Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

API structure was changed to obtain Access Token Audiences in GET response #391

Open
wants to merge 21 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
9e0f77e
API structure was changed to obtain Access Token Audiences in GET res…
gershom96 Sep 7, 2022
9a88550
Added correct headers
gershom96 Sep 7, 2022
2d76505
Updated pom to point to the right identitiy-inbound-auth-oauth versio…
gershom96 Sep 8, 2022
846ec31
Reverted header
gershom96 Sep 8, 2022
324fc23
Changed header
gershom96 Sep 8, 2022
af6b257
Carried out some suggestions
gershom96 Sep 8, 2022
5980db8
Fixed header issues
gershom96 Sep 9, 2022
9c5c09b
Changed header files
gershom96 Sep 12, 2022
3be794a
Merge branch 'master' of https://github.com/wso2/identity-api-server
gershom96 Oct 28, 2022
31d038d
Merge branch 'wso2:master' into master
gershom96 Oct 28, 2022
1be3762
Addressed issues raised in review
gershom96 Oct 31, 2022
46772f6
Merge branch 'master' of github.com:gershom96/identity-api-server
gershom96 Oct 31, 2022
b02544a
Merge branch 'wso2:master' into master
gershom96 Jan 4, 2023
b95f20c
Adding an Error Response if the API request body contains audience in…
gershom96 Jan 7, 2023
d7dea03
Handling access token audience values in API requests when legacy aud…
gershom96 Jan 31, 2023
3973ca8
Bumped oauth version
gershom96 Feb 2, 2023
d66d3ae
Merged from upstream and resolved conflicts
gershom96 Jun 16, 2023
013e86d
Updated APIs to remove functionality to support Legacy Audience behav…
gershom96 Jul 11, 2023
1dea844
Resolved pom file
gershom96 Jul 11, 2023
0c41e0f
API changes to accomadata curent audience separation implementation
gershom96 Jul 26, 2023
149dd8c
Fixed merge conflict
gershom96 Jul 26, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,25 +1,27 @@
/*
* Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
* Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
gershom96 marked this conversation as resolved.
Show resolved Hide resolved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.v1;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonCreator;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import java.util.ArrayList;
import java.util.List;
import javax.validation.constraints.*;


Expand All @@ -31,6 +33,8 @@
public class AccessTokenConfiguration {

private String type;
private List<String> audience = null;

private Long userAccessTokenExpiryInSeconds;
private Long applicationAccessTokenExpiryInSeconds;
private String bindingType = "None";
Expand All @@ -57,6 +61,32 @@ public void setType(String type) {

/**
**/
public AccessTokenConfiguration audience(List<String> audience) {

this.audience = audience;
return this;
}

@ApiModelProperty(example = "[\"http://idp.xyz.com\",\"http://idp.abc.com\"]", value = "")
@JsonProperty("audience")
@Valid
public List<String> getAudience() {
return audience;
}
public void setAudience(List<String> audience) {
this.audience = audience;
}

public AccessTokenConfiguration addAudienceItem(String audienceItem) {
if (this.audience == null) {
this.audience = new ArrayList<>();
}
this.audience.add(audienceItem);
return this;
}

/**
**/
public AccessTokenConfiguration userAccessTokenExpiryInSeconds(Long userAccessTokenExpiryInSeconds) {

this.userAccessTokenExpiryInSeconds = userAccessTokenExpiryInSeconds;
Expand Down Expand Up @@ -100,7 +130,7 @@ public AccessTokenConfiguration bindingType(String bindingType) {
return this;
}

@ApiModelProperty(example = "[\"sso-session\",\"cookie\"]", value = "OAuth2 access token and refresh token can be bound to an external attribute during the token generation so that it can be optionally validated during the API invocation.")
@ApiModelProperty(example = "cookie", value = "OAuth2 access token and refresh token can be bound to an external attribute during the token generation so that it can be optionally validated during the API invocation.")
@JsonProperty("bindingType")
@Valid
public String getBindingType() {
Expand Down Expand Up @@ -161,6 +191,7 @@ public boolean equals(java.lang.Object o) {
}
AccessTokenConfiguration accessTokenConfiguration = (AccessTokenConfiguration) o;
return Objects.equals(this.type, accessTokenConfiguration.type) &&
Objects.equals(this.audience, accessTokenConfiguration.audience) &&
Objects.equals(this.userAccessTokenExpiryInSeconds, accessTokenConfiguration.userAccessTokenExpiryInSeconds) &&
Objects.equals(this.applicationAccessTokenExpiryInSeconds, accessTokenConfiguration.applicationAccessTokenExpiryInSeconds) &&
Objects.equals(this.bindingType, accessTokenConfiguration.bindingType) &&
Expand All @@ -170,7 +201,7 @@ public boolean equals(java.lang.Object o) {

@Override
public int hashCode() {
return Objects.hash(type, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding);
return Objects.hash(type, audience, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding);
}

