Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-11988

Fail to get token fetched from keycloak using keycloak-admin-client

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 14.0.0.Final, 15.0.0.Final, 16.0.0.Final
    • Fix Version/s: None
    • Component/s: REST
    • Labels:
      None
    • Steps to Reproduce:
      Hide
      GrantToken.java
      import org.keycloak.OAuth2Constants;
      import org.keycloak.admin.client.KeycloakBuilder;
      import org.keycloak.representations.AccessTokenResponse;
      
      import javax.enterprise.context.ApplicationScoped;
      
      
      @ApplicationScoped
      public class GrantToken {
      
          public AccessTokenResponse grantToken() {
              return KeycloakBuilder.builder()
                          .serverUrl("http://localhost:8880/auth")
                          .realm("dcm4che")
                          .clientId("elasticsearch")
                          .clientSecret("9da58af0-fd1a-4a83-b9c3-71c2641f68e4")
                          .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
                          .build()
                      .tokenManager()
              .grantToken();
          }
      }
      
      GrantTokenTest.java
      package org.arquillian.example;
      
      import org.jboss.arquillian.container.test.api.Deployment;
      import org.jboss.arquillian.junit.Arquillian;
      import org.jboss.shrinkwrap.api.Archive;
      import org.jboss.shrinkwrap.api.ShrinkWrap;
      import org.jboss.shrinkwrap.api.spec.WebArchive;
      import org.jboss.shrinkwrap.resolver.api.maven.Maven;
      import org.junit.Assert;
      import org.junit.Test;
      import org.junit.runner.RunWith;
      import org.keycloak.representations.AccessTokenResponse;
      
      import javax.inject.Inject;
      
      @RunWith(Arquillian.class)
      public class GrantTokenTest {
      
          @Inject
          private GrantToken grantToken;
      
          @Deployment
          public static Archive<?> createDeployment() {
              return ShrinkWrap.create(WebArchive.class, "test.war")
                      .addClass(GrantToken.class)
                      .addAsLibraries(Maven.resolver()
                              .resolve("org.keycloak:keycloak-admin-client:5.0.0")
                              .withTransitivity()
                              .asFile());
          }
      
          @Test
          public void grantToken() {
              AccessTokenResponse token = grantToken.grantToken();
              Assert.assertNotNull(token.getToken());
          }
      }
      
      Show
      GrantToken.java import org.keycloak.OAuth2Constants; import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.representations.AccessTokenResponse; import javax.enterprise.context.ApplicationScoped; @ApplicationScoped public class GrantToken { public AccessTokenResponse grantToken() { return KeycloakBuilder.builder() .serverUrl( "http: //localhost:8880/auth" ) .realm( "dcm4che" ) .clientId( "elasticsearch" ) .clientSecret( "9da58af0-fd1a-4a83-b9c3-71c2641f68e4" ) .grantType(OAuth2Constants.CLIENT_CREDENTIALS) .build() .tokenManager() .grantToken(); } } GrantTokenTest.java package org.arquillian.example; import org.jboss.arquillian.container.test.api.Deployment; import org.jboss.arquillian.junit.Arquillian; import org.jboss.shrinkwrap.api.Archive; import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.resolver.api.maven.Maven; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.keycloak.representations.AccessTokenResponse; import javax.inject.Inject; @RunWith(Arquillian.class) public class GrantTokenTest { @Inject private GrantToken grantToken; @Deployment public static Archive<?> createDeployment() { return ShrinkWrap.create(WebArchive.class, "test.war" ) .addClass(GrantToken.class) .addAsLibraries(Maven.resolver() .resolve( "org.keycloak:keycloak-admin-client:5.0.0" ) .withTransitivity() .asFile()); } @Test public void grantToken() { AccessTokenResponse token = grantToken.grantToken(); Assert.assertNotNull(token.getToken()); } }
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide
      <jboss-deployment-structure>
          <deployment>
              <exclusions>
                  <module name="org.jboss.resteasy.resteasy-json-binding-provider"/>
              </exclusions>
          </deployment>
          <sub-deployment name="xxxx.war">
              <exclusions>
                  <module name="org.jboss.resteasy.resteasy-json-binding-provider"/>
              </exclusions>
          </sub-deployment>
      </jboss-deployment-structure>
      
      Show
      <jboss-deployment-structure> <deployment> <exclusions> <module name= "org.jboss.resteasy.resteasy-json-binding-provider" /> </exclusions> </deployment> <sub-deployment name= "xxxx.war" > <exclusions> <module name= "org.jboss.resteasy.resteasy-json-binding-provider" /> </exclusions> </sub-deployment> </jboss-deployment-structure>

      Description

      Starting with Wildfly 14.0.0.Final, the properties of AccessTokenResponse returned by TokenManager.grantToken are not set.

      The failure seems related with a change in RESTEasy from 3.5.1.Final to 3.6.1.Final, concerning the used MessageBodyReader:

      Wildfly 13.0.0.Final:

      2019-04-14 20:01:12,337 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyReader: org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider
      

      vs.

      Wilfly 14+.0.0.Final

      2019-04-14 19:27:25,294 DEBUG [org.jboss.resteasy.resteasy_jaxrs.i18n] (default task-1) MessageBodyReader: org.jboss.resteasy.plugins.providers.jsonb.JsonBindingProvider
      

      The failure is independent from the used version of keycloak-admin-client and the version of the Keycloak Server.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                asoldano Alessio Soldano
                Reporter:
                gunterze Gunter Zeilinger
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: