[OID4VCI] Migrate preauth offer tests to separate package

Signed-off-by: Thomas Diesler <tdiesler@proton.me>
2026-05-26 13:50:48 +00:00 · 2026-03-21 06:16:15 +01:00
parent 3c0c94f1d6
commit d38ee4c110
12 changed files with 115 additions and 125 deletions
@@ -18,7 +18,7 @@ if [ $GITHUB_EVENT_NAME == "pull_request" ]; then
    echo "========================================================================================"
    echo "Deprecated testsuite module: "
    echo " * Adding new file(s) is forbidden."
-    echo " * Maximum 50 lines can be added to a single file."
+    echo " * Maximum 100 lines can be added to a single file."
    echo ""
    echo "Please, migrate the added/changed file(s) and use the new test framework instead."
    echo "See: https://github.com/keycloak/keycloak/tree/main/testsuite/DEPRECATED.md for more details."
@@ -327,13 +327,13 @@ public class RealmConfigBuilder {
        return this;
    }

-    public RealmConfigBuilder clientPolicy(ClientPolicyRepresentation clienPolicyRep) {
+    public RealmConfigBuilder clientPolicy(ClientPolicyRepresentation clientPolicyRep) {
        ClientPoliciesRepresentation clientPolicies = rep.getParsedClientPolicies();
        if (clientPolicies == null) {
            clientPolicies = new ClientPoliciesRepresentation();
        }
        List<ClientPolicyRepresentation> policies = clientPolicies.getPolicies();
-        policies.add(clienPolicyRep);
+        policies.add(clientPolicyRep);
        rep.setParsedClientPolicies(clientPolicies);
        return this;
    }
@@ -62,7 +62,7 @@ public class OID4VCActionTest extends OID4VCIssuerTestBase {
        user.admin().logout();
    }

-    static String getKcActionParameter(String clientId, String credentialConfigId, boolean preAuthorized) {
+    public static String getKcActionParameter(String clientId, String credentialConfigId, boolean preAuthorized) {
        try {
            VerifiableCredentialOfferAction.CredentialOfferActionConfig cfg = new VerifiableCredentialOfferAction.CredentialOfferActionConfig();
            cfg.setCredentialConfigurationId(credentialConfigId);
@@ -76,11 +76,11 @@ public class OID4VCActionTest extends OID4VCIssuerTestBase {
        }
    }

-    static String getNonceFromCredentialOfferUri(String credentialOfferUri) {
+    public static String getNonceFromCredentialOfferUri(String credentialOfferUri) {
        return credentialOfferUri.substring(credentialOfferUri.lastIndexOf("/") + 1);
    }

-    static void verifyVCActionCredentialResponse(CredentialResponse credResponse) {
+    public static void verifyVCActionCredentialResponse(CredentialResponse credResponse) {
        CredentialResponse.Credential credentialObj = credResponse.getCredentials().get(0);
        assertNotNull(credentialObj, "The first credential in the array should not be null");
        IssuerSignedJWT issuerSignedJWT = SdJwtVP.of(credentialObj.getCredential().toString()).getIssuerSignedJWT();
@@ -1,5 +1,6 @@
 package org.keycloak.tests.oid4vc;

+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
@@ -13,6 +14,7 @@ import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.admin.client.resource.UserResource;
 import org.keycloak.jose.jws.JWSHeader;
 import org.keycloak.jose.jws.JWSInput;
+import org.keycloak.jose.jws.JWSInputException;
 import org.keycloak.protocol.oid4vc.model.CredentialIssuer;
 import org.keycloak.protocol.oid4vc.model.CredentialOfferURI;
 import org.keycloak.protocol.oid4vc.model.CredentialRequest;
@@ -74,7 +76,7 @@ public class OID4VCBasicWallet {

    // Composite Actions -----------------------------------------------------------------------------------------------

-    public CredentialsOffer createAuthCodeCredentialOffer(OID4VCTestContext ctx, String targetUser) throws Exception {
+    public CredentialsOffer createAuthCodeCredentialOffer(OID4VCTestContext ctx, String targetUser) {

        // Get Issuer AccessToken
        //
@@ -110,7 +112,7 @@ public class OID4VCBasicWallet {
        return credOffer;
    }

-    public CredentialsOffer createPreAuthCredentialOffer(OID4VCTestContext ctx, String targetUser) throws Exception {
+    public CredentialsOffer createPreAuthCredentialOffer(OID4VCTestContext ctx, String targetUser) {

        // Get Issuer AccessToken
        //
@@ -269,10 +271,17 @@ public class OID4VCBasicWallet {
            AccessTokenResponse tokenResponse,
            List<String> includeScopes, List<String> excludeScopes,
            List<String> includeRoles, List<String> excludeRoles
-    ) throws Exception {
+    ) {

        String accessToken = tokenResponse.getAccessToken();
-        JsonWebToken jwt = JsonSerialization.readValue(new JWSInput(accessToken).getContent(), JsonWebToken.class);
+
+        JsonWebToken jwt;
+        try {
+            jwt = JsonSerialization.readValue(new JWSInput(accessToken).getContent(), JsonWebToken.class);
+        } catch (IOException | JWSInputException ex) {
+            throw new IllegalStateException(ex);
+        }
+
        List<String> wasScopes = Arrays.stream(((String) jwt.getOtherClaims().get("scope")).split("\\s")).toList();
        includeScopes.forEach(it -> assertTrue(wasScopes.contains(it), "Missing scope: " + it));
        excludeScopes.forEach(it -> assertFalse(wasScopes.contains(it), "Invalid scope: " + it));
@@ -297,7 +306,7 @@ public class OID4VCBasicWallet {
        return accessToken;
    }

-    public String validateHolderAccessToken(OID4VCTestContext ctx, AccessTokenResponse tokenResponse) throws Exception {
+    public String validateHolderAccessToken(OID4VCTestContext ctx, AccessTokenResponse tokenResponse) {

        // Check that we can extract the AccessToken
        if (!tokenResponse.isSuccess()) {
@@ -314,7 +323,14 @@ public class OID4VCBasicWallet {

        // Extract authorization_details from AccessToken (JWT)
        //
-        JsonWebToken jwt = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(JsonWebToken.class);
+
+        JsonWebToken jwt;
+        try {
+            jwt = new JWSInput(tokenResponse.getAccessToken()).readJsonContent(JsonWebToken.class);
+        } catch (JWSInputException ex) {
+            throw new IllegalStateException(ex);
+        }
+
        Object authDetailsClaim = jwt.getOtherClaims().get(AUTHORIZATION_DETAILS);
        String authDetailsJson = Optional.ofNullable(authDetailsClaim)
                .map(JsonSerialization::valueAsString)
@@ -43,28 +43,15 @@ public class OID4VCIWellKnownProviderTest extends OID4VCIssuerTestBase {
    @InjectRunOnServer
    RunOnServerClient runOnServer;

-    boolean configuredAlready;
-
    @TestSetup
    public void configureTestRealm() {
+        super.configureTestRealm();

-        // When named differently this method is called before OID4VCIssuerTestBase.configureTestRealm()
-        // When named the same name, it is called twice (i.e. does not override)
-        //
-        // [TODO] IntegrationTest sub class @TestSetup called before super class
-        // https://github.com/keycloak/keycloak/issues/46667
-
-        if (!configuredAlready) {
-            super.configureTestRealm();
-
-            ComponentsResource components = testRealm.admin().components();
-            components.add(getRsaKeyProvider(getRsaKey_Default())).close();
-            components.add(getRsaEncKeyProvider(RSA_OAEP_256, "enc-key-oaep256", 100)).close();
-            components.add(getAesKeyProvider(A128KW, "aes-enc", "ENC", "aes-generated")).close();
-            components.add(getAesKeyProvider(Algorithm.HS256, "aes-sig", "SIG", "hmac-generated")).close();
-
-            configuredAlready = true;
-        }
+        ComponentsResource components = testRealm.admin().components();
+        components.add(getRsaKeyProvider(getRsaKey_Default())).close();
+        components.add(getRsaEncKeyProvider(RSA_OAEP_256, "enc-key-oaep256", 100)).close();
+        components.add(getAesKeyProvider(A128KW, "aes-enc", "ENC", "aes-generated")).close();
+        components.add(getAesKeyProvider(Algorithm.HS256, "aes-sig", "SIG", "hmac-generated")).close();
    }