@Override
Expand All @@ -180,6 +211,7 @@ public String toString() {
sb.append("class AccessTokenConfiguration {\n");

sb.append(" type: ").append(toIndentedString(type)).append("\n");
sb.append(" audience: ").append(toIndentedString(audience)).append("\n");
sb.append(" userAccessTokenExpiryInSeconds: ").append(toIndentedString(userAccessTokenExpiryInSeconds)).append("\n");
sb.append(" applicationAccessTokenExpiryInSeconds: ").append(toIndentedString(applicationAccessTokenExpiryInSeconds)).append("\n");
sb.append(" bindingType: ").append(toIndentedString(bindingType)).append("\n");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
gershom96 marked this conversation as resolved.
Show resolved Hide resolved

package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2;

import org.apache.commons.collections.CollectionUtils;
Expand Down Expand Up @@ -88,7 +89,7 @@ private void updateIdTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, IdTo

if (idToken != null) {
setIfNotNull(idToken.getExpiryInSeconds(), consumerAppDTO::setIdTokenExpiryTime);
consumerAppDTO.setAudiences(Optional.ofNullable(idToken.getAudience())
consumerAppDTO.setIdTokenAudiences(Optional.ofNullable(idToken.getAudience())
gershom96 marked this conversation as resolved.
Show resolved Hide resolved
.map(audiences -> audiences.toArray(new String[0]))
.orElse(new String[0])
);
Expand Down Expand Up @@ -131,6 +132,10 @@ private void updateAccessTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO,
if (accessToken != null) {
consumerAppDTO.setTokenType(accessToken.getType());
consumerAppDTO.setUserAccessTokenExpiryTime(accessToken.getUserAccessTokenExpiryInSeconds());
consumerAppDTO.setAccessTokenAudiences(Optional.ofNullable(accessToken.getAudience())
.map(audiences -> audiences.toArray(new String[0]))
.orElse(new String[0])
);
consumerAppDTO.setApplicationAccessTokenExpiryTime(accessToken.getApplicationAccessTokenExpiryInSeconds());
consumerAppDTO.setTokenBindingType(accessToken.getBindingType());
if (accessToken.getRevokeTokensWhenIDPSessionTerminated() != null) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.inbound.oauth2;

import org.apache.commons.lang.StringUtils;
Expand Down Expand Up @@ -85,7 +86,8 @@ private AccessTokenConfiguration buildTokenConfiguration(OAuthConsumerAppDTO oAu
.bindingType(oAuthConsumerAppDTO.getTokenBindingType())
.revokeTokensWhenIDPSessionTerminated(oAuthConsumerAppDTO
.isTokenRevocationWithIDPSessionTerminationEnabled())
.validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled());
.validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled())
.audience(getAccessTokenAudiences(oAuthConsumerAppDTO.getAccessTokenAudiences()));
}

private RefreshTokenConfiguration buildRefreshTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
Expand All @@ -99,19 +101,21 @@ private IdTokenConfiguration buildIdTokenConfiguration(OAuthConsumerAppDTO oAuth

return new IdTokenConfiguration()
.expiryInSeconds(oAuthConsumerAppDTO.getIdTokenExpiryTime())
.audience(getAudiences(oAuthConsumerAppDTO))
.audience(getIdTokenAudiences(oAuthConsumerAppDTO.getIdTokenAudiences()))
.encryption(buildIdTokenEncryptionConfiguration(oAuthConsumerAppDTO));
}

private List<String> getAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
private List<String> getIdTokenAudiences(String[] audiences) {

return (audiences == null) ? Collections.emptyList() : Arrays.asList(audiences);

if (oAuthConsumerAppDTO.getAudiences() == null) {
return Collections.emptyList();
} else {
return Arrays.asList(oAuthConsumerAppDTO.getAudiences());
}
}

private List<String> getAccessTokenAudiences(String[] audiences) {

return (audiences == null) ? Collections.emptyList() : Arrays.asList(audiences);

}
gershom96 marked this conversation as resolved.
Show resolved Hide resolved
private IdTokenEncryptionConfiguration buildIdTokenEncryptionConfiguration(OAuthConsumerAppDTO appDTO) {

return new IdTokenEncryptionConfiguration()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2909,6 +2909,13 @@ components:
type:
type: string
example: JWT
audience:
type: array
example:
- 'http://idp.xyz.com'
- 'http://idp.abc.com'
gershom96 marked this conversation as resolved.
Show resolved Hide resolved
items:
type: string
userAccessTokenExpiryInSeconds:
type: integer
format: int64
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,7 @@
<identity.workflow.impl.bps.version>5.2.0</identity.workflow.impl.bps.version>
<maven.checkstyleplugin.excludes>**/gen/**/*</maven.checkstyleplugin.excludes>
<identity.event.handler.version>1.4.4</identity.event.handler.version>
<identity.inbound.oauth2.version>6.8.0</identity.inbound.oauth2.version>
<identity.inbound.oauth2.version>6.8.6-SNAPSHOT</identity.inbound.oauth2.version>
<identity.inbound.saml2.version>5.8.44</identity.inbound.saml2.version>
<commons.beanutils.version>1.9.4</commons.beanutils.version>
<mavan.findbugsplugin.exclude.file>findbugs-exclude-filter.xml</mavan.findbugsplugin.exclude.file>
Expand Down