Java Code Examples for org.keycloak.representations.idm.ClientRepresentation#setConsentRequired()
The following examples show how to use
org.keycloak.representations.idm.ClientRepresentation#setConsentRequired() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ConsentsTest.java From keycloak with Apache License 2.0 | 6 votes |
|
protected List<ClientRepresentation> createProviderClients() {
ClientRepresentation client = new ClientRepresentation();
client.setId(CLIENT_ID);
client.setName(CLIENT_ID);
client.setSecret(CLIENT_SECRET);
client.setEnabled(true);
client.setConsentRequired(true);
client.setRedirectUris(Collections.singletonList(getAuthRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint/*"));
client.setAdminUrl(getAuthRoot() +
"/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_OIDC_ALIAS + "/endpoint");
return Collections.singletonList(client);
}
Example 2
| Source File: ClientRegistrationPoliciesTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Test
@AuthServerContainerExclude(AuthServer.REMOTE) // We would need to do domain name -> ip address to set trusted host
public void testAnonConsentRequired() throws Exception {
setTrustedHost("localhost");
OIDCClientRepresentation client = create();
// Assert new client has consent required
String clientId = client.getClientId();
ClientRepresentation clientRep = ApiUtil.findClientByClientId(realmResource(), clientId).toRepresentation();
Assert.assertTrue(clientRep.isConsentRequired());
// Try update with disabled consent required. Should fail
clientRep.setConsentRequired(false);
assertFail(ClientRegOp.UPDATE, clientRep, 403, "Not permitted to update consentRequired to false");
// Try update with enabled consent required. Should pass
clientRep.setConsentRequired(true);
reg.update(clientRep);
}
Example 3
| Source File: KcOidcBrokerWithConsentTest.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
public void beforeBrokerTest() {
super.beforeBrokerTest();
// Require broker to show consent screen
RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId("brokerapp");
org.junit.Assert.assertEquals(1, clients.size());
ClientRepresentation brokerApp = clients.get(0);
brokerApp.setConsentRequired(true);
brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
// Change timeouts on realm-with-broker to lower values
RealmResource realmWithBroker = adminClient.realm(bc.consumerRealmName());
RealmRepresentation realmRep = realmWithBroker.toRepresentation();
realmRep.setAccessCodeLifespanLogin(30);;
realmRep.setAccessCodeLifespan(30);
realmRep.setAccessCodeLifespanUserAction(30);
realmWithBroker.update(realmRep);
}
Example 4
| Source File: ConsentsTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void testConsentCancel() {
// setup account client to require consent
RealmResource providerRealm = adminClient.realm(providerRealmName());
ClientResource accountClient = findClientByClientId(providerRealm, "account");
ClientRepresentation clientRepresentation = accountClient.toRepresentation();
clientRepresentation.setConsentRequired(true);
accountClient.update(clientRepresentation);
// setup correct realm
accountPage.setAuthRealm(providerRealmName());
// navigate to account console and login
accountPage.navigateTo();
loginPage.form().login(getUserLogin(), getUserPassword());
consentPage.assertCurrent();
consentPage.cancel();
// check an error page after cancelling the consent
errorPage.assertCurrent();
assertEquals("No access", errorPage.getError());
// follow the link "back to application"
errorPage.clickBackToApplication();
loginPage.form().login(getUserLogin(), getUserPassword());
consentPage.confirm();
// successful login
accountPage.assertCurrent();
}
Example 5
| Source File: ConsentsTest.java From keycloak with Apache License 2.0 | 5 votes |
|
@Test
public void clientConsentRequiredAfterLogin() {
oauth.realm(TEST_REALM_NAME).clientId("test-app");
AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(response.getCode(), "password");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
String sessionId = loginEvent.getSessionId();
ClientRepresentation clientRepresentation = adminClient.realm(TEST_REALM_NAME).clients().findByClientId("test-app").get(0);
try {
clientRepresentation.setConsentRequired(true);
adminClient.realm(TEST_REALM_NAME).clients().get(clientRepresentation.getId()).update(clientRepresentation);
events.clear();
// try to refresh the token
// this fails as client no longer has requested consent from user
AccessTokenResponse refreshTokenResponse = oauth.doRefreshTokenRequest(accessTokenResponse.getRefreshToken(), "password");
Assert.assertEquals(OAuthErrorException.INVALID_SCOPE, refreshTokenResponse.getError());
Assert.assertEquals("Client no longer has requested consent from user", refreshTokenResponse.getErrorDescription());
events.expectRefresh(accessTokenResponse.getRefreshToken(), sessionId).clearDetails().error(Errors.INVALID_TOKEN).assertEvent();
} finally {
clientRepresentation.setConsentRequired(false);
adminClient.realm(TEST_REALM_NAME).clients().get(clientRepresentation.getId()).update(clientRepresentation);
}
}
Example 6
| Source File: KcOidcBrokerPromptNoneRedirectTest.java From keycloak with Apache License 2.0 | 5 votes |
|
/**
* Tests that an auth request with {@code prompt=none} that is forwarded to a default IDP returns a {@code interaction_required}
* error message if the IDP requires consent as part of the authentication process. Per spec, when {@code prompt=none} is used
* the server must not display any authentication or consent user interface pages.
*
* @throws Exception if an error occurs while running the test.
