From 5524b198fd63639bb45c60265779ddf096a1daa1 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 5 Sep 2023 11:33:41 +0100
Subject: [PATCH] Add OIDC token propagation test with the user role token

---
 .../connect/OidcClientTokenPropagationTest.java  | 16 ++++++++++++++++
 .../src/main/resources/application.properties    |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/security-openid-connect-client-quickstart/src/test/java/org/acme/security/openid/connect/OidcClientTokenPropagationTest.java b/security-openid-connect-client-quickstart/src/test/java/org/acme/security/openid/connect/OidcClientTokenPropagationTest.java
index f1399d4849..27af7c13c0 100644
--- a/security-openid-connect-client-quickstart/src/test/java/org/acme/security/openid/connect/OidcClientTokenPropagationTest.java
+++ b/security-openid-connect-client-quickstart/src/test/java/org/acme/security/openid/connect/OidcClientTokenPropagationTest.java
@@ -30,6 +30,22 @@ public void testGetNameWithAdminTokenPropagated() {
                 .statusCode(200)
                 .body(is("admin"));
     }
+    
+    @Test
+    public void testGetNameWithUserTokenPropagated() {
+    	String userToken = getAccessToken("alice");
+    	
+        RestAssured.given().auth().oauth2(userToken)
+                .when().get("/frontend/user-name-with-propagated-token")
+                .then()
+                .statusCode(200)
+                .body(is("alice"));
+
+        RestAssured.given().auth().oauth2(userToken)
+                .when().get("/frontend/admin-name-with-propagated-token")
+                .then()
+                .statusCode(403);
+    }
 
     @Test
     public void testGetNameWithOidcClient() {
diff --git a/security-openid-connect-quickstart/src/main/resources/application.properties b/security-openid-connect-quickstart/src/main/resources/application.properties
index a1005a2c7b..502a47c9b4 100644
--- a/security-openid-connect-quickstart/src/main/resources/application.properties
+++ b/security-openid-connect-quickstart/src/main/resources/application.properties
@@ -4,6 +4,7 @@
 quarkus.oidc.client-id=backend-service
 quarkus.oidc.credentials.secret=secret
 quarkus.keycloak.devservices.realm-path=quarkus-realm.json
+quarkus.keycloak.devservices.grant.type=client
 
 # DEBUG console logging
 quarkus.log.console.enable=true
@@ -18,3 +19,6 @@ quarkus.log.file.enable=true
 #quarkus.log.category."io.quarkus.smallrye.jwt".level=TRACE
 #quarkus.log.category."io.undertow.request.security".level=TRACE
 #quarkus.log.category."io.smallrye.jwt".level=TRACE
+
+quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".level=TRACE
+quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".min-level=TRACE