adorsys · AssahBismarkabah · Jan 27, 2025 · Nov 2, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - Allow executions of same provider with different configurations in Sub-Auth-Flows
 - Fix enabling a realm clears the value of eventsExpiration
+- Display names and icon URIs of authorization scopes are now imported alongside scope name
 
 ## [6.1.11] - 2024-10-14
 

diff --git a/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java b/src/main/java/de/adorsys/keycloak/config/repository/ClientRepository.java
@@ -210,10 +210,10 @@ private String getResourceId(ClientResource clientResource, String resourceName)
                     .orElse(null));
     }
 
-    public void addAuthorizationScope(String realmName, String id, String name) {
+    public void addAuthorizationScope(String realmName, String id, ScopeRepresentation scope) {
         ClientResource clientResource = getResourceById(realmName, id);
 
-        try (Response response = clientResource.authorization().scopes().create(new ScopeRepresentation(name))) {
+        try (Response response = clientResource.authorization().scopes().create(scope)) {
             CreatedResponseUtil.getCreatedId(response);
         }
     }

diff --git a/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java b/src/main/java/de/adorsys/keycloak/config/service/ClientAuthorizationImportService.java
@@ -372,18 +372,17 @@ private void createOrUpdateAuthorizationScope(
             Map<String, ScopeRepresentation> existingClientAuthorizationScopesMap,
             ScopeRepresentation authorizationScopeToImport
     ) {
-        String authorizationScopeNameToImport = authorizationScopeToImport.getName();
         if (!existingClientAuthorizationScopesMap.containsKey(authorizationScopeToImport.getName())) {
             logger.debug("Add authorization scope '{}' for client '{}' in realm '{}'",
-                    authorizationScopeNameToImport, getClientIdentifier(client), realmName
+                    authorizationScopeToImport.getName(), getClientIdentifier(client), realmName
             );
             clientRepository.addAuthorizationScope(
-                    realmName, client.getId(), authorizationScopeNameToImport
+                    realmName, client.getId(), authorizationScopeToImport
             );
         } else {
             updateAuthorizationScope(
                     realmName, client, existingClientAuthorizationScopesMap,
-                    authorizationScopeToImport, authorizationScopeNameToImport
+                    authorizationScopeToImport
             );
         }
     }
@@ -392,16 +391,15 @@ private void updateAuthorizationScope(
             String realmName,
             ClientRepresentation client,
             Map<String, ScopeRepresentation> existingClientAuthorizationScopesMap,
-            ScopeRepresentation authorizationScopeToImport,
-            String authorizationScopeNameToImport
+            ScopeRepresentation authorizationScopeToImport
     ) {
         ScopeRepresentation existingClientAuthorizationScope = existingClientAuthorizationScopesMap
-                .get(authorizationScopeNameToImport);
+                .get(authorizationScopeToImport.getName());
 
         if (!CloneUtil.deepEquals(authorizationScopeToImport, existingClientAuthorizationScope, "id")) {
             authorizationScopeToImport.setId(existingClientAuthorizationScope.getId());
             logger.debug("Update authorization scope '{}' for client '{}' in realm '{}'",
-                    authorizationScopeNameToImport, getClientIdentifier(client), realmName);
+                    authorizationScopeToImport.getName(), getClientIdentifier(client), realmName);
 
             clientRepository.updateAuthorizationScope(realmName, client.getId(), authorizationScopeToImport);
         }

diff --git a/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java b/src/test/java/de/adorsys/keycloak/config/service/ImportClientsIT.java
@@ -707,12 +707,24 @@ void shouldUpdateRealmAddAuthorization() throws IOException {
         assertThat(authorizationSettingsPolicy.getConfig(), hasEntry(equalTo("applyPolicies"), equalTo("[\"All Users Policy\"]")));
 
         assertThat(authorizationSettings.getScopes(), hasSize(4));
-        assertThat(authorizationSettings.getScopes(), containsInAnyOrder(
-                new ScopeRepresentation("urn:servlet-authz:protected:admin:access"),
-                new ScopeRepresentation("urn:servlet-authz:protected:resource:access"),
-                new ScopeRepresentation("urn:servlet-authz:page:main:actionForAdmin"),
-                new ScopeRepresentation("urn:servlet-authz:page:main:actionForUser")
-        ));
+        List<ScopeRepresentation> authorizationSettingsScopes = authorizationSettings.getScopes();
+        ScopeRepresentation authorizationScope;
+
+        authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:protected:admin:access");
+        assertThat(authorizationScope.getDisplayName(), is("Admin access"));
+        assertThat(authorizationScope.getIconUri(), nullValue());
+
+        authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:protected:resource:access");
+        assertThat(authorizationScope.getDisplayName(), is("Resource access"));
+        assertThat(authorizationScope.getIconUri(), nullValue());
+
+        authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:page:main:actionForAdmin");
+        assertThat(authorizationScope.getDisplayName(), is("Action for admin"));
+        assertThat(authorizationScope.getIconUri(), nullValue());
+
+        authorizationScope = getAuthorizationScope(authorizationSettingsScopes, "urn:servlet-authz:page:main:actionForUser");
+        assertThat(authorizationScope.getDisplayName(), is("Action for user"));
+        assertThat(authorizationScope.getIconUri(), is("https://www.keycloak.org/resources/favicon.ico"));
 
         client = getClientByName(realm, "missing-id-client");
         assertThat(client.getName(), is("missing-id-client"));
@@ -2609,6 +2621,14 @@ private PolicyRepresentation getAuthorizationPolicy(List<PolicyRepresentation> a
                 .orElse(null);
     }
 
+    private ScopeRepresentation getAuthorizationScope(List<ScopeRepresentation> authorizationSettings, String name) {
+        return authorizationSettings
+                .stream()
+                .filter(s -> Objects.equals(s.getName(), name))
+                .findFirst()
+                .orElse(null);
+    }
+
     private IdentityProviderRepresentation getIdentityProviderByAlias(RealmRepresentation realm, String alias) {
         return realm.getIdentityProviders()
                 .stream()

diff --git a/src/test/resources/import-files/clients/11_update_realm__add_authorization.json b/src/test/resources/import-files/clients/11_update_realm__add_authorization.json
@@ -160,16 +160,21 @@
         ],
         "scopes": [
           {
-            "name": "urn:servlet-authz:protected:admin:access"
+            "name": "urn:servlet-authz:protected:admin:access",
+            "displayName": "Admin access"
           },
           {
-            "name": "urn:servlet-authz:protected:resource:access"
+            "name": "urn:servlet-authz:protected:resource:access",
+            "displayName": "Resource access"
           },
           {
-            "name": "urn:servlet-authz:page:main:actionForAdmin"
+            "name": "urn:servlet-authz:page:main:actionForAdmin",
+            "displayName": "Action for admin"
           },
           {
-            "name": "urn:servlet-authz:page:main:actionForUser"
+            "name": "urn:servlet-authz:page:main:actionForUser",
+            "displayName": "Action for user",
+            "iconUri": "https://www.keycloak.org/resources/favicon.ico"
           }
         ]
       }