Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancing Lightweight access token M2 #25716

Merged
merged 1 commit into from
Jan 9, 2024
Merged

Enhancing Lightweight access token M2 #25716

merged 1 commit into from
Jan 9, 2024

Conversation

skabano
Copy link
Contributor

@skabano skabano commented Dec 20, 2023
edited by mposolda
Loading

Lightweight access token support follows milestone #21186.
Since M0,1 have already been implemented, I will implement milestone 2.
Details of the M2 specification can be found in #23724.

closes #23724

@skabano skabano requested review from a team as code owners December 20, 2023 06:53
@skabano skabano requested a review from a team December 20, 2023 06:53
@skabano skabano requested a review from a team as a code owner December 20, 2023 06:53
@skabano skabano force-pushed the LighweightAccessTokenM2 branch from de3489e to cc0ba88 Compare December 20, 2023 07:08
@skabano skabano force-pushed the LighweightAccessTokenM2 branch from cc0ba88 to 39e9ea7 Compare December 20, 2023 08:57
mposolda
mposolda reviewed Dec 20, 2023
View reviewed changes
Copy link
Contributor

@mposolda mposolda left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skabano This looks great to me, Thanks!

I've added one minor comment inline. Could you please check it?

@tnorimat Could you please review as well?

Besides that, we will likely need some documentation? I wonder if it is ok to add documentation for Lightweight access tokens in this PR or use it in the follow-up PR? Whatever of those is fine with me.

For the documentation, I suggest to:

@skabano @tnorimat WDYT? Do you prefer follow-up PR for the documentation or do it directly in this one?

server-spi-private/src/main/java/org/keycloak/models/ClientPolicyConstants.java Outdated Show resolved Hide resolved
@mposolda mposolda self-assigned this Dec 20, 2023
@mposolda mposolda requested a review from tnorimat December 20, 2023 08:59
@cypress Cypress
Copy link

cypress bot commented Dec 20, 2023
edited
Loading

1 flaky test on run #10453 ↗︎

0 558 54 0 Flakiness 1

Details:

Merge c27d29d into 7337871...
Project: Keycloak Admin UI Commit: d8390702a1 ℹ️
Status: Passed Duration: 07:17 💡
Started: Jan 9, 2024 2:16 AM Ended: Jan 9, 2024 2:23 AM
Flakiness  cypress/e2e/masthead_test.spec.ts • 1 flaky test • chrome

View Output

Test Artifacts
Masthead tests > Desktop view > Go to account console and back to admin console Test Replay Screenshots

Review all test suite changes for PR #25716 ↗︎

@skabano skabano force-pushed the LighweightAccessTokenM2 branch from 39e9ea7 to 2075c13 Compare December 20, 2023 09:55
@tnorimat
Copy link
Contributor

@mposolda Yes, I will review the PR.

tnorimat
tnorimat suggested changes Dec 21, 2023
View reviewed changes
Copy link
Contributor

@tnorimat tnorimat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skabano I added some review comments. Could you check them?

...uillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java
String introspectResponse = oauth.introspectAccessTokenWithClientCredential(RESOURCE_SERVER_CLIENT_ID, RESOURCE_SERVER_CLIENT_PASSWORD, accessToken);
System.out.println("tokenResponse:" introspectResponse);
assertTokenIntrospectionResponse(JsonSerialization.readValue(introspectResponse, AccessToken.class), true, true, false);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about adding a test here to check whether a client get an access token instead of a lightweight access token after removing a policy to apply UseLightweightAccessTokenExecutor to the client?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added test.

...uillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java Outdated
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(authsEndpointResponse.getCode(), TEST_CLIENT_SECRET);
String accessToken = tokenResponse.getAccessToken();
assertAccessToken(oauth.verifyToken(accessToken), true, false);
System.out.println("access token:" accessToken);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about replacing System.out.println with other logging method? It seems that Keycloak tends not to use System.out.println. Could you check other lines using System.out.println in this test class?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to use logger.debug.

