rm3l/keycloak_claims-not-imported-using-oidc-idp-mappers.patch

## keycloak_claims-not-imported-using-oidc-idp-mappers.patch
diff --git a/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
index b6b15b06e5..4ecca0c5cb 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
@@ -63,13 +63,6 @@ public class KeycloakOIDCIdentityProvider extends OIDCIdentityProvider {
         return new KeycloakEndpoint(callback, realm, event);
     }

-    @Override
-    protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response) {
-        // Don't verify audience on accessToken as it may not be there. It was verified on IDToken already
-        JsonWebToken access = validateToken(response.getToken(), true);
-        context.getContextData().put(VALIDATED_ACCESS_TOKEN, access);
-    }
-
     protected class KeycloakEndpoint extends OIDCEndpoint {
         public KeycloakEndpoint(AuthenticationCallback callback, RealmModel realm, EventBuilder event) {
             super(callback, realm, event);
diff --git a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
index e7f6fa1ae4..773442d2e5 100755
--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@@ -250,8 +250,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
     }

     protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response) {
-
-
+        // Don't verify audience on accessToken as it may not be there. It was verified on IDToken already
+        JsonWebToken access = validateToken(response.getToken(), true);
+        context.getContextData().put(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN, access);
     }

     protected SimpleHttp getRefreshTokenRequest(KeycloakSession session, String refreshToken, String clientId, String clientSecret) {
diff --git a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
index b781cd4ea0..10ea8666aa 100755
--- a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
@@ -63,6 +63,10 @@ public class GitLabIdentityProvider extends OIDCIdentityProvider  implements Soc
 		}
 	}

+	@Override
+	protected void processAccessTokenResponse(BrokeredIdentityContext context,
+			AccessTokenResponse response) {}
+
 	protected String getUsernameFromUserInfo(JsonNode userInfo) {
 		return getJsonProperty(userInfo, "username");
 	}
diff --git a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
index 17b1a0bceb..f67d485ed9 100755
--- a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
+++ b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
@@ -27,6 +27,7 @@ import org.keycloak.common.ClientConnection;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.events.EventBuilder;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.representations.JsonWebToken;

 import javax.ws.rs.core.MultivaluedMap;
@@ -72,6 +73,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
         return uri;
     }

+    @Override
+    protected void processAccessTokenResponse(BrokeredIdentityContext context,
+        AccessTokenResponse response) {}
+
     @Override
     protected boolean supportsExternalExchange() {
         return true;
	diff --git a/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
	index b6b15b06e5..4ecca0c5cb 100755
	--- a/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
	+++ b/services/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
	@@ -63,13 +63,6 @@ public class KeycloakOIDCIdentityProvider extends OIDCIdentityProvider {
	return new KeycloakEndpoint(callback, realm, event);
	}

	- @Override
	- protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response) {
	- // Don't verify audience on accessToken as it may not be there. It was verified on IDToken already
	- JsonWebToken access = validateToken(response.getToken(), true);
	- context.getContextData().put(VALIDATED_ACCESS_TOKEN, access);
	- }
	-
	protected class KeycloakEndpoint extends OIDCEndpoint {
	public KeycloakEndpoint(AuthenticationCallback callback, RealmModel realm, EventBuilder event) {
	super(callback, realm, event);
	diff --git a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
	index e7f6fa1ae4..773442d2e5 100755
	--- a/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
	+++ b/services/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
	@@ -250,8 +250,9 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
	}

	protected void processAccessTokenResponse(BrokeredIdentityContext context, AccessTokenResponse response) {
	-
	-
	+ // Don't verify audience on accessToken as it may not be there. It was verified on IDToken already
	+ JsonWebToken access = validateToken(response.getToken(), true);
	+ context.getContextData().put(KeycloakOIDCIdentityProvider.VALIDATED_ACCESS_TOKEN, access);
	}

	protected SimpleHttp getRefreshTokenRequest(KeycloakSession session, String refreshToken, String clientId, String clientSecret) {
	diff --git a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
	index b781cd4ea0..10ea8666aa 100755
	--- a/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
	+++ b/services/src/main/java/org/keycloak/social/gitlab/GitLabIdentityProvider.java
	@@ -63,6 +63,10 @@ public class GitLabIdentityProvider extends OIDCIdentityProvider implements Soc
	}
	}

	+ @Override
	+ protected void processAccessTokenResponse(BrokeredIdentityContext context,
	+ AccessTokenResponse response) {}
	+
	protected String getUsernameFromUserInfo(JsonNode userInfo) {
	return getJsonProperty(userInfo, "username");
	}
	diff --git a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
	index 17b1a0bceb..f67d485ed9 100755
	--- a/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
	+++ b/services/src/main/java/org/keycloak/social/google/GoogleIdentityProvider.java
	@@ -27,6 +27,7 @@ import org.keycloak.common.ClientConnection;
	import org.keycloak.common.util.KeycloakUriBuilder;
	import org.keycloak.events.EventBuilder;
	import org.keycloak.models.KeycloakSession;
	+import org.keycloak.representations.AccessTokenResponse;
	import org.keycloak.representations.JsonWebToken;

	import javax.ws.rs.core.MultivaluedMap;
	@@ -72,6 +73,10 @@ public class GoogleIdentityProvider extends OIDCIdentityProvider implements Soci
	return uri;
	}

	+ @Override
	+ protected void processAccessTokenResponse(BrokeredIdentityContext context,
	+ AccessTokenResponse response) {}
	+
	@Override
	protected boolean supportsExternalExchange() {
	return true;