    @Test
@@ -388,7 +388,7 @@ public abstract class OID4VCIssuerEndpointTest extends OID4VCIssuerTestBase {
        }
    }

-    protected class CredentialResponseHandler {
+    public static class CredentialResponseHandler {
        final Logger log = Logger.getLogger(OID4VCIssuerEndpointTest.class);

        protected void handleCredentialResponse(CredentialResponse credentialResponse, ClientScopeRepresentation clientScope) throws VerificationException {
@@ -23,6 +23,8 @@ import java.util.UUID;
 import org.keycloak.OID4VCConstants;
 import org.keycloak.VCFormat;
 import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.ClientScopeResource;
+import org.keycloak.admin.client.resource.ClientScopesResource;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.Profile;
 import org.keycloak.common.crypto.CryptoIntegration;
@@ -50,7 +52,6 @@ import org.keycloak.representations.idm.ClientScopeRepresentation;
 import org.keycloak.representations.idm.ComponentRepresentation;
 import org.keycloak.representations.idm.ProtocolMapperRepresentation;
 import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.representations.userprofile.config.UPConfig;
 import org.keycloak.testframework.annotations.InjectAdminClient;
@@ -112,33 +113,33 @@ public abstract class OID4VCIssuerTestBase {
    public static final String minimalJwtTypeCredentialScopeName = "vc-with-minimal-config";
    public static final String minimalJwtTypeCredentialConfigurationIdName = "vc-with-minimal-config-id";

-    @InjectRealm(config = VCTestRealmConfig.class)
-    protected ManagedRealm testRealm;
-
-    @InjectClient(ref = "oid4vci-client", config = OID4VCIClient.class)
-    ManagedClient managedClient;
-
-    @InjectOAuthClient
-    protected OAuthClient oauth;
-
-    @InjectTimeOffSet
-    TimeOffSet timeOffSet;
-
-    @InjectEvents
-    protected Events events;
-
-    @InjectWebDriver
-    ManagedWebDriver driver;
-
-    @InjectAdminClient
-    Keycloak keycloak;
-
    protected CredentialScopeRepresentation minimalJwtTypeCredentialScope;
    protected CredentialScopeRepresentation jwtTypeCredentialScope;
    protected CredentialScopeRepresentation sdJwtTypeCredentialScope;

    protected ClientRepresentation client;

+    @InjectRealm(config = VCTestRealmConfig.class)
+    protected ManagedRealm testRealm;
+
+    @InjectClient(ref = "oid4vci-client", config = OID4VCIClient.class)
+    protected ManagedClient managedClient;
+
+    @InjectOAuthClient
+    protected OAuthClient oauth;
+
+    @InjectTimeOffSet
+    protected TimeOffSet timeOffSet;
+
+    @InjectEvents
+    protected Events events;
+
+    @InjectWebDriver
+    protected ManagedWebDriver driver;
+
+    @InjectAdminClient
+    protected Keycloak keycloak;
+
    @TestSetup
    public void configureTestRealm() {
        RealmResource realmResource = testRealm.admin();
@@ -159,29 +160,7 @@ public abstract class OID4VCIssuerTestBase {
        enableVerifiableCredentialEvents(testRealm);
    }

