upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-02-03 20:39:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
30079 commits 23 branches 291 tags 855 MiB
Commit graph

1398 commits

Author SHA1 Message Date
rmartinc
c63f54ba3a Client policy executor to allow extra audiences for JWT authorization grant 
Closes #45180

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-03 13:39:31 +01:00
forkimenjeckayang
3adcca44a7
[OID4VCI] CredentialEndpoint can be invoked with incorrect access token (#45816) 
closes #44670
closes #44580


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-02-02 19:29:40 +01:00
Stefan Guilhen
6e408dd7bc Introduce WorkflowEventSpi 
- supports custom event handling beyond the built-in workflow capabilities.

Closes #43916

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-02-02 11:18:27 -03:00
rmartinc
d4e9b16ea9 Include version in system-info for manage-realm and restrict view-system mapping 
Closes #45776

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-02-02 12:40:57 +01:00
Tero Saarni
cb4c533464
Add support for looking up client secrets via Vault SPI (#39650) 
Fixes #13102


Signed-off-by: Tero Saarni <tero.saarni@est.tech>
 2026-01-28 16:45:30 +01:00
Awambeng
d14e1d56a0
[OID4VCI] Fix OID4VCI credential requests to restrict Default client scopes (#45011) 
Closes #44737


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-01-28 15:50:02 +01:00
Stefan Guilhen
b0f93232e9 Prevent NPE when evaluating policies and policy is deleted 
Closes #45561

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-28 10:51:16 -03:00
NAMAN JAIN
5e3c0b6b28 Fix realm context handling for StoreSyncEvent processing 
Signed-off-by: NAMAN JAIN <naman.049259@tmu.ac.in>

Fix realm context handling for StoreSyncEvent processing

Ensure the correct realm is resolved and set when handling StoreSyncEvent
inside transactional jobs. Restore the original session realm context to
avoid leakage and make StoreSyncEvent constructors public so events can be
safely published after transaction commit from RealmManager.

Closes #44574
 2026-01-28 11:40:45 +01:00
Stefan Guilhen
bc0e2ff10b Move init/postInit/close to WorkflowConditionProviderFactory, cleanup implementations 
Closes #45767

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-27 15:06:01 -03:00
Stefan Guilhen
c13a1772f8 Adds ability to migrate scheduled workflow resources from one step to another step in the same or different workflow 
Closes #45174

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-27 13:46:18 -03:00
mposolda
e414050524 Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors 
closes #45706

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 17:21:45 +01:00
mposolda
76c4263db9 Polishing based on PR review. Fix flaky tests 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
mposolda
416a6017c2 Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
vramik
111ba36504 Organization Groups Core Backend & API 
Closes #45562

Signed-off-by: vramik <vramik@redhat.com>
 2026-01-22 09:39:24 -03:00
Giuseppe Graziano
b74be6ed41
JWT Authorization Grant for Google idp (#45543) 
Closes #45179

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-01-21 16:17:52 +01:00
Hathoute
ea2083ed2c Support for clients in workflows 
Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-21 11:20:30 -03:00
forkimenjeckayang
fa28ddddb2
[OID4VCI] Disable OID4VCI functionality when Verified Credentials switch is off (#44995) 
closes #44622


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2026-01-19 14:09:42 +01:00
Pedro Igor
c8a41dea99 Reverting format changes, updating docs, and only exposing the method to fetch first-factor credentials 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-19 08:30:47 -03:00
Nikita Bohuslavskyi
348670ae32 Align organization broker redirect after OTP setup 
Closes #40510

Signed-off-by: Nikita Bohuslavskyi <nikita.bohuslavskyi@student.tuke.sk>
 2026-01-19 08:30:47 -03:00
mposolda
fcc9ade022 Not able to find key for credential signature if client scope was saved from admin console
Some checks are pending
Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run
Details 
closes #44699

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-16 08:51:51 +01:00
Stefan Guilhen
c63a8aa087 Step provider factories cleanup 
- adds default init, postInit, close, getConfigProperties methods to WorkflowStepProviderFactory

Closes #45398

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2026-01-15 15:32:45 -03:00
Sebastian Schuster
c5c83d6604 Fix test failures 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
 2026-01-15 14:06:54 -03:00
Sebastian Schuster
9d0f679ece 45417 fixed unmanaged attributes to not allow writing when only admin can view policy is enabled 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
 2026-01-15 14:06:54 -03:00
ksushant881
def4edd7d4 Make target configurable in workflow notify user step 
Closes #44676

Signed-off-by: ksushant881 <ksushant881@gmail.com>
 2026-01-13 16:42:07 -03:00
mposolda
1273c8db0e DCR endpoint ignores client's requested token_endpoint_auth_method in case it is client_secret_post 
closes #44403

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-12 09:54:04 +01:00
Ricardo Martin
1aa1621eaa
Use MIME decoder instead of the default one to replace deprecated Base64 class 
Closes #45226

