Skip to content

Commit

Permalink
Create SPI and Provider for Verifiable Credentials Signing keycloak#2…
Browse files Browse the repository at this point in the history 
…5937 (keycloak#26263)

* implement oid4vci service interfaces

Signed-off-by: Stefan Wiedemann <[email protected]>

* add oid4vc to the disabled features test

Signed-off-by: Stefan Wiedemann <[email protected]>

* fix test and add doc

Signed-off-by: Stefan Wiedemann <[email protected]>

* add the new preview feature

Signed-off-by: Stefan Wiedemann <[email protected]>

* add class-level doc

remove wildcard imports

Signed-off-by: Stefan Wiedemann <[email protected]>

* add license headers

Signed-off-by: Stefan Wiedemann <[email protected]>

* fix year

Signed-off-by: Stefan Wiedemann <[email protected]>

* fix teste

Signed-off-by: Stefan Wiedemann <[email protected]>

* two additional test fixes

Signed-off-by: Stefan Wiedemann <[email protected]>

* make the feature experimental

Signed-off-by: Stefan Wiedemann <[email protected]>

* remove clock

Signed-off-by: Stefan Wiedemann <[email protected]>

* remove usage of var

Signed-off-by: Stefan Wiedemann <[email protected]>

* fix tests

Signed-off-by: Stefan Wiedemann <[email protected]>

---------

Signed-off-by: Stefan Wiedemann <[email protected]>
  • Loading branch information
Stefan Wiedemann authored Jan 25, 2024
1 parent cbfdae5 commit efa6ddc
Show file tree
Hide file tree
Showing 33 changed files with 1,052 additions and 87 deletions.
2 changes: 2 additions & 0 deletions common/src/main/java/org/keycloak/common/Profile.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,8 @@ public enum Feature {
HOSTNAME_V1("Hostname Options V1", Type.DEFAULT),
//HOSTNAME_V2("Hostname Options V2", Type.DEFAULT, 2),

OID4VC_VCI("Support for the OID4VCI protocol as part of OID4VC.", Type.EXPERIMENTAL),

DECLARATIVE_UI("declarative ui spi", Type.EXPERIMENTAL),
;

Expand Down
3 changes: 2 additions & 1 deletion common/src/test/java/org/keycloak/common/ProfileTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,8 @@ public void checkDefaults() {
Profile.Feature.UPDATE_EMAIL,
Profile.Feature.LINKEDIN_OAUTH,
Profile.Feature.OFFLINE_SESSION_PRELOADING,
Profile.Feature.CLIENT_TYPES
Profile.Feature.CLIENT_TYPES,
Profile.Feature.OID4VC_VCI
));

// KERBEROS can be disabled (i.e. FIPS mode disables SunJGSS provider)
Expand Down
14 changes: 7 additions & 7 deletions ...ycloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,19 +67,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

HTTP(S):

Expand Down
17 changes: 8 additions & 9 deletions ...oak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testBuildHelp.windows.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,20 +64,19 @@ Feature:
--features <feature> Enables a set of one or more features. Possible values are: account-api[:v1],
account2[:v1], account3[:v1], admin-api[:v1], admin-fine-grained-authz[:v1],
admin2[:v1], authorization[:v1], ciba[:v1], client-policies[:v1],
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
client-secret-rotation[:v1], declarative-ui[:v1], device-flow[:v1], docker[:
v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1], hostname[:v1], impersonation
[:v1], js-adapter[:v1], kerberos[:v1], linkedin-oauth[:v1], multi-site[:v1],
offline-session-preloading[:v1], par[:v1], preview, recovery-codes[:v1],
scripts[:v1], step-up-authentication[:v1], token-exchange[:v1],
transient-users[:v1], update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
authorization, ciba, client-policies, client-secret-rotation,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.

Expand Down
16 changes: 8 additions & 8 deletions ...cloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Config:

Expand Down Expand Up @@ -156,4 +156,4 @@ Export:
--users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50.
export times. Default: 50.
16 changes: 8 additions & 8 deletions ...ak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testExportHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Config:

Expand Down Expand Up @@ -156,4 +156,4 @@ Export:
--users-per-file <number>
Set the number of users per file. It is used only if 'users' is set to
'different_files'. Increasing this number leads to exponentially increasing
export times. Default: 50.
export times. Default: 50.
16 changes: 8 additions & 8 deletions ...cloak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Config:

Expand Down Expand Up @@ -150,4 +150,4 @@ Import:
--file <file> Set the path to a file that will be read.
--override <true|false>
Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true.
ignored. Default: true.
16 changes: 8 additions & 8 deletions ...ak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testImportHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,19 +62,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Config:

Expand Down Expand Up @@ -150,4 +150,4 @@ Import:
--file <file> Set the path to a file that will be read.
--override <true|false>
Set if existing data should be overwritten. If set to false, data will be
ignored. Default: true.
ignored. Default: true.
16 changes: 8 additions & 8 deletions ...oak/it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,19 +92,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Hostname:

Expand Down Expand Up @@ -293,4 +293,4 @@ Security:
Do NOT start the server using this command when deploying to production.

Use 'kc.sh start-dev --help-all' to list all available options, including build
options.
options.
2 changes: 1 addition & 1 deletion .../it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelp.windows.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ Feature:
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.

Expand Down
16 changes: 8 additions & 8 deletions .../it/cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.unix.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,19 +92,19 @@ Feature:
client-secret-rotation[:v1], client-types[:v1], declarative-ui[:v1],
device-flow[:v1], docker[:v1], dpop[:v1], dynamic-scopes[:v1], fips[:v1],
hostname[:v1], impersonation[:v1], js-adapter[:v1], kerberos[:v1],
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1], par[:
v1], preview, recovery-codes[:v1], scripts[:v1], step-up-authentication[:
v1], token-exchange[:v1], transient-users[:v1], update-email[:v1], web-authn
[:v1].
linkedin-oauth[:v1], multi-site[:v1], offline-session-preloading[:v1],
oid4vc-vci[:v1], par[:v1], preview, recovery-codes[:v1], scripts[:v1],
step-up-authentication[:v1], token-exchange[:v1], transient-users[:v1],
update-email[:v1], web-authn[:v1].
--features-disabled <feature>
Disables a set of one or more features. Possible values are: account-api,
account2, account3, admin-api, admin-fine-grained-authz, admin2,
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes,
scripts, step-up-authentication, token-exchange, transient-users,
update-email, web-authn.

Hostname:

Expand Down Expand Up @@ -293,4 +293,4 @@ Security:
Do NOT start the server using this command when deploying to production.

Use 'kc.sh start-dev --help-all' to list all available options, including build
options.
options.
2 changes: 1 addition & 1 deletion .../cli/dist/approvals/cli/help/HelpCommandDistTest.testStartDevHelpAll.windows.approved.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ Feature:
authorization, ciba, client-policies, client-secret-rotation, client-types,
declarative-ui, device-flow, docker, dpop, dynamic-scopes, fips,
impersonation, js-adapter, kerberos, linkedin-oauth, multi-site,
offline-session-preloading, par, preview, recovery-codes, scripts,
offline-session-preloading, oid4vc-vci, par, preview, recovery-codes, scripts,
step-up-authentication, token-exchange, transient-users, update-email,
web-authn.

Expand Down
Loading

0 comments on commit efa6ddc

Please sign in to comment.