getting remotes claim from mapped remote claim attributes instead of property

Author: shashimalcse

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java

@@ -422,31 +422,30 @@ private void addFederatedTokensToSessionCache(OAuthMessage oAuthMessage,
     }
 
     /**
-     * Add unfiltered federated user claims to session cache.
+     * Add mapped remote claims to session cache.
      *
      * @param oAuthMessage         The OAuthMessage with the session data cache entry.
      * @param authenticationResult The authentication result of authorization call.
      */
-    private void addUnfilteredFederatedUserClaimsToSessionCache(OAuthMessage oAuthMessage,
+    private void addMappedRemoteClaimsToSessionCache(OAuthMessage oAuthMessage,
                                                   AuthenticationResult authenticationResult) {
 
-        if (!(authenticationResult.getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES) instanceof Map)) {
+        Optional<Map<String, String>> mappedRemoteClaims = authenticationResult.getMappedRemoteClaims();
+        if (!mappedRemoteClaims.isPresent()) {
             return;
         }
-        Map<String, String> unfilteredFederatedUserClaims = (Map<String, String>) authenticationResult
-                .getProperty(FrameworkConstants.UNFILTERED_LOCAL_CLAIM_VALUES);
 
         SessionDataCacheEntry sessionDataCacheEntry = oAuthMessage.getSessionDataCacheEntry();
-        if (sessionDataCacheEntry == null || unfilteredFederatedUserClaims.isEmpty()) {
+        if (sessionDataCacheEntry == null || mappedRemoteClaims.get().isEmpty()) {
             return;
         }
-        Map<ClaimMapping, String> unfilteredFederatedUserAttributes = new HashMap<>();
-        unfilteredFederatedUserClaims.forEach(
-                (key, value) -> unfilteredFederatedUserAttributes.put(ClaimMapping.build(key, key, null,
+        Map<ClaimMapping, String> mappedRemoteClaimsMap = new HashMap<>();
+        mappedRemoteClaims.get().forEach(
+                (key, value) -> mappedRemoteClaimsMap.put(ClaimMapping.build(key, key, null,
                         false), value));
-        sessionDataCacheEntry.setUnfilteredFederatedUserClaims(unfilteredFederatedUserAttributes);
+        sessionDataCacheEntry.setMappedRemoteClaims(mappedRemoteClaimsMap);
         if (log.isDebugEnabled() && authenticationResult.getSubject() != null) {
-            log.debug("Added the unfiltered federated user claims to the session data cache. " +
+            log.debug("Added the mapped remote claims to the session data cache. " +
                     "Session context identifier: " + sessionDataCacheEntry.getSessionContextIdentifier()
                     + " for the user: " + authenticationResult.getSubject().getLoggableMaskedUserId());
         }
@@ -1420,9 +1419,9 @@ private void addToAuthenticationResultDetailsToOAuthMessage(OAuthMessage oAuthMe
                 authnResult.getProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID));
         // Adding federated tokens come with the authentication result of the authorization call.
         addFederatedTokensToSessionCache(oAuthMessage, authnResult);
-        // Adding federated user claims come with the authentication result to resolve access token claims in
+        // Adding mapped remoted claims come with the authentication result to resolve access token claims in
         // federated flow.
-        addUnfilteredFederatedUserClaimsToSessionCache(oAuthMessage, authnResult);
+        addMappedRemoteClaimsToSessionCache(oAuthMessage, authnResult);
     }
 
