diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java
index 575809f2f4..c6b38c9ef4 100644
--- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java
+++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/Oidc.java
@@ -45,7 +45,13 @@
public class Oidc {
public static final String ACCEPT = "Accept";
+ public static final String ADAPTER_STATE_COOKIE_PATH = "adapter-state-cookie-path";
+ public static final String ALLOW_ANY_HOSTNAME = "allow-any-hostname";
+ public static final String ALWAYS_REFRESH_TOKEN = "always-refresh-token";
+ public static final String AUTH_SERVER_URL = "auth-server-url";
public static final String AUTHENTICATION_REQUEST_FORMAT = "authentication-request-format";
+ public static final String AUTODETECT_BEARER_ONLY = "autodetect-bearer-only";
+ public static final String BEARER_ONLY = "bearer-only";
public static final String OIDC_NAME = "OIDC";
public static final String JSON_CONTENT_TYPE = "application/json";
public static final String HTML_CONTENT_TYPE = "text/html";
@@ -55,14 +61,27 @@ public class Oidc {
public static final String KEYCLOAK_REALMS_PATH = "realms/";
public static final String JSON_CONFIG_CONTEXT_PARAM = "org.wildfly.security.http.oidc.json.config";
static final String ACCOUNT_PATH = "account";
+ public static final String CORS_MAX_AGE = "cors-max-age";
+ public static final String CORS_ALLOWED_HEADERS = "cors-allowed-headers";
+ public static final String CORS_ALLOWED_METHODS = "cors-allowed-methods";
+ public static final String CORS_EXPOSED_HEADERS = "cors-exposed-headers";
+ public static final String CONNECTION_POOL_SIZE = "connection-pool-size";
public static final String CLIENTS_MANAGEMENT_REGISTER_NODE_PATH = "clients-managements/register-node";
public static final String CLIENTS_MANAGEMENT_UNREGISTER_NODE_PATH = "clients-managements/unregister-node";
+ public static final String CREDENTIALS = "credentials";
+ public static final String DISABLE_TRUST_MANAGER = "disable-trust-manager";
public static final String SLASH = "/";
public static final String OIDC_CLIENT_CONTEXT_KEY = OidcClientContext.class.getName();
public static final String CLIENT_ID = "client_id";
+ public static final String CLIENT_ID_JSON_VALUE = "client-id";
+ public static final String CLIENT_KEYSTORE = "client-keystore";
+ public static final String CLIENT_KEYSTORE_PASSWORD = "client-keystore-password";
+ public static final String CLIENT_KEY_PASSWORD = "client-key-password";
public static final String CODE = "code";
+ public static final String ENABLE_CORS = "enable-cors";
public static final String ERROR = "error";
public static final String ERROR_DESCRIPTION = "error_description";
+ public static final String EXPOSE_TOKEN = "expose-token";
public static final String FACES_REQUEST = "Faces-Request";
public static final String GRANT_TYPE = "grant_type";
public static final String INVALID_TOKEN = "invalid_token";
@@ -74,9 +93,17 @@ public class Oidc {
public static final String OPTIONS = "OPTIONS";
public static final String PARTIAL = "partial/";
public static final String PASSWORD = "password";
+ public static final String PRINCIPAL_ATTRIBUTE = "principal-attribute";
public static final String PROMPT = "prompt";
+ public static final String PROXY_URL = "proxy-url";
+ public static final String PUBLIC_CLIENT = "public-client";
+ public static final String REALM = "realm";
+ public static final String REALM_PUBLIC_KEY = "realm-public-key";
+ public static final String REGISTER_NODE_AT_STARTUP = "register-node-at-startup";
+ public static final String REGISTER_NODE_PERIOD = "register-node-period";
public static final String REQUEST = "request";
public static final String REQUEST_URI = "request_uri";
+ public static final String RESOURCE = "resource";
public static final String SCOPE = "scope";
public static final String UI_LOCALES = "ui_locales";
public static final String USERNAME = "username";
@@ -86,6 +113,7 @@ public class Oidc {
public static final String RESPONSE_TYPE = "response_type";
public static final String SESSION_STATE = "session_state";
public static final String SOAP_ACTION = "SOAPAction";
+ public static final String SSL_REQUIRED = "ssl-required";
public static final String STALE_TOKEN = "Stale token";
public static final String STATE = "state";
public static final int INVALID_ISSUED_FOR_CLAIM = -1;
@@ -118,8 +146,33 @@ public class Oidc {
static final String DEFAULT_TOKEN_SIGNATURE_ALGORITHM = "RS256";
public static final String DISABLE_TYP_CLAIM_VALIDATION_PROPERTY_NAME = "wildfly.elytron.oidc.disable.typ.claim.validation";
public static final String ALLOW_QUERY_PARAMS_PROPERTY_NAME = "wildfly.elytron.oidc.allow.query.params";
+ public static final String TOKEN_MINIMUM_TIME_TO_LIVE = "token-minimum-time-to-live";
+ public static final String TOKEN_SIGNATURE_ALGORITHM = "token-signature-algorithm";
+ public static final String TOKEN_STORE = "token-store";
+ public static final String TRUSTSTORE = "truststore";
+ public static final String TRUSTSTORE_PASSWORD = "truststore-password";
+ public static final String TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN = "turn-off-change-session-id-on-login";
+ public static final String USE_RESOURCE_ROLE_MAPPINGS = "use-resource-role-mappings";
+ public static final String USE_REALM_ROLE_MAPPINGS = "use-realm-role-mappings";
public static final String X_REQUESTED_WITH = "X-Requested-With";
public static final String XML_HTTP_REQUEST = "XMLHttpRequest";
+ public static final String MIN_TIME_BETWEEN_JWKS_REQUESTS = "min-time-between-jwks-requests";
+ public static final String PUBLIC_KEY_CACHE_TTL = "public-key-cache-ttl";
+ public static final String IGNORE_OAUTH_QUERY_PARAMETER = "ignore-oauth-query-parameter";
+ public static final String VERIFY_TOKEN_AUDIENCE = "verify-token-audience";
+ public static final String REQUEST_OBJECT_SIGNING_ALGORITHM = "request-object-signing-algorithm";
+ public static final String REQUEST_OBJECT_ENCRYPTION_ALG_VALUE = "request-object-encryption-alg-value";
+ public static final String REQUEST_OBJECT_ENCRYPTION_ENC_VALUE = "request-object-encryption-enc-value";
+ public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_FILE = "request-object-signing-keystore-file";
+ public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD = "request-object-signing-keystore-password";
+ public static final String REQUEST_OBJECT_SIGNING_KEY_PASSWORD = "request-object-signing-key-password";
+ public static final String REQUEST_OBJECT_SIGNING_KEY_ALIAS = "request-object-signing-key-alias";
+ public static final String REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE = "request-object-signing-keystore-type";
+ public static final String REDIRECT_REWRITE_RULES = "redirect-rewrite-rules";
+ public static final String ENABLE_PKCE = "enable-pkce";
+ public static final String CONFIDENTIAL_PORT = "confidential-port";
+ public static final String ENABLE_BASIC_AUTH = "enable-basic-auth";
+ public static final String PROVIDER_URL = "provider-url";
/**
* Bearer token pattern.