-    public static void enableVerifiableCredentialEvents(ManagedRealm realm) {
-        RealmEventsConfigRepresentation realmEventsConfig = realm.admin().getRealmEventsConfig();
-        List<String> enabledEventTypes = realmEventsConfig.getEnabledEventTypes();
-        if (!enabledEventTypes.contains(EventType.VERIFIABLE_CREDENTIAL_NONCE_REQUEST.name())) {
-            enabledEventTypes.add(EventType.VERIFIABLE_CREDENTIAL_NONCE_REQUEST.name());
-            realm.admin().updateRealmEventsConfig(realmEventsConfig);
-        }
-    }
-
-    boolean shouldEnableOid4vci(RealmRepresentation realm) {
-        return true;
-    }
-
-    boolean shouldEnableOid4vci(ClientRepresentation client) {
-        return true;
-    }
-
-    boolean isOid4vciEnabled(ClientRepresentation client) {
-        Map<String, String> attributes = Optional.ofNullable(client.getAttributes()).orElse(new HashMap<>());
-        return Boolean.parseBoolean(attributes.get(OID4VCI_ENABLED_ATTRIBUTE_KEY));
-    }
-
-    CredentialScopeRepresentation getExistingCredentialScope(String scopeName) {
+    protected CredentialScopeRepresentation getExistingCredentialScope(String scopeName) {
        return testRealm.admin().clientScopes().findAll().stream()
                .filter(it -> scopeName.equals(it.getName()))
                .map(CredentialScopeRepresentation::new)
@@ -189,7 +168,7 @@ public abstract class OID4VCIssuerTestBase {
                .orElse(null);
    }

-    KeyWrapper getRsaKey(KeyUse keyUse, String algorithm, String keyName) {
+    protected KeyWrapper getRsaKey(KeyUse keyUse, String algorithm, String keyName) {
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
            kpg.initialize(2048);
@@ -209,20 +188,20 @@ public abstract class OID4VCIssuerTestBase {
        }
    }

-    ComponentRepresentation getRsaKeyProvider(KeyWrapper keyWrapper) {
+    protected ComponentRepresentation getRsaKeyProvider(KeyWrapper keyWrapper) {
        return createRsaKeyProviderComponent(keyWrapper, "rsa-key-provider", 0);
    }

-    ComponentRepresentation getRsaEncKeyProvider(String algorithm, String keyName, int priority) {
+    protected ComponentRepresentation getRsaEncKeyProvider(String algorithm, String keyName, int priority) {
        KeyWrapper keyWrapper = getRsaKey(KeyUse.ENC, algorithm, keyName);
        return createRsaKeyProviderComponent(keyWrapper, keyName, priority);
    }

-    KeyWrapper getRsaKey_Default() {
+    protected KeyWrapper getRsaKey_Default() {
        return getRsaKey(KeyUse.SIG, "RS256", null);
    }

-    ComponentRepresentation getAesKeyProvider(String algorithm, String keyName, String keyUse, String providerId) {
+    protected ComponentRepresentation getAesKeyProvider(String algorithm, String keyName, String keyUse, String providerId) {
        // Generate a random AES key (default length: 256 bits)
        byte[] secret = SecretGenerator.getInstance().randomBytes(32); // 32 bytes = 256 bits
        String secretBase64 = Base64.getEncoder().encodeToString(secret);
@@ -245,23 +224,23 @@ public abstract class OID4VCIssuerTestBase {
        return component;
    }

-    String getBearerToken(OAuthClient oauthClient) {
+    protected String getBearerToken(OAuthClient oauthClient) {
        return getBearerToken(oauthClient, null);
    }

-    String getBearerToken(OAuthClient oauthClient, ClientRepresentation client) {
+    protected String getBearerToken(OAuthClient oauthClient, ClientRepresentation client) {
        return getBearerToken(oauthClient, client, null);
    }

-    String getBearerToken(OAuthClient oauthClient, ClientRepresentation client, String scope) {
+    protected String getBearerToken(OAuthClient oauthClient, ClientRepresentation client, String scope) {
        return getBearerToken(oauthClient, client, "john", scope);
    }