     private void updateAuthTimeInSessionDataCacheEntry(OAuthMessage oAuthMessage) {
@@ -2177,10 +2176,9 @@ private void addUserAttributesToOAuthMessage(OAuthMessage oAuthMessage, String c
         authorizationGrantCacheEntry.setRequestObjectFlow(isRequestObjectFlow);
         authorizationGrantCacheEntry.setFederatedTokens(sessionDataCacheEntry.getFederatedTokens());
         sessionDataCacheEntry.setFederatedTokens(null);
-        Map<ClaimMapping, String> unfilteredFederatedUserAttributes =  sessionDataCacheEntry.
-                getUnfilteredFederatedUserAttributes();
-        if (unfilteredFederatedUserAttributes != null) {
-            authorizationGrantCacheEntry.setUnfilteredFederatedUserAttributes(unfilteredFederatedUserAttributes);
+        Map<ClaimMapping, String> mappedRemoteClaims =  sessionDataCacheEntry.getMappedRemoteClaims();
+        if (mappedRemoteClaims != null) {
+            authorizationGrantCacheEntry.setMappedRemoteClaims(mappedRemoteClaims);
         }
         oAuthMessage.setAuthorizationGrantCacheEntry(authorizationGrantCacheEntry);
     }
@@ -3824,7 +3822,7 @@ private OAuth2AuthorizeReqDTO buildAuthRequest(OAuth2Parameters oauth2Params, Se
         authzReqDTO.setState(oauth2Params.getState());
         authzReqDTO.setHttpServletRequestWrapper(new HttpServletRequestWrapper(request));
         authzReqDTO.setRequestedSubjectId(oauth2Params.getRequestedSubjectId());
-        authzReqDTO.setUnfilteredFederatedUserAttributes(sessionDataCacheEntry.getUnfilteredFederatedUserAttributes());
+        authzReqDTO.setMappedRemoteClaims(sessionDataCacheEntry.getMappedRemoteClaims());
 
         if (sessionDataCacheEntry.getParamMap() != null && sessionDataCacheEntry.getParamMap().get(OAuthConstants
                 .AMR) != null) {
@@ -4560,9 +4558,9 @@ private void addUserAttributesToCache(SessionDataCacheEntry sessionDataCacheEntr
         DeviceAuthorizationGrantCacheKey cacheKey = new DeviceAuthorizationGrantCacheKey(deviceCode);
         DeviceAuthorizationGrantCacheEntry cacheEntry =
                 new DeviceAuthorizationGrantCacheEntry(sessionDataCacheEntry.getLoggedInUser().getUserAttributes());
-        if (sessionDataCacheEntry.getUnfilteredFederatedUserAttributes() != null) {
-            cacheEntry.setUnfilteredFederatedUserAttributes(sessionDataCacheEntry
-                    .getUnfilteredFederatedUserAttributes());
+        if (sessionDataCacheEntry.getMappedRemoteClaims() != null) {
+            cacheEntry.setMappedRemoteClaims(sessionDataCacheEntry
+                    .getMappedRemoteClaims());
         }
         DeviceAuthorizationGrantCache.getInstance().addToCache(cacheKey, cacheEntry);
     }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/cache/AuthorizationGrantCacheEntry.java

@@ -66,7 +66,7 @@ public class AuthorizationGrantCacheEntry extends CacheEntry {
 
     private boolean hasNonOIDCClaims;
 
-    private Map<ClaimMapping, String> unfilteredFederatedUserAttributes;
+    private Map<ClaimMapping, String> mappedRemoteClaims;
 
     /*
         OIDC sub claim. This should be formatted based on the Service Provider configurations to append
@@ -393,14 +393,14 @@ public void setPreIssueAccessTokenActionsExecuted(boolean preIssueAccessTokenAct
         isPreIssueAccessTokenActionsExecuted = preIssueAccessTokenActionsExecuted;
     }
 
-    public Map<ClaimMapping, String> getUnfilteredFederatedUserAttributes() {
+    public Map<ClaimMapping, String> getMappedRemoteClaims() {
 
-        return unfilteredFederatedUserAttributes;
+        return mappedRemoteClaims;
     }
 
-    public void setUnfilteredFederatedUserAttributes(
-            Map<ClaimMapping, String> unfilteredFederatedUserAttributes) {
+    public void setMappedRemoteClaims(
+            Map<ClaimMapping, String> mappedRemoteClaims) {
 