*/
@Test
public void testRequireConsentReturnsInteractionRequired() throws Exception {
RealmResource brokeredRealm = adminClient.realm(bc.providerRealmName());
List<ClientRepresentation> clients = brokeredRealm.clients().findByClientId(CLIENT_ID);
org.junit.Assert.assertEquals(1, clients.size());
ClientRepresentation brokerApp = clients.get(0);
brokerApp.setConsentRequired(true);
brokeredRealm.clients().get(brokerApp.getId()).update(brokerApp);
/* verify that the interaction_required error is returned with sending auth request to the consumer realm with prompt=none. */
checkAuthWithPromptNoneReturnsInteractionRequired();
}
Example 7
| Source File: RequiredActionsTest.java From keycloak with Apache License 2.0 | 5 votes |
|
private void initiateClientScopesConsent(boolean displayOnConsentScreen, String consentScreenText) {
ClientRepresentation accountClientRep = testRealmResource().clients().findByClientId(ACCOUNT_MANAGEMENT_CLIENT_ID).get(0);
ClientResource accountClient = testRealmResource().clients().get(accountClientRep.getId());
accountClientRep.setConsentRequired(true);
accountClientRep.getAttributes().put(DISPLAY_ON_CONSENT_SCREEN, String.valueOf(displayOnConsentScreen));
accountClientRep.getAttributes().put(CONSENT_SCREEN_TEXT, consentScreenText);
accountClient.update(accountClientRep);
testRealmAccountPage.navigateTo();
testRealmLoginPage.form().login(grantRealmUser);
oAuthGrantPage.assertCurrent();
}
Example 8
| Source File: JavascriptAdapterTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void grantBrowserBasedApp() {
Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
ClientResource clientResource = ApiUtil.findClientResourceByClientId(adminClient.realm(REALM_NAME), CLIENT_ID);
ClientRepresentation client = clientResource.toRepresentation();
try {
client.setConsentRequired(true);
clientResource.update(client);
testExecutor.init(defaultArguments(), this::assertInitNotAuth)
.login(this::assertOnLoginPage)
.loginForm(testUser, (driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1))
// I am not sure why is this driver1 argument to isCurrent necessary, but I got exception without it
);
oAuthGrantPage.accept();
EventRepresentation loginEvent = events.expectLogin()
.client(CLIENT_ID)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.detail(Details.REDIRECT_URI, testAppUrl)
.detail(Details.USERNAME, testUser.getUsername())
.assertEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testExecutor.init(defaultArguments(), this::assertSuccessfullyLoggedIn);
applicationsPage.navigateTo();
events.expectCodeToToken(codeId, loginEvent.getSessionId()).client(CLIENT_ID).assertEvent();
applicationsPage.revokeGrantForApplication(CLIENT_ID);
events.expect(EventType.REVOKE_GRANT)
.client("account")
.detail(Details.REVOKED_CLIENT, CLIENT_ID)
.assertEvent();
jsDriver.navigate().to(testAppUrl);
testExecutor.configure() // need to configure because we refreshed page
.init(defaultArguments(), this::assertInitNotAuth)
.login((driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1)));
} finally {
// Clean
client.setConsentRequired(false);
clientResource.update(client);
}
}
Example 9
| Source File: DemoServletsAdapterTest.java From keycloak with Apache License 2.0 | 4 votes |
|
@Test
public void grantServerBasedApp() {
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "customer-portal");
ClientRepresentation client = clientResource.toRepresentation();
client.setConsentRequired(true);
clientResource.update(client);
RealmRepresentation realm = testRealmResource().toRepresentation();
realm.setEventsEnabled(true);
realm.setEnabledEventTypes(Arrays.asList("REVOKE_GRANT", "LOGIN"));
realm.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
testRealmResource().update(realm);
customerPortal.navigateTo();
loginPage.form().login("[email protected]", "password");
assertTrue(oAuthGrantPage.isCurrent());
oAuthGrantPage.accept();
waitForPageToLoad();
assertLogged();
String userId = ApiUtil.findUserByUsername(testRealmResource(), "[email protected]").getId();
assertEvents.expectLogin()
.realm(realm.getId())
.client("customer-portal")
.user(userId)
.detail(Details.USERNAME, "[email protected]")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.detail(Details.REDIRECT_URI,
org.hamcrest.Matchers.anyOf(org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString()),
org.hamcrest.Matchers.equalTo(customerPortal.getInjectedUrl().toString() + "/")))
.removeDetail(Details.CODE_ID)
.assertEvent();
assertEvents.expectCodeToToken(null, null)
.realm(realm.getId())
.client("customer-portal")
.user(userId)
.session(AssertEvents.isUUID())
.removeDetail(Details.CODE_ID)
.assertEvent();
applicationsPage.navigateTo();
applicationsPage.revokeGrantForApplication("customer-portal");
customerPortal.navigateTo();
assertTrue(oAuthGrantPage.isCurrent());
assertEvents.expect(EventType.REVOKE_GRANT)
.realm(realm.getId())
.client("account")
.user(userId)
.detail(Details.REVOKED_CLIENT, "customer-portal")
.assertEvent();
assertEvents.assertEmpty();
// Revert consent
client = clientResource.toRepresentation();
client.setConsentRequired(false);
clientResource.update(client);
}
Example 10
| Source File: ClientManager.java From keycloak with Apache License 2.0 | 4 votes |
|
public void consentRequired(boolean enable) {
ClientRepresentation app = clientResource.toRepresentation();
app.setConsentRequired(enable);
clientResource.update(app);
}
