-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support Keycloak Dev Services for standalone OIDC Client Registration
- Loading branch information
1 parent
c90e362
commit 9520740
Showing
14 changed files
with
474 additions
and
212 deletions.
There are no files selected for viewing
20 changes: 20 additions & 0 deletions
20
...es/keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakAdminPageBuildItem.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
package io.quarkus.devservices.keycloak; | ||
|
||
import io.quarkus.builder.item.MultiBuildItem; | ||
import io.quarkus.devui.spi.page.CardPageBuildItem; | ||
|
||
/** | ||
* | ||
*/ | ||
public final class KeycloakAdminPageBuildItem extends MultiBuildItem { | ||
|
||
final CardPageBuildItem cardPage; | ||
|
||
/** | ||
* @param cardPage created inside extension that requires Keycloak Dev Service, this way, card page | ||
* custom identifier deduced from a stacktrace walker will identify the extension correctly | ||
*/ | ||
public KeycloakAdminPageBuildItem(CardPageBuildItem cardPage) { | ||
this.cardPage = cardPage; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
...ycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesConfigurator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package io.quarkus.devservices.keycloak; | ||
|
||
import java.util.Map; | ||
|
||
import org.keycloak.representations.idm.RealmRepresentation; | ||
|
||
public interface KeycloakDevServicesConfigurator { | ||
|
||
record ConfigPropertiesContext(String authServerInternalUrl, String oidcClientId, String oidcClientSecret) { | ||
} | ||
|
||
Map<String, String> createProperties(ConfigPropertiesContext context); | ||
|
||
default void customizeDefaultRealm(RealmRepresentation realmRepresentation) { | ||
} | ||
|
||
} |
263 changes: 130 additions & 133 deletions
263
.../keycloak/src/main/java/io/quarkus/devservices/keycloak/KeycloakDevServicesProcessor.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
...ent/registration/deployment/devservices/keycloak/KeycloakDevServiceRequiredBuildStep.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package io.quarkus.oidc.client.registration.deployment.devservices.keycloak; | ||
|
||
import static io.quarkus.devservices.keycloak.KeycloakDevServicesRequiredBuildItem.OIDC_AUTH_SERVER_URL_CONFIG_KEY; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
|
||
import org.eclipse.microprofile.config.ConfigProvider; | ||
import org.keycloak.common.util.MultivaluedHashMap; | ||
import org.keycloak.representations.idm.ComponentExportRepresentation; | ||
import org.keycloak.representations.idm.RealmRepresentation; | ||
|
||
import io.quarkus.deployment.IsDevelopment; | ||
import io.quarkus.deployment.IsNormal; | ||
import io.quarkus.deployment.annotations.BuildProducer; | ||
import io.quarkus.deployment.annotations.BuildStep; | ||
import io.quarkus.deployment.annotations.BuildSteps; | ||
import io.quarkus.deployment.dev.devservices.GlobalDevServicesConfig; | ||
import io.quarkus.devservices.keycloak.KeycloakAdminPageBuildItem; | ||
import io.quarkus.devservices.keycloak.KeycloakDevServicesConfigurator; | ||
import io.quarkus.devservices.keycloak.KeycloakDevServicesRequiredBuildItem; | ||
import io.quarkus.devui.spi.page.CardPageBuildItem; | ||
import io.quarkus.oidc.client.registration.deployment.OidcClientRegistrationBuildStep; | ||
|
||
@BuildSteps(onlyIfNot = IsNormal.class, onlyIf = { OidcClientRegistrationBuildStep.IsEnabled.class, | ||
GlobalDevServicesConfig.Enabled.class }) | ||
public class KeycloakDevServiceRequiredBuildStep { | ||
|
||
private static final String OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY = "quarkus.oidc-client-registration.auth-server-url"; | ||
|
||
@BuildStep | ||
void requireKeycloakDevService(BuildProducer<KeycloakDevServicesRequiredBuildItem> keycloakDevSvcRequiredProducer) { | ||
var devServicesConfigurator = new KeycloakDevServicesConfigurator() { | ||
|
||
@Override | ||
public Map<String, String> createProperties(ConfigPropertiesContext ctx) { | ||
return Map.of(OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY, ctx.authServerInternalUrl()); | ||
} | ||
|
||
@Override | ||