-    String getBearerToken(OAuthClient oauthClient, ClientRepresentation client, String username, String scope) {
+    protected String getBearerToken(OAuthClient oauthClient, ClientRepresentation client, String username, String scope) {
        return getBearerTokenCodeFlow(oauthClient, client, username, scope).getAccessToken();
    }

-    AccessTokenResponse getBearerTokenCodeFlow(OAuthClient oauthClient, ClientRepresentation client, String username, String scope) {
+    protected AccessTokenResponse getBearerTokenCodeFlow(OAuthClient oauthClient, ClientRepresentation client, String username, String scope) {
        var authCode = getAuthorizationCode(oauthClient, client, username, scope);
        return oauthClient.accessTokenRequest(authCode).send();
    }
@@ -287,7 +266,7 @@ public abstract class OID4VCIssuerTestBase {
        return authorizationEndpointResponse;
    }

-    AccessTokenResponse getBearerToken(OAuthClient oauthClient, String authCode, OID4VCAuthorizationDetail... authDetail) {
+    protected AccessTokenResponse getBearerToken(OAuthClient oauthClient, String authCode, OID4VCAuthorizationDetail... authDetail) {
        AccessTokenRequest accessTokenRequest = oauthClient.accessTokenRequest(authCode);
        if (authDetail != null && authDetail.length > 0) {
            accessTokenRequest.authorizationDetails(Arrays.asList(authDetail));
@@ -299,11 +278,17 @@ public abstract class OID4VCIssuerTestBase {
        return tokenResponse;
    }

-    CredentialScopeRepresentation requireExistingCredentialScope(String scopeName) {
+    protected CredentialScopeRepresentation requireExistingCredentialScope(String scopeName) {
        return Optional.ofNullable(getExistingCredentialScope(scopeName))
                .orElseThrow(() -> new IllegalStateException("No such credential scope: " + scopeName));
    }

+    protected void updateCredentialScope(CredentialScopeRepresentation clientScope) {
+        ClientScopesResource clientScopesResource = testRealm.admin().clientScopes();
+        ClientScopeResource clientScopeResource = clientScopesResource.get(clientScope.getId());
+        clientScopeResource.update(clientScope);
+    }
+
    // Private ---------------------------------------------------------------------------------------------------------

    private ComponentRepresentation createRsaKeyProviderComponent(KeyWrapper keyWrapper, String name, int priority) {
@@ -329,6 +314,15 @@ public abstract class OID4VCIssuerTestBase {
        return component;
    }

+    private void enableVerifiableCredentialEvents(ManagedRealm realm) {
+        RealmEventsConfigRepresentation realmEventsConfig = realm.admin().getRealmEventsConfig();
+        List<String> enabledEventTypes = realmEventsConfig.getEnabledEventTypes();
+        if (!enabledEventTypes.contains(EventType.VERIFIABLE_CREDENTIAL_NONCE_REQUEST.name())) {
+            enabledEventTypes.add(EventType.VERIFIABLE_CREDENTIAL_NONCE_REQUEST.name());
+            realm.admin().updateRealmEventsConfig(realmEventsConfig);
+        }
+    }
+
    // Static Config and RunOnServer Helpers ---------------------------------------------------------------------------

    public static class VCTestServerConfig implements KeycloakServerConfig {
@@ -338,7 +332,7 @@ public abstract class OID4VCIssuerTestBase {
        }
    }

