External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Add openid scope in Allowed Client Scopes options of client registration access policies

Browse Source 
Closes #42339

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
Co-authored-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
This commit is contained in:
KONSTANTINOS GEORGILAKIS 2025-09-11 17:04:31 +03:00 committed by GitHub
parent 6a202146b4
commit b6cee86e74
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
services/src/main/java/org/keycloak/services/clientregistration/policy/impl/ClientScopesClientRegistrationPolicyFactory.java
View File

@ -22,6 +22,7 @@ import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import org.keycloak.OAuth2Constants;
import org.keycloak.component.ComponentModel;
import org.keycloak.component.ComponentValidationException;
import org.keycloak.models.ClientScopeModel;
@ -88,7 +89,12 @@ public class ClientScopesClientRegistrationPolicyFactory extends AbstractClientR
if (realm == null) {
return Collections.emptyList();
} else {
return realm.getClientScopesStream().map(ClientScopeModel::getName).collect(Collectors.toList());
List<String> scopes = realm.getClientScopesStream().map(ClientScopeModel::getName).collect(Collectors.toList());
//add openid scope if not exists
if (!scopes.contains(OAuth2Constants.SCOPE_OPENID)) {
scopes.add(OAuth2Constants.SCOPE_OPENID);
}
return scopes;
}
}

1
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationPoliciesTest.java
View File

@ -383,6 +383,7 @@ public class ClientRegistrationPoliciesTest extends AbstractClientRegistrationTe
List<String> clientScopes = getProviderConfigProperty(clientScopeRep, ClientScopesClientRegistrationPolicyFactory.ALLOWED_CLIENT_SCOPES);
Assert.assertFalse(clientScopes.isEmpty());
Assert.assertTrue(clientScopes.contains(OAuth2Constants.SCOPE_PROFILE));
Assert.assertTrue(clientScopes.contains(OAuth2Constants.SCOPE_OPENID));
Assert.assertFalse(clientScopes.contains("foo"));
Assert.assertFalse(clientScopes.contains("bar"));