-        this.unfilteredFederatedUserAttributes = unfilteredFederatedUserAttributes;
+        this.mappedRemoteClaims = mappedRemoteClaims;
     }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/cache/SessionDataCacheEntry.java

@@ -54,7 +54,7 @@ public class SessionDataCacheEntry extends CacheEntry {
 
     private Map<String, Serializable> endpointParams = new HashMap<>();
     private List<FederatedTokenDO> federatedTokens;
-    private Map<ClaimMapping, String> unfilteredFederatedUserAttributes;
+    private Map<ClaimMapping, String> mappedRemoteClaims;
 
     public OAuthAuthzReqMessageContext getAuthzReqMsgCtx() {
         return authzReqMsgCtx;
@@ -175,13 +175,13 @@ public void setFederatedTokens(List<FederatedTokenDO> federatedTokens) {
         this.federatedTokens = federatedTokens;
     }
 
-    public Map<ClaimMapping, String> getUnfilteredFederatedUserAttributes() {
+    public Map<ClaimMapping, String> getMappedRemoteClaims() {
 
-        return unfilteredFederatedUserAttributes;
+        return mappedRemoteClaims;
     }
 
-    public void setUnfilteredFederatedUserClaims(Map<ClaimMapping, String> unfilteredFederatedUserAttributes) {
+    public void setMappedRemoteClaims(Map<ClaimMapping, String> mappedRemoteClaims) {
 
-        this.unfilteredFederatedUserAttributes = unfilteredFederatedUserAttributes;
+        this.mappedRemoteClaims = mappedRemoteClaims;
     }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/TokenResponseTypeHandler.java

@@ -554,9 +554,9 @@ private void addUserAttributesToCache(String accessToken,
             authorizationGrantCacheEntry.setMaxAge(authorizeReqDTO.getMaxAge());
         }
 
-        if (authorizeReqDTO.getUnfilteredFederatedUserAttributes() != null) {
-            authorizationGrantCacheEntry.setUnfilteredFederatedUserAttributes(
-                    authorizeReqDTO.getUnfilteredFederatedUserAttributes());
+        if (authorizeReqDTO.getMappedRemoteClaims() != null) {
+            authorizationGrantCacheEntry.setMappedRemoteClaims(
+                    authorizeReqDTO.getMappedRemoteClaims());
         }
 
         ClaimMapping key = new ClaimMapping();

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java

@@ -487,9 +487,9 @@ private static void addUserAttributesToCache(String accessToken, OAuthAuthzReqMe
             userAttributes.put(key, sub);
         }
 
-        if (authorizeReqDTO.getUnfilteredFederatedUserAttributes() != null) {
-            authorizationGrantCacheEntry.setUnfilteredFederatedUserAttributes(
-                    authorizeReqDTO.getUnfilteredFederatedUserAttributes());
+        if (authorizeReqDTO.getMappedRemoteClaims() != null) {
+            authorizationGrantCacheEntry.setMappedRemoteClaims(
+                    authorizeReqDTO.getMappedRemoteClaims());
         }
 
         authorizationGrantCacheEntry

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/device/cache/DeviceAuthorizationGrantCacheEntry.java

@@ -31,20 +31,13 @@ public class DeviceAuthorizationGrantCacheEntry extends CacheEntry {
     private static final long serialVersionUID = -3043225645166013281L;
 
     private Map<ClaimMapping, String> userAttributes;
-    private Map<ClaimMapping, String> unfilteredFederatedUserAttributes;
+    private Map<ClaimMapping, String> mappedRemoteClaims;
 
     public DeviceAuthorizationGrantCacheEntry(Map<ClaimMapping, String> userAttributes) {
 
         this.userAttributes = userAttributes;
     }
 
-    public DeviceAuthorizationGrantCacheEntry(Map<ClaimMapping, String> userAttributes,
-                                              Map<ClaimMapping, String> unfilteredFederatedUserAttributes) {
-
-        this.userAttributes = userAttributes;
-        this.unfilteredFederatedUserAttributes = unfilteredFederatedUserAttributes;
-    }
-
     /**
      * Return user attributes of cache entry.
      *
@@ -65,14 +58,14 @@ public void setUserAttributes(Map<ClaimMapping, String> userAttributes) {
         this.userAttributes = userAttributes;
     }
 