diff --git a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java
index 29d2d785e3..4f107b7959 100644
--- a/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java
+++ b/http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcJsonConfiguration.java
@@ -19,6 +19,61 @@
package org.wildfly.security.http.oidc;
import static org.wildfly.security.http.oidc.Oidc.DEFAULT_TOKEN_SIGNATURE_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.ADAPTER_STATE_COOKIE_PATH;
+import static org.wildfly.security.http.oidc.Oidc.ALLOW_ANY_HOSTNAME;
+import static org.wildfly.security.http.oidc.Oidc.ALWAYS_REFRESH_TOKEN;
+import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL;
+import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT;
+import static org.wildfly.security.http.oidc.Oidc.AUTODETECT_BEARER_ONLY;
+import static org.wildfly.security.http.oidc.Oidc.BEARER_ONLY;
+import static org.wildfly.security.http.oidc.Oidc.CLIENT_ID_JSON_VALUE;
+import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE;
+import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEYSTORE_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.CLIENT_KEY_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.CONFIDENTIAL_PORT;
+import static org.wildfly.security.http.oidc.Oidc.CONNECTION_POOL_SIZE;
+import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_HEADERS;
+import static org.wildfly.security.http.oidc.Oidc.CORS_ALLOWED_METHODS;
+import static org.wildfly.security.http.oidc.Oidc.CORS_EXPOSED_HEADERS;
+import static org.wildfly.security.http.oidc.Oidc.CORS_MAX_AGE;
+import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS;
+import static org.wildfly.security.http.oidc.Oidc.DISABLE_TRUST_MANAGER;
+import static org.wildfly.security.http.oidc.Oidc.ENABLE_BASIC_AUTH;
+import static org.wildfly.security.http.oidc.Oidc.ENABLE_CORS;
+import static org.wildfly.security.http.oidc.Oidc.ENABLE_PKCE;
+import static org.wildfly.security.http.oidc.Oidc.EXPOSE_TOKEN;
+import static org.wildfly.security.http.oidc.Oidc.IGNORE_OAUTH_QUERY_PARAMETER;
+import static org.wildfly.security.http.oidc.Oidc.MIN_TIME_BETWEEN_JWKS_REQUESTS;
+import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE;
+import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL;
+import static org.wildfly.security.http.oidc.Oidc.PROXY_URL;
+import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT;
+import static org.wildfly.security.http.oidc.Oidc.PUBLIC_KEY_CACHE_TTL;
+import static org.wildfly.security.http.oidc.Oidc.REDIRECT_REWRITE_RULES;
+import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_AT_STARTUP;
+import static org.wildfly.security.http.oidc.Oidc.REGISTER_NODE_PERIOD;
+import static org.wildfly.security.http.oidc.Oidc.REALM;
+import static org.wildfly.security.http.oidc.Oidc.REALM_PUBLIC_KEY;
+import static org.wildfly.security.http.oidc.Oidc.RESOURCE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE;
+import static org.wildfly.security.http.oidc.Oidc.SCOPE;
+import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED;
+import static org.wildfly.security.http.oidc.Oidc.TOKEN_MINIMUM_TIME_TO_LIVE;
+import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.TOKEN_STORE;
+import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE;
+import static org.wildfly.security.http.oidc.Oidc.TRUSTSTORE_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN;
+import static org.wildfly.security.http.oidc.Oidc.USE_RESOURCE_ROLE_MAPPINGS;
+import static org.wildfly.security.http.oidc.Oidc.USE_REALM_ROLE_MAPPINGS;
+import static org.wildfly.security.http.oidc.Oidc.VERIFY_TOKEN_AUDIENCE;
import java.util.Map;
import java.util.TreeMap;
@@ -34,143 +89,143 @@
* @author John D. Ament
* @author Farah Juma
*/
-@JsonPropertyOrder({"realm", "realm-public-key", "auth-server-url", "ssl-required",
- "resource", "public-client", "credentials",
- "use-resource-role-mappings", "use-realm-role-mappings",
- "enable-cors", "cors-max-age", "cors-allowed-methods", "cors-exposed-headers",
- "expose-token", "bearer-only", "autodetect-bearer-only", "connection-pool-size",
