Details
diff --git a/services/src/main/java/org/keycloak/services/managers/ClientManager.java b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
index 1aa9b7f..fec49c9 100644
--- a/services/src/main/java/org/keycloak/services/managers/ClientManager.java
+++ b/services/src/main/java/org/keycloak/services/managers/ClientManager.java
@@ -195,6 +195,17 @@ public class ClientManager {
}
}
+ public void clientIdChanged(ClientModel client, String newClientId) {
+ logger.debugf("Updating clientId from '%s' to '%s'", client.getClientId(), newClientId);
+
+ UserModel serviceAccountUser = realmManager.getSession().users().getServiceAccount(client);
+ if (serviceAccountUser != null) {
+ String username = ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + newClientId;
+ serviceAccountUser.setUsername(username);
+ serviceAccountUser.setEmail(username + "@placeholder.org");
+ }
+ }
+
@JsonPropertyOrder({"realm", "realm-public-key", "bearer-only", "auth-server-url", "ssl-required",
"resource", "public-client", "credentials",
"use-resource-role-mappings"})
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
index 8928568..1275022 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientResource.java
@@ -158,6 +158,10 @@ public class ClientResource {
new ClientManager(new RealmManager(session)).enableServiceAccount(client);
}
+ if (!rep.getClientId().equals(client.getClientId())) {
+ new ClientManager(new RealmManager(session)).clientIdChanged(client, rep.getClientId());
+ }
+
RepresentationToModel.updateClient(rep, client);
if (Profile.isPreviewEnabled()) {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
index c3b05cb..cfd7907 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
@@ -232,14 +232,14 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
Assert.assertEquals("updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));
- // Username still same. Client ID changed
+ // Username updated after client ID changed
events.expectClientLogin()
.client("updated-client")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
- .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
+ .detail(Details.USERNAME, ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "updated-client")
.assertEvent();
