External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Refactor logout methods and move to AbstractOAuthClient (#37882)

Browse Source 
Closes #37881

Signed-off-by: stianst <stianst@gmail.com>
This commit is contained in:
Stian Thorgersen 2025-03-07 12:15:56 +01:00 committed by GitHub
parent 32257ce6e7
commit 7a0fcb6187
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
77 changed files with 402 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
test-framework/examples/tests/src/test/java/org/keycloak/test/examples/OAuthClientTest.java
View File

@ -13,6 +13,8 @@ import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.realm.ManagedUser;
import org.keycloak.testframework.realm.UserConfig;
import org.keycloak.testframework.realm.UserConfigBuilder;
import org.keycloak.testframework.ui.annotations.InjectPage;
import org.keycloak.testframework.ui.page.LoginPage;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.IntrospectionResponse;
@ -33,6 +35,9 @@ public class OAuthClientTest {
@InjectUser(config = OAuthUserConfig.class)
ManagedUser user;
@InjectPage
LoginPage loginPage;
@Test
public void testConfig() {
Assertions.assertEquals(managedRealm.getName(), oauth.config().getRealm());
@ -43,6 +48,8 @@ public class OAuthClientTest {
public void testLogin() {
AuthorizationEndpointResponse response = oauth.doLogin(user.getUsername(), user.getPassword());
Assertions.assertTrue(response.isRedirected());
oauth.logoutForm().idTokenHint(oauth.doAccessTokenRequest(response.getCode()).getIdToken()).open();
}
@Test
@ -121,6 +128,15 @@ public class OAuthClientTest {
Assertions.assertEquals(user.getUsername(), accessToken.getPreferredUsername());
}
@Test
public void testLogout() {
AuthorizationEndpointResponse authzResponse = oauth.doLogin(user.getUsername(), user.getPassword());
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(authzResponse.getCode());
oauth.logoutForm().idTokenHint(accessTokenResponse.getIdToken()).open();
oauth.loginForm().open();
Assertions.assertTrue(loginPage.isActivePage());
}
public static class OAuthUserConfig implements UserConfig {
@Override

25
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractOAuthClient.java
View File

@ -33,7 +33,6 @@ public abstract class AbstractOAuthClient<T> {
protected String prompt;
protected StateParamProvider state;
protected String nonce;
protected String idTokenHint;
private final KeyManager keyManager = new KeyManager(this);
private final TokensManager tokensManager = new TokensManager(keyManager);
@ -116,6 +115,30 @@ public abstract class AbstractOAuthClient<T> {
return refreshRequest(refreshToken).send();
}
public LogoutUrlBuilder logoutForm() {
return new LogoutUrlBuilder(this);
}
public void openLogoutForm() {
logoutForm().open();
}
public LogoutRequest logoutRequest(String refreshToken) {
return new LogoutRequest(refreshToken, this);
}
public LogoutResponse doLogout(String refreshToken) {
return logoutRequest(refreshToken).send();
}
public BackchannelLogoutRequest backchannelLogoutRequest(String logoutToken) {
return new BackchannelLogoutRequest(logoutToken, this);
}
public BackchannelLogoutResponse doBackchannelLogout(String logoutToken) {
return backchannelLogoutRequest(logoutToken).send();
}
public OpenIDProviderConfigurationRequest wellknownRequest() {
return new OpenIDProviderConfigurationRequest(this);
}

19
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/AbstractUrlBuilder.java
View File

@ -2,13 +2,17 @@ package org.keycloak.testsuite.util.oauth;
import jakarta.ws.rs.core.UriBuilder;
import java.util.HashMap;
import java.util.Map;
public abstract class AbstractUrlBuilder {
protected final AbstractOAuthClient<?> client;
protected UriBuilder uriBuilder;
protected Map<String, String> params = new HashMap<>();
public AbstractUrlBuilder(AbstractOAuthClient<?> client) {
this.client = client;
initRequest();
}
public abstract String getEndpoint();
@ -20,21 +24,16 @@ public abstract class AbstractUrlBuilder {
}
protected void parameter(String name, String value) {
if (value != null) {
uriBuilder.queryParam(name, value);
}
params.put(name, value);
}
protected void replaceParameter(String name, String value) {
if (value != null) {
uriBuilder.replaceQueryParam(name, value);
}
params.put(name, value);
}
public String build() {
uriBuilder = UriBuilder.fromUri(getEndpoint());
initRequest();
UriBuilder uriBuilder = UriBuilder.fromUri(getEndpoint());
params.entrySet().stream().filter(e -> e.getValue() != null).forEach(e -> uriBuilder.queryParam(e.getKey(), e.getValue()));
return uriBuilder.build().toString();
}

31
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutRequest.java Normal file
View File

@ -0,0 +1,31 @@
package org.keycloak.testsuite.util.oauth;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.keycloak.OAuth2Constants;
import java.io.IOException;
public class BackchannelLogoutRequest extends AbstractHttpPostRequest<BackchannelLogoutRequest, BackchannelLogoutResponse> {
private final String logoutToken;
BackchannelLogoutRequest(String logoutToken, AbstractOAuthClient<?> client) {
super(client);
this.logoutToken = logoutToken;
}
@Override
protected String getEndpoint() {
return client.getEndpoints().getBackChannelLogout();
}
protected void initRequest() {
parameter(OAuth2Constants.LOGOUT_TOKEN, logoutToken);
}
@Override
protected BackchannelLogoutResponse toResponse(CloseableHttpResponse response) throws IOException {
return new BackchannelLogoutResponse(response);
}
}

0
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java → tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/BackchannelLogoutResponse.java
View File

6
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/Endpoints.java
View File

@ -58,11 +58,7 @@ public class Endpoints {
}
public String getLogout() {
return getLogoutBuilder().build();
}
public LogoutUrlBuilder getLogoutBuilder() {
return new LogoutUrlBuilder(this);
return asString(OIDCLoginProtocolService.logoutUrl(getBase()));
}
public String getBackChannelLogout() {

18
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LoginUrlBuilder.java
View File

@ -4,13 +4,8 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.models.Constants;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import java.util.HashMap;
import java.util.Map;
public class LoginUrlBuilder extends AbstractUrlBuilder {
private Map<String, String> customParameters;
public LoginUrlBuilder(AbstractOAuthClient<?> client) {
super(client);
}
@ -21,20 +16,17 @@ public class LoginUrlBuilder extends AbstractUrlBuilder {
}
public LoginUrlBuilder param(String name, String value) {
if (customParameters == null) {
customParameters = new HashMap<>();
}
customParameters.put(name, value);
replaceParameter(name, value);
return this;
}
public LoginUrlBuilder prompt(String value) {
param(OIDCLoginProtocol.PROMPT_PARAM, value);
replaceParameter(OIDCLoginProtocol.PROMPT_PARAM, value);
return this;
}
public LoginUrlBuilder loginHint(String value) {
param(OIDCLoginProtocol.LOGIN_HINT_PARAM, value);
replaceParameter(OIDCLoginProtocol.LOGIN_HINT_PARAM, value);
return this;
}
@ -66,10 +58,6 @@ public class LoginUrlBuilder extends AbstractUrlBuilder {
if (client.getCustomParameters() != null) {
client.getCustomParameters().forEach(this::parameter);
}
if (customParameters != null) {
customParameters.forEach(this::replaceParameter);
}
}
}

31
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutRequest.java Normal file
View File

@ -0,0 +1,31 @@
package org.keycloak.testsuite.util.oauth;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.keycloak.OAuth2Constants;
import java.io.IOException;
public class LogoutRequest extends AbstractHttpPostRequest<LogoutRequest, LogoutResponse> {
private final String refreshToken;
LogoutRequest(String refreshToken, AbstractOAuthClient<?> client) {
super(client);
this.refreshToken = refreshToken;
}
@Override
protected String getEndpoint() {
return client.getEndpoints().getLogout();
}
protected void initRequest() {
parameter(OAuth2Constants.REFRESH_TOKEN, refreshToken);
}
@Override
protected LogoutResponse toResponse(CloseableHttpResponse response) throws IOException {
return new LogoutResponse(response);
}
}

0
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java → tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutResponse.java
View File

61
tests/utils-shared/src/main/java/org/keycloak/testsuite/util/oauth/LogoutUrlBuilder.java
View File

@ -1,70 +1,63 @@
package org.keycloak.testsuite.util.oauth;
import jakarta.ws.rs.core.UriBuilder;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.services.managers.AuthenticationManager;
public class LogoutUrlBuilder {
public class LogoutUrlBuilder extends AbstractUrlBuilder {
private final Endpoints endpoints;
private String clientId;
private String idTokenHint;
private String redirectUri;
private String state;
private String uiLocales;
private String initiatingIdp;
LogoutUrlBuilder(Endpoints endpoints) {
this.endpoints = endpoints;
LogoutUrlBuilder(AbstractOAuthClient<?> client) {
super(client);
}
public LogoutUrlBuilder clientId(String clientId) {
this.clientId = clientId;
@Override
public String getEndpoint() {
return client.getEndpoints().getLogout();
}
public LogoutUrlBuilder param(String name, String value) {
replaceParameter(name, value);
return this;
}
public LogoutUrlBuilder idTokenHint(String idTokenHint) {
this.idTokenHint = idTokenHint;
replaceParameter(OIDCLoginProtocol.ID_TOKEN_HINT, idTokenHint);
return this;
}
public LogoutUrlBuilder postLogoutRedirectUri(String redirectUri) {
this.redirectUri = redirectUri;
replaceParameter(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri);
return this;
}
public LogoutUrlBuilder state(String state) {
this.state = state;
replaceParameter(OIDCLoginProtocol.STATE_PARAM, state);
return this;
}
public LogoutUrlBuilder uiLocales(String uiLocales) {
this.uiLocales = uiLocales;
replaceParameter(OIDCLoginProtocol.UI_LOCALES_PARAM, uiLocales);
return this;
}
public LogoutUrlBuilder initiatingIdp(String initiatingIdp) {
this.initiatingIdp = initiatingIdp;
replaceParameter(AuthenticationManager.INITIATING_IDP_PARAM, initiatingIdp);
return this;
}
public String build() {
UriBuilder b = OIDCLoginProtocolService.logoutUrl(endpoints.getBase());
setNonNull(b, OIDCLoginProtocol.CLIENT_ID_PARAM, clientId);
setNonNull(b, OIDCLoginProtocol.ID_TOKEN_HINT, idTokenHint);
setNonNull(b, OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri);
setNonNull(b, OIDCLoginProtocol.STATE_PARAM, state);
setNonNull(b, OIDCLoginProtocol.UI_LOCALES_PARAM, uiLocales);
setNonNull(b, AuthenticationManager.INITIATING_IDP_PARAM, initiatingIdp);
return endpoints.asString(b);
public LogoutUrlBuilder withClientId() {
parameter(OIDCLoginProtocol.CLIENT_ID_PARAM, client.config().getClientId());
return this;
}
private void setNonNull(UriBuilder b, String name, String value) {
if (value != null) {
b.queryParam(name, value);
}
public LogoutUrlBuilder withRedirect() {
postLogoutRedirectUri(client.config().getPostLogoutRedirectUri());
return this;
}
@Override
protected void initRequest() {
// parameter(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, client.config().getPostLogoutRedirectUri());
// parameter(OIDCLoginProtocol.ID_TOKEN_HINT, client.getIdTokenHint());
}
}

2
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AppPage.java
View File

@ -59,7 +59,7 @@ public class AppPage extends AbstractPage {
}
public void logout(String idTokenHint) {
oauth.idTokenHint(idTokenHint).openLogout();
oauth.logoutForm().idTokenHint(idTokenHint).withRedirect().open();
}

64
testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/oauth/OAuthClient.java
View File

@ -17,7 +17,6 @@
package org.keycloak.testsuite.util.oauth;
import jakarta.ws.rs.core.UriBuilder;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
@ -30,7 +29,6 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.models.Constants;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelResponse;
import org.keycloak.representations.ClaimsRepresentation;
import org.keycloak.testsuite.pages.LoginPage;
@ -203,52 +201,6 @@ public class OAuthClient extends AbstractOAuthClient<OAuthClient> {
return new BackchannelAuthenticationTokenRequest(authReqId, this).client(clientId, clientSecret).send();
}
// TODO Extract into request class
public LogoutResponse doLogout(String refreshToken, String clientSecret) {
HttpPost post = new HttpPost(getEndpoints().getLogout());
List<NameValuePair> parameters = new LinkedList<>();
if (refreshToken != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.REFRESH_TOKEN, refreshToken));
}
if (config.getClientId() != null && clientSecret != null) {
String authorization = BasicAuthHelper.createHeader(config.getClientId(), clientSecret);
post.setHeader("Authorization", authorization);
} else if (config.getClientId() != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ID, config.getClientId()));
}
if (config.getOrigin() != null) {
post.addHeader("Origin", config.getOrigin());
}
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(parameters, StandardCharsets.UTF_8);
post.setEntity(formEntity);
try {
return new LogoutResponse(httpClientManager.get().execute(post));
} catch (IOException e) {
throw new RuntimeException(e);
}
}
// TODO Extract into request class
public BackchannelLogoutResponse doBackchannelLogout(String logoutToken) {
HttpPost post = new HttpPost(getEndpoints().getBackChannelLogout());
List<NameValuePair> parameters = new LinkedList<>();
if (logoutToken != null) {
parameters.add(new BasicNameValuePair(OAuth2Constants.LOGOUT_TOKEN, logoutToken));
}
UrlEncodedFormEntity formEntity = new UrlEncodedFormEntity(parameters, StandardCharsets.UTF_8);
post.setEntity(formEntity);
try {
return new BackchannelLogoutResponse(httpClientManager.get().execute(post));
} catch (IOException e) {
throw new RuntimeException(e);
}
}
// TODO Extract into request class
public DeviceAuthorizationResponse doDeviceAuthorizationRequest(String clientId, String clientSecret) throws Exception {
HttpPost post = new HttpPost(getEndpoints().getDeviceAuthorization());
@ -417,17 +369,6 @@ public class OAuthClient extends AbstractOAuthClient<OAuthClient> {
return config.getScope();
}
public void openLogout() {
UriBuilder b = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(baseUrl));
if (config.getPostLogoutRedirectUri() != null) {
b.queryParam(OAuth2Constants.POST_LOGOUT_REDIRECT_URI, config.getPostLogoutRedirectUri());
}
if (idTokenHint != null) {
b.queryParam(OAuth2Constants.ID_TOKEN_HINT, idTokenHint);
}
driver.navigate().to(b.build(config.getRealm()).toString());
}
public String getState() {
return state.getState();
}
@ -461,11 +402,6 @@ public class OAuthClient extends AbstractOAuthClient<OAuthClient> {
return this;
}
public OAuthClient idTokenHint(String idTokenHint) {
this.idTokenHint = idTokenHint;
return this;
}
public OAuthClient kcAction(String kcAction) {
this.kcAction = kcAction;
return this;

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/SessionRestServiceTest.java
View File

@ -219,14 +219,14 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
// first browser authenticates from Windows using Edge
oauth.setDriver(firstBrowser);
oauth.idTokenHint(tokenResponse1.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse1.getIdToken()).open();
setBrowserHeader("User-Agent",
"Mozilla/5.0 (Windows Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0");
tokenResponse1 = codeGrant("public-client-0");
// second browser authenticates from Windows using Firefox
oauth.setDriver(secondBrowser);
oauth.idTokenHint(tokenResponse2.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse2.getIdToken()).open();
setBrowserHeader("User-Agent",
"Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Gecko/20100101 Firefox/15.0.1");
tokenResponse2 = codeGrant("public-client-0");
@ -260,7 +260,7 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
// third browser authenticates from Windows using a different Windows version
oauth.setDriver(thirdBrowser);
oauth.idTokenHint(tokenResponse3.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse3.getIdToken()).open();
setBrowserHeader("User-Agent",
"Mozilla/5.0 (Windows 7) AppleWebKit/537.36 (KHTML, like Gecko) Version/11.0 Safari/603.1.30");
setBrowserHeader("X-Forwarded-For", "192.168.10.3");
@ -272,13 +272,13 @@ public class SessionRestServiceTest extends AbstractRestServiceTest {
assertEquals(2, windowsDevices.size());
oauth.setDriver(firstBrowser);
oauth.idTokenHint(tokenResponse1.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse1.getIdToken()).open();
setBrowserHeader("User-Agent",
"Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3");
tokenResponse1 = codeGrant("public-client-0");
oauth.setDriver(secondBrowser);
oauth.idTokenHint(tokenResponse2.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse2.getIdToken()).open();
setBrowserHeader("User-Agent",
"Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
tokenResponse2 = codeGrant("public-client-0");

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java
View File

@ -142,7 +142,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
EventRepresentation loginEvent = events.expectLogin().assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java
View File

@ -368,7 +368,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
EventRepresentation loginEvent = events.expectLogin().session(authSessionId2).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(authSessionId2).assertEvent();
@ -416,7 +416,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
// Logout
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
// Try to login after logout
@ -482,7 +482,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
EventRepresentation loginEvent = events.expectLogin().session(sessionId2).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
@ -541,7 +541,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
@ -555,7 +555,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
loginEvent = events.expectLogin().assertEvent();
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent();
// test lookAheadWindow

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
View File

@ -116,7 +116,7 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
EventRepresentation loginEvent = events.expectLogin().assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
View File

@ -405,7 +405,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
EventRepresentation loginEvent = events.expectLogin().session(authSessionId1).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(authSessionId1).assertEvent();
@ -478,7 +478,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
// Logout
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
setOtpTimeOffset(TimeBasedOTP.DEFAULT_INTERVAL_SECONDS, totp);
@ -566,7 +566,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
@ -626,7 +626,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
@ -641,7 +641,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
loginEvent = events.expectLogin().assertEvent();
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent();
// test lookAheadWindow

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/AdminConsoleWhoAmILocaleTest.java
View File

@ -137,7 +137,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_OFF, whoAmI.get("realm").asText());
Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_OFF, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -151,7 +151,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_OFF, whoAmI.get("realm").asText());
Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_OFF, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -165,7 +165,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText());
Assert.assertEquals(REALM_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_ON, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -179,7 +179,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText());
Assert.assertEquals(USER_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_ON, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -194,7 +194,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText());
Assert.assertEquals(EXTRA_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_ON, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -209,7 +209,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(REALM_I18N_ON, whoAmI.get("realm").asText());
Assert.assertEquals(EXTRA_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_ON, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -223,7 +223,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(AuthRealm.MASTER, whoAmI.get("realm").asText());
Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(AuthRealm.MASTER, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -237,7 +237,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
Assert.assertEquals(AuthRealm.MASTER, whoAmI.get("realm").asText());
Assert.assertEquals(DEFAULT_LOCALE, whoAmI.get("locale").asText());
checkRealmAccess(REALM_I18N_ON, whoAmI);
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -260,7 +260,7 @@ public class AdminConsoleWhoAmILocaleTest extends AbstractKeycloakTest {
.asResponse()) {
Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), res.getStatus());
}
oauth.doLogout(response.getRefreshToken(), null);
oauth.doLogout(response.getRefreshToken());
}
@Test

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBaseBrokerTest.java
View File

@ -59,7 +59,6 @@ import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.keycloak.testsuite.util.userprofile.UserProfileUtil;
import org.openqa.selenium.By;
import org.openqa.selenium.TimeoutException;
import org.openqa.selenium.support.PageFactory;
import java.net.URI;
import java.util.Collections;
@ -354,18 +353,19 @@ public abstract class AbstractBaseBrokerTest extends AbstractKeycloakTest {
oauth.init();
}
final LogoutUrlBuilder builder = oauth.realm(realm).getEndpoints()
.getLogoutBuilder()
final LogoutUrlBuilder builder = oauth.realm(realm).logoutForm()
.idTokenHint(idTokenHint)
.clientId(clientId)
.initiatingIdp(initiatingIdp);
if (clientId != null) {
builder.withClientId();
}
if (redirectUri != null && (clientId != null || idTokenHint != null)) {
builder.postLogoutRedirectUri(encodeUrl(redirectUri));
}
String logoutUrl = builder.build();
driver.navigate().to(logoutUrl);
builder.open();
} finally {
if (isDifferentContext) {
OAuthClient.updateURLs(getAuthServerContextRoot());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerTokenExchangeTest.java
View File

