[WIP] DEVORTEX-3094#4
Open
ashevel-smartling wants to merge 31 commits into
Open
Conversation
…Keycloak NodeJS Adapter
Fix regression causing service calls to clients not configured as bearer-only to fail. Fix a session corruption bug when both the session cookie and an authorization bearer token are present on a request.
…formatting errors
…" from URL after login" This reverts commit 01cf8a6.
…" from URL after login
…ntials', when client_id is missing
grant_type refresh_token throws 'invalid_client_credentials', when
client_id is not a part of openid-connect/token request
When token is renewed on POST request to
'/auth/realms/master/protocol/openid-connect/token', RHEL-SSO 7.1 throws
back error as below.
{"error":"unauthorized_client","error_description":"UNKNOWN_CLIENT:
Client was not identified by any client authenticator"}
This is fixed by adding client_id to the http request getting token
renewed.
This adds the build POM and assembly XMLs from the downstream repo, with some improvements to the POM. Notably, jsonpath-maven-plugin and PME replace the overly hacky ant string replacement logic for package.json As this is only intended for building the product, there aren't community and product profiles. Since the product build pom depends on mvn properties, I have included prod-arguments.json from KEYCLOAK-6909 in this same commit. This will allow a build pipeline to substitute the appropriate values for things like the NPM registry. The community build is unaffected by this change. All the new files are kept in a seperate product/ directory.
The PR for KEYCLOAK-6909 (keycloak#121) was modified to put the new stuff in a subdirectory. I omitted to check that the pom would actually build from this new location, and it doesn't. In a couple places I've added a `../` so that the paths point to the repo root again, so the build actually works now. Sorry for not checking this before.
Further to KEYCLOAK-7193 and KEYCLOAK-6909. prod-arguments.json defines a couple PME jsonUpdate paths. It turns out these paths are resolved relative to the pom location, not the current working directory, so ../ must be added to compensate for the maven stuff being located in a subdirectory.
Note: We no longer need nsp, once npm audit replaced it
While validateGrant, a refresh_token may be validated as access_token (easy to do with bearer-only api) This fix add a type checking on attribute 'typ' on the token. Three kinds of token can be validated: - Bearer: access_token - Refresh: refresh_token - ID: id_token
The `next` callback was not being passed in this instance of `keycloak.accessDenied` (as opposed to the similar call on L27). This means that implementations cannot easily handle the error using standard express error handling mechanisms.
ashevel-smartling
force-pushed
the
DEVORTEX-3094
branch
from
32c0762 to
a3f9e5d
Compare
ashevel-smartling
force-pushed
the
DEVORTEX-3094
branch
from
08ab7c5 to
9946b62
Compare
ashevel-smartling
force-pushed
the
DEVORTEX-3094
branch
from
9946b62 to
1cbf091
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.