- "allow-any-hostname", "disable-trust-manager", "truststore", "truststore-password",
- "client-keystore", "client-keystore-password", "client-key-password",
- "always-refresh-token",
- "register-node-at-startup", "register-node-period", "token-store", "adapter-state-cookie-path", "principal-attribute",
- "proxy-url", "turn-off-change-session-id-on-login", "token-minimum-time-to-live",
- "min-time-between-jwks-requests", "public-key-cache-ttl",
- "ignore-oauth-query-parameter", "verify-token-audience", "token-signature-algorithm", "scope",
- "authentication-request-format", "request-object-signing-algorithm", "request-object-encryption-alg-value",
- "request-object-encryption-enc-value", "request-object-signing-keystore-file",
- "request-object-signing-keystore-password","request-object-signing-key-password", "request-object-signing-key-alias",
- "request-object-signing-keystore-type"
+@JsonPropertyOrder({REALM, REALM_PUBLIC_KEY, AUTH_SERVER_URL, SSL_REQUIRED,
+ RESOURCE, PUBLIC_CLIENT, CREDENTIALS,
+ USE_RESOURCE_ROLE_MAPPINGS, USE_REALM_ROLE_MAPPINGS,
+ ENABLE_CORS, CORS_MAX_AGE, CORS_ALLOWED_METHODS, CORS_EXPOSED_HEADERS,
+ EXPOSE_TOKEN, BEARER_ONLY, AUTODETECT_BEARER_ONLY, CONNECTION_POOL_SIZE,
+ ALLOW_ANY_HOSTNAME, DISABLE_TRUST_MANAGER, TRUSTSTORE, TRUSTSTORE_PASSWORD,
+ CLIENT_KEYSTORE, CLIENT_KEYSTORE_PASSWORD, CLIENT_KEY_PASSWORD,
+ ALWAYS_REFRESH_TOKEN,
+ REGISTER_NODE_AT_STARTUP, REGISTER_NODE_PERIOD, TOKEN_STORE, ADAPTER_STATE_COOKIE_PATH, PRINCIPAL_ATTRIBUTE,
+ PROXY_URL, TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN, TOKEN_MINIMUM_TIME_TO_LIVE,
+ MIN_TIME_BETWEEN_JWKS_REQUESTS, PUBLIC_KEY_CACHE_TTL,
+ IGNORE_OAUTH_QUERY_PARAMETER, VERIFY_TOKEN_AUDIENCE, TOKEN_SIGNATURE_ALGORITHM, SCOPE,
+ AUTHENTICATION_REQUEST_FORMAT, REQUEST_OBJECT_SIGNING_ALGORITHM, REQUEST_OBJECT_ENCRYPTION_ALG_VALUE,
+ REQUEST_OBJECT_ENCRYPTION_ENC_VALUE, REQUEST_OBJECT_SIGNING_KEYSTORE_FILE,
+ REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD,REQUEST_OBJECT_SIGNING_KEY_PASSWORD, REQUEST_OBJECT_SIGNING_KEY_ALIAS,
+ REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE
})
public class OidcJsonConfiguration {
- @JsonProperty("allow-any-hostname")
+ @JsonProperty(ALLOW_ANY_HOSTNAME)
protected boolean allowAnyHostname;
- @JsonProperty("disable-trust-manager")
+ @JsonProperty(DISABLE_TRUST_MANAGER)
protected boolean disableTrustManager;
- @JsonProperty("truststore")
+ @JsonProperty(TRUSTSTORE)
protected String truststore;
- @JsonProperty("truststore-password")
+ @JsonProperty(TRUSTSTORE_PASSWORD)
protected String truststorePassword;
- @JsonProperty("client-keystore")
+ @JsonProperty(CLIENT_KEYSTORE)
protected String clientKeystore;
- @JsonProperty("client-keystore-password")
+ @JsonProperty(CLIENT_KEYSTORE_PASSWORD)
protected String clientKeystorePassword;
- @JsonProperty("client-key-password")
+ @JsonProperty(CLIENT_KEY_PASSWORD)
protected String clientKeyPassword;
- @JsonProperty("request-object-signing-keystore-file")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_FILE)
protected String requestObjectSigningKeyStoreFile;
- @JsonProperty("request-object-signing-keystore-password")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD)
protected String requestObjectSigningKeyStorePassword;
- @JsonProperty("request-object-signing-key-password")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_PASSWORD)
protected String requestObjectSigningKeyPassword;
- @JsonProperty("request-object-signing-key-alias")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_KEY_ALIAS)
protected String requestObjectSigningKeyAlias;
- @JsonProperty("request-object-signing-keystore-type")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE)
protected String requestObjectSigningKeyStoreType;
- @JsonProperty("connection-pool-size")
+ @JsonProperty(CONNECTION_POOL_SIZE)
protected int connectionPoolSize = 20;
- @JsonProperty("always-refresh-token")
+ @JsonProperty(ALWAYS_REFRESH_TOKEN)
protected boolean alwaysRefreshToken = false;
- @JsonProperty("register-node-at-startup")
+ @JsonProperty(REGISTER_NODE_AT_STARTUP)
protected boolean registerNodeAtStartup = false;
