keycloak-aplcache
Changes
integration/installed/pom.xml 4(+4 -0)
Details
integration/installed/pom.xml 4(+4 -0)
diff --git a/integration/installed/pom.xml b/integration/installed/pom.xml
index b104c89..aab6e0e 100755
--- a/integration/installed/pom.xml
+++ b/integration/installed/pom.xml
@@ -45,6 +45,10 @@
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ </dependency>
</dependencies>
<build>
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java
index c33ef91..b3129c6 100755
--- a/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OpenIDConnectService.java
@@ -602,7 +602,7 @@ public class OpenIDConnectService {
ClientModel client = authorizeClient(authorizationHeader, formData, event);
- String redirectUri = clientSession.getRedirectUri();
+ String redirectUri = clientSession.getNote(OpenIDConnect.REDIRECT_URI_PARAM);
if (redirectUri != null && !redirectUri.equals(formData.getFirst(OAuth2Constants.REDIRECT_URI))) {
Map<String, String> res = new HashMap<String, String>();
res.put(OAuth2Constants.ERROR, "invalid_grant");
@@ -795,6 +795,7 @@ public class OpenIDConnectService {
event.error(Errors.NOT_ALLOWED);
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "direct-grants-only clients are not allowed to initiate browser login");
}
+ String redirectUriParam = redirect;
redirect = verifyRedirectUri(uriInfo, redirect, realm, client);
if (redirect == null) {
event.error(Errors.INVALID_REDIRECT_URI);
@@ -806,6 +807,7 @@ public class OpenIDConnectService {
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
clientSession.setNote(ClientSessionCode.ACTION_KEY, KeycloakModelUtils.generateCodeSecret());
clientSession.setNote(OpenIDConnect.STATE_PARAM, state);
+ clientSession.setNote(OpenIDConnect.REDIRECT_URI_PARAM, redirectUriParam);
if (scopeParam != null) clientSession.setNote(OpenIDConnect.SCOPE_PARAM, scopeParam);
if (responseType != null) clientSession.setNote(OpenIDConnect.RESPONSE_TYPE_PARAM, responseType);
if (loginHint != null) clientSession.setNote(OpenIDConnect.LOGIN_HINT_PARAM, loginHint);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
index 330d0bc..7ecd292 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
@@ -106,7 +106,7 @@ public class AuthorizationCodeTest {
String title = driver.getTitle();
Assert.assertTrue(title.startsWith("Success code="));
- String code = driver.findElement(By.id(OAuth2Constants.CODE)).getText();
+ String code = driver.findElement(By.id(OAuth2Constants.CODE)).getAttribute("value");
keycloakRule.verifyCode(code);
String codeId = events.expectLogin().detail(Details.REDIRECT_URI, "http://localhost:8081/auth/realms/test/protocol/openid-connect/oauth/oob").assertEvent().getDetails().get(Details.CODE_ID);
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
index 1fd282a..442fa59 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
@@ -25,6 +25,7 @@ import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
+import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
@@ -38,6 +39,8 @@ import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;
import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
/**
* @author <a href="mailto:vrockai@redhat.com">Viliam Rockai</a>
@@ -48,19 +51,21 @@ public class OAuthRedirectUriTest {
public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() {
@Override
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
- ApplicationModel app = appRealm.getApplicationNameMap().get("test-app");
-
ApplicationModel installedApp = appRealm.addApplication("test-installed");
installedApp.setEnabled(true);
installedApp.addRedirectUri(Constants.INSTALLED_APP_URN);
installedApp.addRedirectUri(Constants.INSTALLED_APP_URL);
+ installedApp.setSecret("password");
ApplicationModel installedApp2 = appRealm.addApplication("test-installed2");
installedApp2.setEnabled(true);
installedApp2.addRedirectUri(Constants.INSTALLED_APP_URL + "/myapp");
+ installedApp2.setSecret("password");
+
ApplicationModel installedApp3 = appRealm.addApplication("test-wildcard");
installedApp3.setEnabled(true);
installedApp3.addRedirectUri("http://example.com/foo/*");
+ installedApp3.setSecret("password");
}
});
@@ -231,6 +236,19 @@ public class OAuthRedirectUriTest {
Assert.assertTrue(errorPage.isCurrent());
Assert.assertEquals("Invalid redirect_uri.", errorPage.getError());
}
+
+ if (expectValid) {
+ loginPage.login("test-user@localhost", "password");
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ Assert.assertNotNull(code);
+
+ OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
+
+ Assert.assertEquals("Expected success, but got error: " + tokenResponse.getError(), 200, tokenResponse.getStatusCode());
+
+ driver.manage().deleteAllCookies();
+ }
}
}