@skabano skabano force-pushed the LighweightAccessTokenM2 branch from 2075c13 to 1aa310c Compare December 21, 2023 09:25
@ghost ghost mentioned this pull request Dec 21, 2023
Closed
tnorimat
tnorimat suggested changes Dec 21, 2023
View reviewed changes
Copy link
Contributor

@tnorimat tnorimat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skabano I added one review comment. Could you check it?

...uillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java
@@ -1,6 1,7 @@
package org.keycloak.testsuite.oidc;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add header comments?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added header.

@skabano skabano force-pushed the LighweightAccessTokenM2 branch from 1aa310c to f12c172 Compare December 22, 2023 01:35
@tnorimat
Copy link
Contributor

@skabano
In LightWeightAccessTokenTest.java how about using Assert.assertNull instead of Assert.assertTrue for null check?
For example,

Assert.assertTrue(token.getNonce() == null);

to

Assert.assertNull(token.getNonce());

@skabano skabano force-pushed the LighweightAccessTokenM2 branch from f12c172 to 6fa74a8 Compare December 22, 2023 05:58
@skabano
Copy link
Contributor Author

skabano commented Dec 22, 2023

@skabano In LightWeightAccessTokenTest.java how about using Assert.assertNull instead of Assert.assertTrue for null check? For example,

Assert.assertTrue(token.getNonce() == null);

to

Assert.assertNull(token.getNonce());

@tnorimat
Changed to use Assert.assertNull(token.getNonce()).

tnorimat
tnorimat approved these changes Dec 22, 2023
View reviewed changes
Copy link
Contributor

@tnorimat tnorimat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tnorimat
Copy link
Contributor

@mposolda Could you check the PR?

mposolda
mposolda previously approved these changes Jan 5, 2024
View reviewed changes
Copy link
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skabano @tnorimat Thanks!

@mposolda
Copy link
Contributor

mposolda commented Jan 5, 2024

@skabano There are some conflicts, could you please resolve them? Hopefully just rebase would help. Thanks!

@skabano skabano force-pushed the LighweightAccessTokenM2 branch from 6fa74a8 to c27d29d Compare January 9, 2024 02:08
@skabano
Copy link
Contributor Author

skabano commented Jan 9, 2024

@skabano There are some conflicts, could you please resolve them? Hopefully just rebase would help. Thanks!
@mposolda
I resolved the conflict and rebased.

@ghost ghost mentioned this pull request Jan 9, 2024
Closed
mposolda
mposolda approved these changes Jan 9, 2024
View reviewed changes
Copy link
Contributor

@mposolda mposolda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@skabano Thanks!

@mposolda mposolda merged commit 67e73d3 into keycloak:main Jan 9, 2024
70 checks passed
@skabano skabano deleted the LighweightAccessTokenM2 branch January 9, 2024 08:53
wistefan pushed a commit to wistefan/keycloak that referenced this pull request Jan 17, 2024
@skabano @wistefan
Enhancing Lightweight access token M2(keycloak#25716)
7edf8ed 
Closes keycloak#23724

Signed-off-by: shigeyuki kabano <[email protected]>
Signed-off-by: Stefan Wiedemann <[email protected]>
ShefeeqPM pushed a commit to ShefeeqPM/keycloak that referenced this pull request Jan 27, 2024
@skabano @ShefeeqPM
Enhancing Lightweight access token M2(keycloak#25716)
cf7f60a 
Closes keycloak#23724

Signed-off-by: shigeyuki kabano <[email protected]>
Signed-off-by: ShefeeqPM <86718986 [email protected]>
@elkman elkman mentioned this pull request May 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tnorimat tnorimat tnorimat approved these changes

@mposolda mposolda mposolda approved these changes

Assignees

@mposolda mposolda

Labels
flaky-test team/cloud-native team/ui
Projects
None yet
Milestone
No milestone
3 participants
@skabano @tnorimat @mposolda