- @JsonProperty("register-node-period")
+ @JsonProperty(REGISTER_NODE_PERIOD)
protected int registerNodePeriod = -1;
- @JsonProperty("token-store")
+ @JsonProperty(TOKEN_STORE)
protected String tokenStore;
- @JsonProperty("adapter-state-cookie-path")
+ @JsonProperty(ADAPTER_STATE_COOKIE_PATH)
protected String tokenCookiePath;
- @JsonProperty("principal-attribute")
+ @JsonProperty(PRINCIPAL_ATTRIBUTE)
protected String principalAttribute;
- @JsonProperty("turn-off-change-session-id-on-login")
+ @JsonProperty(TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN)
protected Boolean turnOffChangeSessionIdOnLogin;
- @JsonProperty("token-minimum-time-to-live")
+ @JsonProperty(TOKEN_MINIMUM_TIME_TO_LIVE)
protected int tokenMinimumTimeToLive = 0;
- @JsonProperty("min-time-between-jwks-requests")
+ @JsonProperty(MIN_TIME_BETWEEN_JWKS_REQUESTS)
protected int minTimeBetweenJwksRequests = 10;
- @JsonProperty("public-key-cache-ttl")
+ @JsonProperty(PUBLIC_KEY_CACHE_TTL)
protected int publicKeyCacheTtl = 86400; // 1 day
// https://tools.ietf.org/html/rfc7636
- @JsonProperty("enable-pkce")
+ @JsonProperty(ENABLE_PKCE)
protected boolean pkce = false;
- @JsonProperty("ignore-oauth-query-parameter")
+ @JsonProperty(IGNORE_OAUTH_QUERY_PARAMETER)
protected boolean ignoreOAuthQueryParameter = false;
- @JsonProperty("verify-token-audience")
+ @JsonProperty(VERIFY_TOKEN_AUDIENCE)
protected boolean verifyTokenAudience = false;
- @JsonProperty("confidential-port")
+ @JsonProperty(CONFIDENTIAL_PORT)
protected int confidentialPort;
- @JsonProperty("resource")
+ @JsonProperty(RESOURCE)
protected String resource;
- @JsonProperty("use-resource-role-mappings")
+ @JsonProperty(USE_RESOURCE_ROLE_MAPPINGS)
protected boolean useResourceRoleMappings;
- @JsonProperty("use-realm-role-mappings")
+ @JsonProperty(USE_REALM_ROLE_MAPPINGS)
protected boolean useRealmRoleMappings = true;
- @JsonProperty("enable-cors")
+ @JsonProperty(ENABLE_CORS)
protected boolean cors;
- @JsonProperty("cors-max-age")
+ @JsonProperty(CORS_MAX_AGE)
protected int corsMaxAge = -1;
- @JsonProperty("cors-allowed-headers")
+ @JsonProperty(CORS_ALLOWED_HEADERS)
protected String corsAllowedHeaders;
- @JsonProperty("cors-allowed-methods")
+ @JsonProperty(CORS_ALLOWED_METHODS)
protected String corsAllowedMethods;
- @JsonProperty("cors-exposed-headers")
+ @JsonProperty(CORS_EXPOSED_HEADERS)
protected String corsExposedHeaders;
- @JsonProperty("expose-token")
+ @JsonProperty(EXPOSE_TOKEN)
protected boolean exposeToken;
- @JsonProperty("bearer-only")
+ @JsonProperty(BEARER_ONLY)
protected boolean bearerOnly;
- @JsonProperty("autodetect-bearer-only")
+ @JsonProperty(AUTODETECT_BEARER_ONLY)
protected boolean autodetectBearerOnly;
- @JsonProperty("enable-basic-auth")
+ @JsonProperty(ENABLE_BASIC_AUTH)
protected boolean enableBasicAuth;
- @JsonProperty("public-client")
+ @JsonProperty(PUBLIC_CLIENT)
protected boolean publicClient;
- @JsonProperty("credentials")
+ @JsonProperty(CREDENTIALS)
protected Map credentials = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
- @JsonProperty("redirect-rewrite-rules")
+ @JsonProperty(REDIRECT_REWRITE_RULES)
protected Map redirectRewriteRules;
- @JsonProperty("realm")
+ @JsonProperty(REALM)
protected String realm;
- @JsonProperty("realm-public-key")
+ @JsonProperty(REALM_PUBLIC_KEY)
protected String realmKey;
- @JsonProperty("auth-server-url")
+ @JsonProperty(AUTH_SERVER_URL)
protected String authServerUrl;
- @JsonProperty("ssl-required")
+ @JsonProperty(SSL_REQUIRED)
protected String sslRequired;
- @JsonProperty("provider-url")
+ @JsonProperty(PROVIDER_URL)
protected String providerUrl;
- @JsonProperty("client-id")
+ @JsonProperty(CLIENT_ID_JSON_VALUE)
protected String clientId;
- @JsonProperty("token-signature-algorithm")
+ @JsonProperty(TOKEN_SIGNATURE_ALGORITHM)
protected String tokenSignatureAlgorithm = DEFAULT_TOKEN_SIGNATURE_ALGORITHM;
- @JsonProperty("scope")
+ @JsonProperty(SCOPE)
protected String scope;
- @JsonProperty("authentication-request-format")
+ @JsonProperty(AUTHENTICATION_REQUEST_FORMAT)
protected String authenticationRequestFormat;
- @JsonProperty("request-object-signing-algorithm")
