diff --git a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java index bddd4452cf9..b28db91dbc5 100644 --- a/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java +++ b/test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java @@ -2,6 +2,7 @@ package org.keycloak.test.examples; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; +import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import org.keycloak.representations.AccessToken; import org.keycloak.testframework.annotations.InjectRealm; import org.keycloak.testframework.annotations.InjectUser; @@ -75,6 +76,12 @@ public class OAuthClientTest { Assertions.assertNotEquals(accessTokenResponse.getAccessToken(), refreshResponse.getAccessToken()); } + @Test + public void testOpenIDConfiguration() { + OIDCConfigurationRepresentation oidcConfiguration = oauth.doWellKnownRequest(); + Assertions.assertNotNull(oidcConfiguration); + } + @Test public void testRevocation() { AccessTokenResponse accessTokenResponse = oauth.doPasswordGrantRequest(user.getUsername(), user.getPassword()); diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java index 9cfc8c08bf1..39df3f929fa 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java @@ -1,6 +1,7 @@ package org.keycloak.testsuite.util.oauth; import org.apache.http.impl.client.CloseableHttpClient; +import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; import org.keycloak.representations.AccessToken; import org.keycloak.representations.AuthorizationResponseToken; import org.keycloak.representations.IDToken; @@ -115,6 +116,14 @@ public abstract class AbstractOAuthClient { return refreshRequest(refreshToken).send(); } + public OpenIDProviderConfigurationRequest wellknownRequest() { + return new OpenIDProviderConfigurationRequest(this); + } + + public OIDCConfigurationRepresentation doWellKnownRequest() { + return wellknownRequest().send().getOidcConfiguration(); + } + public UserInfoRequest userInfoRequest(String accessToken) { return new UserInfoRequest(accessToken, this); } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java index a83e12e279d..3cae06ce2ec 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java @@ -5,6 +5,7 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocolService; import org.keycloak.protocol.oidc.grants.ciba.CibaGrantType; import org.keycloak.protocol.oidc.grants.device.DeviceGrantType; import org.keycloak.protocol.oidc.par.endpoints.ParEndpoint; +import org.keycloak.services.resources.RealmsResource; public class Endpoints { @@ -16,6 +17,10 @@ public class Endpoints { this.realm = realm; } + public String getOpenIDConfiguration() { + return asString(getBase().path(RealmsResource.class).path("{realm}/.well-known/openid-configuration")); + } + public String getAuthorization() { return asString(OIDCLoginProtocolService.authUrl(getBase())); } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationRequest.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationRequest.java new file mode 100644 index 00000000000..2b9aa38cc3f --- /dev/null +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationRequest.java @@ -0,0 +1,27 @@ +package org.keycloak.testsuite.util.oauth; + +import org.apache.http.client.methods.CloseableHttpResponse; + +import java.io.IOException; + +public class OpenIDProviderConfigurationRequest extends AbstractHttpGetRequest { + + public OpenIDProviderConfigurationRequest(AbstractOAuthClient client) { + super(client); + } + + @Override + protected String getEndpoint() { + return client.getEndpoints().getOpenIDConfiguration(); + } + + @Override + protected void initRequest() { + } + + @Override + protected OpenIDProviderConfigurationResponse toResponse(CloseableHttpResponse response) throws IOException { + return new OpenIDProviderConfigurationResponse(response); + } + +} diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationResponse.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationResponse.java new file mode 100644 index 00000000000..b24470b7a92 --- /dev/null +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/OpenIDProviderConfigurationResponse.java @@ -0,0 +1,25 @@ +package org.keycloak.testsuite.util.oauth; + +import org.apache.http.client.methods.CloseableHttpResponse; +import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation; + +import java.io.IOException; + +public class OpenIDProviderConfigurationResponse extends AbstractHttpResponse { + + private OIDCConfigurationRepresentation oidcConfiguration; + + public OpenIDProviderConfigurationResponse(CloseableHttpResponse response) throws IOException { + super(response); + } + + @Override + protected void parseContent() throws IOException { + oidcConfiguration = asJson(OIDCConfigurationRepresentation.class); + } + + public OIDCConfigurationRepresentation getOidcConfiguration() { + return oidcConfiguration; + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java index e09efb8e35d..2e267cc62a9 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java @@ -367,16 +367,6 @@ public class OAuthClient extends AbstractOAuthClient { return new AccessTokenResponse(httpClientManager.get().execute(post)); } - // TODO Extract into request class - public OIDCConfigurationRepresentation doWellKnownRequest() { - try { - SimpleHttp request = SimpleHttpDefault.doGet(baseUrl + "/realms/" + config.getRealm() + "/.well-known/openid-configuration", - httpClientManager.get()); - return request.asJson(OIDCConfigurationRepresentation.class); - } catch (IOException ex) { - throw new RuntimeException(ex); - } - } // TODO Deprecate diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java index 56271ae5b0c..1fab02b6e65 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TLSTest.java @@ -11,6 +11,7 @@ import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentatio import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; import org.keycloak.testsuite.Assert; +import org.keycloak.testsuite.util.oauth.OpenIDProviderConfigurationResponse; /** * This test checks if TLS can be explicitly switched off. @@ -58,9 +59,9 @@ public class TLSTest extends AbstractTestRealmKeycloakTest { // Try access "WellKnown" endpoint unsecured. It should fail oauth.baseUrl(AUTH_SERVER_ROOT_WITHOUT_TLS); - OIDCConfigurationRepresentation config = oauth.doWellKnownRequest(); - Assert.assertNull(config.getAuthorizationEndpoint()); - Assert.assertEquals("HTTPS required", config.getOtherClaims().get("error_description")); + OpenIDProviderConfigurationResponse providerConfigurationResponse = oauth.wellknownRequest().send(); + Assert.assertFalse(providerConfigurationResponse.isSuccess()); + Assert.assertEquals("HTTPS required", providerConfigurationResponse.getErrorDescription()); // Try access "JWKS URL" unsecured. It should fail try {