {
- error = responseJson.getString("error");
+ error = responseJson.getString(OAuth2Constants.ERROR);
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
index 18c4281..25e1cd5 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/social/SocialLoginTest.java
@@ -26,6 +26,7 @@ import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
@@ -106,7 +107,7 @@ public class SocialLoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
+ AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(response.getAccessToken());
Assert.assertEquals(36, token.getSubject().length());
@@ -167,7 +168,7 @@ public class SocialLoginTest {
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
- AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get("code"), "password");
+ AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.getCurrentQuery().get(OAuth2Constants.CODE), "password");
AccessToken token = oauth.verifyToken(response.getAccessToken());
UserRepresentation profile = keycloakRule.getUserById("test", token.getSubject());