@ -180,9 +180,8 @@ public abstract class KcOidcBrokerTokenExchangeTest extends AbstractInitializedB
assertThat(tokenResponse.getIdToken(), notNullValue());
String idTokenString = tokenResponse.getIdToken();
oauth.realm(bc.providerRealmName());
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT).open();
String logoutToken = testingClient.testApp().getBackChannelRawLogoutToken();
Assert.assertNotNull(logoutToken);

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlSignedBrokerTest.java
View File

@ -1,6 +1,5 @@
package org.keycloak.testsuite.broker;
import org.keycloak.OAuth2Constants;
import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
import org.keycloak.crypto.Algorithm;
import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
@ -154,11 +153,9 @@ public class KcSamlSignedBrokerTest extends AbstractBrokerTest {
final AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
final String idTokenString = tokenResponse.getIdToken();
final String redirectUri = getAccountUrl(getProviderRoot(), bc.providerRealmName());
final String logoutUri = oauth.realm(bc.providerRealmName()).getEndpoints().getLogoutBuilder()
oauth.realm(bc.providerRealmName()).logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(redirectUri).build();
driver.navigate().to(logoutUri);
.postLogoutRedirectUri(redirectUri).open();
errorPage.assertCurrent();
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/CIBATest.java
View File

@ -2222,7 +2222,7 @@ public class CIBATest extends AbstractClientPoliciesTest {
LogoutResponse logoutResponse;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken());
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {
@ -2848,7 +2848,7 @@ public class CIBATest extends AbstractClientPoliciesTest {
}
private EventRepresentation doLogoutByRefreshToken(String refreshToken, String sessionId, String userId, boolean isOfflineAccess) throws IOException {
assertTrue(oauth.doLogout(refreshToken, TEST_CLIENT_PASSWORD).isSuccess());
assertTrue(oauth.doLogout(refreshToken).isSuccess());
// confirm logged out
AccessTokenResponse tokenRes = oauth.doRefreshTokenRequest(refreshToken);

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java
View File

@ -359,7 +359,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), DEFAULT_SECRET);
oauth.doLogout(res.getRefreshToken());
//advance 1 hour
setTimeOffset(3601);
@ -415,7 +415,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), updatedSecret);
oauth.doLogout(res.getRefreshToken());
//login with rotated secret
oauth.client(clientId, firstSecret);
@ -423,7 +423,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
code = oauth.parseLoginResponse().getCode();
res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(Status.OK.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), firstSecret);
oauth.doLogout(res.getRefreshToken());
}
@ -487,7 +487,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(Status.UNAUTHORIZED.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), firstSecret);
oauth.doLogout(res.getRefreshToken());
}
@ -531,7 +531,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(Status.UNAUTHORIZED.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), firstSecret);
oauth.doLogout(res.getRefreshToken());
}
@ -878,7 +878,7 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
private void successfulLoginAndLogout(String clientId, String clientSecret) {
AccessTokenResponse res = successfulLogin(clientId, clientSecret);
oauth.doLogout(res.getRefreshToken(), clientSecret);
oauth.doLogout(res.getRefreshToken());
events.expectLogout(res.getSessionState()).client(clientId).clearDetails().assertEvent();
}

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1ConfidentialClientTest.java
View File

@ -220,7 +220,7 @@ public class OAuth2_1ConfidentialClientTest extends AbstractFAPITest {
AccessToken accessToken = oauth.verifyToken(tokenResponse.getAccessToken());
Assert.assertNotNull(accessToken.getConfirmation().getCertThumbprint());
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
}
private void testProhibitedImplicitOrHybridFlow(boolean isOpenid, String responseType, String nonce) {

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/OAuth2_1PublicClientTest.java
View File

@ -37,7 +37,6 @@ import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.protocol.oidc.utils.PkceUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.condition.AnyClientConditionFactory;
import org.keycloak.testsuite.AssertEvents;
@ -47,7 +46,6 @@ import org.keycloak.testsuite.util.ClientPoliciesUtil;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.UserInfoResponse;
import org.keycloak.util.JsonSerialization;
import java.security.KeyPair;
import java.util.Collections;
@ -242,14 +240,14 @@ public class OAuth2_1PublicClientTest extends AbstractFAPITest {
UserInfoResponse userInfoResponse = oauth.userInfoRequest(response.getAccessToken()).dpop(dpopProofEcEncoded).send();
assertEquals(TEST_USER_NAME, userInfoResponse.getUserInfo().getPreferredUsername());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
// revoke token with a valid DPoP proof - success
dpopProofEcEncoded = generateSignedDPoPProof(UUID.randomUUID().toString(), HttpMethod.POST, oauth.getEndpoints().getRevocation(), (long) Time.currentTime(), Algorithm.ES256, jwsEcHeader, ecKeyPair.getPrivate());
oauth.dpopProof(dpopProofEcEncoded);
assertTrue(oauth.tokenRevocationRequest(response.getAccessToken()).accessToken().send().isSuccess());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
private void setupPolicyOAuth2_1PublicClientForAllClient() throws Exception {

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java
View File

@ -572,7 +572,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
return sendRequest(oauth.getEndpoints().getLogoutBuilder().build(), parameters);
return sendRequest(oauth.getEndpoints().getLogout(), parameters);
}
private CloseableHttpResponse sendRequest(String requestUrl, List<NameValuePair> parameters) throws Exception {
@ -1357,7 +1357,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
LogoutResponse logoutResponse;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken());
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {
@ -1384,7 +1384,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
assertEquals(OAuthErrorException.INVALID_GRANT, accessTokenResponse.getError());
// Check frontchannel logout and login.
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
@ -1428,7 +1428,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
// Check logout without certificate
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken());
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {
@ -1439,7 +1439,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
// Check logout.
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
logoutResponse = oauth.doLogout(accessTokenResponse.getRefreshToken());
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {
@ -1501,7 +1501,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
protected void successfulLoginAndLogout(String clientId, String clientSecret) {
AccessTokenResponse res = successfulLogin(clientId, clientSecret);
oauth.doLogout(res.getRefreshToken(), clientSecret);
oauth.doLogout(res.getRefreshToken());
events.expectLogout(res.getSessionState()).client(clientId).clearDetails().assertEvent();
}
@ -1590,7 +1590,7 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
assertEquals("PKCE code verifier not specified", res.getErrorDescription());
events.expect(EventType.CODE_TO_TOKEN_ERROR).client(clientId).session(sessionId).clearDetails().error(Errors.CODE_VERIFIER_MISSING).assertEvent();
oauth.idTokenHint(res.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(res.getIdToken()).open();
events.expectLogout(sessionId).clearDetails().assertEvent();
}
@ -1652,9 +1652,9 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
oauth.client(clientId, secret);
AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME,
TEST_USER_PASSWORD);
String code = oauth.parseLoginResponse().getCode();
String code = loginResponse.getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
assertThat(res.getStatusCode(), equalTo(status.getStatusCode()));
oauth.doLogout(res.getRefreshToken(), secret);
oauth.doLogout(res.getRefreshToken());
}
}

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java
View File

@ -304,7 +304,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
assertEquals(200, res.getStatusCode());
events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent();
oauth.doLogout(res.getRefreshToken(), clientSecret);
oauth.doLogout(res.getRefreshToken());
events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent();
// update profiles
@ -327,7 +327,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
assertEquals(200, res.getStatusCode());
events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent();
oauth.doLogout(res.getRefreshToken(), clientSecret);
oauth.doLogout(res.getRefreshToken());
events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent();
// shall allow code using response_mode jwt
@ -348,7 +348,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
).toString();
updateProfiles(json);
oauth.openLogout();
oauth.openLogoutForm();
oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN + " " + OIDCResponseType.TOKEN); // token response type allowed
oauth.responseMode("jwt");
oauth.openLoginForm();
@ -450,7 +450,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
assertEquals(200, res.getStatusCode());
events.expectCodeToToken(codeId, sessionId).client(clientId).assertEvent();
oauth.doLogout(res.getRefreshToken(), clientSecret);
oauth.doLogout(res.getRefreshToken());
events.expectLogout(sessionId).client(clientId).clearDetails().assertEvent();
}
@ -770,7 +770,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.requestUri(requestUri);
AuthorizationEndpointResponse loginResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
assertNotNull(loginResponse.getCode());
oauth.openLogout();
oauth.openLogoutForm();
requestObject.exp(null);
oauth.requestUri(null);
@ -1479,7 +1479,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
AccessTokenResponse response = successfulLogin(clientId, clientSecret);
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
assertTrue(driver.getPageSource().contains("Front-channel logout is not allowed for this client"));
}

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java
View File

@ -1253,7 +1253,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
assertEquals(intentId, clientBoundIntentId);
// logout
oauth.doLogout(response.getRefreshToken(), clientSecret);
oauth.doLogout(response.getRefreshToken());
events.expectLogout(response.getSessionState()).client(clientId).clearDetails().assertEvent();
// create a request object with invalid claims
@ -1348,7 +1348,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
successfulLogin(clientId, clientSecret);
configureClientPolicyToBlockGrantTypes(ClientPolicyEvent.AUTHORIZATION_REQUEST, List.of(OAuth2Constants.AUTHORIZATION_CODE));
oauth.openLogout();
oauth.openLogoutForm();
oauth.openLoginForm();
MultivaluedHashMap<String, String> queryParams = UriUtils.decodeQueryString(new URL(Objects.requireNonNull(driver.getCurrentUrl())).getQuery());
assertEquals(ClientPolicyEvent.AUTHORIZATION_REQUEST.toString(), queryParams.getFirst("error"));

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/SecureRedirectUrisEnforcerExecutorTest.java
View File

@ -707,6 +707,6 @@ public class SecureRedirectUrisEnforcerExecutorTest extends AbstractClientPolici
Assert.assertNotNull(response.getCode());
AccessTokenResponse res = oauth.doAccessTokenRequest(response.getCode());
assertEquals(200, res.getStatusCode());
oauth.doLogout(res.getRefreshToken(), "secret");
oauth.doLogout(res.getRefreshToken());
}
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cluster/AbstractFailoverClusterTest.java
View File

