upstream/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-04-09 02:58:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 30
30693 commits 28 branches 303 tags 886 MiB
Commit graph

71 commits

Author SHA1 Message Date
Thomas Diesler
de720a1b43
[OID4VCI] Initial public client for credential issuance (#45855) 
closes #47280


Signed-off-by: Thomas Diesler <tdiesler@proton.me>
 2026-04-01 18:48:40 +02:00
Thomas Diesler
c296ae1b41
Align selenium version across test suites 
closes #47679

Signed-off-by: Thomas Diesler <tdiesler@proton.me>
 2026-04-01 16:37:33 +00:00
Laurids Møller Jepsen
3e3191d60c Enable use of kc_idp_hint in Pushed Authorization Requests. 
The client can select which Identity Provider to use for user authentication by including an Identity Provider alias in a "kc_idp_hint" parameter in a Pushed Authorization Request.

Closes #47229

Signed-off-by: Laurids Møller Jepsen <laurids.jepsen@cryptomathic.com>
 2026-04-01 09:32:46 +02:00
Thomas Diesler
8cb5f95894 [OID4VCI] Migrate OID4VCIssuerWellKnownProviderTest 
Signed-off-by: Thomas Diesler <tdiesler@proton.me>
 2026-03-27 16:26:55 +01:00
rmartinc
fa79f27415 Chage identity brokering API V2 to only allow confidential clients 
Closes #47256

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-03-23 14:40:41 +01:00
Ricardo Martin
b93695eb90
Add versioning to identity brokering api feature (#47281) 
Closes #47254

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-03-20 16:55:56 +01:00
Ricardo Martin
3c7582f318
Broker token API for saml (#47087) 
Closes #46589


Signed-off-by: rmartinc <rmartinc@redhat.com>
 2026-03-17 18:29:48 +01:00
Awambeng
3add23020b
[OID4VCI]: Migrate NonceEndpointTest to the new test suite (#47186) 
Closes #46598


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-03-17 12:16:08 +01:00
Stian Thorgersen
ca2bc8bd69
Initial experimental support for Resource Indicators (#46763) 
* Initial experimental support for Resource Indicators

Closes #47040

Signed-off-by: stianst <stianst@gmail.com>

# Conflicts:
#	services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
#	tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java

* Rename TokenInterceptor to TokenPostProcessor

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2026-03-17 08:45:56 +01:00
Thomas Diesler
6efb394398
[OID4VCI] Add support for authorization_code grant - Part4 (#46950) 
closes #47100


Signed-off-by: Thomas Diesler <tdiesler@proton.me>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2026-03-12 16:09:42 +01:00
Marek Posolda
7516d8035f
Migrate RefreshTokenTest to new testsuite (#46886) 
closes #46612


Signed-off-by: mposolda <mposolda@gmail.com>
 2026-03-10 08:57:49 +01:00
Pedro Igor
63bf73362b
Enforcing expiration and issued for claims when validating ID tokens as claim tokens 
Closes #46717
Closes #46716

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2026-03-09 21:18:31 +01:00
Thomas Diesler
46bcdb36a4
[OID4VCI] Migrate CredentialsOffer to multiple grant types (#46947) 
closes #46976

Signed-off-by: Thomas Diesler <tdiesler@proton.me>
 2026-03-09 11:52:34 +01:00
Thomas Diesler
b2dbdd3866
[OID4VCI] Migrate OID4VCCredentialOfferMatrixTest (#46946) 
closes #46971


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-03-09 08:27:32 +01:00
Thomas Diesler
ed1e6eac91
[OID4VCI] Migrate OID4VCIWellKnownProviderTest (#46672) 
closes #46649


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2026-03-02 17:27:38 +01:00
Giuseppe Graziano
07bcf30e63 Migrate Idp Store Token tests 
Closes #46573

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2026-03-02 13:52:08 +01:00
Thomas Diesler
54189f8094
[OID4VCI] Revisit and fix /credential_offer_uri endpoint (#46199) 
closes #45005


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-23 10:10:58 +01:00
Thomas Diesler
613e55d733 [OID4VCI] Confine test realm setup to TestCase.configureTestRealm() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-19 16:20:45 +01:00
Thomas Diesler
80839bfc44 -- make ctors package protected 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-13 15:29:04 +01:00
Thomas Diesler
4341b8a314 [OID4VCI] Revisit and fix OAuthClient.preAuthorizedCodeGrantRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-13 15:29:04 +01:00
Thomas Diesler
44e7cf2da9 [OID4VCI] Simplify OID4VCAuthorizationDetail handling 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-12 17:09:07 +01:00
Thomas Diesler
5659fa9ac7 [OID4VCI] Revisit and fix OAuthClient.credentialRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-11 12:05:06 +01:00
Thomas Diesler
64dee82f9f [OID4VCI] Revisit and fix OAuthClient.credentialOfferRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-10 13:15:45 +01:00
Thomas Diesler
b4c1a2a890 [OID4VCI] Revisit and fix OAuthClient.credentialOfferUriRequest() 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2026-02-10 11:50:55 +01:00
Awambeng
c40590762e
[OID4VCI] Add comprehensive tests for OID4VC authorization code flow (#45391) 
closes #44795


Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2026-02-04 11:50:49 +01:00
forkimenjeckayang
f2f185b367
[OID4VCI] Add OID4VCI request/response support to OAuthClient utility (#45784) 
closes: #44671


Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2026-01-28 11:54:42 +01:00
mposolda
e414050524 Remove AuthorizationDetailsResponse and make AuthorizationDetailsJSONRepresentation as base of RAR processors 
closes #45706

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 17:21:45 +01:00
mposolda
416a6017c2 Make authorizationDetails processing more generic and not tightly coupled to OID4VCI. Fixes 
closes #44961

Signed-off-by: mposolda <mposolda@gmail.com>
 2026-01-26 08:45:41 +01:00
Sebastian Schuster
9d0f679ece 45417 fixed unmanaged attributes to not allow writing when only admin can view policy is enabled 
Signed-off-by: Sebastian Schuster <sebastian.schuster@bosch.com>
 2026-01-15 14:06:54 -03:00
stianst
f6676ccd76 Migrate i18n package to new testsuite 
Closes #44520

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-28 08:56:11 -03:00
Thomas Diesler
54bf9206b2
[OID4VCI] Credential Offer must be created by Issuer not Holder (#44255)
Some checks are pending
Weblate Sync / Trigger Weblate to pull the latest changes (push) Waiting to run
Details 
closes #44116


Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
 2025-11-27 16:07:10 +01:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
Giuseppe Graziano
a25a0268de
Experimental feature for JWT Authorization Grant (#43624) 
Closes #43444

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-22 15:34:33 +02:00
stianst
aedd7fe5db Remove unused imports as part of #43233 
Signed-off-by: stianst <stianst@gmail.com>
 2025-10-13 13:32:01 +02:00
Marek Posolda
6a27a4c336
EdDSA support for DPoP (#42362) 
closes #42286

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-05 12:54:43 +02:00
stianst
57242d2497 Experimental federated client authentication 
Closes #42228

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-02 10:02:51 -03:00
Lukas Hanusovsky
5b3b36e300
Move RealmRolesTest.java to the new testsuite (#41404) 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-08-13 12:56:23 +02:00
Alexander Schwartz
e1b3afb686
Refresh token for an OAuth2 based IDP when retrieving the IDP token 
Closes #14644

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
 2025-07-31 11:11:34 +02:00
Takashi Norimatsu
f00cd980c4 Add FAPI 2.0 + DPoP security profile as default profile of client policies 
closes #35441

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-07-16 09:30:11 +02:00
Lukas Hanusovsky
788e981917 Move UserTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-16 08:13:30 +02:00
Lukas Hanusovsky
660a4aa48a Move IdentityProviderTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-07-14 15:55:50 +02:00
Keshav Deshpande
8026a68ec8 Change JWKS header 
Closes #39110

Signed-off-by: Keshav Deshpande <keshavprashantdeshpande@gmail.com>
 2025-05-05 12:23:15 +02:00
Simon Vacek
a8e33732cd Move AbstractGroupTest.java, GroupMappersTest.java, GroupTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/realm/RealmConfigBuilder.java
#	test-framework/core/src/main/java/org/keycloak/testframework/realm/UserConfigBuilder.java

# Conflicts:
#	test-framework/core/src/main/java/org/keycloak/testframework/realm/ClientConfigBuilder.java
 2025-04-29 11:52:15 +02:00
Simon Vacek
b2f3a8a65b Move PermissionsTest.java to the new testsuite 
Part of: #34494

Signed-off-by: Simon Vacek <simonvacky@email.cz>
 2025-04-29 09:19:52 +02:00
Giuseppe Graziano
5a0c68e624 Remove deprecated TokenExchangeRequest.additionalParameters() 
Closes #37925

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-03-19 21:30:30 +01:00
Stian Thorgersen
d3d44cffb1
Final wrap-up of refactoring OAuthClient (#38045) 
Closes #37225

Signed-off-by: stianst <stianst@gmail.com>
 2025-03-12 13:11:50 +01:00
Stian Thorgersen
b1a7c79311
Remove custom parameters on OAuthClient (#38032) 
Closes #38021

Signed-off-by: stianst <stianst@gmail.com>
 2025-03-12 12:01:35 +01:00
Stian Thorgersen
899eb976aa
Remove clientSessionState and clientSessionHost fields on OAuthClient (#38033) 
Closes #38023

Signed-off-by: stianst <stianst@gmail.com>
 2025-03-12 10:10:45 +01:00
Stian Thorgersen
6b1557e407
Make request and requestUri parameters on requests and not fields on OAuthClient (#38018) 
Closes #37870

Signed-off-by: stianst <stianst@gmail.com>
 2025-03-12 08:59:41 +01:00