brandon/nextcloud-mcp-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
403f8be429a7e0cfa48cfd110f1d0cd4b092fa14
nextcloud-mcp-server/tests/server
T
History
Chris Coutinho 403f8be429 feat: Add Keycloak external IdP integration with custom scopes 
Add comprehensive support for using Keycloak as an external identity
provider with Nextcloud custom scopes. This enables testing of ADR-002
external IdP integration patterns.

**Keycloak Realm Configuration:**
- Add frontendUrl attribute to issue tokens with public issuer URL
- Define 18 Nextcloud custom client scopes (notes:read/write,
  calendar:read/write, contacts:read/write, cookbook:read/write,
  deck:read/write, tables:read/write, files:read/write,
  sharing:read/write, todo:read/write)
- Add all custom scopes to nextcloud-mcp-server client optional scopes
- Scopes include consent screen text for user-friendly OAuth flow

**MCP Server Configuration:**
- Add OIDC_JWKS_URI environment variable support
- Implement JWKS URI override logic for Docker networking
- Update NEXTCLOUD_PUBLIC_ISSUER_URL to include full realm path
- Enable MCP server to fetch JWKS from internal Docker network

**Test Infrastructure:**
- Add keycloak_oauth_client_credentials fixture (session-scoped)
- Add keycloak_oauth_token fixture with Playwright automation
- Implement PKCE (S256) support for Keycloak OAuth flow
- Add nc_mcp_keycloak_client fixture for MCP testing
- Create comprehensive test suite in test_keycloak_external_idp.py

**Tests Created:**
- test_keycloak_oauth_token_acquisition: Token acquisition via Playwright
- test_keycloak_oauth_client_credentials_discovery: OIDC discovery
- test_mcp_client_connects_to_keycloak_server: MCP connectivity
- test_external_idp_server_initialization: Server auto-detection
- test_external_idp_token_validation: Token validation flow
- test_tools_work_with_keycloak_token: End-to-end tool execution
- test_keycloak_token_persistence: Multi-operation token reuse
- test_user_auto_provisioning: Nextcloud user provisioning
- test_scope_filtering_with_keycloak: Scope-based tool filtering
- test_keycloak_error_handling: Error handling
- test_external_idp_architecture: Architecture documentation

**Current Status:**
-  Keycloak realm configuration complete
-  Custom scopes defined and available
-  OAuth token acquisition working (1 test passing)
- ⚠️  Token validation needs additional work (external IdP userinfo)

**Files Modified:**
- keycloak/realm-export.json: Realm configuration with scopes
- tests/conftest.py: Keycloak OAuth fixtures (+285 lines)
- tests/server/oauth/test_keycloak_external_idp.py: New test suite
- docker-compose.yml: OIDC_JWKS_URI and issuer configuration
- nextcloud_mcp_server/app.py: JWKS URI override logic

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-02 22:03:20 +01:00
..
oauth
feat: Add Keycloak external IdP integration with custom scopes
2025-11-02 22:03:20 +01:00
__init__.py
ci: fix imports
2025-10-24 01:04:30 +02:00
test_calendar_todos_mcp.py
feat(caldav): Add support for tasks
2025-10-19 18:02:43 +02:00
test_contacts_mcp.py
ci: [skip ci] Move tests to subdirs
2025-10-14 02:08:45 +02:00
test_cookbook_mcp.py
feat: Split read/write scopes into app:read/write scopes
2025-10-24 04:38:49 +02:00
test_deck_advanced_features.py
Merge remote-tracking branch 'origin/master' into feature/user-api
2025-10-14 23:43:03 +02:00
test_deck_mcp.py
ci: [skip ci] Move tests to subdirs
2025-10-14 02:08:45 +02:00
test_error_propagation.py
ci: [skip ci] Move tests to subdirs
2025-10-14 02:08:45 +02:00
test_mcp.py
chore: Upgrade pydantic Config to ConfigDict
2025-10-24 06:18:13 +02:00
test_users_api.py
test: Add integration marker to user/group tests
2025-10-25 20:16:14 +02:00
test_webdav_search_mcp.py
feat(webdav): Add search and list favorite response tools
2025-10-18 22:02:26 +02:00