From 1ca178ede3801da97e04f26efdccaa28dd358574 Mon Sep 17 00:00:00 2001 From: Takashi Norimatsu Date: Thu, 29 May 2025 14:17:45 +0900 Subject: [PATCH] Revise Client Policies Codes - OAuth 2.1 tests closes #40050 Signed-off-by: Takashi Norimatsu --- .../testsuite/client/AbstractFAPITest.java | 6 +++--- .../client/OAuth2_1ConfidentialClientTest.java | 16 +++++++--------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractFAPITest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractFAPITest.java index c1834c5e6be2..ef3c51eeda21 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractFAPITest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/AbstractFAPITest.java @@ -87,7 +87,7 @@ public abstract class AbstractFAPITest extends AbstractClientPoliciesTest { @BeforeClass public static void verifySSL() { - // FAPI requires SSL and does not makes sense to test it with disabled SSL + // FAPI requires SSL and does not make sense to test it with disabled SSL Assume.assumeTrue("The FAPI test requires SSL to be enabled.", ServerURLs.AUTH_SERVER_SSL_REQUIRED); } @@ -131,7 +131,7 @@ public static void assertScopes(String expectedScope, String receivedScope) { } protected String loginUserAndGetCode(String clientId, String nonce, boolean fragmentResponseModeExpected) { - oauth.clientId(clientId); + oauth.client(clientId); oauth.loginForm().nonce(nonce).codeChallenge(pkceGenerator).request(request).requestUri(requestUri).doLogin(TEST_USERNAME, TEST_USERSECRET); grantPage.assertCurrent(); @@ -144,7 +144,7 @@ protected String loginUserAndGetCode(String clientId, String nonce, boolean frag } protected String loginUserAndGetCodeInJwtQueryResponseMode(String clientId, String nonce) { - oauth.clientId(clientId); + oauth.client(clientId); oauth.loginForm().nonce(nonce).codeChallenge(pkceGenerator).request(request).requestUri(requestUri).doLogin(TEST_USERNAME, TEST_USERSECRET); grantPage.assertCurrent(); diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java index 02bee3a76796..16323550c773 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java @@ -60,7 +60,7 @@ public class OAuth2_1ConfidentialClientTest extends AbstractFAPITest { private static final String OAUTH2_1_CONFIDENTIAL_CLIENT_PROFILE_NAME = "oauth-2-1-for-confidential-client"; - private String validRedirectUri;; + private String validRedirectUri; private PkceGenerator pkceGenerator; @@ -113,7 +113,7 @@ public void testOAuth2_1NotAllowImplicitGrant() throws Exception { @Test public void testOAuth2_1NotAllowResourceOwnerPasswordCredentialsGrant() throws Exception { String clientId = generateSuffixedName(CLIENT_NAME); - String cId = createClientByAdmin(clientId, (ClientRepresentation clientRep) -> { + createClientByAdmin(clientId, (ClientRepresentation clientRep) -> { clientRep.setClientAuthenticatorType(X509ClientAuthenticator.PROVIDER_ID); OIDCAdvancedConfigWrapper clientConfig = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRep); clientConfig.setRequestUris(Collections.singletonList(TestApplicationResourceUrls.clientRequestUri())); @@ -141,9 +141,7 @@ public void testOAuth2_1ClientAuthentication() throws Exception { // register client with clientIdAndSecret - fail try { - createClientByAdmin("invalid", (ClientRepresentation clientRep) -> { - clientRep.setClientAuthenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID); - }); + createClientByAdmin("invalid", (ClientRepresentation clientRep) -> clientRep.setClientAuthenticatorType(ClientIdAndSecretAuthenticator.PROVIDER_ID)); fail(); } catch (ClientPolicyException e) { assertEquals(OAuthErrorException.INVALID_CLIENT_METADATA, e.getMessage()); @@ -190,7 +188,7 @@ public void testOAuth2_1RedirectUris() throws Exception { // setup profiles and policies setupPolicyOAuth2_1ConfidentialClientForAllClient(); - faiilUpdateRedirectUrisDynamically(clientId, List.of("https://dev.example.com:8443/*")); + failUpdateRedirectUrisDynamically(clientId, List.of("https://dev.example.com:8443/*")); successUpdateRedirectUrisByAdmin(cId, List.of("https://dev.example.com:8443/callback", "https://[::1]/auth/admin", "com.example.app:/oauth2redirect/example-provider", "https://127.0.0.1/auth/admin")); @@ -252,7 +250,7 @@ private void setupValidClientExceptForRedirectUri(ClientRepresentation clientRep clientConfig.setAllowRegexPatternComparison(false); clientConfig.setPkceCodeChallengeMethod(OAuth2Constants.PKCE_METHOD_S256); clientConfig.setUseMtlsHoKToken(true); - }; + } private String generateNonce() { return SecretGenerator.getInstance().randomString(16); @@ -281,7 +279,7 @@ private void successUpdateRedirectUrisByAdmin(String cId, List redirectU } } - private void faiilUpdateRedirectUrisDynamically(String clientId, List redirectUrisList) { + private void failUpdateRedirectUrisDynamically(String clientId, List redirectUrisList) { try { updateClientDynamically(clientId, (OIDCClientRepresentation clientRep) -> clientRep.setRedirectUris(redirectUrisList)); @@ -292,7 +290,7 @@ private void faiilUpdateRedirectUrisDynamically(String clientId, List re } private void failAuthorizationRequest(String clientId, String redirectUri) { - oauth.clientId(clientId); + oauth.client(clientId); oauth.redirectUri(redirectUri); oauth.openLoginForm(); assertTrue(errorPage.isCurrent());