-    public Map<ClaimMapping, String> getUnfilteredFederatedUserAttributes() {
+    public Map<ClaimMapping, String> getMappedRemoteClaims() {
 
-        return unfilteredFederatedUserAttributes;
+        return mappedRemoteClaims;
     }
 
-    public void setUnfilteredFederatedUserAttributes(
-            Map<ClaimMapping, String> unfilteredFederatedUserAttributes) {
+    public void setMappedRemoteClaims(
+            Map<ClaimMapping, String> mappedRemoteClaims) {
 
-        this.unfilteredFederatedUserAttributes = unfilteredFederatedUserAttributes;
+        this.mappedRemoteClaims = mappedRemoteClaims;
     }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dto/OAuth2AuthorizeReqDTO.java

@@ -63,7 +63,7 @@ public class OAuth2AuthorizeReqDTO {
     private boolean isRequestObjectFlow;
     private String state;
     private String requestedSubjectId;
-    private Map<ClaimMapping, String> unfilteredFederatedUserAttributes;
+    private Map<ClaimMapping, String> mappedRemoteClaims;
 
     public String getRequestedSubjectId() {
 
@@ -307,14 +307,14 @@ public void setHttpServletRequestWrapper(HttpServletRequestWrapper httpServletRe
         this.httpServletRequestWrapper = httpServletRequestWrapper;
     }
 
-    public Map<ClaimMapping, String> getUnfilteredFederatedUserAttributes() {
+    public Map<ClaimMapping, String> getMappedRemoteClaims() {
 
-        return unfilteredFederatedUserAttributes;
+        return mappedRemoteClaims;
     }
 
-    public void setUnfilteredFederatedUserAttributes(
-            Map<ClaimMapping, String> unfilteredFederatedUserAttributes) {
+    public void setMappedRemoteClaims(
+            Map<ClaimMapping, String> mappedRemoteClaims) {
 
-        this.unfilteredFederatedUserAttributes = unfilteredFederatedUserAttributes;
+        this.mappedRemoteClaims = mappedRemoteClaims;
     }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java

@@ -623,9 +623,9 @@ private Optional<AuthorizationGrantCacheEntry> getAuthzGrantCacheEntryFromDevice
             Map<ClaimMapping, String> userAttributes = cacheEntry.getUserAttributes();
             AuthorizationGrantCacheEntry authorizationGrantCacheEntry =
                     new AuthorizationGrantCacheEntry(userAttributes);
-            if (cacheEntry.getUnfilteredFederatedUserAttributes() != null) {
-                authorizationGrantCacheEntry.setUnfilteredFederatedUserAttributes(cacheEntry
-                        .getUnfilteredFederatedUserAttributes());
+            if (cacheEntry.getMappedRemoteClaims() != null) {
+                authorizationGrantCacheEntry.setMappedRemoteClaims(cacheEntry
+                        .getMappedRemoteClaims());
             }
             return Optional.of(authorizationGrantCacheEntry);
         }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java

@@ -479,15 +479,16 @@ private Map<ClaimMapping, String> getUserAttributesCachedAgainstDeviceCode(Strin
         DeviceAuthorizationGrantCacheEntry cacheEntry =
                 DeviceAuthorizationGrantCache.getInstance().getValueFromCache(cacheKey);
         if (fetchFederatedUserAttributes) {
-            return cacheEntry == null ? Collections.emptyMap() : cacheEntry.getUnfilteredFederatedUserAttributes();
+            return cacheEntry == null ? Collections.emptyMap() : cacheEntry.getMappedRemoteClaims();
         }
         return cacheEntry == null ? Collections.emptyMap() : cacheEntry.getUserAttributes();
     }
 
