diff --git a/tests/test_keycloak_admin.py b/tests/test_keycloak_admin.py index 1420c56..cac47de 100644 --- a/tests/test_keycloak_admin.py +++ b/tests/test_keycloak_admin.py @@ -1564,6 +1564,26 @@ def test_enable_token_exchange(admin: KeycloakAdmin, realm: str): scope_id=token_exchange_permission_id, ) + # Create permissions on the target client to reference this policy + res = admin.create_client_authz_scope_permission( + payload={ + "name": "test-permission", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "resources": [token_exchange_resource_id], + "scopes": [token_exchange_scope_id], + "policies": [client_policy_id], + }, + client_id="realm_management_id", + ) + with pytest.raises(KeycloakPostError) as err: + admin.create_client_scope(payload={"name": "test-scope"}) + assert err.match('404: b\'{"errorMessage":"Could not find client"}\'') + permission_name = admin.get_client_authz_scope_permission( + client_id=realm_management_id)["name"] + assert permission_name == "test-permission" + def test_email(admin: KeycloakAdmin, user: str): """Test email.