@ -138,8 +138,7 @@ public abstract class AbstractFailoverClusterTest extends AbstractClusterTest {
}
protected void logout() {
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/crossdc/LoginCrossDCTest.java
View File

@ -42,7 +42,7 @@ public class LoginCrossDCTest extends AbstractAdminCrossDCTest {
AccessTokenResponse response2 = oauth.doAccessTokenRequest(code);
Assert.assertNotNull(response2.getAccessToken());
LogoutResponse logoutResponse = oauth.doLogout(response2.getRefreshToken(), "password");
LogoutResponse logoutResponse = oauth.doLogout(response2.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
log.infof("Iteration %d finished", i);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java
View File

@ -206,7 +206,7 @@ public abstract class AbstractKerberosSingleRealmTest extends AbstractKerberosTe
events.poll();
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
// Remove protocolMapper

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
View File

@ -214,8 +214,6 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
Assert.assertEquals(userId, token.getSubject());
Assert.assertEquals(expectedUsername, token.getPreferredUsername());
oauth.idTokenHint(tokenResponse.getIdToken());
return tokenResponse;
}

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapCrossRealmTrustTest.java
View File

@ -77,7 +77,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
assertUser("hnelson2", "hnelson2@kc2.com", "Horatio", "Nelson", "hnelson2@KC2.COM", false);
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
}
@ -93,7 +93,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
assertUser("jduke2", "jduke2@kc2.com", "Java", "Duke", "jduke@KC2.COM", false);
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
// Another login to check the scenario when user is in local storage
@ -102,7 +102,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
Assert.assertEquals(token.getEmail(), "jduke2@kc2.com");
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
}
@ -119,7 +119,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
Assert.assertTrue(testAppHelper.login("jduke", "theduke"));
// Logout
oauth.openLogout();
testAppHelper.logout();
events.poll();
}
@ -136,7 +136,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
assertUser("jduke", "jduke@keycloak.org", "Java", "Duke", null, false);
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
// This refers to same user as above login
@ -146,7 +146,7 @@ public class KerberosLdapCrossRealmTrustTest extends AbstractKerberosTest {
Assert.assertEquals(token.getEmail(), "jduke@keycloak.org");
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
}

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneCrossRealmTrustTest.java
View File

@ -29,6 +29,7 @@ import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.KerberosRule;
import org.keycloak.testsuite.KerberosEmbeddedServer;
import org.keycloak.testsuite.util.TestAppHelper;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@ -74,11 +75,11 @@ public class KerberosStandaloneCrossRealmTrustTest extends AbstractKerberosTest
@Test
public void test02spnegoLoginDifferentRealmTest() throws Exception {
// Cross-realm trust login. Realm KEYCLOAK.ORG trusts realm KC2.COM.
assertSuccessfulSpnegoLogin("hnelson2@KC2.COM", "hnelson2@kc2.com", "secret");
AccessTokenResponse tokenResponse = assertSuccessfulSpnegoLogin("hnelson2@KC2.COM", "hnelson2@kc2.com", "secret");
assertUser("hnelson2@kc2.com", "hnelson2@kc2.com", null, null, "hnelson2@KC2.COM", false);
// Logout
oauth.openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
events.poll();
// Another login to check the scenario when user is in local storage

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java
View File

@ -203,7 +203,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest {
Assert.assertTrue(postalCodes.contains("88441"));
Assert.assertTrue(postalCodes.contains("77332"));
oauth.doLogout(response.getRefreshToken(), "password");
oauth.doLogout(response.getRefreshToken());
// Login as jbrown
loginPage.open();
@ -222,7 +222,7 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest {
Assert.assertTrue(postalCodes.contains("88441"));
Assert.assertFalse(postalCodes.contains("77332"));
oauth.doLogout(response.getRefreshToken(), "password");
oauth.doLogout(response.getRefreshToken());
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
View File

@ -22,7 +22,6 @@ import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.component.ComponentModel;
@ -383,7 +382,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(events.poll());
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.poll();
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/BrokenUserStorageTest.java
View File

@ -22,7 +22,6 @@ import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.RealmModel;
@ -64,7 +63,7 @@ public class BrokenUserStorageTest extends AbstractTestRealmKeycloakTest {
loginPage.login(username, password);
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.parseLoginResponse().getCode());
oauth.openLogout();
oauth.openLogoutForm();
}
@Test

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java
View File

@ -245,7 +245,7 @@ public class UserStorageFailureTest extends AbstractTestRealmKeycloakTest {
Assert.assertTrue(appPage.isCurrent());
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.parseLoginResponse().getCode());
oauth.openLogout();
oauth.openLogoutForm();
}
@Test

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java
View File

@ -416,7 +416,7 @@ public class MultipleTabsLoginTest extends AbstractTestRealmKeycloakTest {
appPage.assertCurrent();
events.clear();
// logout in the second tab
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(accessToken.getSessionState()).user(userId).session(accessToken.getSessionState()).assertEvent();
// re-login in the second tab
oauth.openLoginForm();

17
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RPInitiatedFrontChannelLogoutTest.java
View File

@ -18,7 +18,6 @@ package org.keycloak.testsuite.forms;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.BrowserSecurityHeaders;
@ -57,9 +56,8 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString)
.postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString)
.postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).open();
LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken();
Assert.assertNotNull(logoutToken);
@ -88,9 +86,8 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString)
.postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString)
.postLogoutRedirectUri(OAuthClient.APP_AUTH_ROOT).open();
LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken();
Assert.assertNotNull(logoutToken);
@ -118,8 +115,7 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString).open();
LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken();
org.keycloak.testsuite.Assert.assertNotNull(logoutToken);
IDToken idToken = new JWSInput(idTokenString).readJsonContent(IDToken.class);
@ -151,8 +147,7 @@ public class RPInitiatedFrontChannelLogoutTest extends AbstractTestRealmKeycloak
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString).open();
LogoutToken logoutToken = testingClient.testApp().getFrontChannelLogoutToken();
Assert.assertNotNull(logoutToken);
IDToken idToken = new JWSInput(idTokenString).readJsonContent(IDToken.class);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ReAuthenticationTest.java
View File

@ -390,7 +390,7 @@ public class ReAuthenticationTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse response1 = oauth.doAccessTokenRequest(code);
AccessToken accessToken1 = oauth.verifyToken(response1.getAccessToken());
oauth.doLogout(response1.getRefreshToken(), "password");
oauth.doLogout(response1.getRefreshToken());
oauth.openLoginForm();
loginPage.assertCurrent();

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
View File

@ -102,6 +102,8 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
@Rule
public GreenMailRule greenMail = new GreenMailRule();
private String idTokenHint;
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
}
@ -194,7 +196,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
public void registerUpperCaseEmailWithChangedEmailAsUsername() throws IOException {
String userId = registerUpperCaseAndGetUserId(false);
assertThat(userId, notNullValue());
oauth.openLogout();
oauth.logoutForm().idTokenHint(idTokenHint).open();
events.clear();
try (RealmAttributeUpdater rau = configureRealmRegistrationEmailAsUsername(true).update()) {
@ -936,7 +938,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
.user(userId)
.assertEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken());
idTokenHint = tokenResponse.getIdToken();
assertUserBasicRegisterAttributes(userId, emailAsUsername ? null : USERNAME, EMAIL, "firstName", "lastName");
return userId;

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetCredentialsAlternativeFlowsTest.java
View File

@ -23,7 +23,6 @@ import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
@ -50,7 +49,6 @@ import org.keycloak.testsuite.util.*;
import jakarta.mail.internet.MimeMessage;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import java.util.Arrays;
import java.util.List;
@ -361,7 +359,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc
assertKcActionStatus(SUCCESS);
// Logout
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
// Go to login page & click "Forgot password" link to perform the custom 'Reset Credential' flow
loginPage.open();
@ -425,7 +423,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc
Assert.assertTrue(AccountHelper.deleteTotpAuthentication(testRealm(), "login-test"));
// Logout
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
@ -453,7 +451,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc
Assert.assertTrue(AccountHelper.totpUserLabelComparator(testRealm(), "bwilson", ""));
// Logout
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
@ -488,7 +486,7 @@ public class ResetCredentialsAlternativeFlowsTest extends AbstractAppInitiatedAc
Assert.assertTrue(AccountHelper.deleteTotpAuthentication(testRealm(), "bwilson"));
// Logout
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
View File

@ -512,7 +512,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
String sessionId = loginEvent.getSessionId();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
@ -526,7 +526,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
}
@ -1147,7 +1147,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
String sessionId = loginEvent.getSessionId();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
@ -1365,8 +1365,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
resetPasswordInNewTab(defaultUser, CLIENT_ID, REDIRECT_URI);
assertThat(driver.getCurrentUrl(), Matchers.containsString(REDIRECT_URI));
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/SSOTest.java
View File

@ -22,7 +22,6 @@ import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.models.UserModel;
@ -40,7 +39,6 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.util.MutualTLSUtils;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.openqa.selenium.WebDriver;
@ -146,7 +144,7 @@ public class SSOTest extends AbstractTestRealmKeycloakTest {
assertNotEquals(login1.getSessionId(), login2.getSessionId());
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(login1);
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
events.expectLogout(login1.getSessionId()).assertEvent();
oauth.openLoginForm();
@ -162,7 +160,7 @@ public class SSOTest extends AbstractTestRealmKeycloakTest {
String code = oauth2.parseLoginResponse().getCode();
AccessTokenResponse response = oauth2.doAccessTokenRequest(code);
events.poll();
oauth2.idTokenHint(response.getIdToken()).openLogout();
oauth2.logoutForm().idTokenHint(response.getIdToken()).withRedirect().open();
events.expectLogout(login2.getSessionId()).assertEvent();
oauth2.openLoginForm();

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java
View File

@ -274,7 +274,7 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
assertEquals(200, response.getStatusCode());
oauth.verifyToken(response.getAccessToken());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
return clientSignedToken;
} finally {
// Revert jwks_url settings
@ -693,7 +693,7 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION_TYPE, OAuth2Constants.CLIENT_ASSERTION_TYPE_JWT));
parameters.add(new BasicNameValuePair(OAuth2Constants.CLIENT_ASSERTION, signedJwt));
return sendRequest(oauth.getEndpoints().getLogoutBuilder().build(), parameters);
return sendRequest(oauth.getEndpoints().getLogout(), parameters);
}
protected AccessTokenResponse doClientCredentialsGrantRequest(String signedJwt) throws Exception {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
View File