     /**
      * Get user attributes cached against the authorization code.
      *
-     * @param authorizationCode Authorization Code
+     * @param authorizationCode            Authorization Code
+     * @param fetchFederatedUserAttributes Flag to indicate whether to fetch federated user attributes.
      * @return User attributes cached against the authorization code
      */
     private Map<ClaimMapping, String> getUserAttributesFromCacheUsingCode(String authorizationCode,
@@ -504,7 +505,7 @@ private Map<ClaimMapping, String> getUserAttributesFromCacheUsingCode(String aut
         AuthorizationGrantCacheEntry cacheEntry =
                 AuthorizationGrantCache.getInstance().getValueFromCacheByCode(cacheKey);
         if (fetchFederatedUserAttributes) {
-            return cacheEntry == null ? new HashMap<>() : cacheEntry.getUnfilteredFederatedUserAttributes();
+            return cacheEntry == null ? new HashMap<>() : cacheEntry.getMappedRemoteClaims();
         }
         return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes();
     }
@@ -584,7 +585,7 @@ private Map<String, Object> retrieveClaimsForFederatedUser(OAuthAuthzReqMessageC
         Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
         // Since this is a federated flow we are retrieving the federated user attributes as well.
         Map<ClaimMapping, String> federatedUserAttributes =
-                oAuth2AuthorizeReqDTO.getUnfilteredFederatedUserAttributes();
+                oAuth2AuthorizeReqDTO.getMappedRemoteClaims();
         userClaimsMappedToOIDCDialect = getOIDCClaimMapFromUserAttributes(userAttributes);
         Map<String, Object> federatedUserClaimsMappedToOIDCDialect =
                 getUserClaimsInOIDCDialectFromFederatedUserAttributes(authzReqMessageContext.getAuthorizationReqDTO()
@@ -641,10 +642,7 @@ private static Map<String, Object> getUserClaimsInOIDCDialectFromFederatedUserAt
                     String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
                     String oidcClaimUri = oidcToLocalClaimMappings.entrySet().stream()
                             .filter(entry -> entry.getValue().equals(localClaimURI))
-                            .map(Map.Entry::getKey)
-                            .findFirst()
-                            .orElse(null);
-
+                            .map(Map.Entry::getKey).findFirst().orElse(null);
                     if (oidcClaimUri != null) {
                         userClaimsInOidcDialect.put(oidcClaimUri, claimValue);
                         if (log.isDebugEnabled() &&
@@ -717,7 +715,7 @@ private Map<ClaimMapping, String> getUserAttributesFromCacheUsingToken(String ac
         AuthorizationGrantCacheEntry cacheEntry = AuthorizationGrantCache.getInstance()
                 .getValueFromCacheByToken(cacheKey);
         if (fetchFederatedUserAttributes) {
-            return cacheEntry == null ? new HashMap<>() : cacheEntry.getUnfilteredFederatedUserAttributes();
+            return cacheEntry == null ? new HashMap<>() : cacheEntry.getMappedRemoteClaims();
         }
         return cacheEntry == null ? new HashMap<>() : cacheEntry.getUserAttributes();
     }

components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandlerTest.java

@@ -451,7 +451,7 @@ public void testHandleClaimsForOAuthTokenReqMessageContextWithAuthorizationCode(
                         TestConstants.CLAIM_VALUE2);
                 AuthorizationGrantCacheEntry authorizationGrantCacheEntry = new
                         AuthorizationGrantCacheEntry();
-                authorizationGrantCacheEntry.setUnfilteredFederatedUserAttributes(federatedUserAttributes);
+                authorizationGrantCacheEntry.setMappedRemoteClaims(federatedUserAttributes);
                 mockAuthorizationGrantCache(authorizationGrantCacheEntry, authorizationGrantCache);
 
                 UserRealm userRealm = getUserRealmWithUserClaims(USER_CLAIMS_MAP);