diff --git a/CHANGELOG.md b/CHANGELOG.md index 62985bc76..fc86b7641 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Allow executions of same provider with different configurations in Sub-Auth-Flows - Fix enabling a realm clears the value of eventsExpiration +- Display names and icon URIs of authorization scopes are now imported alongside scope name ## [6.1.11] - 2024-10-14 diff --git a/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java b/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java index 8b89e4a47..4b0de62df 100644 --- a/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java +++ b/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java @@ -210,10 +210,10 @@ private String getResourceId(ClientResource clientResource, String resourceName) .orElse(null)); } - public void addAuthorizationScope(String realmName, String id, String name) { + public void addAuthorizationScope(String realmName, String id, ScopeRepresentation scope) { ClientResource clientResource = getResourceById(realmName, id); - try (Response response = clientResource.authorization().scopes().create(new ScopeRepresentation(name))) { + try (Response response = clientResource.authorization().scopes().create(scope)) { CreatedResponseUtil.getCreatedId(response); } } diff --git a/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java b/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java index 5532832f3..c691ff42b 100644 --- a/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java +++ b/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java @@ -372,18 +372,17 @@ private void createOrUpdateAuthorizationScope( Map existingClientAuthorizationScopesMap, ScopeRepresentation authorizationScopeToImport ) { - String authorizationScopeNameToImport = authorizationScopeToImport.getName(); if (!existingClientAuthorizationScopesMap.containsKey(authorizationScopeToImport.getName())) { logger.debug("Add authorization scope '{}' for client '{}' in realm '{}'", - authorizationScopeNameToImport, getClientIdentifier(client), realmName + authorizationScopeToImport.getName(), getClientIdentifier(client), realmName ); clientRepository.addAuthorizationScope( - realmName, client.getId(), authorizationScopeNameToImport + realmName, client.getId(), authorizationScopeToImport ); } else { updateAuthorizationScope( realmName, client, existingClientAuthorizationScopesMap, - authorizationScopeToImport, authorizationScopeNameToImport + authorizationScopeToImport ); } } @@ -392,16 +391,15 @@ private void updateAuthorizationScope( String realmName, ClientRepresentation client, Map existingClientAuthorizationScopesMap, - ScopeRepresentation authorizationScopeToImport, - String authorizationScopeNameToImport + ScopeRepresentation authorizationScopeToImport ) { ScopeRepresentation existingClientAuthorizationScope = existingClientAuthorizationScopesMap - .get(authorizationScopeNameToImport); + .get(authorizationScopeToImport.getName()); if (!CloneUtil.deepEquals(authorizationScopeToImport, existingClientAuthorizationScope, "id")) { authorizationScopeToImport.setId(existingClientAuthorizationScope.getId()); logger.debug("Update authorization scope '{}' for client '{}' in realm '{}'", - authorizationScopeNameToImport, getClientIdentifier(client), realmName); + authorizationScopeToImport.getName(), getClientIdentifier(client), realmName); clientRepository.updateAuthorizationScope(realmName, client.getId(), authorizationScopeToImport); } diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java index cb15172af..d44a289b4 100644 --- a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java +++ b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java @@ -707,12 +707,24 @@ void shouldUpdateRealmAddAuthorization() throws IOException { assertThat(authorizationSettingsPolicy.getConfig(), hasEntry(equalTo("applyPolicies"), equalTo("[\"All Users Policy\"]"))); assertThat(authorizationSettings.getScopes(), hasSize(4)); - assertThat(authorizationSettings.getScopes(), containsInAnyOrder( - new ScopeRepresentation("urn:servlet-authz:protected:admin:access"), - new ScopeRepresentation("urn:servlet-authz:protected:resource:access"), - new ScopeRepresentation("urn:servlet-authz:page:main:actionForAdmin"), - new ScopeRepresentation("urn:servlet-authz:page:main:actionForUser") - )); + List authorizationSettingsScopes = authorizationSettings.getScopes(); + ScopeRepresentation authorizationScope; + + authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:protected:admin:access"); + assertThat(authorizationScope.getDisplayName(), is("Admin access")); + assertThat(authorizationScope.getIconUri(), nullValue()); + + authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:protected:resource:access"); + assertThat(authorizationScope.getDisplayName(), is("Resource access")); + assertThat(authorizationScope.getIconUri(), nullValue()); + + authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:page:main:actionForAdmin"); + assertThat(authorizationScope.getDisplayName(), is("Action for admin")); + assertThat(authorizationScope.getIconUri(), nullValue()); + + authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:page:main:actionForUser"); + assertThat(authorizationScope.getDisplayName(), is("Action for user")); + assertThat(authorizationScope.getIconUri(), is("https://www.keycloak.org/resources/favicon.ico")); client = getClientByName(realm, "missing-id-client"); assertThat(client.getName(), is("missing-id-client")); @@ -2609,6 +2621,14 @@ private PolicyRepresentation getAuthorizationPolicy(List a .orElse(null); } + private ScopeRepresentation getAuthorizationScope(List authorizationSettings, String name) { + return authorizationSettings + .stream() + .filter(s -> Objects.equals(s.getName(), name)) + .findFirst() + .orElse(null); + } + private IdentityProviderRepresentation getIdentityProviderByAlias(RealmRepresentation realm, String alias) { return realm.getIdentityProviders() .stream() diff --git a/src/test/resources/import-files/clients/11_update_realm__add_authorization.json b/src/test/resources/import-files/clients/11_update_realm__add_authorization.json index 4c85f419c..20eb42adc 100644 --- a/src/test/resources/import-files/clients/11_update_realm__add_authorization.json +++ b/src/test/resources/import-files/clients/11_update_realm__add_authorization.json @@ -160,16 +160,21 @@ ], "scopes": [ { - "name": "urn:servlet-authz:protected:admin:access" + "name": "urn:servlet-authz:protected:admin:access", + "displayName": "Admin access" }, { - "name": "urn:servlet-authz:protected:resource:access" + "name": "urn:servlet-authz:protected:resource:access", + "displayName": "Resource access" }, { - "name": "urn:servlet-authz:page:main:actionForAdmin" + "name": "urn:servlet-authz:page:main:actionForAdmin", + "displayName": "Action for admin" }, { - "name": "urn:servlet-authz:page:main:actionForUser" + "name": "urn:servlet-authz:page:main:actionForUser", + "displayName": "Action for user", + "iconUri": "https://www.keycloak.org/resources/favicon.ico" } ] }