Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[OID4VCI] Support AuthorizationRequest requests in OAuthClient #45793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tdiesler wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[OID4VCI] Support AuthorizationRequest requests in OAuthClient #45793

tdiesler wants to merge 1 commit into from
+937 −573

Conversation

@tdiesler
Copy link
Contributor

@tdiesler tdiesler commented Jan 27, 2026
edited
Loading

closes #45774

Instead of using low level Http requests, this PR adds support for OID4VCI requests using the well known OAuthClient request/response pattern like this ...

Rich AuthorizationRequest with AuthorizationDetails

This PR also adds support for ClientMetadata in the AuthorizationRequest

        AuthorizationRequest authRequest = new AuthorizationRequestBuilder()
                .withClientId(issClientId)
                .withAuthorizationDetail(authDetail)
                .withRedirectUri(redirectUri)
                .withCodeChallenge(pkce)
                .build();

        AuthorizationRequestResponse authResponse = new AuthorizationRequestRequest(oauth, authRequest)
                .credentials(ctx.targetUser, "password")
                .send();

If removes OID4VCAuthorizationDetailResponse in favor of OID4VCAuthorizationDetail with credential_identifiers (i.e. it should not be necessary to distinguish between the two)

Response status code checking is already done in the response base classes - I unified the error response handling like this, so that clients won't have to deal with it every time as part of a request.

    public CredentialResponse getCredentialResponse() {
        return Optional.ofNullable(credentialResponse).orElseThrow(() ->
                new IllegalStateException(String.format("[%s] %s", getError(), getErrorDescription())));
    }

AbstractHttpPostRequest now supports ...

  • arbitrary payloads (i.e. not just url-form-encoded)
  • bearer token authentication

Oid4vcCredentialRequest can extend it directly.

@tdiesler tdiesler requested review from a team as code owners January 27, 2026 15:32
@tdiesler tdiesler marked this pull request as draft January 27, 2026 15:33
keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Jan 27, 2026
View reviewed changes
Copy link

@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

keycloak-github-bot bot commented Jan 27, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.oid4vc.issuance.signing.LDCredentialSignerTest#testLdpSignedCredentialWithoutAdditionalClaims

Keycloak CI - Base IT (6)

org.keycloak.testsuite.runonserver.RunOnServerException: org.keycloak.protocol.oid4vc.issuance.signing.CredentialSignerException: Was not able to create a JsonLD Document from the serialized string.
	at org.keycloak.testsuite.client.KeycloakTestingClient$Server.run(KeycloakTestingClient.java:207)
	at org.keycloak.testsuite.oid4vc.issuance.signing.LDCredentialSignerTest.testLdpSignedCredentialWithoutAdditionalClaims(LDCredentialSignerTest.java:160)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
...

Report flaky test

@tdiesler tdiesler force-pushed the ghi45774 branch 8 times, most recently from 0d21915 to 94791fe Compare January 28, 2026 16:51
@tdiesler tdiesler changed the title [OID4VCI] Support oid4vci requests in OAuthClient [OID4VCI] Support rich AuthorizationRequest requests in OAuthClient Jan 28, 2026
@tdiesler tdiesler force-pushed the ghi45774 branch 3 times, most recently from cf14309 to 0faff82 Compare January 28, 2026 20:22
@tdiesler tdiesler mentioned this pull request Jan 28, 2026
Open
@tdiesler tdiesler marked this pull request as ready for review January 28, 2026 20:24
@tdiesler tdiesler changed the title [OID4VCI] Support rich AuthorizationRequest requests in OAuthClient [OID4VCI] Support AuthorizationRequest requests in OAuthClient Jan 29, 2026
@tdiesler tdiesler force-pushed the ghi45774 branch 2 times, most recently from 061454e to ddec941 Compare January 29, 2026 03:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

flaky-test team/cloud-native team/core-clients team/core-iam team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OID4VCI] Support AuthorizationRequest requests in OAuthClient

1 participant

@tdiesler