Description

The AuthzClientCredentialsTest test is one of the complicated tests to move to the keycloak-client. This class is testing login with the authz client using JWT tokens (ES, RS and HS). It uses some classes that are copied from the keycloak-core that relies on the CryptoIntegration (mainly to sign the JWT token, signer context and so on and so forth). For what I see this test works on the normal keycloak because TS also depends on keycloak-services which in turn depends in keycloak-crytp-default. So the crypto implementation is in the path of the test client class that is executing the class ad the crypto implementation can be obtained.

We need to decide what to do with this. I think that there are two options:

1. Implement a minimal crypto for the authz-client that is always used (or used if no other one is already set, to allow using the default one for example).
2. Do as it is now and just implement this minimal crypto for the test. This way the test will pass but if the dev wants to use client-authz with JWT login he/she needs to manually add the crypto implementation (default with BC for example). This is like it's working now, although I suppose we need to document it or something.

I'm going to send option 2 as a draft to show the idea of the minimal implementation. We can decide later if we move it to main keycloak to be copied by the sync script or we continue doing as it's today.

Discussion

No response

Motivation

No response

Details

No response