-    static class VCTestServerWithPreAuthCodeEnabled implements KeycloakServerConfig {
+    public static class VCTestServerWithPreAuthCodeEnabled implements KeycloakServerConfig {
        @Override
        public KeycloakServerConfigBuilder configure(KeycloakServerConfigBuilder config) {
            return config.features(Profile.Feature.OID4VC_VCI, Profile.Feature.OID4VC_VCI_PREAUTH_CODE);
@@ -397,7 +391,7 @@ public abstract class OID4VCIssuerTestBase {

            realm.addUser(getUserRepresentation("John Doe", Map.of("did", "did:key:1234"), List.of(CREDENTIAL_OFFER_CREATE.getName()), Collections.emptyMap()));
            realm.addUser(getUserRepresentation("Alice Wonderland", Map.of("did", "did:key:5678"), List.of(), Map.of()));
-            
+
            return realm;
        }

@@ -494,7 +488,7 @@ public abstract class OID4VCIssuerTestBase {
        }
    }

-    static class OID4VCIClient implements ClientConfig {
+    public static class OID4VCIClient implements ClientConfig {

        @Override
        public ClientConfigBuilder configure(ClientConfigBuilder client) {
@@ -511,7 +505,7 @@ public abstract class OID4VCIssuerTestBase {
        }
    }

-    static class ProtocolMapperUtils {
+    public static class ProtocolMapperUtils {

        static ProtocolMapperRepresentation getIssuedAtTimeMapper(String subjectProperty, String truncateToTimeUnit, String valueSource) {
            ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
@@ -596,7 +590,7 @@ public abstract class OID4VCIssuerTestBase {
        }
    }

-    protected static class StaticTimeProvider implements TimeProvider {
+    public static class StaticTimeProvider implements TimeProvider {
        private final int currentTimeInS;

        public StaticTimeProvider(int currentTimeInS) {
@@ -33,15 +33,16 @@ public class OID4VCTestContext {
    static final AttachmentKey<AccessTokenResponse> ACCESS_TOKEN_RESPONSE_ATTACHMENT_KEY = new AttachmentKey<>(AccessTokenResponse.class);
    static final AttachmentKey<CredentialResponse> CREDENTIAL_RESPONSE_ATTACHMENT_KEY = new AttachmentKey<>(CredentialResponse.class);

-    ClientRepresentation client;
-    String clientId;
-    String issuer;      // Issuing username (i.e. agent who creates credential offers)
-    String holder;      // Holder who requests the credential
-    String credConfigId;
-    String credScopeName;
-    CredentialScopeRepresentation credentialScope;
+    public String clientId;
+    public String issuer;      // Issuing username (i.e. agent who creates credential offers)
+    public String holder;      // Holder who requests the credential
+    public String credConfigId;
+    public String credScopeName;

-    Map<AttachmentKey<?>, Object> attachments = new HashMap<>();
+    public ClientRepresentation client;
+    public CredentialScopeRepresentation credentialScope;
+
+    private final Map<AttachmentKey<?>, Object> attachments = new HashMap<>();

    public OID4VCTestContext(ClientRepresentation client, CredentialScopeRepresentation credentialScope) {
        this.client = client;
@@ -10,7 +10,6 @@ import org.keycloak.protocol.oid4vc.model.CredentialsOffer;
 import org.keycloak.protocol.oid4vc.model.OID4VCAuthorizationDetail;
 import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
 import org.keycloak.representations.JsonWebToken;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.sdjwt.IssuerSignedJWT;
 import org.keycloak.sdjwt.vp.SdJwtVP;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
@@ -48,7 +47,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 * +----------+----------+---------+------------------------------------------------------+
 */
@KeycloakIntegrationTest(config = VCTestServerConfig.class)
-public class OID4VCAuthCodeOfferTest extends OID4VCIssuerTestBase {
+public class OID4VCredentialOfferAuthCodeTest extends OID4VCIssuerTestBase {

    OID4VCBasicWallet wallet;

@@ -63,14 +62,7 @@ public class OID4VCAuthCodeOfferTest extends OID4VCIssuerTestBase {
    }

