KEYCLOAK-9321 Remove invalid token_introspection_endpoint

The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.

authz/client/src/main/java/org/keycloak/authorization/client/representation/ServerConfiguration.java

@@ -36,8 +36,8 @@ public class ServerConfiguration {
     @JsonProperty("token_endpoint")
     private String tokenEndpoint;
 
-    @JsonProperty("token_introspection_endpoint")
-    private String tokenIntrospectionEndpoint;
+    @JsonProperty("introspection_endpoint")
+    private String introspectionEndpoint;
 
     @JsonProperty("userinfo_endpoint")
     private String userinfoEndpoint;
@@ -120,8 +120,8 @@ public String getTokenEndpoint() {
         return tokenEndpoint;
     }
 
-    public String getTokenIntrospectionEndpoint() {
-        return tokenIntrospectionEndpoint;
+    public String getIntrospectionEndpoint() {
+        return introspectionEndpoint;
     }
 
     public String getUserinfoEndpoint() {

authz/client/src/main/java/org/keycloak/authorization/client/resource/ProtectionResource.java

@@ -75,7 +75,7 @@ public PolicyResource policy(String resourceId) {
      * @return the {@link TokenIntrospectionResponse}
      */
     public TokenIntrospectionResponse introspectRequestingPartyToken(String rpt) {
-        return this.http.<TokenIntrospectionResponse>post(serverConfiguration.getTokenIntrospectionEndpoint())
+        return this.http.<TokenIntrospectionResponse>post(serverConfiguration.getIntrospectionEndpoint())
                 .authentication()
                     .client()
                 .form()

authz/client/src/main/java/org/keycloak/authorization/client/util/Throwables.java

@@ -69,7 +69,7 @@ public static <V> V retryAndWrapExceptionIfNecessary(Callable<V> callable, Token
             HttpResponseException httpe = HttpResponseException.class.cast(cause);
 
             if (httpe.getStatusCode() == 403) {
-                TokenIntrospectionResponse response = token.getHttp().<TokenIntrospectionResponse>post(token.getServerConfiguration().getTokenIntrospectionEndpoint())
+                TokenIntrospectionResponse response = token.getHttp().<TokenIntrospectionResponse>post(token.getServerConfiguration().getIntrospectionEndpoint())
                         .authentication()
                         .client()
                         .param("token", token.call())

core/src/main/java/org/keycloak/protocol/oidc/representations/OIDCConfigurationRepresentation.java

@@ -40,12 +40,8 @@ public class OIDCConfigurationRepresentation {
     @JsonProperty("token_endpoint")
     private String tokenEndpoint;
 
-    /**
-     * The name 'token_introspection_endpoint' is deprecated and will be replaced by 'introspection_endpoint' as defined by RFC-8414.
-     * Until there, we just add {@code getIntrospectionEndpoint} claim to avoid breaking backward compatibility.
-     */
-    @JsonProperty("token_introspection_endpoint")
-    private String tokenIntrospectionEndpoint;
+    @JsonProperty("introspection_endpoint")
+    private String introspectionEndpoint;
 
     @JsonProperty("userinfo_endpoint")
     private String userinfoEndpoint;
@@ -148,22 +144,12 @@ public void setTokenEndpoint(String tokenEndpoint) {
         this.tokenEndpoint = tokenEndpoint;
     }
 
-    public String getTokenIntrospectionEndpoint() {
-        return this.tokenIntrospectionEndpoint;
-    }
-
-    /**
-     * See KEYCLOAK-8308. This method should be removed once the standard name is used to advertise the introspection endpoint.
-     * @return
-     */
-    @Deprecated
-    @JsonProperty("introspection_endpoint")
-    private String getIntrospectionEndpoint() {
-        return getTokenIntrospectionEndpoint();
+    public String getIntrospectionEndpoint() {
+        return this.introspectionEndpoint;
     }
 
