mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-03 21:39:48 -06:00
Code Issues Packages Projects Releases Wiki Activity
29,040 Commits 20 Branches 287 Tags
feature/admin-api-v2
Commit Graph

5367 Commits

Author SHA1 Message Date
Martin Bartoš
e41a961628 Manual execution of Jakarta validation (#42388) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-15 10:20:50 +02:00
Martin Bartoš
17e8407230 [admin-api-v2] SPIs for Admin APIs v2 (#41943) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-05 11:07:58 +02:00
Robin Meese
4f4ed315d3 Add OpenAPI and OpenAPI-UI to management interface (#41853) 
Signed-off-by: Robin Meese <39960884+robson90@users.noreply.github.com>
 2025-09-05 11:07:56 +02:00
Martin Bartoš
eca1333027 [admin-api-v2] Provide simple validation with Jakarta/Hibernate Validation (#41110) 
Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-09-05 10:51:30 +02:00
Steven Hawkins
1118c5bf1b shows what patching logic should look like (#40450) 
* shows what patching logic should look like

also shows basic field validation

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* updates based upon review comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 10:49:43 +02:00
Steven Hawkins
210d3fa352 refinements related to service methods, serdes (#40110) 
and adding a default to representation

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
 2025-09-05 10:49:43 +02:00
Martin Bartoš
fff34d3bd5 [Admin API v2] Skeleton prototype (#39322) 
* Add new ClientRepresentation

Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add APIs

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add ApiModelMapper SPI

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add MapStruct as default ApiModelMapper

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add default APIs implementations

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Provide Service SPI and ClientService

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add default Keycloak services and Client service

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Add ModelMapper to shared modules

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Implement Client service, add ServiceException class

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Use ClientService in Client REST API

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Update rest/admin-api/src/main/java/org/keycloak/admin/api/client/ClientsApi.java

Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Fix ModelMapperSpi

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Use /admin/api/v2 as a root path

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Support latest API version by default

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

* Rename path param to comply with API spec

Signed-off-by: Martin Bartoš <mabartos@redhat.com>

---------

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Peter Zaoral <pzaoral@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vaclav@muzikari.cz>
 2025-09-05 10:49:41 +02:00
Pedro Igor
4abe5b5f4a Initial implementation for the RLM scheduled task 
Closes #42105

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-04 17:19:53 +02:00
Johannes Knutsen
973e9ad176 Add a global filter which throws bad request if a query parameter value has a control character 
Closes #41117

Signed-off-by: Johannes Knutsen <johannes@kodet.no>
 2025-09-04 10:19:51 -03:00
Awambeng
f9cb8dfe3d [OID4VCI]: Add DPoP nonce header support to OID4VCI nonce endpoint (#41999) 
Closes #41580

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 14:52:10 +02:00
forkimenjeckayang
d5feb76f1f Restructure credential_configurations_supported parsing to handle credential_metadata with display and claims && Update Credential Issuer Metadata structure (#42001) 
Closes #41587
Closes #41597

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-04 14:48:56 +02:00
Stian Thorgersen
320ea5a9a7 Experimental SPIFFE identity provider (#42314) 
Closes #42313

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-04 14:48:18 +02:00
Awambeng
3cd2141698 Add invalid_nonce error support for OID4VCI (#41977) 
Closes #39292

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-04 13:15:29 +02:00
forkimenjeckayang
6e767a30b8 Centralize OID4VCI Protocol Constants in Oid4VciConstants and Refactor Usages (#41481) 
Closes #40083

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-04 13:12:10 +02:00
Martin Kanis
fc3914c439 [RLM] Provide a action to notify users by email based on a configurable time 
Closes #41788

Signed-off-by: Martin Kanis <mkanis@redhat.com>
 2025-09-03 16:38:41 -03:00
Bagautdino
d225bce21f feat(FGAPv2): introduce RESET_PASSWORD scope and evaluation 
- Add RESET_PASSWORD to AdminPermissionsSchema.USERS
- Require RESET_PASSWORD in UserResource.resetPassword()
- Expose canResetPassword()/requireResetPassword()
- Implement FGAP v2 deny-overrides + secure-by-default + optional fallback
- Include access.resetPassword for Admin Console

Closes #41901

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Bagautdino <336373@edu.itmo.ru>
 2025-09-03 15:10:56 -03:00
Takashi Norimatsu
ea63cdc97a Compliant with RFC8414, return server metadata at /.well-known/oauth-authorization-server/realms/{realm} 
closes #40923

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
 2025-09-03 19:14:37 +02:00
forkimenjeckayang
a74076e8ab Enforce batch_size ≥ 2 validation for batch_credential_issuance (#42003) 
Closes #41590

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 17:15:55 +02:00
Awambeng Rodrick
dc6afee14e Update OID4VCI error handling for draft 16 specification 
- Replace unsupported_credential_type and unsupported_credential_format with unknown_credential_configuration
- Add new unknown_credential_identifier error type as per OID4VCI draft 16
- Update error handling logic to differentiate between credential configuration and identifier errors
- Add comprehensive test coverage for new error types

Closes #41591

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Refactor error handling in OID4VCIssuerEndpoint

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

Resolve comments on PR

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>

fix failing test

Signed-off-by: Awambeng Rodrick <awambengrodrick@gmail.com>
 2025-09-03 16:53:22 +02:00
forkimenjeckayang
fc73537ba7 Rename ldp_vp to di_vp and restructure proofs object for Draft 16 compliance (#41982) 
Closes #41576
Closes #41577
Closes #41581

