add tests for valid offline refresh token flow after session delete a…

…nd version 22.0.10-1.6
eosc-kc · Jul 3, 2024 · 19bea01 · 19bea01
1 parent 228fe5a
commit 19bea01
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,7 +10,7 @@ Full Keycloak upstream jira issue can be shown if filtered by Fix version.
 
 Our Keycloak version is working well with PostgreSQL database. For using other SQL databases, text field in database need to be evaluated.
 
-## [Unreleased]
+## [22.0.10-1.6] - 2024-07-03
 
 ### Fixed
 - Check for offline refresh token grant based on refresh token request parameter
@@ -41,7 +41,7 @@ Our Keycloak version is working well with PostgreSQL database. For using other S
 ### Fixed
 - Correct Linkedin name and logo[RCIAM-1346](https://jira.argo.grnet.gr/browse/RCIAM-1346)
 - Put uriInfo in error response
-- Being possible to accept terms and conditions befure User is saved in Keycloak during first broker login. Follow GDPR. [Keycloak-28714](https://github.com/keycloak/keycloak/issues/28714) 
+- Being possible to accept terms and conditions before User is saved in Keycloak during first broker login. Follow GDPR. [Keycloak-28714](https://github.com/keycloak/keycloak/issues/28714) 
 
 ### Changed
 - Attribute Consuming Service: Update Input and Default Value

diff --git a/pom.xml b/pom.xml
@@ -47,7 +47,7 @@
 
         <quarkus.version>3.2.10.Final</quarkus.version>
         <quarkus.build.version>3.2.10.Final</quarkus.build.version>
-        <eosc-kc.version>${project.version}-1.6rc2</eosc-kc.version>
+        <eosc-kc.version>${project.version}22.0.10-1.6</eosc-kc.version>
 
         <project.build-time>${timestamp}</project.build-time>
 

diff --git a/...on-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java b/...on-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OfflineTokenTest.java
@@ -317,9 +317,17 @@ public void offlineTokenBrowserFlowWithDisableClientRefreshToken() throws Except
 
             assertTrue(tokenResponse.getScope().contains(OAuth2Constants.OFFLINE_ACCESS));
 
-            setTimeOffset(99999);
-            assertFalse(token.isActive());
-            assertTrue(offlineToken.isActive());
+//            setTimeOffset(99999);
+//            assertFalse(token.isActive());
+//            assertTrue(offlineToken.isActive());
+
+            // delete the non-offline session to force the NPE
+            adminClient.realm("test").deleteSession(sessionId);
+
+            //test that with deleted session that I can get access token without refresh token with refresh token flow
+            OAuthClient.AccessTokenResponse accessTokenResponseRefreshed = oauth.doRefreshTokenRequest(offlineTokenString, "secret1");
+            assertEquals(200, accessTokenResponseRefreshed.getStatusCode());
+            assertNull(accessTokenResponseRefreshed.getRefreshToken());
 
         } finally {
             // Revert changes