Skip to content

[OID4CVI] Review and fix issuance on public clients#45855

Open
tdiesler wants to merge 5 commits intokeycloak:mainfrom
tdiesler:ghi45851
Open

[OID4CVI] Review and fix issuance on public clients#45855
tdiesler wants to merge 5 commits intokeycloak:mainfrom
tdiesler:ghi45851

Conversation

@tdiesler
Copy link
Contributor

@tdiesler tdiesler commented Jan 29, 2026
edited
Loading

closes #45851

The PR ...

  • adds a public client test-app-pub to testrealm.json
  • adds a comprehensive test using the new OAuthClient APIs (i.e. OID4VCPublicClientTest)
  • adds support for error page/redirect to the AuthorizationRequest
  • removes dependency on OID4VCIssuerEndpointTest.getCredentialOfferUriUrl()

while working on this, I discovered these follow up issues ...

  • Pre-Auth TokenRequest does not natively support OID4VCAuthorizationDetail
  • Pre-Auth AccessToken does not have expected scopes [openid, oid4vc_natural_person_jwt] (still works)
  • Issuer AccessToken does not contain credential-offer-create role (still works)
  • OAuthClient.doLogin cannot handle error page/redirect

Depends on #46356

@tdiesler tdiesler requested review from a team as code owners January 29, 2026 10:40
@tdiesler tdiesler marked this pull request as draft January 29, 2026 14:55
@tdiesler tdiesler changed the title [OID4CVI] No test coverage for public clients [OID4CVI] Review and fix issuance on public clients Jan 30, 2026
@tdiesler tdiesler force-pushed the ghi45851 branch 14 times, most recently from 200c89c to b3986fc Compare February 4, 2026 17:24
@tdiesler tdiesler marked this pull request as ready for review February 6, 2026 11:34
@tdiesler tdiesler force-pushed the ghi45851 branch 2 times, most recently from b2bd3ee to d3c32a8 Compare February 7, 2026 10:07
@tdiesler tdiesler marked this pull request as draft February 9, 2026 13:26
@tdiesler tdiesler force-pushed the ghi45851 branch 5 times, most recently from 93aba85 to 732aaca Compare February 17, 2026 08:47
@tdiesler tdiesler marked this pull request as ready for review February 17, 2026 09:11
@tdiesler tdiesler force-pushed the ghi45851 branch 5 times, most recently from 525f9ef to 050fe84 Compare February 18, 2026 05:25
@tdiesler tdiesler mentioned this pull request Feb 18, 2026
Open
@tdiesler
[OID4VCI] Confine test realm setup to TestCase.configureTestRealm()
8b19fe5 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
@tdiesler
[OID4VCI] Add support for CredentialScopeRepresentation
f9e9d61 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
@tdiesler tdiesler force-pushed the ghi45851 branch 2 times, most recently from ed894ce to 7ce5b76 Compare February 18, 2026 14:04
@tdiesler
[OID4VCI] Revisit and fix OAuthClient.authorizationRequest()
49c4a62 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
@tdiesler
Merge branch 'ghi46355' into ghi45851
c26f098 
* ghi46355:
  [OID4VCI] Add support for CredentialScopeRepresentation
  [OID4VCI] Confine test realm setup to TestCase.configureTestRealm()
@tdiesler
[OID4CVI] Review and fix issuance on public clients
483865b 
Signed-off-by: Thomas Diesler <tdiesler@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

team/cloud-native team/core-clients team/core-iam team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[OID4CVI] Review and fix issuance on public clients

1 participant

@tdiesler

Comments