Signed-off-by: forkimenjeckayang <forkimenjeckayang@gmail.com>
 2025-09-03 16:33:43 +02:00
Pedro Igor
028b72876f Removing fallback when there is no session 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
Pedro Igor
17a053b2af Add support for generic event-based policies and conditions 
Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-09-02 17:45:59 -03:00
hustrust
4441ee4444 chore: fix some typos in comment (#42279) 
Signed-off-by: hustrust <hustrust@outlook.com>
 2025-09-02 13:20:17 +00:00
stianst
57242d2497 Experimental federated client authentication 
Closes #42228

Signed-off-by: stianst <stianst@gmail.com>
 2025-09-02 10:02:51 -03:00
mposolda
624d236ced DPoP verification support for admin/account REST API endpoints. Java admin-client DPoP support 
closes #33942

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-09-02 14:29:30 +02:00
Giuseppe Graziano
0afdd00624 DPoP algorithms dynamically resolved 
Closes #42030

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-02 11:26:00 +02:00
Stefan Guilhen
d855e0f06c Add support for recurring policies 
Closes #42120

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 12:28:46 -03:00
Stefan Guilhen
af96183788 Allow resource policies to be deactivated for a resource based on events 
- Listen for federated identity add/remove events to activate and deactivate policies based on IDP association

Closes #42107
Closes #42108

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 11:02:00 -03:00
Stefan Guilhen
05fa5cb552 Add enabled config option to resource policies 
Closes #42104

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-09-01 10:28:01 -03:00
am97
23b9a1fa21 Add some missing 409 REST response codes 
Closes #42269

Signed-off-by: Andrés Maldonado <maldonado@codelutin.com>
 2025-09-01 12:48:47 +00:00
Christian Ja
8566d8e74b Add message header to e-mail validition confirmation screen 
fixes #41701

Signed-off-by: Christian Janker <christian.janker@gmx.at>
 2025-09-01 14:39:25 +02:00
Pedro Ruivo
3c541996c7 Cache UserAgent parsing result 
Closes #42180

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
 2025-09-01 11:50:59 +02:00
Giuseppe Graziano
a022783d27 DPop validation refactor 
Closes #42031

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:45:07 +02:00
Giuseppe Graziano
6dc9d0d439 Check manage-account-links role for client initiated account linking 
Closes #41914

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:25:49 +02:00
Giuseppe Graziano
4262480bc2 Validation for blank Client ID 
Closes #41041

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-09-01 11:20:32 +02:00
Pedro Igor
a64c5c0d70 Adding RLM Admin API and basic endpoints 
Closes #40346

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-28 14:49:21 -03:00
Niko Köbler
236d2f9f62 Add configuration option to automatically add recovery codes action after otp configuration 
closes #41836

Signed-off-by: Niko Köbler <niko@n-k.de>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
 2025-08-27 17:56:59 +02:00
Giuseppe Graziano
7e486cb827 Implements credential type in RecoveryAuthnCodesCredentialProvider 
Closes #42050

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-08-26 21:08:35 +00:00
Stefan Guilhen
8eb6ee619f Rework getEligibleResourcesForInitialAction so it returns all resources that are eligible to be associated with a policy 
Closes #42106

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-08-26 11:52:46 -03:00
Ricardo Martin
360ff7050c Use back keycloak-js instead of initiate login in the backend for account (#42035) 
Closes #40463

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-26 16:29:46 +02:00
laureat-natzka
edbe28147e Pass IDP config values to themes (#40373) 
Signed-off-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
Co-authored-by: Laureat Grepi <laureat@Laureat-MacBook-Pro.local>
 2025-08-25 17:50:06 +00:00
Steven Hawkins
2f2265435c fix: preventing possible NPEs 
closes: #39960

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-08-21 15:58:30 +02:00
Martin Bartoš
9315147e47 [RLM] NPE during user authentication 
Closes #42033

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-08-21 09:41:34 -03:00
Ricardo Martin
46e990b7a7 Check for non-ascii local part on emails depending on SMTP configuration 
Closes #41994

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-21 08:16:47 +00:00
Steven Hawkins
9dc9a2ba86 fix: using volatile for double checked locking 
closes: #40630

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Steven Hawkins <shawkins@redhat.com>
 2025-08-21 09:20:39 +02:00
Stefan Guilhen
70659ac183 Rework RLM core to schedule action based on events @sguilhen (#42010) 
* Rework RLM core to schedule action based on events

Closes #41803

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-20 17:59:52 +00:00
Marek Posolda
dd7ad5b866 Ability to display 'authenticator provider' of the WebAuthn credential (#41615) 
closes #41613

Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: Jon Koops <jonkoops@gmail.com>
Signed-off-by: Marek Posolda <mposolda@gmail.com>
 2025-08-20 11:42:24 +02:00
Pedro Igor
c7fedb77e3 Skip processing HEAD requests for action tokens 
Closes #41834

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 17:26:03 -03:00
rmartinc
0ff7d551dd Check null for new keySize and validity parameters when generating certificates 
Closes #41906

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-08-19 21:53:24 +02:00
Pedro Igor
b97aad0938 URL encode forwarded parameters 
Closes #41755

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-08-19 11:44:12 +02:00