keycloak-aplcache
Changes
forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html 7(+4 -3)
Details
diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
index 652a109..3118cfe 100644
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
@@ -53,6 +53,10 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
public AbstractOAuth2IdentityProvider(C config) {
super(config);
+
+ if (config.getDefaultScope() == null || config.getDefaultScope().isEmpty()) {
+ config.setDefaultScope(getDefaultScopes());
+ }
}
@Override
@@ -158,4 +162,6 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
protected JsonNode asJsonNode(String json) throws IOException {
return mapper.readTree(json);
}
+
+ protected abstract String getDefaultScopes();
}
diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index f82ccc6..c886b06 100644
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -34,15 +34,28 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
public static final String OAUTH2_PARAMETER_PROMPT = "prompt";
public static final String OIDC_PARAMETER_ID_TOKEN = "id_token";
+ public static final String SCOPE_OPENID = "openid";
public OIDCIdentityProvider(OIDCIdentityProviderConfig config) {
super(config);
+
+ String defaultScope = config.getDefaultScope();
+
+ if (!defaultScope.contains(SCOPE_OPENID)) {
+ config.setDefaultScope(SCOPE_OPENID + " " + defaultScope);
+ }
}
@Override
protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
- return super.createAuthorizationUrl(request)
- .queryParam(OAUTH2_PARAMETER_PROMPT, getConfig().getPrompt());
+ UriBuilder authorizationUrl = super.createAuthorizationUrl(request);
+ String prompt = getConfig().getPrompt();
+
+ if (prompt != null && !prompt.isEmpty()) {
+ authorizationUrl.queryParam(OAUTH2_PARAMETER_PROMPT, prompt);
+ }
+
+ return authorizationUrl;
}
@Override
@@ -125,4 +138,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
private String decodeJWS(String token) {
return new JWSInput(token).readContentAsString();
}
+
+ @Override
+ protected String getDefaultScopes() {
+ return "openid";
+ }
}
diff --git a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderConfig.java b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderConfig.java
index ba2dceb..de4043c 100644
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderConfig.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderConfig.java
@@ -29,28 +29,10 @@ public class OIDCIdentityProviderConfig extends OAuth2IdentityProviderConfig {
}
public String getPrompt() {
- String prompt = getConfig().get("prompt");
-
- if (prompt == null || "".equals(prompt)) {
- return "none";
- }
-
- return prompt;
- }
-
- @Override
- public String getDefaultScope() {
- String scope = super.getDefaultScope();
-
- if (scope == null || "".equals(scope)) {
- scope = "openid";
- }
-
- return scope;
+ return getConfig().get("prompt");
}
public String getIssuer() {
return getConfig().get("issuer");
}
-
}
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html
index 544ea0a..135c392 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-oidc.html
@@ -75,21 +75,22 @@
<div class="col-sm-4">
<input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
</div>
- <span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a comma-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
+ <span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="prompt">Prompt</label>
<div class="col-sm-4">
<div class="select-kc">
<select id="prompt" ng-model="identityProvider.config.prompt">
- <option value="">none</option>
+ <option value="">unspecified</option>
+ <option value="none">none</option>
<option>consent</option>
<option>login</option>
<option>select_account</option>
</select>
</div>
</div>
- <span tooltip-placement="right" tooltip="Is HTTPS required? 'None' means HTTPS is not required for any client IP address. 'External requests' means localhost and private IP addresses can access without HTTPS. 'All requests' means HTTPS is required for all IP addresses." class="fa fa-info-circle"></span>
+ <span tooltip-placement="right" tooltip="Specifies whether the Authorization Server prompts the End-User for reauthentication and consent." class="fa fa-info-circle"></span>
</div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-social.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-social.html
index c2c7a63..0cd6816 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-social.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-social.html
@@ -42,6 +42,13 @@
</div>
<span tooltip-placement="right" tooltip="The client or application secret registered withing the identity provider." class="fa fa-info-circle"></span>
</div>
+ <div class="form-group clearfix">
+ <label class="col-sm-2 control-label" for="defaultScope">Default Scopes </label>
+ <div class="col-sm-4">
+ <input class="form-control" id="defaultScope" type="text" ng-model="identityProvider.config.defaultScope">
+ </div>
+ <span tooltip-placement="right" tooltip="The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'." class="fa fa-info-circle"></span>
+ </div>
<div class="form-group">
<label class="col-sm-2 control-label" for="enabled">Enabled</label>
<div class="col-sm-4">
diff --git a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
index 774f306..8c070be 100755
--- a/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
+++ b/social/facebook/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java
@@ -22,7 +22,6 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
- config.setDefaultScope(DEFAULT_SCOPE);
}
@Override
@@ -66,4 +65,9 @@ public class FacebookIdentityProvider extends AbstractOAuth2IdentityProvider imp
throw new RuntimeException(e);
}
}
+
+ @Override
+ protected String getDefaultScopes() {
+ return DEFAULT_SCOPE;
+ }
}
diff --git a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
index b24d3ea..5069591 100755
--- a/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
+++ b/social/github/src/main/java/org/keycloak/social/github/GitHubIdentityProvider.java
@@ -22,7 +22,6 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
- config.setDefaultScope(DEFAULT_SCOPE);
}
@Override
@@ -41,4 +40,9 @@ public class GitHubIdentityProvider extends AbstractOAuth2IdentityProvider imple
throw new RuntimeException(e);
}
}
+
+ @Override
+ protected String getDefaultScopes() {
+ return DEFAULT_SCOPE;
+ }
}
diff --git a/social/google/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java b/social/google/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
index 65a6b12..120212e 100755
--- a/social/google/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
+++ b/social/google/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
@@ -31,7 +31,7 @@ import org.keycloak.social.SocialIdentityProvider;
public class GoogleIdentityProvider extends OIDCIdentityProvider implements SocialIdentityProvider<OIDCIdentityProviderConfig> {
public static final String AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
- public static final String TOKEN_URL = "https://accounts.google.com/o/oauth2/token";
+ public static final String TOKEN_URL = "https://www.googleapis.com/oauth2/v3/token";
public static final String PROFILE_URL = "https://www.googleapis.com/plus/v1/people/me/openIdConnect";
public static final String DEFAULT_SCOPE = "openid profile email";
@@ -40,6 +40,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
config.setAuthorizationUrl(AUTH_URL);
config.setTokenUrl(TOKEN_URL);
config.setUserInfoUrl(PROFILE_URL);
- config.setDefaultScope(DEFAULT_SCOPE);
+ }
+
+ @Override
+ protected String getDefaultScopes() {
+ return DEFAULT_SCOPE;
}
}