Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Define a way with `WithMockKeycloakAuth` to populate accessToken information

See original GitHub issue

In the version 2.1.0, is possible to define sessionState

@WithMockKeycloakAuth(authorities=["something"]), accessToken=WithAccessToken(sessionState="00000000-0000-0000-0000-000000000000")

But in the version 2.4.0, I don’t found a way to define AccessToken.sessionState (session_state). Also, I need define too AccessToken.id (jti) and AccessToken.subject (sub).

I found how to define the sub, but not others

@WithMockKeycloakAuth(authorities=[CLASSROOM_TURMAS_CADASTRAR_COMANDO], id=IdTokenClaims(sub="00000000-0000-0000-0000-000000000000"))

Maybe a way to do this is defining a hashmap or something like to add all the (custom) token values that are needed

Issue Analytics

State:
Created 3 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

ch4mpycommented, Oct 23, 2020

I re-open. Further investigations needed

1reaction

ch4mpycommented, Oct 23, 2020

In 2.3.0, I reorganized the properties, but this is mostly code shuffling, you should have about the same configuration options. It is possible I lost a few very low-level JWT claims like jti in the process, but see at the end of this post how you can set it in privateClaims). How comes your @Controller code (or @Service or any other “business” code) needs access to such claims (session_state and jti)? Shouldn’t this be used by upstream frameworks only (like Spring-security, before access is granted and KeycloakAuthenticationToken is build)?

The reason for this change is I chose to get closer to the OpenID spec to re-use some code I wrote for another OpenID Authentication implementation (I personally don’t use KeycloakAuthenticationToken any more mostly because Keycloak Spring libs are moving too slow). This spec is there https://openid.net/specs/openid-connect-core-1_0.html

Current state:

IDToken claims are in @WithMockKeycloakAuth(id = @IdTokenClaims(...))
StandardClaims are in `@WithMockKeycloakAuth(oidc = @OidcStandardClaims(…))
KeycloakAccessToken, which wraps Keycloak private claims (not in the standard) are defined in @WithMockKeycloakAuth(accessToken = @KeycloakAccessToken(...))

What this means for you:

if you are looking for OpenID standard claims, set it either in @WithMockKeycloakAuth id or oidc properties (sub is standard IDToken claim and so under id)
if you are looking for Keycloak “standard” claims (I mean for the claims I knew at moment I wrote the lib), dig under accessToken property
if you want to set claims that are neither in OpenID nor Keycloak specs (like jti and session_state or claims I missed), you should still be able to set it in privateClaims

As usual, samples are rather informative:

	@Test
	@WithMockKeycloakAuth(
			authorities = { "USER", "AUTHORIZED_PERSONNEL" },
			id = @IdTokenClaims(sub = "42"),
			oidc = @OidcStandardClaims(
					email = "ch4mp@c4-soft.com",
					emailVerified = true,
					nickName = "Tonton-Pirate",
					preferredUsername = "ch4mpy"),
			accessToken = @KeycloakAccessToken(
					realmAccess = @KeycloakAccess(roles = { "TESTER" }),
					authorization = @KeycloakAuthorization(
							permissions = @KeycloakPermission(rsid = "toto", rsname = "truc", scopes = "abracadabra"))),
			privateClaims = @ClaimSet(stringClaims = @StringClaim(name = "foo", value = "bar")))
	public void whenAuthenticatedWithKeycloakAuthenticationTokenThenCanGreet() throws Exception {
		api.get("/greet")
				.andExpect(status().isOk())
				.andExpect(content().string(startsWith("Hello ch4mpy! You are granted with ")))
				.andExpect(content().string(containsString("AUTHORIZED_PERSONNEL")))
				.andExpect(content().string(containsString("USER")))
				.andExpect(content().string(containsString("TESTER")));
	}