From bd6347d4ab6c369626a8eb8a854f36db9c01ea6e Mon Sep 17 00:00:00 2001 From: vibrown Date: Thu, 28 Sep 2023 09:26:15 -0500 Subject: [PATCH] Made adapters compatible with KC23 "iss" parameter change --- .../org/keycloak/adapters/OAuthRequestAuthenticator.java | 3 ++- .../src/main/java/org/keycloak/adapters/ServerRequest.java | 3 ++- core/src/main/java/org/keycloak/OAuth2Constants.java | 3 +++ js/libs/keycloak-js/src/keycloak.js | 6 +++--- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java index 1ad69adb7ced..68acc1118fb2 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/OAuthRequestAuthenticator.java @@ -384,7 +384,8 @@ protected String stripOauthParametersFromRedirect() { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(facade.getRequest().getURI()) .replaceQueryParam(OAuth2Constants.CODE, null) .replaceQueryParam(OAuth2Constants.STATE, null) - .replaceQueryParam(OAuth2Constants.SESSION_STATE, null); + .replaceQueryParam(OAuth2Constants.SESSION_STATE, null) + .replaceQueryParam(OAuth2Constants.ISSUER, null); return builder.buildAsString(); } diff --git a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java index dcf0d8f58c92..24f7aa73f90f 100755 --- a/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java +++ b/adapters/oidc/adapter-core/src/main/java/org/keycloak/adapters/ServerRequest.java @@ -290,7 +290,8 @@ public static void error(int status, HttpEntity entity) throws HttpFailure, IOEx protected static String stripOauthParametersFromRedirect(String uri) { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(uri) .replaceQueryParam(OAuth2Constants.CODE, null) - .replaceQueryParam(OAuth2Constants.STATE, null); + .replaceQueryParam(OAuth2Constants.STATE, null) + .replaceQueryParam(OAuth2Constants.ISSUER, null); return builder.buildAsString(); } diff --git a/core/src/main/java/org/keycloak/OAuth2Constants.java b/core/src/main/java/org/keycloak/OAuth2Constants.java index 5110b5ad8d06..93c4a53703e8 100755 --- a/core/src/main/java/org/keycloak/OAuth2Constants.java +++ b/core/src/main/java/org/keycloak/OAuth2Constants.java @@ -145,6 +145,9 @@ public interface OAuth2Constants { // https://openid.net/specs/openid-financial-api-jarm-ID1.html String RESPONSE = "response"; + + // https://www.rfc-editor.org/rfc/rfc9207.html + String ISSUER = "iss"; } diff --git a/js/libs/keycloak-js/src/keycloak.js b/js/libs/keycloak-js/src/keycloak.js index 5019a89bd341..da7077c0bf17 100755 --- a/js/libs/keycloak-js/src/keycloak.js +++ b/js/libs/keycloak-js/src/keycloak.js @@ -1077,13 +1077,13 @@ function Keycloak (config) { var supportedParams; switch (kc.flow) { case 'standard': - supportedParams = ['code', 'state', 'session_state', 'kc_action_status']; + supportedParams = ['code', 'state', 'session_state', 'kc_action_status', 'iss']; break; case 'implicit': - supportedParams = ['access_token', 'token_type', 'id_token', 'state', 'session_state', 'expires_in', 'kc_action_status']; + supportedParams = ['access_token', 'token_type', 'id_token', 'state', 'session_state', 'expires_in', 'kc_action_status', 'iss']; break; case 'hybrid': - supportedParams = ['access_token', 'token_type', 'id_token', 'code', 'state', 'session_state', 'expires_in', 'kc_action_status']; + supportedParams = ['access_token', 'token_type', 'id_token', 'code', 'state', 'session_state', 'expires_in', 'kc_action_status', 'iss']; break; }