@ -1382,7 +1382,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
String encodedSignature = token.split("\\.",3)[2];
byte[] signature = Base64Url.decode(encodedSignature);
Assert.assertEquals(expectedLength, signature.length);
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
private void conductAccessTokenRequest(String expectedRefreshAlg, String expectedAccessAlg, String expectedIdTokenAlg) throws Exception {

22
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
View File

@ -19,6 +19,7 @@ package org.keycloak.testsuite.oauth;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
@ -382,13 +383,12 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
@Test
public void authorizationRequestParamsMoreThanOnce() throws IOException {
oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
Map<String, String> extraParams = new HashMap<>();
oauth.addCustomParameter(OAuth2Constants.SCOPE, "read_write")
.addCustomParameter(OAuth2Constants.STATE, "abcdefg")
.addCustomParameter(OAuth2Constants.SCOPE, "pop push");
String logoutUrl = UriBuilder.fromUri(oauth.loginForm().build()).queryParam(OAuth2Constants.SCOPE, "read_write")
.queryParam(OAuth2Constants.STATE, "abcdefg")
.queryParam(OAuth2Constants.SCOPE, "pop push").build().toString();
oauth.openLoginForm();
driver.navigate().to(logoutUrl);
AuthorizationEndpointResponse response = oauth.parseLoginResponse();
@ -402,13 +402,13 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
public void authorizationRequestClientParamsMoreThanOnce() throws IOException {
oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
oauth.addCustomParameter(OAuth2Constants.SCOPE, "read_write")
.addCustomParameter(OAuth2Constants.CLIENT_ID, "client2client")
.addCustomParameter(OAuth2Constants.REDIRECT_URI, "https://www.example.com")
.addCustomParameter(OAuth2Constants.STATE, "abcdefg")
.addCustomParameter(OAuth2Constants.SCOPE, "pop push");
String logoutUrl = UriBuilder.fromUri(oauth.loginForm().build()).queryParam(OAuth2Constants.SCOPE, "read_write")
.queryParam(OAuth2Constants.CLIENT_ID, "client2client")
.queryParam(OAuth2Constants.REDIRECT_URI, "https://www.example.com")
.queryParam(OAuth2Constants.STATE, "abcdefg")
.queryParam(OAuth2Constants.SCOPE, "pop push").build().toString();
oauth.openLoginForm();
driver.navigate().to(logoutUrl);
assertTrue(errorPage.isCurrent());
assertEquals("Invalid Request", errorPage.getError());

34
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/DPoPTest.java
View File

@ -235,7 +235,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
assertNull(refreshToken.getConfirmation());
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -272,7 +272,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
assertNull(refreshToken.getConfirmation());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
} finally {
changeDPoPBound(TEST_PUBLIC_CLIENT_ID, true);
}
@ -298,7 +298,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError());
assertEquals("DPoP proof has already been used", response.getErrorDescription());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
@Test
@ -322,7 +322,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError());
assertEquals("DPoP proof is missing", response.getErrorDescription());
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -372,7 +372,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
assertEquals(TokenUtil.TOKEN_TYPE_DPOP, response.getTokenType());
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
testDPoPProofFailure(dpopProofEcEncoded, "DPoP proof has already been used");
}
@ -415,7 +415,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse response = getDPoPBindAccessToken(rsaKeyPair);
doSuccessfulUserInfoGet(response, rsaKeyPair);
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -431,7 +431,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(401, userInfoResponse.getStatusCode());
assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate"));
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
} finally {
changeDPoPBound(TEST_CONFIDENTIAL_CLIENT_ID, true);
}
@ -446,7 +446,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(401, userInfoResponse.getStatusCode());
assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate"));
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -462,7 +462,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(401, userInfoResponse.getStatusCode());
assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate"));
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -476,7 +476,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(401, userInfoResponse.getStatusCode());
assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate"));
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -493,7 +493,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(401, userInfoResponse.getStatusCode());
assertEquals("Bearer realm=\"test\", error=\"invalid_token\", error_description=\"DPoP proof and token binding verification failed\"", userInfoResponse.getHeaders().get("WWW-Authenticate"));
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -573,7 +573,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError());
assertEquals("DPoP proof is missing", response.getErrorDescription());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
// token request with a valid DPoP proof - success
// EC key for client alpha
@ -649,7 +649,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
updatePolicies("{}");
updateProfiles("{}");
oauth.idTokenHint(encodedIdToken).openLogout();
oauth.logoutForm().idTokenHint(encodedIdToken).open();
}
@Test
@ -678,7 +678,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
String jkt = JWKSUtils.computeThumbprint(jwkRsa);
assertEquals(jkt, accessToken.getConfirmation().getKeyThumbprint());
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
@Test
@ -707,7 +707,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
String jkt = JWKSUtils.computeThumbprint(jwkRsa);
assertEquals(jkt, accessToken.getConfirmation().getKeyThumbprint());
oauth.doLogout(response.getRefreshToken(), TEST_CONFIDENTIAL_CLIENT_SECRET);
oauth.doLogout(response.getRefreshToken());
}
private AccessTokenResponse getDPoPBindAccessToken(KeyPair rsaKeyPair) throws Exception {
@ -927,7 +927,7 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(TEST_USER_NAME, userInfoResponse.getUserInfo().getPreferredUsername());
// logout
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
private void failureTokenProceduresWithDPoP(String dpopProofEncoded, String error) throws Exception {
@ -937,6 +937,6 @@ public class DPoPTest extends AbstractTestRealmKeycloakTest {
assertEquals(400, response.getStatusCode());
assertEquals(OAuthErrorException.INVALID_REQUEST, response.getError());
assertEquals(error, response.getErrorDescription());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
}

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutCorsTest.java
View File

@ -72,7 +72,7 @@ public class LogoutCorsTest extends AbstractKeycloakTest {
String refreshTokenString = tokenResponse.getRefreshToken();
oauth.origin(VALID_CORS_URL);
LogoutResponse response = oauth.doLogout(refreshTokenString, "password");
LogoutResponse response = oauth.doLogout(refreshTokenString);
assertTrue(response.isSuccess());
assertCors(response);
}
@ -83,7 +83,7 @@ public class LogoutCorsTest extends AbstractKeycloakTest {
String refreshTokenString = tokenResponse.getRefreshToken();
oauth.origin(INVALID_CORS_URL);
LogoutResponse response = oauth.doLogout(refreshTokenString, "password");
LogoutResponse response = oauth.doLogout(refreshTokenString);
assertTrue(response.isSuccess());
assertNotCors(response);
}
@ -95,12 +95,12 @@ public class LogoutCorsTest extends AbstractKeycloakTest {
oauth.origin(VALID_CORS_URL);
// Logout with invalid refresh token
LogoutResponse response = oauth.doLogout("invalid-refresh-token", "password");
LogoutResponse response = oauth.doLogout("invalid-refresh-token");
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatusCode());
assertCors(response);
// Logout with invalid client secret
response = oauth.doLogout(refreshTokenString, "invalid-secret");
response = oauth.client(oauth.getClientId(), "invalid-secret").doLogout(refreshTokenString);
assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), response.getStatusCode());
assertCors(response);
}

18
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java
View File

@ -112,7 +112,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String refreshTokenString = tokenResponse.getRefreshToken();
LogoutResponse response = oauth.doLogout(refreshTokenString, "password");
LogoutResponse response = oauth.doLogout(refreshTokenString);
assertTrue(response.isSuccess());
assertNotNull(testingClient.testApp().getAdminLogoutAction());
@ -131,7 +131,7 @@ public class LogoutTest extends AbstractKeycloakTest {
adminClient.realm("test").update(RealmBuilder.create().notBefore(Time.currentTime() + 1).build());
// Logout should succeed with expired refresh token, see KEYCLOAK-3302
LogoutResponse response = oauth.doLogout(refreshTokenString, "password");
LogoutResponse response = oauth.doLogout(refreshTokenString);
assertTrue(response.isSuccess());
assertNotNull(testingClient.testApp().getAdminLogoutAction());
@ -143,7 +143,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage();
String refreshToken1 = accessTokenResponse.getRefreshToken();
oauth.doLogout(refreshToken1, "password");
oauth.doLogout(refreshToken1);
setTimeOffset(2);
@ -156,7 +156,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse tokenResponse2 = oauth.doAccessTokenRequest(code);
// finally POST logout with VALID token should succeed
LogoutResponse response = oauth.doLogout(tokenResponse2.getRefreshToken(), "password");
LogoutResponse response = oauth.doLogout(tokenResponse2.getRefreshToken());
assertTrue(response.isSuccess());
assertNotNull(testingClient.testApp().getAdminLogoutAction());
@ -175,7 +175,7 @@ public class LogoutTest extends AbstractKeycloakTest {
oauth.client("test-app-scope", "password");
// Assert logout fails with 400 when trying to use different client credentials
LogoutResponse response = oauth.doLogout(refreshTokenString, "password");
LogoutResponse response = oauth.doLogout(refreshTokenString);
assertEquals(response.getStatusCode(), 400);
oauth.client("test-app", "password");
@ -225,7 +225,7 @@ public class LogoutTest extends AbstractKeycloakTest {
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT)
.build();
@ -268,7 +268,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
events.poll();
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT)
.build();
@ -307,7 +307,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT)
.build();
@ -353,7 +353,7 @@ public class LogoutTest extends AbstractKeycloakTest {
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
AccessToken accessToken = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(AccessToken.class);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT)
.build();

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
View File

@ -21,7 +21,6 @@ import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.admin.client.resource.RealmResource;
@ -45,7 +44,6 @@ import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LogoutConfirmPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.testsuite.util.AccountHelper;
import org.openqa.selenium.By;
@ -357,8 +355,7 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
.client(THIRD_PARTY_APP)
.assertEvent();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(res.getIdToken()).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(res.getIdToken()).open();
events.expectLogout(loginEvent.getSessionId()).client(THIRD_PARTY_APP).removeDetail(Details.REDIRECT_URI).assertEvent();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthRedirectUriTest.java
View File

@ -519,7 +519,7 @@ public class OAuthRedirectUriTest extends AbstractKeycloakTest {
Assert.assertEquals("Expected success, but got error: " + tokenResponse.getError(), 200, tokenResponse.getStatusCode());
oauth.doLogout(tokenResponse.getRefreshToken(), "password");
oauth.doLogout(tokenResponse.getRefreshToken());
}
}
}

21
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthScopeInTokenResponseTest.java
View File

@ -14,7 +14,6 @@ import jakarta.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
@ -54,7 +53,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope);
}
@Test
@ -71,7 +70,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope);
}
@Test
@ -106,13 +105,13 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
oauth.scope("phone");
oauth.doLogin(loginUser, loginPassword);
String code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, "phone", clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, "phone");
oauth.openLogout();
oauth.openLogoutForm();
oauth.scope(null);
oauth.doLogin(loginUser, loginPassword);
code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, "", clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, "");
for (ClientScopeRepresentation scope : scopes) {
client.addDefaultClientScope(scope.getId());
@ -173,7 +172,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope);
}
@Test
@ -202,7 +201,7 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope);
// Login with 'user' scope
requestedScope = "user address phone";
@ -213,13 +212,13 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
code = oauth.parseLoginResponse().getCode();
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope, clientSecret);
expectSuccessfulResponseFromTokenEndpoint(code, expectedScope);
// Cleanup
ApiUtil.findClientResourceByClientId(realmsResouce().realm("test"), "test-app").removeOptionalClientScope(userScopeId);
}
private void expectSuccessfulResponseFromTokenEndpoint(String code, String expectedScope, String clientSecret) throws Exception {
private void expectSuccessfulResponseFromTokenEndpoint(String code, String expectedScope) throws Exception {
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
assertEquals(200, response.getStatusCode());
log.info("expectedScopes = " + expectedScope);
@ -228,6 +227,6 @@ public class OAuthScopeInTokenResponseTest extends AbstractKeycloakTest {
Collection<String> receivedScopes = Arrays.asList(response.getScope().split(" "));
Assert.assertTrue(expectedScopes.containsAll(receivedScopes) && receivedScopes.containsAll(expectedScopes));
oauth.doLogout(response.getRefreshToken(), clientSecret);
oauth.doLogout(response.getRefreshToken());
}
}

10
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.java
View File

@ -320,7 +320,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertEquals(3, multiClaim.size());
assertThat(multiClaim, containsInAnyOrder("abc", "bcd", "cde"));
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
// undo mappers
@ -359,7 +359,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertNull(idToken.getOtherClaims().get("nested"));
assertNull(idToken.getOtherClaims().get("department"));
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
@ -417,7 +417,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
}
// logout
oauth.openLogout();
oauth.openLogoutForm();
// undo mappers
app = findClientByClientId(adminClient.realm("test"), "test-app");
@ -552,7 +552,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertNull(nulll);
oauth.verifyToken(response.getAccessToken());
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
// undo mappers
@ -577,7 +577,7 @@ public class OIDCProtocolMappersTest extends AbstractKeycloakTest {
assertNull(idToken.getOtherClaims().get("empty"));
assertNull(idToken.getOtherClaims().get("null"));
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
}
events.clear();
}

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
View File

@ -703,7 +703,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
response = oauth.doRefreshTokenRequest(response.getRefreshToken());
assertEquals(200, response.getStatusCode());
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
response = oauth.doRefreshTokenRequest(response.getRefreshToken());
@ -732,7 +732,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
assertEquals(200, offlineRefresh.getStatusCode());
// logout online session
LogoutResponse logoutResponse = oauth.scope(null).doLogout(response.getRefreshToken(), "secret1");
LogoutResponse logoutResponse = oauth.scope(null).doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
// assert the online session is gone
@ -778,7 +778,7 @@ public class OfflineTokenTest extends AbstractKeycloakTest {
session.sessions().getOfflineUserSession(session.realms().getRealmByName("test"), offlineToken.getSessionState()).getId(), String.class);
// logout offline session
LogoutResponse logoutResponse = oauth.doLogout(offlineTokenString, "secret1");
LogoutResponse logoutResponse = oauth.doLogout(offlineTokenString);
assertTrue(logoutResponse.isSuccess());
events.expectLogout(offlineUserSessionId)
.client("offline-client")

