Merge branch 'master' into rule-evaluation

# Conflicts: # components/org.wso2.carbon.identity.oauth/pom.xml # components/org.wso2.carbon.identity.oauth/src/test/resources/testng.xml # pom.xml
wso2-extensions · Jan 23, 2025 · 12d8f1c · 12d8f1c
2 parents 9653c5b + a22fe6d
commit 12d8f1c
Show file tree

Hide file tree

Showing 103 changed files with 7,525 additions and 86 deletions.
diff --git a/components/org.wso2.carbon.identity.api.server.dcr/pom.xml b/components/org.wso2.carbon.identity.api.server.dcr/pom.xml
@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.dcr</artifactId>
-    <version>7.0.219-SNAPSHOT</version>
+    <version>7.0.222-SNAPSHOT</version>
     <name>WSO2 Carbon -  User DCR Rest API</name>
     <description>WSO2 Carbon - User DCR Rest API</description>
 

diff --git a/components/org.wso2.carbon.identity.api.server.oauth.scope/pom.xml b/components/org.wso2.carbon.identity.api.server.oauth.scope/pom.xml
@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.oauth.scope</artifactId>
-    <version>7.0.219-SNAPSHOT</version>
+    <version>7.0.222-SNAPSHOT</version>
 
     <name>WSO2 Carbon - Identity OAuth 2.0 Scope Rest APIs</name>
     <description>Rest APIs for OAuth 2.0 Scope Handling</description>

diff --git a/components/org.wso2.carbon.identity.client.attestation.filter/pom.xml b/components/org.wso2.carbon.identity.client.attestation.filter/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

diff --git a/components/org.wso2.carbon.identity.discovery/pom.xml b/components/org.wso2.carbon.identity.discovery/pom.xml
@@ -21,7 +21,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -52,6 +52,10 @@
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.claim.metadata.mgt</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth.rar</artifactId>
+        </dependency>
         <!--Test Dependencies-->
         <dependency>
             <groupId>org.testng</groupId>

diff --git a/...entity.discovery/src/main/java/org/wso2/carbon/identity/discovery/DiscoveryConstants.java b/...entity.discovery/src/main/java/org/wso2/carbon/identity/discovery/DiscoveryConstants.java
@@ -377,4 +377,11 @@ public class DiscoveryConstants {
      * Authorization Server.
      */
     public static final String MTLS_ENDPOINT_ALIASES = "mtls_endpoint_aliases";
+
+    /**
+     * authorization_details_types_supported.
+     * <p>OPTIONAL. JSON array containing the authorization details types the AS supports.</p>
+     * @see <a href='https://datatracker.ietf.org/doc/html/rfc9396.txt#name-metadata'>rfc9396</a>
+     */
+    public static final String AUTHORIZATION_DETAILS_TYPES_SUPPORTED = "authorization_details_types_supported";
 }
diff --git a/...discovery/src/main/java/org/wso2/carbon/identity/discovery/OIDProviderConfigResponse.java b/...discovery/src/main/java/org/wso2/carbon/identity/discovery/OIDProviderConfigResponse.java
@@ -85,6 +85,7 @@ public class OIDProviderConfigResponse {
     private Boolean tlsClientCertificateBoundAccessTokens;
     private String mtlsTokenEndpoint;
     private String mtlsPushedAuthorizationRequestEndpoint;
+    private String[] authorizationDetailsTypesSupported;
 
     private static final String MUTUAL_TLS_ALIASES_ENABLED = "OAuth.MutualTLSAliases.Enabled";
 
@@ -530,6 +531,16 @@ public void setMtlsPushedAuthorizationRequestEndpoint(String mtlsPushedAuthoriza
         this.mtlsPushedAuthorizationRequestEndpoint = mtlsPushedAuthorizationRequestEndpoint;
     }
 