+ @JsonProperty(REQUEST_OBJECT_SIGNING_ALGORITHM)
protected String requestObjectSigningAlgorithm;
- @JsonProperty("request-object-encryption-alg-value")
+ @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ALG_VALUE)
protected String requestObjectEncryptionAlgValue;
- @JsonProperty("request-object-encryption-enc-value")
+ @JsonProperty(REQUEST_OBJECT_ENCRYPTION_ENC_VALUE)
protected String requestObjectEncryptionEncValue;
/**
* The Proxy url to use for requests to the auth-server, configurable via the adapter config property {@code proxy-url}.
*/
- @JsonProperty("proxy-url")
+ @JsonProperty(PROXY_URL)
protected String proxyUrl;
public boolean isAllowAnyHostname() {
diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java
index b604af8a8f..6eb698160a 100644
--- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java
+++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcBaseTest.java
@@ -413,12 +413,12 @@ private void performAuthentication(InputStream oidcConfig, String username, Stri
protected InputStream getOidcConfigurationInputStreamWithProviderUrl() {
String oidcConfig = "{\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + Oidc.RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + Oidc.PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + Oidc.PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
+ " \"" + Oidc.SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + Oidc.CREDENTIALS + "\" : {\n" +
+ " \"" + Oidc.ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
diff --git a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java
index fdda1aac44..4dede8b5ed 100644
--- a/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java
+++ b/http/oidc/src/test/java/org/wildfly/security/http/oidc/OidcTest.java
@@ -44,8 +44,28 @@
import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT1_USER;
import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_PASSWORD;
import static org.wildfly.security.http.oidc.KeycloakConfiguration.TENANT2_USER;
+import static org.wildfly.security.http.oidc.Oidc.AUTH_SERVER_URL;
+import static org.wildfly.security.http.oidc.Oidc.AUTHENTICATION_REQUEST_FORMAT;
+import static org.wildfly.security.http.oidc.Oidc.CREDENTIALS;
+import static org.wildfly.security.http.oidc.Oidc.ClientCredentialsProviderType;
+import static org.wildfly.security.http.oidc.Oidc.PROVIDER_URL;
import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME;
import static org.wildfly.security.http.oidc.Oidc.OIDC_SCOPE;
+import static org.wildfly.security.http.oidc.Oidc.PUBLIC_CLIENT;
+import static org.wildfly.security.http.oidc.Oidc.PRINCIPAL_ATTRIBUTE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_ALGORITHM;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_FILE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_PASSWORD;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_SIGNING_KEY_ALIAS;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ALG_VALUE;
+import static org.wildfly.security.http.oidc.Oidc.REQUEST_OBJECT_ENCRYPTION_ENC_VALUE;
+import static org.wildfly.security.http.oidc.Oidc.RESOURCE;
+import static org.wildfly.security.http.oidc.Oidc.REALM;
+import static org.wildfly.security.http.oidc.Oidc.SCOPE;
+import static org.wildfly.security.http.oidc.Oidc.SSL_REQUIRED;
+import static org.wildfly.security.http.oidc.Oidc.TOKEN_SIGNATURE_ALGORITHM;
import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.OAUTH2;
import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST;
import static org.wildfly.security.http.oidc.Oidc.AuthenticationRequestFormat.REQUEST_URI;
@@ -664,13 +684,13 @@ private InputStream getOidcConfigurationInputStream(String clientSecret) {
private InputStream getOidcConfigurationInputStream(String clientSecret, String authServerUrl) {
String oidcConfig = "{\n" +
- " \"realm\" : \"" + TEST_REALM + "\",\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"auth-server-url\" : \"" + authServerUrl + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + clientSecret + "\"\n" +