    @Test
-    public void testRealmSetup() {
-        RealmRepresentation realmRep = testRealm.admin().toRepresentation();
-        assertEquals(shouldEnableOid4vci(realmRep), realmRep.isVerifiableCredentialsEnabled());
-        assertEquals(shouldEnableOid4vci(client), isOid4vciEnabled(client));
-    }
-
-    @Test
-    public void testWithoutOffer_Scope() throws Exception {
+    public void testNoOffer_Scope() throws Exception {

        var ctx = new OID4VCTestContext(client, jwtTypeCredentialScope);

@@ -102,7 +94,7 @@ public class OID4VCAuthCodeOfferTest extends OID4VCIssuerTestBase {
    }

    @Test
-    public void testWithoutOffer_Scope_AuthDetails() throws Exception {
+    public void testNoOffer_Scope_AuthDetails() throws Exception {

        var ctx = new OID4VCTestContext(client, jwtTypeCredentialScope);

@@ -1,4 +1,4 @@
-package org.keycloak.tests.oid4vc;
+package org.keycloak.tests.oid4vc.preauth;


 import org.keycloak.events.Details;
@@ -12,6 +12,9 @@ import org.keycloak.testframework.realm.ManagedUser;
 import org.keycloak.testframework.ui.annotations.InjectPage;
 import org.keycloak.testframework.ui.page.OID4VCCredentialOfferPage;
 import org.keycloak.tests.common.TestRealmUserConfig;
+import org.keycloak.tests.oid4vc.OID4VCBasicWallet;
+import org.keycloak.tests.oid4vc.OID4VCIssuerTestBase;
+import org.keycloak.tests.oid4vc.OID4VCTestContext;
 import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
 import org.keycloak.testsuite.util.oauth.oid4vc.CredentialOfferResponse;

@@ -14,7 +14,7 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.keycloak.tests.oid4vc;
+package org.keycloak.tests.oid4vc.preauth;

 import java.io.IOException;
 import java.util.List;
@@ -30,6 +30,8 @@ import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentatio
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
 import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
+import org.keycloak.tests.oid4vc.OID4VCIssuerEndpointTest;
+import org.keycloak.tests.oid4vc.OID4VCIssuerTestBase;
 import org.keycloak.testsuite.util.AccountHelper;
 import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
 import org.keycloak.testsuite.util.oauth.oid4vc.CredentialOfferResponse;
@@ -1,4 +1,4 @@
-package org.keycloak.tests.oid4vc;
+package org.keycloak.tests.oid4vc.preauth;

 import java.net.URI;
 import java.util.List;
@@ -9,9 +9,11 @@ import org.keycloak.protocol.oid4vc.model.CredentialResponse;
 import org.keycloak.protocol.oid4vc.model.CredentialsOffer;
 import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
 import org.keycloak.representations.JsonWebToken;
-import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
+import org.keycloak.tests.oid4vc.OID4VCBasicWallet;
+import org.keycloak.tests.oid4vc.OID4VCIssuerTestBase;
+import org.keycloak.tests.oid4vc.OID4VCTestContext;
 import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
 import org.keycloak.util.JsonSerialization;

@@ -37,7 +39,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 * +----------+----------+---------+------------------------------------------------------+
 */
@KeycloakIntegrationTest(config = OID4VCIssuerTestBase.VCTestServerWithPreAuthCodeEnabled.class)
-public class OID4VCPreAuthorizedCodeOfferTest extends OID4VCIssuerTestBase {
+public class OID4VCredentialOfferPreAuthTest extends OID4VCIssuerTestBase {

    OID4VCBasicWallet wallet;

@@ -47,13 +49,6 @@ public class OID4VCPreAuthorizedCodeOfferTest extends OID4VCIssuerTestBase {
        wallet.logout();
    }

-    @Test
-    public void testRealmSetup() {
-        RealmRepresentation realmRep = testRealm.admin().toRepresentation();
-        assertEquals(shouldEnableOid4vci(realmRep), realmRep.isVerifiableCredentialsEnabled());
-        assertEquals(shouldEnableOid4vci(client), isOid4vciEnabled(client));
-    }
-
    @Test
    public void testPreAuthOffer_DisabledUser() {