forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support Keycloak Dev Services for standalone OIDC Client Registration
- Loading branch information
1 parent
4f49059
commit 6a34154
Showing
14 changed files
with
462 additions
and
209 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
...es/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakAdminPageBuildItem.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package io.quarkus.devservices.keycloak; | ||
|
||
import io.quarkus.builder.item.MultiBuildItem; | ||
import io.quarkus.devui.spi.page.CardPageBuildItem; | ||
|
||
/** | ||
* Extensions should produce this build item if a DEV UI card with | ||
* the Keycloak Admin link should be created for the extension. | ||
*/ | ||
public final class KeycloakAdminPageBuildItem extends MultiBuildItem { | ||
|
||
final CardPageBuildItem cardPage; | ||
|
||
/** | ||
* @param cardPage created inside extension that requires Keycloak Dev Service, this way, card page | ||
* custom identifier deduced from a stacktrace walker will identify the extension correctly | ||
*/ | ||
public KeycloakAdminPageBuildItem(CardPageBuildItem cardPage) { | ||
this.cardPage = cardPage; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
...ycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfigurator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package io.quarkus.devservices.keycloak; | ||
|
||
import java.util.Map; | ||
|
||
import org.keycloak.representations.idm.RealmRepresentation; | ||
|
||
public interface KeycloakDevServicesConfigurator { | ||
|
||
record ConfigPropertiesContext(String authServerInternalUrl, String oidcClientId, String oidcClientSecret) { | ||
} | ||
|
||
Map<String, String> createProperties(ConfigPropertiesContext context); | ||
|
||
default void customizeDefaultRealm(RealmRepresentation realmRepresentation) { | ||
} | ||
|
||
} |
237 changes: 103 additions & 134 deletions
237
.../keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesProcessor.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
71 changes: 71 additions & 0 deletions
71
...ent/registration/deployment/devservices/keycloak/KeycloakDevServiceRequiredBuildStep.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package io.quarkus.oidc.client.registration.deployment.devservices.keycloak; | ||
|
||
import static io.quarkus.devservices.keycloak.KeycloakDevServicesRequiredBuildItem.OIDC_AUTH_SERVER_URL_CONFIG_KEY; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import org.eclipse.microprofile.config.ConfigProvider; | ||
import org.keycloak.common.util.MultivaluedHashMap; | ||
import org.keycloak.representations.idm.ComponentExportRepresentation; | ||
import org.keycloak.representations.idm.RealmRepresentation; | ||
|
||
import io.quarkus.deployment.IsDevelopment; | ||
import io.quarkus.deployment.IsNormal; | ||
import io.quarkus.deployment.annotations.BuildStep; | ||
import io.quarkus.deployment.annotations.BuildSteps; | ||
import io.quarkus.deployment.dev.devservices.GlobalDevServicesConfig; | ||
import io.quarkus.devservices.keycloak.KeycloakAdminPageBuildItem; | ||
import io.quarkus.devservices.keycloak.KeycloakDevServicesConfigurator; | ||
import io.quarkus.devservices.keycloak.KeycloakDevServicesRequiredBuildItem; | ||
import io.quarkus.devui.spi.page.CardPageBuildItem; | ||
import io.quarkus.oidc.client.registration.deployment.OidcClientRegistrationBuildStep; | ||
|
||
@BuildSteps(onlyIfNot = IsNormal.class, onlyIf = { OidcClientRegistrationBuildStep.IsEnabled.class, | ||
GlobalDevServicesConfig.Enabled.class }) | ||
public class KeycloakDevServiceRequiredBuildStep { | ||
|
||
private static final String OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY = "quarkus.oidc-client-registration.auth-server-url"; | ||
|
||
@BuildStep | ||
KeycloakDevServicesRequiredBuildItem requireKeycloakDevService() { | ||
var devServicesConfigurator = new KeycloakDevServicesConfigurator() { | ||
|
||
@Override | ||
public Map<String, String> createProperties(ConfigPropertiesContext ctx) { | ||
return Map.of(OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY, ctx.authServerInternalUrl()); | ||
} | ||
|
||
@Override | ||
