package org.keycloak.testsuite.oidc;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.events.EventType;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AddressClaimSet;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.oauth.OAuthGrantTest;
import org.keycloak.testsuite.oidc.AbstractOIDCScopeTest;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.UserBuilder;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/oidc/OIDCScopeTest.class */
public class OIDCScopeTest extends AbstractOIDCScopeTest {
    private static String userId = KeycloakModelUtils.generateId();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation build = UserBuilder.create().id(userId).username("john").enabled(true).email("john@email.cz").firstName("John").lastName("Doe").password("password").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "view-profile").addRoles("role-1", "role-2").build();
        build.setEmailVerified(true);
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("street", "Elm 5");
        multivaluedHashMap.add("phoneNumber", "111-222-333");
        multivaluedHashMap.add("phoneNumberVerified", "true");
        build.setAttributes(multivaluedHashMap);
        realmRepresentation.getUsers().add(build);
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setName("role-1");
        realmRepresentation.getRoles().getRealm().add(roleRepresentation);
        RoleRepresentation roleRepresentation2 = new RoleRepresentation();
        roleRepresentation2.setName("role-2");
        realmRepresentation.getRoles().getRealm().add(roleRepresentation2);
        realmRepresentation.getRoles().getRealm().add(RoleBuilder.create().name("role-parent").realmComposite("role-1").build());
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group-role-1");
        groupRepresentation.setRealmRoles(Collections.singletonList("role-1"));
        realmRepresentation.getGroups().add(groupRepresentation);
        realmRepresentation.getUsers().add(UserBuilder.create().username("role-1-user").enabled(true).password("password").addRoles("role-1").build());
        realmRepresentation.getUsers().add(UserBuilder.create().username("role-2-user").enabled(true).password("password").addRoles("role-2").build());
        realmRepresentation.getUsers().add(UserBuilder.create().username("role-parent-user").enabled(true).password("password").addRoles("role-parent").build());
        realmRepresentation.getUsers().add(UserBuilder.create().username("group-role-1-user").enabled(true).password("password").addGroups("group-role-1").build());
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.oauth.scope((String) null);
        this.oauth.maxAge((String) null);
    }

    @After
    public void removePersistentConsentFromUser() {
        try {
            this.adminClient.realm("test").users().get(userId).revokeConsent(OAuthGrantTest.THIRD_PARTY_APP);
        } catch (NotFoundException e) {
        }
    }

    @Test
    public void testBuiltinOptionalScopes() throws Exception {
        this.oauth.doLogin("john", "password");
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(userId).assertEvent(), userId, "openid email profile", AssertEvents.DEFAULT_CLIENT_ID);
        IDToken iDToken = sendTokenRequest.idToken;
        assertProfile(iDToken, true);
        assertEmail(iDToken, true);
        assertAddress(iDToken, false);
        assertPhone(iDToken, false);
        assertMicroprofile(iDToken, false);
        assertMicroprofile(sendTokenRequest.accessToken, false);
        this.oauth.doLogout(sendTokenRequest.refreshToken, "password");
        this.events.expectLogout(iDToken.getSessionState()).client(AssertEvents.DEFAULT_CLIENT_ID).user(userId).removeDetail("redirect_uri").assertEvent();
        this.oauth.scope("openid address phone microprofile-jwt");
        this.oauth.doLogin("john", "password");
        AbstractOIDCScopeTest.Tokens sendTokenRequest2 = sendTokenRequest(this.events.expectLogin().user(userId).assertEvent(), userId, "openid email profile address phone microprofile-jwt", AssertEvents.DEFAULT_CLIENT_ID);
        IDToken iDToken2 = sendTokenRequest2.idToken;
        assertProfile(iDToken2, true);
        assertEmail(iDToken2, true);
        assertAddress(iDToken2, true);
        assertPhone(iDToken2, true);
        assertMicroprofile(iDToken2, true);
        assertMicroprofile(sendTokenRequest2.accessToken, true);
    }

    private void assertProfile(IDToken iDToken, boolean z) {
        if (z) {
            Assert.assertEquals("john", iDToken.getPreferredUsername());
            Assert.assertEquals("John", iDToken.getGivenName());
            Assert.assertEquals("Doe", iDToken.getFamilyName());
            Assert.assertEquals("John Doe", iDToken.getName());
            return;
        }
        Assert.assertNull(iDToken.getPreferredUsername());
        Assert.assertNull(iDToken.getGivenName());
        Assert.assertNull(iDToken.getFamilyName());
        Assert.assertNull(iDToken.getName());
    }

