From 951df19348b7a181e1ff76753c20fdcc6124864b Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Wed, 5 May 2021 18:50:02 +0100 Subject: [PATCH] Update OidcClient to recognize non-standard grant response properties (cherry picked from commit a6188afb47e36d34367ab67bf508c015899a9d0a) --- .../quarkus/oidc/client/OidcClientConfig.java | 43 +++++++++++++++++++ .../oidc/client/runtime/OidcClientImpl.java | 6 +-- .../oidc-client-wiremock/pom.xml | 14 ------ .../src/main/resources/application.properties | 12 ++++++ .../KeycloakRealmResourceManager.java | 11 ++++- .../quarkus/it/keycloak/OidcClientTest.java | 8 ++++ 6 files changed, 75 insertions(+), 19 deletions(-) diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java index 12b5dfaa92556..1c64599a4f335 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java @@ -6,6 +6,7 @@ import java.util.Optional; import io.quarkus.oidc.common.runtime.OidcCommonConfig; +import io.quarkus.oidc.common.runtime.OidcConstants; import io.quarkus.runtime.annotations.ConfigGroup; import io.quarkus.runtime.annotations.ConfigItem; @@ -61,6 +62,24 @@ public static enum Type { @ConfigItem(defaultValue = "client") public Type type = Type.CLIENT; + /** + * Access token property name in a token grant response + */ + @ConfigItem(defaultValue = OidcConstants.ACCESS_TOKEN_VALUE) + public String accessTokenProperty = OidcConstants.ACCESS_TOKEN_VALUE; + + /** + * Refresh token property name in a token grant response + */ + @ConfigItem(defaultValue = OidcConstants.REFRESH_TOKEN_VALUE) + public String refreshTokenProperty = OidcConstants.REFRESH_TOKEN_VALUE; + + /** + * Refresh token property name in a token grant response + */ + @ConfigItem(defaultValue = OidcConstants.EXPIRES_IN) + public String expiresInProperty = OidcConstants.EXPIRES_IN; + public Type getType() { return type; } @@ -68,6 +87,30 @@ public Type getType() { public void setType(Type type) { this.type = type; } + + public String getAccessTokenProperty() { + return accessTokenProperty; + } + + public void setAccessTokenProperty(String accessTokenProperty) { + this.accessTokenProperty = accessTokenProperty; + } + + public String getRefreshTokenProperty() { + return refreshTokenProperty; + } + + public void setRefreshTokenProperty(String refreshTokenProperty) { + this.refreshTokenProperty = refreshTokenProperty; + } + + public String getExpiresInProperty() { + return expiresInProperty; + } + + public void setExpiresInProperty(String expiresInProperty) { + this.expiresInProperty = expiresInProperty; + } } /** diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java index 5f883af8300cc..ddc8ca679b850 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java @@ -104,10 +104,10 @@ private Tokens emitGrantTokens(HttpResponse resp, boolean refresh) { if (resp.statusCode() == 200) { LOG.debugf("%s OidcClient has %s the tokens", oidcConfig.getId().get(), (refresh ? "refreshed" : "acquired")); JsonObject json = resp.bodyAsJsonObject(); - final String accessToken = json.getString(OidcConstants.ACCESS_TOKEN_VALUE); - final String refreshToken = json.getString(OidcConstants.REFRESH_TOKEN_VALUE); + final String accessToken = json.getString(oidcConfig.grant.accessTokenProperty); + final String refreshToken = json.getString(oidcConfig.grant.refreshTokenProperty); Long accessTokenExpiresAt; - Long accessTokenExpiresIn = json.getLong(OidcConstants.EXPIRES_IN); + Long accessTokenExpiresIn = json.getLong(oidcConfig.grant.expiresInProperty); if (accessTokenExpiresIn != null) { accessTokenExpiresAt = Instant.now().getEpochSecond() + accessTokenExpiresIn; } else { diff --git a/integration-tests/oidc-client-wiremock/pom.xml b/integration-tests/oidc-client-wiremock/pom.xml index eb1b79d88c98d..c3d37f77cb7fd 100644 --- a/integration-tests/oidc-client-wiremock/pom.xml +++ b/integration-tests/oidc-client-wiremock/pom.xml @@ -14,10 +14,6 @@ Quarkus - Integration Tests - OpenID Connect Client Wiremock Module that contains OpenID Connect Client tests using Wiremock - - http://localhost:8180/auth - - @@ -91,19 +87,9 @@ maven-surefire-plugin - - - ${keycloak.url} - - maven-failsafe-plugin - - - ${keycloak.url} - - io.quarkus diff --git a/integration-tests/oidc-client-wiremock/src/main/resources/application.properties b/integration-tests/oidc-client-wiremock/src/main/resources/application.properties index 2aa40586a8020..4a92258f502e0 100644 --- a/integration-tests/oidc-client-wiremock/src/main/resources/application.properties +++ b/integration-tests/oidc-client-wiremock/src/main/resources/application.properties @@ -7,6 +7,18 @@ quarkus.oidc-client.grant.type=password quarkus.oidc-client.grant-options.password.username=alice quarkus.oidc-client.grant-options.password.password=alice +quarkus.oidc-client.non-standard-response.auth-server-url=${keycloak.url} +quarkus.oidc-client.non-standard-response.discovery-enabled=false +quarkus.oidc-client.non-standard-response.token-path=/non-standard-tokens +quarkus.oidc-client.non-standard-response.client-id=quarkus-app +quarkus.oidc-client.non-standard-response.credentials.secret=secret +quarkus.oidc-client.non-standard-response.grant.type=password +quarkus.oidc-client.non-standard-response.grant.access-token-property=accessToken +quarkus.oidc-client.non-standard-response.grant.refresh-token-property=refreshToken +quarkus.oidc-client.non-standard-response.grant.expires-in-property=expiresIn +quarkus.oidc-client.non-standard-response.grant-options.password.username=alice +quarkus.oidc-client.non-standard-response.grant-options.password.password=alice + io.quarkus.it.keycloak.ProtectedResourceServiceOidcClient/mp-rest/url=http://localhost:8081/protected quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientImpl".min-level=TRACE diff --git a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java index 4590a940a46d8..06c3766e175f1 100644 --- a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java +++ b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java @@ -35,6 +35,14 @@ public Map start() { .withHeader("Content-Type", MediaType.APPLICATION_JSON) .withBody( "{\"access_token\":\"access_token_1\", \"expires_in\":4, \"refresh_token\":\"refresh_token_1\"}"))); + server.stubFor(WireMock.post("/non-standard-tokens") + .withRequestBody(matching("grant_type=password&username=alice&password=alice")) + .willReturn(WireMock + .aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON) + .withBody( + "{\"accessToken\":\"access_token_n\", \"expiresIn\":4, \"refreshToken\":\"refresh_token_n\"}"))); + server.stubFor(WireMock.post("/tokens") .withRequestBody(matching("grant_type=refresh_token&refresh_token=refresh_token_1")) .willReturn(WireMock @@ -46,8 +54,7 @@ public Map start() { LOG.infof("Keycloak started in mock mode: %s", server.baseUrl()); Map conf = new HashMap<>(); - conf.put("quarkus.oidc-client.auth-server-url", server.baseUrl()); - conf.put("keycloak-url", server.baseUrl()); + conf.put("keycloak.url", server.baseUrl()); return conf; } diff --git a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java index 853f45223f253..fb65310c930e3 100644 --- a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java +++ b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java @@ -53,6 +53,14 @@ public Boolean call() throws Exception { checkLog(); } + @Test + public void testEchoTokensNonStandardResponse() { + RestAssured.when().get("/frontend/echoTokenNonStandardResponse") + .then() + .statusCode(200) + .body(equalTo("access_token_n refresh_token_n")); + } + private void checkLog() { final Path logDirectory = Paths.get(".", "target"); given().await().pollInterval(100, TimeUnit.MILLISECONDS)