Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource to enable the token exchange idp permission #318

Merged
merged 8 commits into from
Jun 29, 2020
Merged

resource to enable the token exchange idp permission #318

merged 8 commits into from
Jun 29, 2020

Conversation

tomrutsaert
Copy link
Contributor

@tomrutsaert tomrutsaert commented Jun 12, 2020
edited
Loading

resource to enable the token exchange idp permission and auto create of client policy

This is part of a preview keycloak feature. You need to enable this feature to be able to use this resource.
More information about enabling the preview feature can be found here: https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange

This implies that I enabled this feature in the docker-compose file.
This also implies that the tests will fail in CIRCLE-CI

@mrparkers What is your opinion on this?
Should I enable this preview feature in CIRCLE_CI or do I add a check in test_utils based on a env variable?
I did not see a way to detect if this feature is enabled via server_info, thus we can not use this server_info approach.

@tomrutsaert
Copy link
Contributor Author

tomrutsaert commented Jun 12, 2020
edited
Loading

Strange all the tests passed. I did not expect this....

//edit
After some investigation it seems the Admin console UI shows or does not show the option to set the IDP Permission, depending on the preview feature flag.
But no matter if the feature flag is enabled or disabled, you can still do the configuration via an API call. :-/

Probably the token exchange itself will not work till you have the feature enabled.
Thus for the tests of this provider, this is not an issue.

mrparkers
mrparkers reviewed Jun 12, 2020
View reviewed changes
docs/resources/keycloak_identity_provider_token_exchange_scope_permission.md Outdated Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Outdated Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Outdated Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Outdated Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Outdated Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Show resolved Hide resolved
provider/resource_keycloak_identity_provider_token_exchange_scope_permission.go Show resolved Hide resolved
@mrparkers
Copy link
Contributor

Nice work on this @tomrutsaert! I think it's pretty funny that the feature flag only toggles its visibility in the UI. We should probably just leave that toggle enabled for example purposes.

mrparkers
mrparkers approved these changes Jun 22, 2020
View reviewed changes
Copy link
Contributor

@mrparkers mrparkers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, thanks for the contribution!

@tomrutsaert tomrutsaert merged commit 731c4cc into keycloak:master Jun 29, 2020
@tomrutsaert tomrutsaert deleted the idp_token_exchange_feature branch June 29, 2020 06:37
@tomrutsaert tomrutsaert mentioned this pull request Jul 1, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrparkers mrparkers mrparkers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tomrutsaert @mrparkers