    private void assertEmail(IDToken iDToken, boolean z) {
        if (z) {
            Assert.assertEquals("john@email.cz", iDToken.getEmail());
            Assert.assertEquals(true, iDToken.getEmailVerified());
        } else {
            Assert.assertNull(iDToken.getEmail());
            Assert.assertNull(iDToken.getEmailVerified());
        }
    }

    private void assertAddress(IDToken iDToken, boolean z) {
        AddressClaimSet address = iDToken.getAddress();
        if (!z) {
            Assert.assertNull(address);
        } else {
            Assert.assertNotNull(address);
            Assert.assertEquals("Elm 5", address.getStreetAddress());
        }
    }

    private void assertPhone(IDToken iDToken, boolean z) {
        if (z) {
            Assert.assertEquals("111-222-333", iDToken.getPhoneNumber());
            Assert.assertEquals(true, iDToken.getPhoneNumberVerified());
        } else {
            Assert.assertNull(iDToken.getPhoneNumber());
            Assert.assertNull(iDToken.getPhoneNumberVerified());
        }
    }

    private void assertMicroprofile(IDToken iDToken, boolean z) {
        if (!z) {
            Assert.assertFalse(iDToken.getOtherClaims().containsKey("upn"));
            Assert.assertFalse(iDToken.getOtherClaims().containsKey("groups"));
            return;
        }
        Assert.assertTrue(iDToken.getOtherClaims().containsKey("upn"));
        Assert.assertEquals("john", iDToken.getOtherClaims().get("upn"));
        Assert.assertTrue(iDToken.getOtherClaims().containsKey("groups"));
        List list = (List) iDToken.getOtherClaims().get("groups");
        Assert.assertNotNull(list);
        Assert.assertTrue(list.containsAll(Arrays.asList("role-1", "role-2")));
    }

    @Test
    public void testRemoveScopes() throws Exception {
        String id = ApiUtil.findClientScopeByName(testRealm(), "profile").toRepresentation().getId();
        String id2 = ApiUtil.findClientScopeByName(testRealm(), "email").toRepresentation().getId();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), AssertEvents.DEFAULT_CLIENT_ID);
        findClientByClientId.removeDefaultClientScope(id);
        findClientByClientId.removeDefaultClientScope(id2);
        findClientByClientId.addOptionalClientScope(id);
        this.oauth.doLogin("john", "password");
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(userId).assertEvent(), userId, "openid", AssertEvents.DEFAULT_CLIENT_ID);
        IDToken iDToken = sendTokenRequest.idToken;
        assertProfile(iDToken, false);
        assertEmail(iDToken, false);
        assertAddress(iDToken, false);
        assertPhone(iDToken, false);
        this.oauth.doLogout(sendTokenRequest.refreshToken, "password");
        this.events.expectLogout(iDToken.getSessionState()).client(AssertEvents.DEFAULT_CLIENT_ID).user(userId).removeDetail("redirect_uri").assertEvent();
        this.oauth.scope("openid profile");
        this.oauth.doLogin("john", "password");
        IDToken iDToken2 = sendTokenRequest(this.events.expectLogin().user(userId).assertEvent(), userId, "openid profile", AssertEvents.DEFAULT_CLIENT_ID).idToken;
        assertProfile(iDToken2, true);
        assertEmail(iDToken2, false);
        assertAddress(iDToken2, false);
        assertPhone(iDToken2, false);
        findClientByClientId.removeOptionalClientScope(id);
        findClientByClientId.addDefaultClientScope(id);
        findClientByClientId.addDefaultClientScope(id2);
    }