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-01-09 16:38:09 +01:00
Pedro Igor
34dda98a36
Update email when linking account when sync mode is FORCE 
Closes #44905

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-09 11:58:49 +01:00
Pedro Igor
17f0dbdc1c Update browser flow with organization flow on migration 
Closes #36593

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-01-07 09:37:46 -03:00
forkimenjeckayang
c76676ebef
[OID4VCI] Make sure events are properly used in OID4VCI endpoints (#44946) 
Closes: #44679


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-07 11:06:45 +01:00
Bailey Lissington
b1536cf523
fix typo in authentication flows descriptions 
Closes #45066

Signed-off-by: Bailey Lissington <54869395+llamington@users.noreply.github.com>
 2025-12-23 13:40:33 +00:00
Giuseppe Graziano
790fb557db
Limit access Token expiration for jwt authorization grant (#44775) 
Closes #43972


Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-12-18 09:21:29 +01:00
Ryan Emerson
9f6b8159ec
Create a LocalCacheProvider SPI (#44950) 
Closes #42223

Signed-off-by: Ryan Emerson <remerson@ibm.com>
 2025-12-17 12:46:05 +01:00
Palpable
94ee6d81fb
[OID4VCI] Realign naming of attribute configuring algorithms for credential (#44765) 
Closes #44621


Signed-off-by: Vitalisn4 <ngamvitalisyuh@gmail.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Signed-off-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
Co-authored-by: Ingrid Kamga <Ingrid.Kamga@adorsys.com>
 2025-12-16 14:46:17 +01:00
Stefan Guilhen
22c144dd30 Rename workflow events 
- USER_ADDED -> USER_CREATED
- USER_ROLE_ADDED -> USER_ROLE_GRANTED
- USER_ROLE_REMOVED -> USER_ROLE_REVOKED

Closes #44879

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-12 14:15:24 -03:00
Christian Glasmachers
921b10ee80
Login failure cache: Evict entries after the configured failure reset time 
Closes #44801

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Co-authored-by: Christian Glasmachers <Christian.Glasmachers-extern@deutschebahn.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com>
 2025-12-10 11:20:19 +01:00
Stefan Guilhen
21eeb95fbc Rename workflow event USER_LOGGED_IN to USER_AUTHENTICATED 
Closes #44717

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-08 19:00:25 -03:00
Pedro Igor
89a8cddfd6
Make sure group permissions on view scope are not processed when querying users 
Closes #44329

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: vramik <vramik@redhat.com>
 2025-12-08 14:39:40 +01:00
Pedro Igor
985777ebcc
Improvements to the notify step 
Closes #44708

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-12-05 18:58:03 +01:00
Pascal Knüppel
46e5979b17
[OID4VCI] Handle key_attestation_required in metadata endpoint (#44471) 
fixes #43801


Signed-off-by: Pascal Knüppel <pascal.knueppel@governikus.de>
Signed-off-by: Pascal Knüppel <captain.p.goldfish@gmx.de>
Signed-off-by: Captain-P-Goldfish <captain.p.goldfish@gmx.de>
Co-authored-by: Ingrid Kamga <xingridkamga@gmail.com>
 2025-12-05 16:00:32 +01:00
Steve Hawkins
25186278fc fix: consolidating config logic
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
closes: #42000

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-12-04 14:25:56 -03:00
forkimenjeckayang
4dd68c0316
[OID4VCI] Conformance Test Fixes (#44439) 
closes #44659


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-12-04 09:03:38 +01:00
Stefan Guilhen
65ab7f541d Add API method that fetches the scheduled workflow steps for a resource 
Closes #43660

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-03 11:09:55 -03:00
Stefan Guilhen
be714d935d Ensure GroupMemberLeaveEvent has a reference to the user leaving the group 
Closes #44400

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-12-01 10:46:43 -03:00
Pedro Ruivo
b35dd72392
User session deleted events for invalid sessions
Some checks failed
Weblate Sync / Trigger Weblate to pull the latest changes (push) Has been cancelled
Details 
Closes #44513

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-11-28 15:43:59 +00:00
Sebastian Łaskawiec
aa789dd023 Logout confirmation 
Signed-off-by: Sebastian Łaskawiec <sebastian.laskawiec@gmail.com>
 2025-11-28 14:24:32 +01:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255)
Some checks are pending
Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run
Details 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
Pedro Igor
96aea99d6c
Make sure LDAP sync runs in a single cluster node and respecting the configured period 
Closes #43752

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-11-27 08:08:20 +01:00
rmartinc
d0e4d1f620 Better events for jwt-bearer and check all details in the tests 
CLoses #44137

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-26 12:09:51 +01:00
rmartinc
ca205272ba Initial integration of the JWT Authorization Grant in client Policies 
Using the downscope executor for testing
Closes #44201

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-24 19:37:07 +01:00
vramik
0825f22331 Add toPredicate implementation for conditions 
Closes #42696

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-24 08:56:36 -03:00