138
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java
View File

@ -141,8 +141,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open();
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
@ -155,8 +154,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
assertNotEquals(sessionId, sessionId2);
// Test also "state" parameter is included in the URL after logout. Make sure to use idTokenHint from the last login to match with current browser session
logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open();
events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId2)));
assertCurrentUrlEquals(redirectUri + "&state=something");
@ -175,8 +173,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
String idTokenString = tokenResponse.getIdToken();
try {
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open();
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
@ -189,8 +186,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
assertNotEquals(sessionId, sessionId2);
// Test also "state" parameter is included in the URL after logout. Make sure to use idTokenHint from the last login to match with current browser session
logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open();
events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId2)));
assertCurrentUrlEquals(redirectUri + "&state=something");
@ -209,8 +205,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).open();
events.expectLogout(sessionId).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
@ -225,8 +220,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
assertNotEquals(sessionId, sessionId2);
// Using idTokenHint of the 1st session. Logout confirmation is needed in such case. Test also "state" parameter is included in the URL after logout
logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(redirectUri).idTokenHint(idTokenString).state("something").open();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
events.expectLogoutError(Errors.SESSION_EXPIRED);
@ -247,8 +241,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// expire online user session
setTimeOffset(9999);
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open();
// should not throw an internal server error. But no logout event is sent as nothing was logged-out
appPage.assertCurrent();
@ -288,8 +281,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
loginPage.login(testUsername, testUserPassword);
//log out
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
@ -312,8 +304,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
// Try logout even if user already logged-out by admin. Should redirect back to the application, but no logout-event should be triggered
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open();
events.expectLogoutError(Errors.SESSION_EXPIRED);
assertCurrentUrlEquals(APP_REDIRECT_URI);
@ -322,9 +313,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
String sessionId2 = tokenResponse.getSessionState();
idTokenString = tokenResponse.getIdToken();
assertNotEquals(sessionId, sessionId2);
logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).open();
events.expectLogout(sessionId2).detail(Details.REDIRECT_URI, APP_REDIRECT_URI).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId2)));
}
@ -348,7 +337,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
String accessToken = tokenResponse.getAccessToken();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(accessToken).build());
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(accessToken).open();
events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).assertEvent();
@ -364,7 +353,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Logout should succeed with expired ID token, see KEYCLOAK-3399
setTimeOffset(60 * 60 * 24);
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(APP_REDIRECT_URI)
.build();
@ -387,7 +376,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
adminClient.realm("test").logoutAll();
// Logout with HTTP client. Logout should succeed with user already logged out, see KEYCLOAK-3399. But no logout event should be present
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
String logoutUrl = oauth.logoutForm()
.idTokenHint(idTokenString)
.postLogoutRedirectUri(APP_REDIRECT_URI)
.build();
@ -409,8 +398,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// Logout with "redirect_uri" parameter alone should fail
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).open();
errorPage.assertCurrent();
events.expectLogoutError(OAuthErrorException.INVALID_REQUEST).assertEvent();
@ -425,7 +413,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
String idTokenString = tokenResponse.getIdToken();
// Completely invalid redirect uri
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri("https://invalid").idTokenHint(idTokenString).build());
oauth.logoutForm().postLogoutRedirectUri("https://invalid").idTokenHint(idTokenString).open();
errorPage.assertCurrent();
events.expectLogoutError(OAuthErrorException.INVALID_REDIRECT_URI)
.client(AssertEvents.DEFAULT_CLIENT_ID)
@ -434,7 +422,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Redirect uri of different client in the realm should fail as well
String rootUrlClientRedirectUri = UriUtils.getOrigin(APP_REDIRECT_URI) + "/foo/bar";
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(rootUrlClientRedirectUri).idTokenHint(idTokenString).build());
oauth.logoutForm().postLogoutRedirectUri(rootUrlClientRedirectUri).idTokenHint(idTokenString).open();
errorPage.assertCurrent();
events.expectLogoutError(OAuthErrorException.INVALID_REDIRECT_URI)
.client(AssertEvents.DEFAULT_CLIENT_ID)
@ -453,13 +441,13 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Removed signature from id_token_hint
String idTokenHint = idTokenString.substring(0, idTokenString.lastIndexOf("."));
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).build());
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).open();
errorPage.assertCurrent();
events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).removeDetail(Details.REDIRECT_URI).assertEvent();
// Invalid signature
idTokenHint = idTokenHint + ".something";
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).build());
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenHint).open();
errorPage.assertCurrent();
events.expectLogoutError(OAuthErrorException.INVALID_TOKEN).removeDetail(Details.REDIRECT_URI).assertEvent();
@ -472,8 +460,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
@Test
public void logoutWithoutIdTokenHintWithoutPostLogoutRedirectUri() {
AccessTokenResponse tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.logoutForm().open();
// Assert logout confirmation page. Session still exists
logoutConfirmPage.assertCurrent();
@ -501,7 +488,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
public void logoutWithIdTokenHintWithoutPostLogoutRedirectUri() {
AccessTokenResponse tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().idTokenHint(tokenResponse.getIdToken()).build());
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
// Info page present. Link "back to the application" present
infoPage.assertCurrent();
@ -521,7 +508,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
public void logoutExpiredConfirmationAction() {
AccessTokenResponse tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
// Assert logout confirmation page. Session still exists
logoutConfirmPage.assertCurrent();
@ -552,7 +539,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
public void logoutExpiredConfirmationAuthSession() {
AccessTokenResponse tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
// Assert logout confirmation page. Session still exists
logoutConfirmPage.assertCurrent();
@ -582,7 +569,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
public void logoutExpiredConfirmationAuthSessionWithClient() {
AccessTokenResponse tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().clientId("test-app").build());
oauth.logoutForm().withClientId().open();
// Assert logout confirmation page. Session still exists
logoutConfirmPage.assertCurrent();
@ -610,8 +597,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser(true);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).state("somethingg").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(idTokenString).state("somethingg").open();
// Logout confirmation page not shown as id_token_hint was included.
// Redirected back to the application with expected "state"
@ -630,8 +616,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
try (RealmAttributeUpdater updater = new RealmAttributeUpdater(testRealm()).addSupportedLocale("cs").update()) {
AccessTokenResponse tokenResponse = loginUser(false);
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().clientId("test-app").uiLocales("cs").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().withClientId().uiLocales("cs").open();
// Assert logout confirmation page. Session still exists. Assert czech language on logout page
Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out
@ -657,7 +642,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
String idTokenString = tokenResponse.getIdToken();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().clientId("test-app").build());
oauth.logoutForm().withClientId().open();
// Assert logout confirmation page. Session still exists
logoutConfirmPage.assertCurrent();
@ -685,13 +670,11 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// logout url with no parameters, client is the account app
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
// change logout to our app with redirect uri
logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).clientId("test-app").state("somethingg").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).state("somethingg").withClientId().open();
// Assert logout confirmation page as id_token_hint was not sent. Session still exists. Assert default language on logout page (English)
logoutConfirmPage.assertCurrent();
@ -712,12 +695,11 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// Test logout with all of "client_id", "id_token_hint" and "post_logout_redirect_uri". Logout should work without confirmation
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
oauth.logoutForm()
.postLogoutRedirectUri(APP_REDIRECT_URI)
.clientId("test-app")
.idTokenHint(tokenResponse.getIdToken())
.state("somethingg").build();
driver.navigate().to(logoutUrl);
.withClientId()
.state("somethingg").open();
// Logout done and redirected back to the application with expected "state"
events.expectLogout(tokenResponse.getSessionState()).assertEvent();
@ -725,11 +707,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
assertCurrentUrlEquals(APP_REDIRECT_URI + "?state=somethingg");
// Test logout only with "client_id" and "post_logout_redirect_uri". Should automatically redirect as there is no logout (No active browser session)
logoutUrl = oauth.getEndpoints().getLogoutBuilder()
oauth.logoutForm()
.postLogoutRedirectUri(APP_REDIRECT_URI)
.clientId("test-app")
.state("something2").build();
driver.navigate().to(logoutUrl);
.withClientId()
.state("something2").open();
events.assertEmpty();
assertCurrentUrlEquals(APP_REDIRECT_URI + "?state=something2");
@ -785,11 +766,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// Case when client_id points to different client than ID Token.
String logoutUrl = oauth.getEndpoints().getLogoutBuilder()
oauth.client("third-party").logoutForm()
.postLogoutRedirectUri(APP_REDIRECT_URI)
.clientId("third-party")
.idTokenHint(tokenResponse.getIdToken()).build();
driver.navigate().to(logoutUrl);
.withClientId()
.idTokenHint(tokenResponse.getIdToken()).open();
errorPage.assertCurrent();
Assert.assertEquals("Invalid parameter: id_token_hint", errorPage.getError());
@ -798,10 +778,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState())));
// Case when client_id is non-existing client and redirect uri of different client is used
logoutUrl = oauth.getEndpoints().getLogoutBuilder()
oauth.client("non-existing").logoutForm()
.postLogoutRedirectUri(APP_REDIRECT_URI)
.clientId("non-existing").build();
driver.navigate().to(logoutUrl);
.withClientId()
.open();
errorPage.assertCurrent();
Assert.assertEquals("Invalid redirect uri", errorPage.getError());
@ -810,9 +790,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState())));
// Case when client_id is non-existing client. Confirmation is needed.
logoutUrl = oauth.getEndpoints().getLogoutBuilder()
.clientId("non-existing").build();
driver.navigate().to(logoutUrl);
oauth.client("non-existing").logoutForm().withClientId().open();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
@ -848,7 +826,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
postParams.put(OIDCLoginProtocol.POST_LOGOUT_REDIRECT_URI_PARAM, redirectUri);
postParams.put(OIDCLoginProtocol.ID_TOKEN_HINT, idTokenString);
postParams.put(OAuth2Constants.STATE, "my-state");
URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogoutBuilder().build(), postParams);
URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogout(), postParams);
events.expectLogout(tokenResponse.getSessionState()).detail(Details.REDIRECT_URI, redirectUri).assertEvent();
MatcherAssert.assertThat(false, is(isSessionActive(sessionId)));
@ -863,7 +841,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
postParams.put(OAuth2Constants.CLIENT_ID, "test-app");
postParams.put(OAuth2Constants.STATE, "my-state-2");
postParams.put(OIDCLoginProtocol.UI_LOCALES_PARAM, "cs");
URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogoutBuilder().build(), postParams);
URLUtils.sendPOSTRequestWithWebDriver(oauth.getEndpoints().getLogout(), postParams);
Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out
Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText());
@ -884,12 +862,12 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Set localization to the user account to "cs". Ensure that it is shown
try (UserAttributeUpdater userUpdater = UserAttributeUpdater.forUserByUsername(testRealm(), "test-user@localhost").setAttribute(UserModel.LOCALE, "cs").update()) {
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out
Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText());
// Set localization together with ui_locales param. User localization should have preference
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build());
oauth.logoutForm().uiLocales("de").open();
Assert.assertEquals("Odhlašování", PageUtils.getPageTitle(driver)); // Logging out
Assert.assertEquals("Čeština", logoutConfirmPage.getLanguageDropdownText());
}
@ -897,7 +875,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
UserAttributeUpdater.forUserByUsername(testRealm(), "test-user@localhost").removeAttribute(UserModel.LOCALE).update();
// Removed localization from user account. Now localization set by ui_locales parameter should be used
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build());
oauth.logoutForm().uiLocales("de").open();
Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out
Assert.assertEquals("Deutsch", logoutConfirmPage.getLanguageDropdownText());
logoutConfirmPage.confirmLogout();
@ -906,7 +884,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Remove ui_locales from logout request. Default locale should be set
tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.logoutForm().open();
Assert.assertEquals("Logging out", PageUtils.getPageTitle(driver));
Assert.assertEquals("English", logoutConfirmPage.getLanguageDropdownText());
logoutConfirmPage.confirmLogout();
@ -922,7 +900,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// Display the logout page. Then change the localization to Czech, then back to english and then and logout
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().build());
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.openLanguage("Čeština");
@ -948,10 +926,10 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Display logout with ui_locales parameter set to "de"
tokenResponse = loginUser();
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder()
.clientId("test-app")
oauth.logoutForm()
.withClientId()
.uiLocales("de")
.build());
.open();
Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out
Assert.assertEquals("Deutsch", logoutConfirmPage.getLanguageDropdownText());
@ -991,7 +969,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
// Display the logout page. Then change the localization to Czech and logout
driver.navigate().to(oauth.getEndpoints().getLogoutBuilder().uiLocales("de").build());
oauth.logoutForm().uiLocales("de").open();
Assert.assertEquals("Abmelden", PageUtils.getPageTitle(driver)); // Logging out
logoutConfirmPage.openLanguage("English");
@ -1019,8 +997,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
try (Closeable accountClientUpdater = ClientAttributeUpdater.forClient(adminClient, "test", oauth.getClientId())
.setEnabled(false).update()) {
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).clientId("test-app").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).withClientId().open();
MatcherAssert.assertThat(true, is(isSessionActive(tokenResponse.getSessionState())));
events.assertEmpty();
@ -1041,8 +1018,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
try (Closeable accountClientUpdater = ClientAttributeUpdater.forClient(adminClient, "test", Constants.ACCOUNT_MANAGEMENT_CLIENT_ID)
.setEnabled(false)
.update()) {
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
events.assertEmpty();
logoutConfirmPage.assertCurrent();
@ -1071,8 +1047,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
// Remove client after login of user
testRealm().clients().get(uuid).remove();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(tokenResponse.getIdToken()).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(APP_REDIRECT_URI).idTokenHint(tokenResponse.getIdToken()).open();
// Invalid redirect URI page is shown. It was not possible to verify post_logout_redirect_uri due the client was removed
errorPage.assertCurrent();
@ -1116,8 +1091,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse tokenResponse = loginUser();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().postLogoutRedirectUri(postLogoutRedirectUri).clientId("test-app").build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().postLogoutRedirectUri(postLogoutRedirectUri).withClientId().open();
// Assert logout confirmation page as id_token_hint was not sent. Session still exists. Assert default language on logout page (English)
logoutConfirmPage.assertCurrent();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
View File

@ -1063,7 +1063,7 @@ public class RefreshTokenTest extends AbstractKeycloakTest {
public void refreshTokenAfterUserLogoutAndLoginAgain() {
String refreshToken1 = loginAndForceNewLoginPage();
oauth.doLogout(refreshToken1, "password");
oauth.doLogout(refreshToken1);
events.clear();
try {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
View File

@ -444,7 +444,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
.detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID)
.assertEvent();
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret");
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
events.expectLogout(accessToken.getSessionState()).client("resource-owner").removeDetail(Details.REDIRECT_URI).assertEvent();

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ServiceAccountTest.java
View File

@ -228,7 +228,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
.detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID)
.assertEvent();
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
events.expectLogout(accessToken.getSessionState())
.client("service-account-cl-refresh-on")
@ -531,7 +531,7 @@ public class ServiceAccountTest extends AbstractKeycloakTest {
assertEquals(200, response.getStatusCode());
assertEquals("service-account-service-account-cl-refresh-on", info.getPreferredUsername());
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenEndpointCorsTest.java
View File

@ -5,7 +5,6 @@ import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpOptions;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.OAuth2Constants;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.cors.Cors;
import org.keycloak.testsuite.AbstractKeycloakTest;
@ -89,7 +88,7 @@ public class TokenEndpointCorsTest extends AbstractKeycloakTest {
oauth.origin(VALID_CORS_URL);
// No session
oauth.idTokenHint(response.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(response.getIdToken()).open();
response = oauth.doRefreshTokenRequest(response.getRefreshToken());
assertEquals(400, response.getStatusCode());
assertCors(response);

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java
View File

@ -226,7 +226,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage();
String refreshToken1 = accessTokenResponse.getRefreshToken();
oauth.doLogout(refreshToken1, "password");
oauth.doLogout(refreshToken1);
events.clear();
setTimeOffset(2);
@ -395,7 +395,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
oauth.doLogout(accessTokenResponse.getRefreshToken());
oauth.client("confidential-cli", "secret1");
TokenMetadataRepresentation rep = oauth.doIntrospectionAccessTokenRequest(accessTokenResponse.getAccessToken()).asTokenMetadata();

