Merge branch 'master' of https://github.com/wso2-extensions/identity-inbound-auth-oauth into master_use_newDCRattributes

Author: SachiniSiriwardene

components/org.wso2.carbon.identity.api.server.dcr/pom.xml

@@ -5,12 +5,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.dcr</artifactId>
-    <version>6.11.170-SNAPSHOT</version>
+    <version>6.11.181-SNAPSHOT</version>
     <name>WSO2 Carbon -  User DCR Rest API</name>
     <description>WSO2 Carbon - User DCR Rest API</description>
 

components/org.wso2.carbon.identity.api.server.oauth.scope/pom.xml

@@ -5,12 +5,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.oauth.scope</artifactId>
-    <version>6.11.170-SNAPSHOT</version>
+    <version>6.11.181-SNAPSHOT</version>
 
     <name>WSO2 Carbon - Identity OAuth 2.0 Scope Rest APIs</name>
     <description>Rest APIs for OAuth 2.0 Scope Handling</description>

components/org.wso2.carbon.identity.discovery/pom.xml

@@ -21,7 +21,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.ciba/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/org.wso2.carbon.identity.oauth.client.authn.filter/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.common/pom.xml

@@ -23,7 +23,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.dcr.endpoint/pom.xml

@@ -6,7 +6,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.dcr/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.endpoint/pom.xml

@@ -22,7 +22,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>6.11.170-SNAPSHOT</version>
+        <version>6.11.181-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java

@@ -558,7 +558,6 @@ private AuthorizationResponseDTO getAuthResponseDTO(OAuth2Parameters oauth2Param
         authorizationResponseDTO.setState(oauth2Params.getState());
         authorizationResponseDTO.setResponseMode(oauth2Params.getResponseMode());
         authorizationResponseDTO.setResponseType(oauth2Params.getResponseType());
-        authorizationResponseDTO.getSuccessResponseDTO().setScope(oauth2Params.getScopes());
 
         return authorizationResponseDTO;
     }
@@ -1369,7 +1368,7 @@ private Response handleInitialAuthorizationRequest(OAuthMessage oAuthMessage) th
         String type = getRequestProtocolType(oAuthMessage);
 
         if (AuthenticatorFlowStatus.SUCCESS_COMPLETED == oAuthMessage.getFlowStatus()) {
-            return handleAuthFlowThroughFramework(oAuthMessage, type);
+            return handleAuthFlowThroughFramework(oAuthMessage, type, redirectURL);
         } else {
             return Response.status(HttpServletResponse.SC_FOUND).location(new URI(redirectURL)).build();
         }
@@ -1724,7 +1723,7 @@ private OAuthResponse handleSuccessAuthorization(OAuthMessage oAuthMessage, OIDC
         }
         if (isResponseTypeNotIdTokenOrNone(responseType, authzRespDTO)) {
             setAccessToken(authzRespDTO, builder, authorizationResponseDTO);
-            setScopes(authzRespDTO, builder);
+            setScopes(authzRespDTO, builder, authorizationResponseDTO);
         }
         if (isIdTokenExists(authzRespDTO)) {
             setIdToken(authzRespDTO, builder, authorizationResponseDTO);
@@ -1907,12 +1906,15 @@ private void setAccessToken(OAuth2AuthorizeRespDTO authzRespDTO,
     }
 
     private void setScopes(OAuth2AuthorizeRespDTO authzRespDTO,
-                           OAuthASResponse.OAuthAuthorizationResponseBuilder builder) {
+                           OAuthASResponse.OAuthAuthorizationResponseBuilder builder, AuthorizationResponseDTO
+                                   authorizationResponseDTO) {
 
         String[] scopes = authzRespDTO.getScope();
         if (scopes != null && scopes.length > 0) {
             String scopeString =  StringUtils.join(scopes, " ");
             builder.setScope(scopeString.trim());
+            Set<String> scopesSet = new HashSet<>(Arrays.asList(scopes));
+            authorizationResponseDTO.getSuccessResponseDTO().setScope(scopesSet);
         }
     }
 
@@ -3752,8 +3754,8 @@ private void invokeCommonauthFlow(OAuthMessage oAuthMessage, CommonAuthResponseW
      * @throws InvalidRequestParentException
      * @Param type OAuthMessage
      */
-    private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, String type) throws URISyntaxException,
-            InvalidRequestParentException {
+    private Response handleAuthFlowThroughFramework(OAuthMessage oAuthMessage, String type, String redirectUrl)
+            throws URISyntaxException, InvalidRequestParentException {
 
         if (LoggerUtils.isDiagnosticLogsEnabled()) {
             DiagnosticLog.DiagnosticLogBuilder diagnosticLogBuilder = new DiagnosticLog.DiagnosticLogBuilder(
@@ -4341,14 +4343,19 @@ private Response handleApiBasedAuthenticationResponse(OAuthMessage oAuthMessage,
                 ObjectMapper objectMapper = new ObjectMapper();
                 objectMapper.setSerializationInclusion(JsonInclude.Include.NON_EMPTY);
                 String jsonString = objectMapper.writeValueAsString(authResponse);
+                oAuthMessage.getRequest().setAttribute(IS_API_BASED_AUTH_HANDLED, true);
                 return Response.ok().entity(jsonString).build();
 
             } else {
-                String location = oauthResponse.getMetadata().get("Location").get(0).toString();
-                if (StringUtils.isNotBlank(location)) {
-                    Map<String, String> queryParams = getQueryParamsFromUrl(location);
-                    String jsonPayload = new Gson().toJson(queryParams);
-                    return Response.status(HttpServletResponse.SC_OK).entity(jsonPayload).build();
+                List<Object> locationHeader = oauthResponse.getMetadata().get("Location");
+                if (CollectionUtils.isNotEmpty(locationHeader)) {
+                    String location = locationHeader.get(0).toString();
+                    if (StringUtils.isNotBlank(location)) {
+                        Map<String, String> queryParams = getQueryParamsFromUrl(location);
+                        String jsonPayload = new Gson().toJson(queryParams);
+                        oAuthMessage.getRequest().setAttribute(IS_API_BASED_AUTH_HANDLED, true);
+                        return Response.status(HttpServletResponse.SC_OK).entity(jsonPayload).build();
+                    }
                 }
             }
         } catch (AuthServiceException | JsonProcessingException | UnsupportedEncodingException | URISyntaxException e) {
@@ -4357,6 +4364,7 @@ private Response handleApiBasedAuthenticationResponse(OAuthMessage oAuthMessage,
             params.put(OAuthConstants.OAUTH_ERROR, OAuth2ErrorCodes.SERVER_ERROR);
             params.put(OAuthConstants.OAUTH_ERROR_DESCRIPTION, "Server error occurred while performing authorization.");
             String jsonString = new Gson().toJson(params);
+            oAuthMessage.getRequest().setAttribute(IS_API_BASED_AUTH_HANDLED, true);
             return Response.status(HttpServletResponse.SC_INTERNAL_SERVER_ERROR).entity(jsonString).build();
         }