    @Test
    public void testOptionalScopesWithConsentRequired() throws Exception {
        ClientScopeResource findClientScopeByName = ApiUtil.findClientScopeByName(testRealm(), "address");
        ClientScopeRepresentation representation = findClientScopeByName.toRepresentation();
        representation.getAttributes().put("display.on.consent.screen", "false");
        findClientScopeByName.update(representation);
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant("john", "password");
        this.grantPage.assertCurrent();
        this.grantPage.assertGrants(new String[]{"User profile", "Email address", "User roles"});
        this.grantPage.accept();
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(userId).client(OAuthGrantTest.THIRD_PARTY_APP).detail("consent", "consent_granted").assertEvent(), userId, "openid email profile", OAuthGrantTest.THIRD_PARTY_APP);
        IDToken iDToken = sendTokenRequest.idToken;
        assertProfile(iDToken, true);
        assertEmail(iDToken, true);
        assertAddress(iDToken, false);
        assertPhone(iDToken, false);
        this.oauth.doLogout(sendTokenRequest.refreshToken, "password");
        this.events.expectLogout(iDToken.getSessionState()).client(OAuthGrantTest.THIRD_PARTY_APP).user(userId).removeDetail("redirect_uri").assertEvent();
        this.oauth.scope("openid address phone");
        this.oauth.doLoginGrant("john", "password");
        this.grantPage.assertCurrent();
        this.grantPage.assertGrants(new String[]{"Phone number"});
        this.grantPage.accept();
        IDToken iDToken2 = sendTokenRequest(this.events.expectLogin().client(OAuthGrantTest.THIRD_PARTY_APP).detail("consent", "consent_granted").user(userId).assertEvent(), userId, "openid email profile address phone", OAuthGrantTest.THIRD_PARTY_APP).idToken;
        assertProfile(iDToken2, true);
        assertEmail(iDToken2, true);
        assertAddress(iDToken2, true);
        assertPhone(iDToken2, true);
        representation.getAttributes().put("display.on.consent.screen", "true");
        findClientScopeByName.update(representation);
    }

    @Test
    public void testClientDisplayedOnConsentScreen() throws Exception {
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), OAuthGrantTest.THIRD_PARTY_APP);
        ClientRepresentation representation = findClientByClientId.toRepresentation();
        representation.getAttributes().put("display.on.consent.screen", "true");
        representation.getAttributes().put("consent.screen.text", "ThirdParty permissions");
        findClientByClientId.update(representation);
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant("john", "password");
        this.grantPage.assertCurrent();
        this.grantPage.assertGrants(new String[]{"User profile", "Email address", "User roles", "ThirdParty permissions"});
        this.grantPage.accept();
        IDToken iDToken = sendTokenRequest(this.events.expectLogin().user(userId).client(OAuthGrantTest.THIRD_PARTY_APP).detail("consent", "consent_granted").assertEvent(), userId, "openid email profile", OAuthGrantTest.THIRD_PARTY_APP).idToken;
        assertProfile(iDToken, true);
        assertEmail(iDToken, true);
        assertAddress(iDToken, false);
        assertPhone(iDToken, false);
        representation.getAttributes().put("display.on.consent.screen", "false");
        findClientByClientId.update(representation);
    }