+    public String[] getAuthorizationDetailsTypesSupported() {
+
+        return this.authorizationDetailsTypesSupported;
+    }
+
+    public void setAuthorizationDetailsTypesSupported(String[] authorizationDetailsTypesSupported) {
+
+        this.authorizationDetailsTypesSupported = authorizationDetailsTypesSupported;
+    }
+
     public Map<String, Object> getConfigMap() {
         Map<String, Object> configMap = new HashMap<String, Object>();
         configMap.put(DiscoveryConstants.ISSUER.toLowerCase(), this.issuer);
@@ -604,6 +615,8 @@ public Map<String, Object> getConfigMap() {
                     this.mtlsPushedAuthorizationRequestEndpoint);
             configMap.put(DiscoveryConstants.MTLS_ENDPOINT_ALIASES, mtlsAliases);
         }
+        configMap.put(DiscoveryConstants.AUTHORIZATION_DETAILS_TYPES_SUPPORTED,
+                this.authorizationDetailsTypesSupported);
         return configMap;
     }
 }
diff --git a/...very/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java b/...very/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java
@@ -32,6 +32,7 @@
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.OAuth2Constants;
+import org.wso2.carbon.identity.oauth2.rar.core.AuthorizationDetailsProcessorFactory;
 import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
 
 import java.net.URISyntaxException;
@@ -152,6 +153,13 @@ public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest reque
                 .contains(OAuth2Constants.TokenBinderType.CERTIFICATE_BASED_TOKEN_BINDER));
         providerConfig.setMtlsTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSTokenEPUrl());
         providerConfig.setMtlsPushedAuthorizationRequestEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSParEPUrl());
+
+        final Set<String> authorizationDetailTypes = AuthorizationDetailsProcessorFactory.getInstance()
+                .getSupportedAuthorizationDetailTypes();
+        if (authorizationDetailTypes != null && !authorizationDetailTypes.isEmpty()) {
+            providerConfig
+                    .setAuthorizationDetailsTypesSupported(authorizationDetailTypes.stream().toArray(String[]::new));
+        }
         return providerConfig;
     }
 }
diff --git a/.../src/test/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilderTest.java b/.../src/test/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilderTest.java
@@ -37,14 +37,17 @@
 import org.wso2.carbon.identity.discovery.internal.OIDCDiscoveryDataHolder;
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
+import org.wso2.carbon.identity.oauth2.rar.core.AuthorizationDetailsProcessorFactory;
 import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
 
 import java.net.URISyntaxException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.ArgumentMatchers.nullable;
+import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.mockStatic;
 import static org.mockito.Mockito.spy;
@@ -84,7 +87,9 @@ public void testBuildOIDProviderConfig() throws Exception {
             OAuthServerConfiguration mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class);
             oAuthServerConfiguration.when(
                     OAuthServerConfiguration::getInstance).thenReturn(mockOAuthServerConfiguration);
-            try (MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);) {
+            try (MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);
+                 MockedStatic<AuthorizationDetailsProcessorFactory> factoryMockedStatic =
+                         mockStatic(AuthorizationDetailsProcessorFactory.class)) {
 
                 OIDCDiscoveryDataHolder mockOidcDiscoveryDataHolder = spy(new OIDCDiscoveryDataHolder());
                 mockOidcDiscoveryDataHolder.setClaimManagementService(mockClaimMetadataManagementService);
@@ -107,6 +112,11 @@ public void testBuildOIDProviderConfig() throws Exception {
                         .thenReturn(JWSAlgorithm.RS256);
                 when(mockOidProviderRequest.getTenantDomain()).thenReturn(
                         MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
+
+                AuthorizationDetailsProcessorFactory factoryMock = spy(AuthorizationDetailsProcessorFactory.class);
+                doReturn(Collections.emptySet()).when(factoryMock).getSupportedAuthorizationDetailTypes();
+                factoryMockedStatic.when(AuthorizationDetailsProcessorFactory::getInstance).thenReturn(factoryMock);
+
                 assertNotNull(providerConfigBuilder.buildOIDProviderConfig(mockOidProviderRequest));
             }
         }
@@ -194,7 +204,9 @@ public void testBuildOIDProviderConfig4() throws Exception {
              MockedStatic<OIDCDiscoveryDataHolder> oidcDiscoveryDataHolder =
                      mockStatic(OIDCDiscoveryDataHolder.class);
              MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);
-             MockedStatic<DiscoveryUtil> discoveryUtil = mockStatic(DiscoveryUtil.class);) {
+             MockedStatic<DiscoveryUtil> discoveryUtil = mockStatic(DiscoveryUtil.class);
+             MockedStatic<AuthorizationDetailsProcessorFactory> factoryMockedStatic =
+                     mockStatic(AuthorizationDetailsProcessorFactory.class)) {
             OAuthServerConfiguration mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class);
             oAuthServerConfiguration.when(
                     OAuthServerConfiguration::getInstance).thenReturn(mockOAuthServerConfiguration);
@@ -223,9 +235,14 @@ public void testBuildOIDProviderConfig4() throws Exception {
             when(mockOidProviderRequest.getTenantDomain()).thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
             when(mockOAuthServerConfiguration.getUserInfoJWTSignatureAlgorithm()).thenReturn(idTokenSignatureAlgorithm);
 
