diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java index 0c30071f28b..dc3372329c5 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java @@ -20,8 +20,6 @@ public abstract class AbstractOAuthClient { protected OAuthClientConfig config; protected Map customParameters; - protected String clientSessionState; - protected String clientSessionHost; private final KeyManager keyManager = new KeyManager(this); private final TokensManager tokensManager = new TokensManager(keyManager); @@ -254,14 +252,6 @@ public abstract class AbstractOAuthClient { return config.getRedirectUri(); } - String getClientSessionState() { - return clientSessionState; - } - - String getClientSessionHost() { - return clientSessionHost; - } - Map getCustomParameters() { return customParameters; } diff --git a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AccessTokenRequest.java b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AccessTokenRequest.java index 0e19a580f4c..1e3ba653183 100644 --- a/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AccessTokenRequest.java +++ b/tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AccessTokenRequest.java @@ -38,14 +38,16 @@ public class AccessTokenRequest extends AbstractHttpPostRequest { .postLogoutRedirectUri(APP_ROOT + "/auth") .responseType(OAuth2Constants.CODE); - clientSessionState = null; - clientSessionHost = null; customParameters = null; } @@ -133,16 +131,6 @@ public class OAuthClient extends AbstractOAuthClient { return this; } - public OAuthClient clientSessionState(String client_session_state) { - this.clientSessionState = client_session_state; - return this; - } - - public OAuthClient clientSessionHost(String client_session_host) { - this.clientSessionHost = client_session_host; - return this; - } - public OAuthClient responseType(String responseType) { config.responseType(responseType); return this; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java index 907bd75fdd4..1d590e9b0ac 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java @@ -51,7 +51,6 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak rep.getAttributes().put(OIDCConfigAttributes.FRONT_CHANNEL_LOGOUT_URI, OAuthClient.APP_ROOT + "/admin/frontchannelLogout"); clients.get(rep.getId()).update(rep); try { - oauth.clientSessionState("client-session"); oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); @@ -81,7 +80,6 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak rep.getAttributes().put(OIDCConfigAttributes.FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED, "false"); clients.get(rep.getId()).update(rep); try { - oauth.clientSessionState("client-session"); oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); @@ -110,7 +108,6 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak rep.getAttributes().put(OIDCConfigAttributes.FRONT_CHANNEL_LOGOUT_URI, OAuthClient.APP_ROOT + "/admin/frontchannelLogout"); clients.get(rep.getId()).update(rep); try { - oauth.clientSessionState("client-session"); oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); @@ -142,7 +139,6 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak .setFrontchannelLogout(true) .setAttribute(OIDCConfigAttributes.FRONT_CHANNEL_LOGOUT_URI, OAuthClient.APP_ROOT + "/admin/frontchannelLogout") .update()) { - oauth.clientSessionState("client-session"); oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java index fd179aa6741..426affe982a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java @@ -110,7 +110,6 @@ public class LogoutCorsTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); return oauth.doAccessTokenRequest(code); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java index 4560cd235d5..6a91ab308c6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java @@ -17,21 +17,26 @@ package org.keycloak.testsuite.oauth; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.Response.Status; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; import org.hamcrest.MatcherAssert; import org.jboss.arquillian.graphene.page.Page; import org.junit.Before; import org.junit.Rule; import org.junit.Test; - import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ClientsResource; import org.keycloak.common.util.Retry; import org.keycloak.common.util.Time; +import org.keycloak.constants.AdapterConstants; import org.keycloak.events.Details; import org.keycloak.jose.jws.JWSHeader; import org.keycloak.jose.jws.JWSInput; import org.keycloak.models.Constants; -import org.keycloak.protocol.ProtocolMapper; import org.keycloak.protocol.oidc.OIDCConfigAttributes; import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.representations.AccessToken; @@ -45,29 +50,24 @@ import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.AssertEvents; import org.keycloak.testsuite.admin.ApiUtil; import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.updaters.RealmAttributeUpdater; +import org.keycloak.testsuite.util.ClientManager; +import org.keycloak.testsuite.util.Matchers; +import org.keycloak.testsuite.util.ProtocolMapperUtil; +import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.TokenSignatureUtil; +import org.keycloak.testsuite.util.oauth.AccessTokenResponse; +import org.keycloak.testsuite.util.oauth.LogoutResponse; import java.util.LinkedList; import java.util.List; import java.util.Map; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response.Status; - -import org.apache.http.client.methods.CloseableHttpResponse; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.keycloak.testsuite.updaters.RealmAttributeUpdater; -import org.keycloak.testsuite.util.ClientManager; -import org.keycloak.testsuite.util.Matchers; -import org.keycloak.testsuite.util.ProtocolMapperUtil; -import org.keycloak.testsuite.util.oauth.AccessTokenResponse; -import org.keycloak.testsuite.util.RealmBuilder; -import org.keycloak.testsuite.util.TokenSignatureUtil; -import org.keycloak.testsuite.util.oauth.LogoutResponse; - -import static org.hamcrest.Matchers.*; -import static org.junit.Assert.*; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; /** @@ -108,8 +108,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); String refreshTokenString = tokenResponse.getRefreshToken(); LogoutResponse response = oauth.doLogout(refreshTokenString); @@ -124,8 +123,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); String refreshTokenString = tokenResponse.getRefreshToken(); adminClient.realm("test").update(RealmBuilder.create().notBefore(Time.currentTime() + 1).build()); @@ -168,8 +166,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); String refreshTokenString = tokenResponse.getRefreshToken(); oauth.client("test-app-scope", "password"); @@ -206,8 +203,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); String idTokenString = tokenResponse.getIdToken(); JWSHeader header = new JWSInput(tokenResponse.getAccessToken()).getHeader(); @@ -226,12 +222,12 @@ public class LogoutTest extends AbstractKeycloakTest { assertNull(header.getContentType()); String logoutUrl = oauth.logoutForm() - .idTokenHint(idTokenString) - .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) - .build(); + .idTokenHint(idTokenString) + .postLogoutRedirectUri(oauth.APP_AUTH_ROOT) + .build(); try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build(); - CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { + CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { MatcherAssert.assertThat(response, Matchers.statusCodeIsHC(Status.FOUND)); MatcherAssert.assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(oauth.APP_AUTH_ROOT)); } @@ -263,9 +259,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); events.poll(); String idTokenString = tokenResponse.getIdToken(); String logoutUrl = oauth.logoutForm() @@ -274,7 +268,7 @@ public class LogoutTest extends AbstractKeycloakTest { .build(); try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build(); - CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { + CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { MatcherAssert.assertThat(response, Matchers.statusCodeIsHC(Status.FOUND)); MatcherAssert.assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(oauth.APP_AUTH_ROOT)); } @@ -303,9 +297,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); String idTokenString = tokenResponse.getIdToken(); String logoutUrl = oauth.logoutForm() .idTokenHint(idTokenString) @@ -313,7 +305,7 @@ public class LogoutTest extends AbstractKeycloakTest { .build(); try (CloseableHttpClient c = HttpClientBuilder.create().disableRedirectHandling().build(); - CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { + CloseableHttpResponse response = c.execute(new HttpGet(logoutUrl))) { MatcherAssert.assertThat(response, Matchers.statusCodeIsHC(Status.FOUND)); MatcherAssert.assertThat(response.getFirstHeader(HttpHeaders.LOCATION).getValue(), is(oauth.APP_AUTH_ROOT)); } @@ -348,9 +340,7 @@ public class LogoutTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); AccessToken accessToken = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(AccessToken.class); String idTokenString = tokenResponse.getIdToken(); String logoutUrl = oauth.logoutForm() @@ -399,9 +389,8 @@ public class LogoutTest extends AbstractKeycloakTest { oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); - AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.accessTokenRequest(code).param(AdapterConstants.CLIENT_SESSION_STATE, "client-session").send(); setTimeOffset(1); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java index 903d9b68a9f..e80cb105b97 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java @@ -61,24 +61,14 @@ public class OAuthDanceClientSessionExtensionTest extends AbstractKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - String clientSessionState = "1234"; - String clientSessionHost = "test-client-host"; - - AccessTokenResponse tokenResponse = oauth.clientSessionState(clientSessionState) - .clientSessionHost(clientSessionHost) - .doAccessTokenRequest(code); + AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); String refreshTokenString = tokenResponse.getRefreshToken(); EventRepresentation tokenEvent = events.expectCodeToToken(codeId, sessionId) .assertEvent(); - - String updatedClientSessionState = "5678"; - - oauth.clientSessionState(updatedClientSessionState) - .clientSessionHost(clientSessionHost) - .doRefreshTokenRequest(refreshTokenString); + oauth.doRefreshTokenRequest(refreshTokenString); events.expectRefresh(tokenEvent.getDetails().get(Details.REFRESH_TOKEN_ID), sessionId) .assertEvent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java index 08d6bf64d0b..7ab2970ef8a 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java @@ -1070,7 +1070,6 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest { String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); events.clear(); return tokenResponse; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java index 15f403a35cf..f564a8b5d7e 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java @@ -525,7 +525,6 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest { oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java index 29d603d0511..853164c47de 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java @@ -131,7 +131,6 @@ public class TokenRevocationTest extends AbstractKeycloakTest { @Test public void testRevokeToken() throws Exception { - oauth.clientSessionState("client-session"); AccessTokenResponse tokenResponse1 = login("test-app", "test-user@localhost", "password"); AccessTokenResponse tokenResponse2 = login("test-app-scope", "test-user@localhost", "password"); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java index 49e8c73d592..523eb466953 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java @@ -595,7 +595,6 @@ public class HoKTest extends AbstractTestRealmKeycloakTest { oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); verifyHoKTokenDefaultCertThumbPrint(tokenResponse); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java index 28df781281a..dd375526bd2 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java @@ -490,7 +490,6 @@ public class StandardTokenExchangeV1Test extends AbstractKeycloakTest { }); clients.get(rep.getId()).update(rep); String logoutToken; - oauth.clientSessionState("client-session"); oauth.doLogin("user", "password"); String code = oauth.parseLoginResponse().getCode(); AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java index 0b62dcf3392..1aa0795b1b0 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java @@ -1031,7 +1031,6 @@ public class UserInfoTest extends AbstractKeycloakTest { oauth.doLogin("test-user@localhost", "password"); String code = oauth.parseLoginResponse().getCode(); - oauth.clientSessionState("client-session"); org.keycloak.testsuite.util.oauth.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);