+ " \"" + REALM + "\" : \"" + TEST_REALM + "\",\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + AUTH_SERVER_URL + "\" : \"" + authServerUrl + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + clientSecret + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -678,12 +698,12 @@ private InputStream getOidcConfigurationInputStream(String clientSecret, String
private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpression() {
String oidcConfig = "{\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "${oidc.provider-url-env}\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -691,12 +711,12 @@ private InputStream getOidcConfigurationInputStreamWithEnvironmentVariableExpres
private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression() {
String oidcConfig = "{\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"${oidc.provider.url}\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"${oidc.provider.url}\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -704,12 +724,12 @@ private InputStream getOidcConfigurationInputStreamWithSystemPropertyExpression(
private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash() {
String oidcConfig = "{\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "/" + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -717,11 +737,11 @@ private InputStream getOidcConfigurationInputStreamWithProviderUrlTrailingSlash(
private InputStream getOidcConfigurationMissingRequiredOption() {
String oidcConfig = "{\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -729,45 +749,43 @@ private InputStream getOidcConfigurationMissingRequiredOption() {
private InputStream getOidcConfigurationInputStreamWithTokenSignatureAlgorithm() {
String oidcConfig = "{\n" +
- " \"token-signature-algorithm\" : \"RS256\",\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + TOKEN_SIGNATURE_ALGORITHM + "\" : \"RS256\",\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
}
private InputStream getOidcConfigurationInputStreamWithScope(String scopeValue){
String oidcConfig = "{\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"scope\" : \"" + scopeValue + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + SCOPE + "\" : \"" + scopeValue + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
}
private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod){
String oidcConfig = "{\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
- " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
- " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
- " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" +
- " \"scope\" : \"profile email phone\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" +
+ " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" +
+ " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" +
+ " \"" + SCOPE + "\" : \"profile email phone\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -775,16 +793,15 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r
private InputStream getOidcConfigurationInputStreamWithoutEncValue(String requestParameter, String encryptionAlgorithm){
String oidcConfig = "{\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
- " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
- " \"scope\" : \"profile email phone\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" +
+ " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" +
+ " \"" + SCOPE + "\" : \"profile email phone\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -792,22 +809,22 @@ private InputStream getOidcConfigurationInputStreamWithoutEncValue(String reques
private InputStream getOidcConfigurationInputStreamWithRequestParameter(String requestParameter, String signingAlgorithm, String encryptionAlgorithm, String encMethod, String keyStorePath, String alias, String keyStoreType){
String oidcConfig = "{\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
- " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
- " \"request-object-encryption-alg-value\" : \"" + encryptionAlgorithm + "\",\n" +
- " \"request-object-encryption-enc-value\" : \"" + encMethod + "\",\n" +
- " \"request-object-signing-keystore-file\" : \"" + keyStorePath + "\",\n" +