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java
View File

@ -273,7 +273,7 @@ public class TokenRevocationTest extends AbstractKeycloakTest {
isTokenEnabled(tokenResponse, "test-app");
oauth.doLogout(tokenResponse.getRefreshToken(), "password");
oauth.doLogout(tokenResponse.getRefreshToken());
isTokenDisabled(tokenResponse, "test-app");

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java
View File

@ -562,7 +562,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
LogoutResponse response = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
response = oauth.doLogout(refreshTokenString, "password");
response = oauth.doLogout(refreshTokenString);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {
@ -581,7 +581,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
LogoutResponse response = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithoutKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
response = oauth.doLogout(refreshTokenString, "password");
response = oauth.doLogout(refreshTokenString);
} catch (IOException ioe) {
throw new RuntimeException(ioe);
} finally {

12
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/par/ParTest.java
View File

@ -204,7 +204,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
// Logout
oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
oauth.doLogout(refreshResponse.getRefreshToken());
refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken());
assertEquals(400, refreshResponse.getStatusCode());
@ -283,7 +283,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
// Logout
oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
oauth.doLogout(refreshResponse.getRefreshToken());
refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken());
assertEquals(400, refreshResponse.getStatusCode());
@ -656,7 +656,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertTrue(token.getScope().contains("profile"));
// Logout
oauth.doLogout(res.getRefreshToken(), clientSecret); // same oauth instance is used so that this logout is needed to send authz request consecutively.
oauth.doLogout(res.getRefreshToken()); // same oauth instance is used so that this logout is needed to send authz request consecutively.
// Authorization Request with request_uri of PAR #1
// remove parameters as query strings of uri
@ -714,7 +714,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertEquals(OIDCLoginProtocol.CLIENT_SECRET_BASIC, oidcC2Rep.getTokenEndpointAuthMethod());
// Pushed Authorization Request #1
oauth.clientId(clientId);
oauth.client(clientId, clientSecret);
oauth.redirectUri(CLIENT_REDIRECT_URI);
ParResponse pResp = oauth.doPushedAuthorizationRequest(clientId, clientSecret);
assertEquals(201, pResp.getStatusCode());
@ -758,7 +758,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertTrue(token.getScope().contains("profile"));
// Logout
oauth.doLogout(res.getRefreshToken(), client2Secret); // same oauth instance is used so that this logout is needed to send authz request consecutively.
oauth.doLogout(res.getRefreshToken()); // same oauth instance is used so that this logout is needed to send authz request consecutively.
// Authorization Request with request_uri of PAR #1
// remove parameters as query strings of uri
@ -1300,7 +1300,7 @@ public class ParTest extends AbstractClientPoliciesTest {
assertEquals(findUserByUsername(adminClient.realm(REALM_NAME), TEST_USER_NAME).getId(), refreshedToken.getSubject());
// Logout
oauth.doLogout(refreshResponse.getRefreshToken(), clientSecret);
oauth.doLogout(refreshResponse.getRefreshToken());
refreshResponse = oauth.doRefreshTokenRequest(refreshResponse.getRefreshToken());
assertEquals(400, refreshResponse.getStatusCode());
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/AbstractSubjectImpersonationTokenExchangeTest.java
View File

@ -45,7 +45,6 @@ import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.JsonSerialization;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.instanceOf;
@ -368,7 +367,7 @@ public abstract class AbstractSubjectImpersonationTokenExchangeTest extends Abst
));
org.junit.Assert.assertEquals(Response.Status.FORBIDDEN.getStatusCode(), response.getStatus());
oauth.idTokenHint(tokenResponse.getIdToken()).openLogout();
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).open();
oauth.client("direct-public", "secret");
authzResponse = oauth.doLogin("user", "password");
tokenResponse = oauth.doAccessTokenRequest(authzResponse.getCode());

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV1Test.java
View File

@ -476,9 +476,8 @@ public class StandardTokenExchangeV1Test extends AbstractKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
String idTokenString = tokenResponse.getIdToken();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT).build();
driver.navigate().to(logoutUrl);
oauth.logoutForm().idTokenHint(idTokenString)
.postLogoutRedirectUri(oauth.APP_AUTH_ROOT).open();
logoutToken = testingClient.testApp().getBackChannelRawLogoutToken();
Assert.assertNotNull(logoutToken);
AccessTokenResponse response = oauth.doTokenExchange(logoutToken, "target", "direct-legal", "secret");

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java
View File

@ -445,7 +445,7 @@ public class AcrAuthFlowTest extends AbstractOIDCScopeTest{
*/
private void logout(String userId, Tokens tokens){
// Logout
oauth.doLogout(tokens.refreshToken, CLIENT_SECRET);
oauth.doLogout(tokens.refreshToken);
events.expectLogout(tokens.idToken.getSessionState())
.client(CLIENT_ID)
.user(userId)

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java
View File

@ -477,7 +477,7 @@ public class AuthenticationMethodReferenceTest extends AbstractOIDCScopeTest{
*/
private void logout(String userId, Tokens tokens){
// Logout
oauth.doLogout(tokens.refreshToken, CLIENT_SECRET);
oauth.doLogout(tokens.refreshToken);
events.expectLogout(tokens.idToken.getSessionState())
.client(CLIENT_ID)
.user(userId)

6
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/LightWeightAccessTokenTest.java
View File

@ -330,7 +330,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest {
oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET);
deletePolicy(POLICY_NAME);
oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
oauth.doLogout(tokenResponse.getRefreshToken());
authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
tokenResponse = oauth.doAccessTokenRequest(authsEndpointResponse.getCode());
@ -397,7 +397,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest {
oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET);
alwaysUseLightWeightAccessToken(false);
oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
oauth.doLogout(tokenResponse.getRefreshToken());
authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
tokenResponse = oauth.doAccessTokenRequest(authsEndpointResponse.getCode());
@ -458,7 +458,7 @@ public class LightWeightAccessTokenTest extends AbstractClientPoliciesTest {
oauth.client(TEST_CLIENT, TEST_CLIENT_SECRET);
alwaysUseLightWeightAccessToken(false);
oauth.doLogout(tokenResponse.getRefreshToken(), TEST_CLIENT_SECRET);
oauth.doLogout(tokenResponse.getRefreshToken());
authsEndpointResponse = oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java
View File

@ -1328,7 +1328,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
client.close();
}
oauth.doLogout(accessTokenResponse.getRefreshToken(), "password");
oauth.doLogout(accessTokenResponse.getRefreshToken());
events.expectLogout(accessTokenResponse.getSessionState()).client("test-app").clearDetails().assertEvent();
@ -1412,8 +1412,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
String code = oauth.parseLoginResponse().getCode();
String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken();
oauth.idTokenHint(idTokenHint);
oauth.openLogout();
oauth.logoutForm().idTokenHint(idTokenHint).open();
oauth = oauth.request(createEncryptedRequestObject(RSA_OAEP_256));
oauth.doLogin("test-user@localhost", "password");
assertTrue(appPage.isCurrent());
@ -1452,8 +1451,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
String code = oauth.parseLoginResponse().getCode();
String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken();
oauth.idTokenHint(idTokenHint);
oauth.openLogout();
oauth.logoutForm().idTokenHint(idTokenHint).open();
oauth = oauth.request(createEncryptedRequestObject(RSA_OAEP_256));
oauth.doLogin("test-user@localhost", "password");
assertTrue(appPage.isCurrent());

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java
View File

@ -237,7 +237,7 @@ public class OIDCDynamicScopeTest extends OIDCScopeTest {
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile " + expectedRoleScopes, "test-app");
Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
oauth.doLogout(tokens.refreshToken, "password");
oauth.doLogout(tokens.refreshToken);
events.expectLogout(tokens.idToken.getSessionState())
.client("test-app")
.user(userId)

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java
View File

@ -192,7 +192,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
assertMicroprofile(tokens.accessToken, false);
// Logout
oauth.doLogout(tokens.refreshToken, "password");
oauth.doLogout(tokens.refreshToken);
events.expectLogout(idToken.getSessionState())
.client("test-app")
.user(userId)
@ -306,7 +306,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
assertPhone(idToken, false);
// Logout
oauth.doLogout(tokens.refreshToken, "password");
oauth.doLogout(tokens.refreshToken);
events.expectLogout(idToken.getSessionState())
.client("test-app")
.user(userId)
@ -363,7 +363,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
assertPhone(idToken, false);
// Logout
oauth.doLogout(tokens.refreshToken, "password");
oauth.doLogout(tokens.refreshToken);
events.expectLogout(idToken.getSessionState())
.client("third-party")
.user(userId)
@ -665,7 +665,7 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile " + expectedRoleScopes, "test-app");
Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
oauth.doLogout(tokens.refreshToken, "password");
oauth.doLogout(tokens.refreshToken);
events.expectLogout(tokens.idToken.getSessionState())
.client("test-app")
.user(userId)

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
View File

@ -601,7 +601,7 @@ public class UserInfoTest extends AbstractKeycloakTest {
org.keycloak.testsuite.util.oauth.AccessTokenResponse accessTokenResponse = loginAndForceNewLoginPage();
String refreshToken1 = accessTokenResponse.getRefreshToken();
oauth.doLogout(refreshToken1, "password");
oauth.doLogout(refreshToken1);
events.clear();
setTimeOffset(2);

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/TestAppHelper.java
View File

@ -103,7 +103,7 @@ public class TestAppHelper {
public boolean logout() {
try {
return oauth.doLogout(refreshToken, "password").isSuccess();
return oauth.doLogout(refreshToken).isSuccess();
} catch (RuntimeException e) {
return false;
}

3
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AbstractWebAuthnVirtualTest.java
View File

@ -387,8 +387,7 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
protected void logout() {
try {
waitForPageToLoad();
String logoutUrl = oauth.getEndpoints().getLogoutBuilder().build();
driver.navigate().to(logoutUrl);
oauth.openLogoutForm();
logoutConfirmPage.assertCurrent();
logoutConfirmPage.confirmLogout();
infoPage.assertCurrent();