Skip to content

Commit a178595

Browse files
shashimalcseshashimalcse
authored
Fix oidc claim mapping in jwt access token attributes (#2655)
Fix oidc claim mapping in jwt access token attributes
1 parent 6c75b2f commit a178595

File tree

2 files changed

+19
-32
lines changed

2 files changed

+19
-32
lines changed

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java

Lines changed: 17 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -264,12 +264,12 @@ private Map<String, Object> getOIDCClaimsFromUserAttributes(Map<ClaimMapping, St
264264
/**
265265
* Get oidc claims mapping.
266266
*
267-
* @param federatedUserAttributed User attributes.
267+
* @param federatedUserAttributes User attributes.
268268
* @param requestMsgCtx Request Context.
269269
* @return User attributes Map.
270270
*/
271271
private Map<String, Object> getOIDCClaimsFromFederatedUserAttributes(Map<ClaimMapping,
272-
String> federatedUserAttributed, OAuthTokenReqMessageContext requestMsgCtx)
272+
String> federatedUserAttributes, OAuthTokenReqMessageContext requestMsgCtx)
273273
throws IdentityOAuth2Exception {
274274

275275
String spTenantDomain = getServiceProviderTenantDomain(requestMsgCtx);
@@ -283,24 +283,16 @@ private Map<String, Object> getOIDCClaimsFromFederatedUserAttributes(Map<ClaimMa
283283
}
284284
// Get user claims in OIDC dialect.
285285
Map<String, String> userClaimsInOidcDialect = new HashMap<>();
286-
if (MapUtils.isNotEmpty(federatedUserAttributed)) {
287-
for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttributed.entrySet()) {
286+
if (MapUtils.isNotEmpty(federatedUserAttributes)) {
287+
for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttributes.entrySet()) {
288288
ClaimMapping claimMapping = userAttribute.getKey();
289-
String claimValue = userAttribute.getValue();
290-
if (oidcToLocalClaimMappings.containsValue(claimMapping.getLocalClaim().getClaimUri())) {
291-
String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
292-
String oidcClaimUri = oidcToLocalClaimMappings.entrySet().stream()
293-
.filter(entry -> entry.getValue().equals(localClaimURI))
294-
.map(Map.Entry::getKey)
295-
.findFirst()
296-
.orElse(null);
297-
298-
if (oidcClaimUri != null) {
299-
userClaimsInOidcDialect.put(oidcClaimUri, claimValue.toString());
300-
if (log.isDebugEnabled() &&
301-
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
302-
log.debug("Mapped claim: key - " + oidcClaimUri + " value - " + claimValue);
303-
}
289+
String claimValue = userAttribute.getValue().toString();
290+
String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
291+
if (oidcToLocalClaimMappings.containsKey(localClaimURI) && StringUtils.isNotBlank(claimValue)) {
292+
userClaimsInOidcDialect.put(localClaimURI, claimValue);
293+
if (log.isDebugEnabled() &&
294+
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
295+
log.debug("Mapped claim: key - " + localClaimURI + " value - " + claimValue);
304296
}
305297
}
306298
}
@@ -638,17 +630,12 @@ private static Map<String, Object> getUserClaimsInOIDCDialectFromFederatedUserAt
638630
for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttr.entrySet()) {
639631
ClaimMapping claimMapping = userAttribute.getKey();
640632
String claimValue = userAttribute.getValue();
641-
if (oidcToLocalClaimMappings.containsValue(claimMapping.getLocalClaim().getClaimUri())) {
642-
String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
643-
String oidcClaimUri = oidcToLocalClaimMappings.entrySet().stream()
644-
.filter(entry -> entry.getValue().equals(localClaimURI))
645-
.map(Map.Entry::getKey).findFirst().orElse(null);
646-
if (oidcClaimUri != null && StringUtils.isNotBlank(claimValue)) {
647-
userClaimsInOidcDialect.put(oidcClaimUri, claimValue);
648-
if (log.isDebugEnabled() &&
649-
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
650-
log.debug("Mapped claim: key - " + oidcClaimUri + " value - " + claimValue);
651-
}
633+
String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
634+
if (oidcToLocalClaimMappings.containsKey(localClaimURI) && StringUtils.isNotBlank(claimValue)) {
635+
userClaimsInOidcDialect.put(localClaimURI, claimValue);
636+
if (log.isDebugEnabled() &&
637+
IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
638+
log.debug("Mapped claim: key - " + localClaimURI + " value - " + claimValue);
652639
}
653640
}
654641
}

components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandlerTest.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -445,9 +445,9 @@ public void testHandleClaimsForOAuthTokenReqMessageContextWithAuthorizationCode(
445445
OAuthTokenReqMessageContext requestMsgCtx = getTokenReqMessageContextForFederatedUser(userAttributes);
446446
requestMsgCtx.addProperty("AuthorizationCode", "dummyAuthorizationCode");
447447
Map<ClaimMapping, String> federatedUserAttributes = new HashMap<>();
448-
federatedUserAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(LOCAL_COUNTRY_CLAIM_URI),
448+
federatedUserAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping("country"),
449449
TestConstants.CLAIM_VALUE1);
450-
federatedUserAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping(LOCAL_EMAIL_CLAIM_URI),
450+
federatedUserAttributes.put(SAML2BearerGrantHandlerTest.buildClaimMapping("email"),
451451
TestConstants.CLAIM_VALUE2);
452452
AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new
453453
AuthorizationGrantCacheEntry();

0 commit comments

Comments
 (0)