    @Test
    public void testClientDisplayedOnConsentScreenWithEmptyConsentText() throws Exception {
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), OAuthGrantTest.THIRD_PARTY_APP);
        ClientRepresentation representation = findClientByClientId.toRepresentation();
        representation.getAttributes().put("display.on.consent.screen", "true");
        representation.getAttributes().put("consent.screen.text", "");
        findClientByClientId.update(representation);
        ClientScopeResource findClientScopeByName = ApiUtil.findClientScopeByName(testRealm(), "profile");
        ClientScopeRepresentation representation2 = findClientScopeByName.toRepresentation();
        representation2.getAttributes().put("consent.screen.text", " ");
        findClientScopeByName.update(representation2);
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant("john", "password");
        this.grantPage.assertCurrent();
        this.grantPage.assertGrants(new String[]{"profile", "Email address", "User roles", OAuthGrantTest.THIRD_PARTY_APP});
        this.grantPage.accept();
        representation2.getAttributes().put("consent.screen.text", "${profileScopeConsentText}");
        findClientScopeByName.update(representation2);
        representation.getAttributes().put("display.on.consent.screen", "false");
        findClientByClientId.update(representation);
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void testRefreshTokenWithConsentRequired() {
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant("john", "password");
        this.grantPage.assertCurrent();
        this.grantPage.assertGrants(new String[]{"User profile", "Email address", "User roles"});
        this.grantPage.accept();
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(userId).client(OAuthGrantTest.THIRD_PARTY_APP).detail("consent", "consent_granted").assertEvent(), userId, "openid email profile", OAuthGrantTest.THIRD_PARTY_APP);
        IDToken iDToken = sendTokenRequest.idToken;
        RefreshToken parseRefreshToken = this.oauth.parseRefreshToken(sendTokenRequest.refreshToken);
        assertProfile(iDToken, true);
        assertEmail(iDToken, true);
        assertAddress(iDToken, false);
        assertPhone(iDToken, false);
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(sendTokenRequest.refreshToken, "password");
        Assert.assertEquals(200L, doRefreshTokenRequest.getStatusCode());
        IDToken verifyIDToken = this.oauth.verifyIDToken(doRefreshTokenRequest.getIdToken());
        assertProfile(verifyIDToken, true);
        assertEmail(verifyIDToken, true);
        assertAddress(verifyIDToken, false);
        assertPhone(verifyIDToken, false);
        this.events.expectRefresh(parseRefreshToken.getId(), verifyIDToken.getSessionState()).user(userId).client(OAuthGrantTest.THIRD_PARTY_APP).assertEvent();
        this.accountAppsPage.open();
        this.events.clear();
        this.accountAppsPage.revokeGrant(OAuthGrantTest.THIRD_PARTY_APP);
        this.events.expect(EventType.REVOKE_GRANT).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).user(userId).detail("revoked_client", OAuthGrantTest.THIRD_PARTY_APP).assertEvent();
        org.junit.Assert.assertEquals(400L, this.oauth.doRefreshTokenRequest(doRefreshTokenRequest.getRefreshToken(), "password").getStatusCode());
        this.events.expectRefresh(parseRefreshToken.getId(), verifyIDToken.getSessionState()).client(OAuthGrantTest.THIRD_PARTY_APP).user(userId).removeDetail("token_id").removeDetail("refresh_token_id").removeDetail("updated_refresh_token_id").error("invalid_token").assertEvent();
    }

    @Test
    public void testTwoRefreshTokensWithDifferentScopes() {
        ClientScopeRepresentation clientScopeRepresentation = new ClientScopeRepresentation();
        clientScopeRepresentation.setName("scope-role-1");
        clientScopeRepresentation.setProtocol("openid-connect");
        Response create = testRealm().clientScopes().create(clientScopeRepresentation);
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientScopeId(createdId);
        create.close();
        ClientScopeRepresentation clientScopeRepresentation2 = new ClientScopeRepresentation();
        clientScopeRepresentation2.setName("scope-role-2");
        clientScopeRepresentation2.setProtocol("openid-connect");
        Response create2 = testRealm().clientScopes().create(clientScopeRepresentation2);
        String createdId2 = ApiUtil.getCreatedId(create2);
        getCleanup().addClientScopeId(createdId2);
        create2.close();
        testRealm().clientScopes().get(createdId).getScopeMappings().realmLevel().add(Arrays.asList(testRealm().roles().get("role-1").toRepresentation()));
        testRealm().clientScopes().get(createdId2).getScopeMappings().realmLevel().add(Arrays.asList(testRealm().roles().get("role-2").toRepresentation()));
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), AssertEvents.DEFAULT_CLIENT_ID);
        ClientRepresentation representation = findClientByClientId.toRepresentation();
        representation.setFullScopeAllowed(false);
        findClientByClientId.update(representation);
        findClientByClientId.addOptionalClientScope(createdId);
        findClientByClientId.addOptionalClientScope(createdId2);
        this.oauth.scope("scope-role-1");
        this.oauth.doLogin("john", "password");
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(userId).assertEvent(), userId, "openid email profile scope-role-1", AssertEvents.DEFAULT_CLIENT_ID);
        Assert.assertTrue(sendTokenRequest.accessToken.getRealmAccess().isUserInRole("role-1"));
        Assert.assertFalse(sendTokenRequest.accessToken.getRealmAccess().isUserInRole("role-2"));
        this.oauth.scope("scope-role-2");
        this.oauth.openLoginForm();
        AbstractOIDCScopeTest.Tokens sendTokenRequest2 = sendTokenRequest(this.events.expectLogin().user(userId).removeDetail("username").client(AssertEvents.DEFAULT_CLIENT_ID).assertEvent(), userId, "openid email profile scope-role-2", AssertEvents.DEFAULT_CLIENT_ID);
        Assert.assertFalse(sendTokenRequest2.accessToken.getRealmAccess().isUserInRole("role-1"));
        Assert.assertTrue(sendTokenRequest2.accessToken.getRealmAccess().isUserInRole("role-2"));
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(sendTokenRequest.refreshToken, "password");
        Assert.assertEquals(200L, doRefreshTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken());
        Assert.assertTrue(verifyToken.getRealmAccess().isUserInRole("role-1"));
        Assert.assertFalse(verifyToken.getRealmAccess().isUserInRole("role-2"));
        OAuthClient.AccessTokenResponse doRefreshTokenRequest2 = this.oauth.doRefreshTokenRequest(sendTokenRequest2.refreshToken, "password");
        Assert.assertEquals(200L, doRefreshTokenRequest2.getStatusCode());
        AccessToken verifyToken2 = this.oauth.verifyToken(doRefreshTokenRequest2.getAccessToken());
        Assert.assertFalse(verifyToken2.getRealmAccess().isUserInRole("role-1"));
        Assert.assertTrue(verifyToken2.getRealmAccess().isUserInRole("role-2"));
        representation.setFullScopeAllowed(true);
        findClientByClientId.update(representation);
        findClientByClientId.removeOptionalClientScope(createdId);
        findClientByClientId.removeOptionalClientScope(createdId2);
    }