public void customizeDefaultRealm(RealmRepresentation realmRepresentation) { | ||
if (getInitialToken() == null) { | ||
realmRepresentation.setRegistrationAllowed(true); | ||
realmRepresentation.setRegistrationFlow("registration"); | ||
if (realmRepresentation.getComponents() == null) { | ||
realmRepresentation.setComponents(new MultivaluedHashMap<>()); | ||
} | ||
var componentExportRepresentation = new ComponentExportRepresentation(); | ||
componentExportRepresentation.setName("Full Scope Disabled"); | ||
componentExportRepresentation.setProviderId("scope"); | ||
componentExportRepresentation.setSubType("anonymous"); | ||
realmRepresentation.getComponents().put( | ||
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy", | ||
List.of(componentExportRepresentation)); | ||
} | ||
} | ||
}; | ||
|
||
return KeycloakDevServicesRequiredBuildItem.of(devServicesConfigurator, | ||
OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY, OIDC_AUTH_SERVER_URL_CONFIG_KEY); | ||
} | ||
|
||
@BuildStep(onlyIf = IsDevelopment.class) | ||
KeycloakAdminPageBuildItem addCardWithLinkToKeycloakAdmin() { | ||
return new KeycloakAdminPageBuildItem(new CardPageBuildItem()); | ||
} | ||
|
||
private static String getInitialToken() { | ||
return ConfigProvider.getConfig().getOptionalValue("quarkus.oidc-client-registration.initial-token", String.class) | ||
.orElse(null); | ||
} | ||
} |
65 changes: 65 additions & 0 deletions
65
...ava/io/quarkus/oidc/client/registration/OidcClientRegistrationKeycloakDevServiceTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package io.quarkus.oidc.client.registration; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import jakarta.enterprise.event.Observes; | ||
import jakarta.inject.Inject; | ||
import jakarta.inject.Singleton; | ||
|
||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.runtime.StartupEvent; | ||
import io.quarkus.test.QuarkusUnitTest; | ||
|
||
public class OidcClientRegistrationKeycloakDevServiceTest { | ||
|
||
@RegisterExtension | ||
static final QuarkusUnitTest test = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addAsResource( | ||
new StringAsset( | ||
""" | ||
quarkus.oidc-client-registration.metadata.client-name=Default Test Client | ||
quarkus.oidc-client-registration.metadata.redirect-uri=http://localhost:8081/default/redirect | ||
quarkus.oidc-client-registration.named.metadata.client-name=Named Test Client | ||
quarkus.oidc-client-registration.named.metadata.redirect-uri=http://localhost:8081/named/redirect | ||
quarkus.oidc-client-registration.named.auth-server-url=${quarkus.oidc-client-registration.auth-server-url} | ||
"""), | ||
"application.properties")); | ||
|
||
@Inject | ||
TestClientRegistrations testClientRegistrations; | ||
|
||
@Test | ||
public void testDefaultRegisteredClient() { | ||
assertEquals("Default Test Client", testClientRegistrations.defaultClientMetadata.getClientName()); | ||
assertEquals("http://localhost:8081/default/redirect", | ||
testClientRegistrations.defaultClientMetadata.getRedirectUris().get(0)); | ||
} | ||
|
||
@Test | ||
public void testNamedRegisteredClient() { | ||
assertEquals("Named Test Client", testClientRegistrations.namedClientMetadata.getClientName()); | ||
assertEquals("http://localhost:8081/named/redirect", | ||
testClientRegistrations.namedClientMetadata.getRedirectUris().get(0)); | ||
} | ||
|
||
@Singleton | ||
public static final class TestClientRegistrations { | ||
|
||
private volatile ClientMetadata defaultClientMetadata; | ||
private volatile ClientMetadata namedClientMetadata; | ||
|
||
void prepareDefaultClientMetadata(@Observes StartupEvent event, OidcClientRegistrations clientRegistrations) { | ||
var clientRegistration = clientRegistrations.getClientRegistration(); | ||
var registeredClient = clientRegistration.registeredClient().await().indefinitely(); | ||
defaultClientMetadata = registeredClient.metadata(); | ||
|
||
clientRegistration = clientRegistrations.getClientRegistration("named"); | ||
registeredClient = clientRegistration.registeredClient().await().indefinitely(); | ||
namedClientMetadata = registeredClient.metadata(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.