Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Offline tokens created in Keycloak 14 or earlier will not work on Key… #31258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ahus1 merged 1 commit into from
Jul 15, 2024
Merged

Offline tokens created in Keycloak 14 or earlier will not work on Key… #31258

ahus1 merged 1 commit into from
Jul 15, 2024

Conversation

@mposolda
Copy link
Contributor

@mposolda mposolda commented Jul 12, 2024
edited
Loading

…cloak 25

closes #31224

Some additional notes to this PR:

  • Before Keycloak 15, the offline tokens had only the claim session_state, but not sid
  • In Keycloak 15, there was duplicated claim sid added in addition to session_state. Related commit: 8c1ea60b
  • In Keycloak 25, the claim session_state was removed and only sid was kept. Related commit: b4f791b6

So migration of offline tokens is broken from Keycloak versions 14 or earlier to Keycloak 25 versions. This means that fix requires backport to Keycloak 25.0.X as well.

This issue is not caught by the MigrationTest, which tests migration of offline tokens, but just from some recent Keycloak version. In this PR, I've added OfflineTokenMigrationTest to simulate migration of old offline tokens to the latest Keycloak.

@mposolda mposolda requested review from a team as code owners July 12, 2024 14:12
@mposolda mposolda self-assigned this Jul 12, 2024
@mposolda mposolda requested a review from graziang July 13, 2024 07:47
graziang
graziang approved these changes Jul 15, 2024
View reviewed changes
Copy link
Contributor

@graziang graziang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mposolda Thanks for the PR, LGTM!

ahus1
ahus1 approved these changes Jul 15, 2024
View reviewed changes
Copy link
Contributor

@ahus1 ahus1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving based on @jonkoops' and @graziang's reviews.

@ahus1 ahus1 merged commit 1864cf1 into keycloak:main Jul 15, 2024
@mposolda mposolda mentioned this pull request Jul 16, 2024
Merged
@mposolda
Copy link
Contributor Author

mposolda commented Jul 16, 2024

@graziang @jonkoops @ahus1 Thanks everyone!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahus1 ahus1 ahus1 approved these changes

+2 more reviewers

@jonkoops jonkoops jonkoops approved these changes

@graziang graziang graziang approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mposolda mposolda

Labels

team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Offline tokens created in Keycloak 9 will not work on Keycloak 25

4 participants

@mposolda @jonkoops @ahus1 @graziang