Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
REST: assume issued token type is access token
The REST client wrongly assumes that the `issued_token_type` field is present in all OAuth responses, but that isn't true: e.g. in the `client_credentials` flow, this field is undefined. See RFC 6749, section 4.4.3: https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.3 This causes the client to crash when creating a tokens exchange request, since the issued token type becomes the request's subject token type, which is mandatory. This has been verified against a Keycloak 24.0 server. This change fixes this issue by assuming that the issued token type is an access token, if the response did not specify any token type. This change also fixes `RESTCatalogAdapter`: it was incorrectly including the `issued_token_type` field in `client_credentials` responses, thus masking many test failures, e.g. in `testCatalogTokenRefresh`.
- Loading branch information