-    public void setTokenIntrospectionEndpoint(String tokenIntrospectionEndpoint) {
-        this.tokenIntrospectionEndpoint = tokenIntrospectionEndpoint;
+    public void setIntrospectionEndpoint(String introspectionEndpoint) {
+        this.introspectionEndpoint = introspectionEndpoint;
     }
 
     public String getUserinfoEndpoint() {

services/src/main/java/org/keycloak/authorization/config/UmaConfiguration.java

@@ -50,7 +50,7 @@ public static final UmaConfiguration create(KeycloakSession session) {
         configuration.setGrantTypesSupported(oidcConfig.getGrantTypesSupported());
         configuration.setTokenEndpointAuthMethodsSupported(oidcConfig.getTokenEndpointAuthMethodsSupported());
         configuration.setTokenEndpointAuthSigningAlgValuesSupported(oidcConfig.getTokenEndpointAuthSigningAlgValuesSupported());
-        configuration.setTokenIntrospectionEndpoint(oidcConfig.getTokenIntrospectionEndpoint());
+        configuration.setIntrospectionEndpoint(oidcConfig.getIntrospectionEndpoint());
         configuration.setLogoutEndpoint(oidcConfig.getLogoutEndpoint());
 
         UriBuilder uriBuilder = session.getContext().getUri().getBaseUriBuilder();

services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java

@@ -90,7 +90,7 @@ public Object getConfig() {
         config.setIssuer(Urls.realmIssuer(frontendUriInfo.getBaseUri(), realm.getName()));
         config.setAuthorizationEndpoint(frontendUriBuilder.clone().path(OIDCLoginProtocolService.class, "auth").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setTokenEndpoint(backendUriBuilder.clone().path(OIDCLoginProtocolService.class, "token").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
-        config.setTokenIntrospectionEndpoint(backendUriBuilder.clone().path(OIDCLoginProtocolService.class, "token").path(TokenEndpoint.class, "introspect").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
+        config.setIntrospectionEndpoint(backendUriBuilder.clone().path(OIDCLoginProtocolService.class, "token").path(TokenEndpoint.class, "introspect").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setUserinfoEndpoint(backendUriBuilder.clone().path(OIDCLoginProtocolService.class, "issueUserInfo").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setLogoutEndpoint(frontendUriBuilder.clone().path(OIDCLoginProtocolService.class, "logout").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
         config.setJwksUri(backendUriBuilder.clone().path(OIDCLoginProtocolService.class, "certs").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UmaDiscoveryDocumentTest.java

@@ -69,7 +69,7 @@ public void testFetchDiscoveryDocument() {
             assertEquals(configuration.getAuthorizationEndpoint(), OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build("test").toString());
             assertEquals(configuration.getTokenEndpoint(), oauth.getAccessTokenUrl());
             assertEquals(configuration.getJwksUri(), oauth.getCertsUrl("test"));
-            assertEquals(configuration.getTokenIntrospectionEndpoint(), oauth.getTokenIntrospectionUrl());
+            assertEquals(configuration.getIntrospectionEndpoint(), oauth.getTokenIntrospectionUrl());
 
             String registrationUri = UriBuilder
                     .fromUri(OAuthClient.AUTH_SERVER_ROOT)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.java

@@ -215,7 +215,7 @@ public void testIntrospectionEndpointClaim() throws IOException {
         Client client = ClientBuilder.newClient();
         try {
             ObjectNode oidcConfig = JsonSerialization.readValue(getOIDCDiscoveryConfiguration(client), ObjectNode.class);
-            assertEquals(oidcConfig.get("introspection_endpoint").asText(), getOIDCDiscoveryRepresentation(client).getTokenIntrospectionEndpoint());
+            assertEquals(oidcConfig.get("introspection_endpoint").asText(), getOIDCDiscoveryRepresentation(client).getIntrospectionEndpoint());
         } finally {
             client.close();
         }