+            AuthorizationDetailsProcessorFactory factoryMock = spy(AuthorizationDetailsProcessorFactory.class);
+            doReturn(Collections.singleton("test_type")).when(factoryMock).getSupportedAuthorizationDetailTypes();
+            factoryMockedStatic.when(AuthorizationDetailsProcessorFactory::getInstance).thenReturn(factoryMock);
+
             OIDProviderConfigResponse response = providerConfigBuilder.buildOIDProviderConfig(mockOidProviderRequest);
             assertNotNull(response);
             assertEquals(response.getIssuer(), dummyIdIssuer);
+            assertEquals(response.getAuthorizationDetailsTypesSupported()[0], "test_type");
         }
     }
 

diff --git a/components/org.wso2.carbon.identity.oauth.ciba/pom.xml b/components/org.wso2.carbon.identity.oauth.ciba/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

diff --git a/components/org.wso2.carbon.identity.oauth.client.authn.filter/pom.xml b/components/org.wso2.carbon.identity.oauth.client.authn.filter/pom.xml
@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/components/org.wso2.carbon.identity.oauth.common/pom.xml b/components/org.wso2.carbon.identity.oauth.common/pom.xml
@@ -23,7 +23,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/...tity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/...tity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java
@@ -769,6 +769,9 @@ public static class ActionIDs {
             public static final String VALIDATE_EXISTING_CONSENT = "validate-existing-consent";
             public static final String GENERATE_INTROSPECTION_RESPONSE = "generate-introspect-response";
             public static final String RECEIVE_REVOKE_REQUEST = "receive-revoke-request";
+            public static final String VALIDATE_AUTHORIZATION_DETAILS = "validate-authorization-details";
+            public static final String VALIDATE_AUTHORIZATION_DETAILS_BEFORE_CONSENT
+                    = "validate-authorization-details-before-consent";
         }
 
         /**
@@ -789,6 +792,7 @@ public static class InputKeys {
             public static final String PROMPT = "prompt";
             public static final String APP_STATE = "app state";
             public static final String IMPERSONATOR = "impersonator";
+            public static final String REQUESTED_AUTHORIZATION_DETAILS = "requested authorization details";
         }
 
         /**

diff --git a/components/org.wso2.carbon.identity.oauth.dcr.endpoint/pom.xml b/components/org.wso2.carbon.identity.oauth.dcr.endpoint/pom.xml
@@ -6,7 +6,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/components/org.wso2.carbon.identity.oauth.dcr/pom.xml b/components/org.wso2.carbon.identity.oauth.dcr/pom.xml
@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/components/org.wso2.carbon.identity.oauth.endpoint/pom.xml b/components/org.wso2.carbon.identity.oauth.endpoint/pom.xml
@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.219-SNAPSHOT</version>
+        <version>7.0.222-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -184,6 +184,10 @@
             <artifactId>jackson-core</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth.rar</artifactId>
+        </dependency>
 
         <!--Test Dependencies-->
         <dependency>