From 8a00cfe53c4d11cd2f310621c9fd6690e17c3cad Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Sun, 10 Jul 2022 18:18:23 +0100 Subject: [PATCH] Fix OidcClient duplicating the client_id for the public client --- .../quarkus/oidc/client/runtime/OidcClientImpl.java | 2 +- .../io/quarkus/it/keycloak/FrontendResource.java | 7 +++++++ .../src/main/resources/application.properties | 6 ++++++ .../it/keycloak/KeycloakRealmResourceManager.java | 7 +++++++ .../java/io/quarkus/it/keycloak/OidcClientTest.java | 12 ++++++++++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java index 1641510fa8b99..06a59c1f543da 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientImpl.java @@ -109,7 +109,7 @@ public Uni get() { body.add(OidcConstants.CLIENT_ASSERTION, jwt); } } else if (!OidcCommonUtils.isClientSecretPostAuthRequired(oidcConfig.credentials)) { - body.add(OidcConstants.CLIENT_ID, oidcConfig.clientId.get()); + body = copyMultiMap(body).set(OidcConstants.CLIENT_ID, oidcConfig.clientId.get()); } if (!additionalGrantParameters.isEmpty()) { body = copyMultiMap(body); diff --git a/integration-tests/oidc-client-wiremock/src/main/java/io/quarkus/it/keycloak/FrontendResource.java b/integration-tests/oidc-client-wiremock/src/main/java/io/quarkus/it/keycloak/FrontendResource.java index 2c6bacdc96380..a6f9062049194 100644 --- a/integration-tests/oidc-client-wiremock/src/main/java/io/quarkus/it/keycloak/FrontendResource.java +++ b/integration-tests/oidc-client-wiremock/src/main/java/io/quarkus/it/keycloak/FrontendResource.java @@ -63,4 +63,11 @@ public Uni echoRefreshTokenOnly(@QueryParam("refreshToken") String refre return clients.getClient("refresh").refreshTokens(refreshToken) .onItem().transform(t -> t.getAccessToken()); } + + @GET + @Path("password-grant-public-client") + @Produces("text/plain") + public Uni passwordGrantPublicClient() { + return clients.getClient("password-grant-public-client").getTokens().onItem().transform(t -> t.getAccessToken()); + } } diff --git a/integration-tests/oidc-client-wiremock/src/main/resources/application.properties b/integration-tests/oidc-client-wiremock/src/main/resources/application.properties index 8993878e809e6..d8dad093782a0 100644 --- a/integration-tests/oidc-client-wiremock/src/main/resources/application.properties +++ b/integration-tests/oidc-client-wiremock/src/main/resources/application.properties @@ -7,6 +7,12 @@ quarkus.oidc-client.grant.type=password quarkus.oidc-client.grant-options.password.username=alice quarkus.oidc-client.grant-options.password.password=alice +quarkus.oidc-client.password-grant-public-client.token-path=${keycloak.url}/tokens_public_client +quarkus.oidc-client.password-grant-public-client.client-id=quarkus-app +quarkus.oidc-client.password-grant-public-client.grant.type=password +quarkus.oidc-client.password-grant-public-client.grant-options.password.username=alice +quarkus.oidc-client.password-grant-public-client.grant-options.password.password=alice + quarkus.oidc-client.non-standard-response.token-path=${keycloak.url}/non-standard-tokens quarkus.oidc-client.non-standard-response.client-id=quarkus-app quarkus.oidc-client.non-standard-response.credentials.secret=secret diff --git a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java index ea8b059a72201..fceb9735d12f4 100644 --- a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java +++ b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/KeycloakRealmResourceManager.java @@ -35,6 +35,13 @@ public Map start() { .withHeader("Content-Type", MediaType.APPLICATION_JSON) .withBody( "{\"access_token\":\"access_token_1\", \"expires_in\":4, \"refresh_token\":\"refresh_token_1\"}"))); + server.stubFor(WireMock.post("/tokens_public_client") + .withRequestBody(matching("grant_type=password&username=alice&password=alice&client_id=quarkus-app")) + .willReturn(WireMock + .aResponse() + .withHeader("Content-Type", MediaType.APPLICATION_JSON) + .withBody( + "{\"access_token\":\"access_token_public_client\", \"expires_in\":20}"))); server.stubFor(WireMock.post("/non-standard-tokens") .withHeader("X-Custom", matching("XCustomHeaderValue")) .withRequestBody(matching("grant_type=password&username=alice&password=alice&extra_param=extra_param_value")) diff --git a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java index 97c0c709a122b..17b490364fb0a 100644 --- a/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java +++ b/integration-tests/oidc-client-wiremock/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java @@ -76,6 +76,18 @@ public Boolean call() throws Exception { }); } + @Test + public void testEchoTokensPasswordGrantPublicClient() { + RestAssured.when().get("/frontend/password-grant-public-client") + .then() + .statusCode(200) + .body(equalTo("access_token_public_client")); + RestAssured.when().get("/frontend/password-grant-public-client") + .then() + .statusCode(200) + .body(equalTo("access_token_public_client")); + } + @Test public void testEchoTokensNonStandardResponse() { RestAssured.when().get("/frontend/echoTokenNonStandardResponse")