Move doWellKnownRequest to AbstractOAuthClient (#37830)

Closes #37829 Signed-off-by: stianst <stianst@gmail.com>
2026-05-28 04:13:22 -04:00 · 2025-03-05 12:38:08 +01:00 · 2025-03-05 12:38:08 +01:00 · 83adc99ef7
commit 83adc99ef7
parent 45fb21164b
7 changed files with 77 additions and 13 deletions
--- a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java
+++ b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java
@ -2,6 +2,7 @@ package org.keycloak.test.examples;

 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
+import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.testframework.annotations.InjectRealm;
 import org.keycloak.testframework.annotations.InjectUser;
@ -75,6 +76,12 @@ public class OAuthClientTest {
        Assertions.assertNotEquals(accessTokenResponse.getAccessToken(), refreshResponse.getAccessToken());
    }

+    @Test
+    public void testOpenIDConfiguration() {
+        OIDCConfigurationRepresentation oidcConfiguration = oauth.doWellKnownRequest();
+        Assertions.assertNotNull(oidcConfiguration);
+    }
+
    @Test
    public void testRevocation() {
        AccessTokenResponse accessTokenResponse = oauth.doPasswordGrantRequest(user.getUsername(), user.getPassword());
--- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java
+++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java
@ -1,6 +1,7 @@
 package org.keycloak.testsuite.util.oauth;

 import org.apache.http.impl.client.CloseableHttpClient;
+import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
 import org.keycloak.representations.AccessToken;
 import org.keycloak.representations.AuthorizationResponseToken;
 import org.keycloak.representations.IDToken;
@ -115,6 +116,14 @@ public abstract class AbstractOAuthClient<T> {
        return refreshRequest(refreshToken).send();
    }

+    public OpenIDProviderConfigurationRequest wellknownRequest() {
+        return new OpenIDProviderConfigurationRequest(this);
+    }
+
+    public OIDCConfigurationRepresentation doWellKnownRequest() {
+        return wellknownRequest().send().getOidcConfiguration();
+    }
+
    public UserInfoRequest userInfoRequest(String accessToken) {
        return new UserInfoRequest(accessToken, this);
    }
--- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java
+++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java
@ -5,6 +5,7 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
 import org.keycloak.protocol.oidc.grants.ciba.CibaGrantType;
 import org.keycloak.protocol.oidc.grants.device.DeviceGrantType;
 import org.keycloak.protocol.oidc.par.endpoints.ParEndpoint;
+import org.keycloak.services.resources.RealmsResource;

 public class Endpoints {

@ -16,6 +17,10 @@ public class Endpoints {
        this.realm = realm;
    }

+    public String getOpenIDConfiguration() {
+        return asString(getBase().path(RealmsResource.class).path("{realm}/.well-known/openid-configuration"));
+    }
+
    public String getAuthorization() {
        return asString(OIDCLoginProtocolService.authUrl(getBase()));
    }
--- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationRequest.java
+++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationRequest.java
@ -0,0 +1,27 @@
+package org.keycloak.testsuite.util.oauth;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+
+import java.io.IOException;
+
+public class OpenIDProviderConfigurationRequest extends AbstractHttpGetRequest<OpenIDProviderConfigurationResponse> {
+
+    public OpenIDProviderConfigurationRequest(AbstractOAuthClient client) {
+        super(client);
+    }
+
+    @Override
+    protected String getEndpoint() {
+        return client.getEndpoints().getOpenIDConfiguration();
+    }
+
+    @Override
+    protected void initRequest() {
+    }
+
+    @Override
+    protected OpenIDProviderConfigurationResponse toResponse(CloseableHttpResponse response) throws IOException {
+        return new OpenIDProviderConfigurationResponse(response);
+    }
+
+}
--- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationResponse.java
+++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationResponse.java
@ -0,0 +1,25 @@
+package org.keycloak.testsuite.util.oauth;
+
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
+
+import java.io.IOException;
+
+public class OpenIDProviderConfigurationResponse extends AbstractHttpResponse {
+
+    private OIDCConfigurationRepresentation oidcConfiguration;
+
+    public OpenIDProviderConfigurationResponse(CloseableHttpResponse response) throws IOException {
+        super(response);
+    }
+
+    @Override
+    protected void parseContent() throws IOException {
+        oidcConfiguration = asJson(OIDCConfigurationRepresentation.class);
+    }
+
+    public OIDCConfigurationRepresentation getOidcConfiguration() {
+        return oidcConfiguration;
+    }
+
+}
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java
@ -367,16 +367,6 @@ public class OAuthClient extends AbstractOAuthClient<OAuthClient> {
        return new AccessTokenResponse(httpClientManager.get().execute(post));
    }

-    // TODO Extract into request class
-    public OIDCConfigurationRepresentation doWellKnownRequest() {
-        try {
-            SimpleHttp request = SimpleHttpDefault.doGet(baseUrl + "/realms/" + config.getRealm() + "/.well-known/openid-configuration",
-                    httpClientManager.get());
-            return request.asJson(OIDCConfigurationRepresentation.class);
-        } catch (IOException ex) {
-            throw new RuntimeException(ex);
-        }
-    }


    // TODO Deprecate
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java
@ -11,6 +11,7 @@ import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentatio
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.util.oauth.OpenIDProviderConfigurationResponse;

 /**
 * This test checks if TLS can be explicitly switched off.
@ -58,9 +59,9 @@ public class TLSTest extends AbstractTestRealmKeycloakTest {

        // Try access "WellKnown" endpoint unsecured. It should fail
        oauth.baseUrl(AUTH_SERVER_ROOT_WITHOUT_TLS);
-        OIDCConfigurationRepresentation config = oauth.doWellKnownRequest();
-        Assert.assertNull(config.getAuthorizationEndpoint());
-        Assert.assertEquals("HTTPS required", config.getOtherClaims().get("error_description"));
+        OpenIDProviderConfigurationResponse providerConfigurationResponse = oauth.wellknownRequest().send();
+        Assert.assertFalse(providerConfigurationResponse.isSuccess());
+        Assert.assertEquals("HTTPS required", providerConfigurationResponse.getErrorDescription());

        // Try access "JWKS URL" unsecured. It should fail
        try {