    @Test
    public void testClientScopesPermissions() {
        ClientScopeRepresentation clientScopeRepresentation = new ClientScopeRepresentation();
        clientScopeRepresentation.setName("scope-role-1");
        clientScopeRepresentation.setProtocol("openid-connect");
        Response create = testRealm().clientScopes().create(clientScopeRepresentation);
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientScopeId(createdId);
        create.close();
        ClientScopeRepresentation clientScopeRepresentation2 = new ClientScopeRepresentation();
        clientScopeRepresentation2.setName("scope-role-parent");
        clientScopeRepresentation2.setProtocol("openid-connect");
        Response create2 = testRealm().clientScopes().create(clientScopeRepresentation2);
        String createdId2 = ApiUtil.getCreatedId(create2);
        getCleanup().addClientScopeId(createdId2);
        create2.close();
        testRealm().clientScopes().get(createdId).getScopeMappings().realmLevel().add(Arrays.asList(testRealm().roles().get("role-1").toRepresentation()));
        testRealm().clientScopes().get(createdId2).getScopeMappings().realmLevel().add(Arrays.asList(testRealm().roles().get("role-parent").toRepresentation()));
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), AssertEvents.DEFAULT_CLIENT_ID);
        findClientByClientId.update(findClientByClientId.toRepresentation());
        findClientByClientId.addDefaultClientScope(createdId);
        findClientByClientId.addDefaultClientScope(createdId2);
        testLoginAndClientScopesPermissions("role-1-user", "scope-role-1 scope-role-parent", "role-1");
        testLoginAndClientScopesPermissions("role-2-user", "", "role-2");
        testLoginAndClientScopesPermissions("role-parent-user", "scope-role-1 scope-role-parent", "role-1", "role-parent");
        testLoginAndClientScopesPermissions("group-role-1-user", "scope-role-1 scope-role-parent", "role-1");
        findClientByClientId.removeOptionalClientScope(createdId);
        findClientByClientId.removeOptionalClientScope(createdId2);
    }

    private void testLoginAndClientScopesPermissions(String str, String str2, String... strArr) {
        String id = ApiUtil.findUserByUsername(testRealm(), str).getId();
        this.oauth.openLoginForm();
        this.oauth.doLogin(str, "password");
        AbstractOIDCScopeTest.Tokens sendTokenRequest = sendTokenRequest(this.events.expectLogin().user(id).assertEvent(), id, "openid email profile " + str2, AssertEvents.DEFAULT_CLIENT_ID);
        Assert.assertNames(sendTokenRequest.accessToken.getRealmAccess().getRoles(), strArr);
        this.oauth.doLogout(sendTokenRequest.refreshToken, "password");
        this.events.expectLogout(sendTokenRequest.idToken.getSessionState()).client(AssertEvents.DEFAULT_CLIENT_ID).user(id).removeDetail("redirect_uri").assertEvent();
    }
}
