Define a way with `WithMockKeycloakAuth` to populate accessToken information
See original GitHub issueIn the version 2.1.0, is possible to define sessionState
@WithMockKeycloakAuth(authorities=["something"]), accessToken=WithAccessToken(sessionState="00000000-0000-0000-0000-000000000000")
But in the version 2.4.0, I don’t found a way to define AccessToken.sessionState
(session_state
). Also, I need define too AccessToken.id
(jti
) and AccessToken.subject
(sub
).
I found how to define the sub
, but not others
@WithMockKeycloakAuth(authorities=[CLASSROOM_TURMAS_CADASTRAR_COMANDO], id=IdTokenClaims(sub="00000000-0000-0000-0000-000000000000"))
Maybe a way to do this is defining a hashmap or something like to add all the (custom) token values that are needed
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Authorization Services Guide - Keycloak
Keycloak is based on a set of administrative UIs and a RESTful API, and provides the necessary means to create permissions for your...
Read more >Access Tokens - OAuth 2.0 Simplified
The access token represents the authorization of a specific application to access specific parts of a user's data.
Read more >ID Token and Access Token: What Is the Difference? - Auth0
In the OAuth 2 context, the access token allows a client application to access a specific resource to perform specific actions on behalf...
Read more >Spring Security OAuth2 Tutorial with Keycloak | Full Course
Spring Security Oauth2 Tutorial with Keycloak - In this course, you will learn what is OAuth2 ? Why use it? And how to...
Read more >Access Token: Definition, Architecture, Usage & More - Okta
An access token is one piece of a security identity process that stores information about system entities. Learn how access tokens keep you...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I re-open. Further investigations needed
In 2.3.0, I reorganized the properties, but this is mostly code shuffling, you should have about the same configuration options. It is possible I lost a few very low-level JWT claims like
jti
in the process, but see at the end of this post how you can set it inprivateClaims
). How comes your @Controller code (or @Service or any other “business” code) needs access to such claims (session_state
andjti
)? Shouldn’t this be used by upstream frameworks only (like Spring-security, before access is granted and KeycloakAuthenticationToken is build)?The reason for this change is I chose to get closer to the OpenID spec to re-use some code I wrote for another OpenID
Authentication
implementation (I personally don’t useKeycloakAuthenticationToken
any more mostly because Keycloak Spring libs are moving too slow). This spec is there https://openid.net/specs/openid-connect-core-1_0.htmlCurrent state:
@WithMockKeycloakAuth(id = @IdTokenClaims(...))
@WithMockKeycloakAuth(accessToken = @KeycloakAccessToken(...))
What this means for you:
id
oroidc
properties (sub
is standard IDToken claim and so underid
)accessToken
propertyjti
andsession_state
or claims I missed), you should still be able to set it inprivateClaims
As usual, samples are rather informative: