question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Define a way with `WithMockKeycloakAuth` to populate accessToken information

See original GitHub issue

In the version 2.1.0, is possible to define sessionState

@WithMockKeycloakAuth(authorities=["something"]), accessToken=WithAccessToken(sessionState="00000000-0000-0000-0000-000000000000")

But in the version 2.4.0, I don’t found a way to define AccessToken.sessionState (session_state). Also, I need define too AccessToken.id (jti) and AccessToken.subject (sub).

I found how to define the sub, but not others

@WithMockKeycloakAuth(authorities=[CLASSROOM_TURMAS_CADASTRAR_COMANDO], id=IdTokenClaims(sub="00000000-0000-0000-0000-000000000000"))

Maybe a way to do this is defining a hashmap or something like to add all the (custom) token values that are needed

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
ch4mpycommented, Oct 23, 2020

I re-open. Further investigations needed

1reaction
ch4mpycommented, Oct 23, 2020

In 2.3.0, I reorganized the properties, but this is mostly code shuffling, you should have about the same configuration options. It is possible I lost a few very low-level JWT claims like jti in the process, but see at the end of this post how you can set it in privateClaims). How comes your @Controller code (or @Service or any other “business” code) needs access to such claims (session_state and jti)? Shouldn’t this be used by upstream frameworks only (like Spring-security, before access is granted and KeycloakAuthenticationToken is build)?

The reason for this change is I chose to get closer to the OpenID spec to re-use some code I wrote for another OpenID Authentication implementation (I personally don’t use KeycloakAuthenticationToken any more mostly because Keycloak Spring libs are moving too slow). This spec is there https://openid.net/specs/openid-connect-core-1_0.html

Current state:

  • IDToken claims are in @WithMockKeycloakAuth(id = @IdTokenClaims(...))
  • StandardClaims are in `@WithMockKeycloakAuth(oidc = @OidcStandardClaims(…))
  • KeycloakAccessToken, which wraps Keycloak private claims (not in the standard) are defined in @WithMockKeycloakAuth(accessToken = @KeycloakAccessToken(...))

What this means for you:

  • if you are looking for OpenID standard claims, set it either in @WithMockKeycloakAuth id or oidc properties (sub is standard IDToken claim and so under id)
  • if you are looking for Keycloak “standard” claims (I mean for the claims I knew at moment I wrote the lib), dig under accessToken property
  • if you want to set claims that are neither in OpenID nor Keycloak specs (like jti and session_state or claims I missed), you should still be able to set it in privateClaims

As usual, samples are rather informative:

	@Test
	@WithMockKeycloakAuth(
			authorities = { "USER", "AUTHORIZED_PERSONNEL" },
			id = @IdTokenClaims(sub = "42"),
			oidc = @OidcStandardClaims(
					email = "ch4mp@c4-soft.com",
					emailVerified = true,
					nickName = "Tonton-Pirate",
					preferredUsername = "ch4mpy"),
			accessToken = @KeycloakAccessToken(
					realmAccess = @KeycloakAccess(roles = { "TESTER" }),
					authorization = @KeycloakAuthorization(
							permissions = @KeycloakPermission(rsid = "toto", rsname = "truc", scopes = "abracadabra"))),
			privateClaims = @ClaimSet(stringClaims = @StringClaim(name = "foo", value = "bar")))
	public void whenAuthenticatedWithKeycloakAuthenticationTokenThenCanGreet() throws Exception {
		api.get("/greet")
				.andExpect(status().isOk())
				.andExpect(content().string(startsWith("Hello ch4mpy! You are granted with ")))
				.andExpect(content().string(containsString("AUTHORIZED_PERSONNEL")))
				.andExpect(content().string(containsString("USER")))
				.andExpect(content().string(containsString("TESTER")));
	}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Authorization Services Guide - Keycloak
Keycloak is based on a set of administrative UIs and a RESTful API, and provides the necessary means to create permissions for your...
Read more >
Access Tokens - OAuth 2.0 Simplified
The access token represents the authorization of a specific application to access specific parts of a user's data.
Read more >
ID Token and Access Token: What Is the Difference? - Auth0
In the OAuth 2 context, the access token allows a client application to access a specific resource to perform specific actions on behalf...
Read more >
Spring Security OAuth2 Tutorial with Keycloak | Full Course
Spring Security Oauth2 Tutorial with Keycloak - In this course, you will learn what is OAuth2 ? Why use it? And how to...
Read more >
Access Token: Definition, Architecture, Usage & More - Okta
An access token is one piece of a security identity process that stores information about system entities. Learn how access tokens keep you...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found