public void customizeDefaultRealm(RealmRepresentation realmRepresentation) { | ||
if (getInitialToken() == null) { | ||
realmRepresentation.setRegistrationAllowed(true); | ||
realmRepresentation.setRegistrationFlow("registration"); | ||
if (realmRepresentation.getComponents() == null) { | ||
realmRepresentation.setComponents(new MultivaluedHashMap<>()); | ||
} | ||
var componentExportRepresentation = new ComponentExportRepresentation(); | ||
componentExportRepresentation.setName("Full Scope Disabled"); | ||
componentExportRepresentation.setProviderId("scope"); | ||
componentExportRepresentation.setSubType("anonymous"); | ||
realmRepresentation.getComponents().put( | ||
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy", | ||
List.of(componentExportRepresentation)); | ||
} | ||
} | ||
}; | ||
|
||
keycloakDevSvcRequiredProducer | ||
.produce(new KeycloakDevServicesRequiredBuildItem(devServicesConfigurator, | ||
OIDC_CLIENT_REG_AUTH_SERVER_URL_CONFIG_KEY, OIDC_AUTH_SERVER_URL_CONFIG_KEY)); | ||
} | ||
|
||
@BuildStep(onlyIf = IsDevelopment.class) | ||
KeycloakAdminPageBuildItem addCardWithLinkToKeycloakAdmin() { | ||
return new KeycloakAdminPageBuildItem(new CardPageBuildItem()); | ||
} | ||
|
||
private static String getInitialToken() { | ||
return ConfigProvider.getConfig().getOptionalValue("quarkus.oidc-client-registration.initial-token", String.class) | ||
.orElse(null); | ||
} | ||
} |
65 changes: 65 additions & 0 deletions
65
...ava/io/quarkus/oidc/client/registration/OidcClientRegistrationKeycloakDevServiceTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package io.quarkus.oidc.client.registration; | ||
|
||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
|
||
import jakarta.enterprise.event.Observes; | ||
import jakarta.inject.Inject; | ||
import jakarta.inject.Singleton; | ||
|
||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.runtime.StartupEvent; | ||
import io.quarkus.test.QuarkusUnitTest; | ||
|
||
public class OidcClientRegistrationKeycloakDevServiceTest { | ||
|
||
@RegisterExtension | ||
static final QuarkusUnitTest test = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addAsResource( | ||
new StringAsset( | ||
""" | ||
quarkus.oidc-client-registration.metadata.client-name=Default Test Client | ||
quarkus.oidc-client-registration.metadata.redirect-uri=http://localhost:8081/default/redirect | ||
quarkus.oidc-client-registration.named.metadata.client-name=Named Test Client | ||
quarkus.oidc-client-registration.named.metadata.redirect-uri=http://localhost:8081/named/redirect | ||
quarkus.oidc-client-registration.named.auth-server-url=${quarkus.oidc-client-registration.auth-server-url} | ||
"""), | ||
"application.properties")); | ||
|
||
@Inject | ||
TestClientRegistrations testClientRegistrations; | ||
|
||
@Test | ||
public void testDefaultRegisteredClient() { | ||
assertEquals("Default Test Client", testClientRegistrations.defaultClientMetadata.getClientName()); | ||
assertEquals("http://localhost:8081/default/redirect", | ||
testClientRegistrations.defaultClientMetadata.getRedirectUris().get(0)); | ||
} | ||
|
||
@Test | ||
public void testNamedRegisteredClient() { | ||
assertEquals("Named Test Client", testClientRegistrations.namedClientMetadata.getClientName()); | ||
assertEquals("http://localhost:8081/named/redirect", | ||
testClientRegistrations.namedClientMetadata.getRedirectUris().get(0)); | ||
} | ||
|
||
@Singleton | ||
public static final class TestClientRegistrations { | ||
|
||
private volatile ClientMetadata defaultClientMetadata; | ||
private volatile ClientMetadata namedClientMetadata; | ||
|
||
void prepareDefaultClientMetadata(@Observes StartupEvent event, OidcClientRegistrations clientRegistrations) { | ||
var clientRegistration = clientRegistrations.getClientRegistration(); | ||
var registeredClient = clientRegistration.registeredClient().await().indefinitely(); | ||
defaultClientMetadata = registeredClient.metadata(); | ||
|
||
clientRegistration = clientRegistrations.getClientRegistration("named"); | ||
registeredClient = clientRegistration.registeredClient().await().indefinitely(); | ||
namedClientMetadata = registeredClient.metadata(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.