- " \"request-object-signing-keystore-type\" : \"" + keyStoreType + "\",\n" +
- " \"request-object-signing-keystore-password\" : \"" + KEYSTORE_PASS + "\",\n" +
- " \"request-object-signing-key-password\" : \"" + KEYSTORE_PASS + "\",\n" +
- " \"request-object-signing-key-alias\" : \"" + alias + "\",\n" +
- " \"scope\" : \"email phone profile\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" +
+ " \"" + REQUEST_OBJECT_ENCRYPTION_ALG_VALUE + "\" : \"" + encryptionAlgorithm + "\",\n" +
+ " \"" + REQUEST_OBJECT_ENCRYPTION_ENC_VALUE + "\" : \"" + encMethod + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_FILE + "\" : \"" + keyStorePath + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_TYPE + "\" : \"" + keyStoreType + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_KEYSTORE_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_KEY_PASSWORD + "\" : \"" + KEYSTORE_PASS + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_KEY_ALIAS + "\" : \"" + alias + "\",\n" +
+ " \"" + SCOPE + "\" : \"email phone profile\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -815,26 +832,26 @@ private InputStream getOidcConfigurationInputStreamWithRequestParameter(String r
private InputStream getOidcConfigurationInputStreamWithRequestObjectPublicClient(String requestParameter, String signingAlgorithm){
String oidcConfig = "{\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
- " \"public-client\" : \"true\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"authentication-request-format\" : \"" + requestParameter + "\",\n" +
- " \"request-object-signing-algorithm\" : \"" + signingAlgorithm + "\",\n" +
- " \"scope\" : \"email phone profile\"\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM_WITH_SCOPES + "/" + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"true\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + AUTHENTICATION_REQUEST_FORMAT + "\" : \"" + requestParameter + "\",\n" +
+ " \"" + REQUEST_OBJECT_SIGNING_ALGORITHM + "\" : \"" + signingAlgorithm + "\",\n" +
+ " \"" + SCOPE + "\" : \"email phone profile\"\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
}
private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String principalAttributeValue) {
String oidcConfig = "{\n" +
- " \"principal-attribute\" : \"" + principalAttributeValue + "\",\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + PRINCIPAL_ATTRIBUTE + "\" : \"" + principalAttributeValue + "\",\n" +
+ " \"" + RESOURCE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + TEST_REALM + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -842,13 +859,13 @@ private InputStream getOidcConfigurationInputStreamWithPrincipalAttribute(String
static InputStream getTenantConfigWithAuthServerUrl(String tenant) {
String oidcConfig = "{\n" +
- " \"realm\" : \"" + tenant + "\",\n" +
- " \"resource\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"auth-server-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + REALM + "\" : \"" + tenant + "\",\n" +
+ " \""+ RESOURCE +"\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT +"\" : \"false\",\n" +
+ " \"" + AUTH_SERVER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));
@@ -856,12 +873,12 @@ static InputStream getTenantConfigWithAuthServerUrl(String tenant) {
static InputStream getTenantConfigWithProviderUrl(String tenant) {
String oidcConfig = "{\n" +
- " \"provider-url\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" +
- " \"client-id\" : \"" + CLIENT_ID + "\",\n" +
- " \"public-client\" : \"false\",\n" +
- " \"ssl-required\" : \"EXTERNAL\",\n" +
- " \"credentials\" : {\n" +
- " \"secret\" : \"" + CLIENT_SECRET + "\"\n" +
+ " \"" + PROVIDER_URL + "\" : \"" + KEYCLOAK_CONTAINER.getAuthServerUrl() + "/realms/" + tenant + "\",\n" +
+ " \"" + Oidc.CLIENT_ID_JSON_VALUE + "\" : \"" + CLIENT_ID + "\",\n" +
+ " \"" + PUBLIC_CLIENT + "\" : \"false\",\n" +
+ " \"" + SSL_REQUIRED + "\" : \"EXTERNAL\",\n" +
+ " \"" + CREDENTIALS + "\" : {\n" +
+ " \"" + ClientCredentialsProviderType.SECRET.getValue() + "\" : \"" + CLIENT_SECRET + "\"\n" +
" }\n" +
"}";
return new ByteArrayInputStream(oidcConfig.getBytes(StandardCharsets.UTF_8));