Filtering fapi allowed client authenticators

ChinthakaJ98 · ChinthakaJ98 · commit f99115d2e4e4 · 2023-10-25T12:47:40.000+05:30
diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/client/authentication/OAuthClientAuthnService.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/client/authentication/OAuthClientAuthnService.java
@@ -166,15 +166,17 @@ private void executeClientAuthenticators(HttpServletRequest request, OAuthClient
             }
             try {
                 List<OAuthClientAuthenticator> configuredClientAuthMethods = getConfiguredClientAuthMethods(clientId);
-                List<OAuthClientAuthenticator> authenticators = configuredClientAuthMethods;
+                List<OAuthClientAuthenticator> applicableAuthenticators;
                 if (OAuth2Util.isFapiConformantApp(clientId)) {
-                    authenticators = validateAndGetClientAuthenticatorsForFapi(configuredClientAuthMethods);
+                    applicableAuthenticators = filterClientAuthenticatorsForFapi(configuredClientAuthMethods);
                 } else {
                     if (configuredClientAuthMethods.isEmpty()) {
-                        authenticators = this.getClientAuthenticators();
+                        applicableAuthenticators = this.getClientAuthenticators();
+                    } else {
+                        applicableAuthenticators = configuredClientAuthMethods;
                     }
                 }
-                if (authenticators.isEmpty()) {
+                if (applicableAuthenticators.isEmpty()) {
                     setErrorToContext(OAuth2ErrorCodes.INVALID_REQUEST, "No valid authenticators found for " +
                             "the application.", oAuthClientAuthnContext);
                     return;
@@ -371,22 +373,23 @@ private String extractClientId(HttpServletRequest request, Map<String, List> bod
      * @param configuredAuthenticators  List of client authenticators configured for the application.
      * @return   List of applicable client authentication methods for the application.
      */
-    private List<OAuthClientAuthenticator> validateAndGetClientAuthenticatorsForFapi(
+    private List<OAuthClientAuthenticator> filterClientAuthenticatorsForFapi(
                 List<OAuthClientAuthenticator> configuredAuthenticators) {
 
         List<String> fapiAllowedAuthMethods = IdentityUtil.getPropertyAsList(FAPI_CLIENT_AUTH_METHOD_CONFIGURATION);
         if (configuredAuthenticators.isEmpty()) {
             return getApplicableClientAuthenticators(fapiAllowedAuthMethods);
         }
 
+        List<OAuthClientAuthenticator> filteredAuthenticators = new ArrayList<>();
         for (OAuthClientAuthenticator authenticator : configuredAuthenticators) {
-            if (!fapiAllowedAuthMethods.stream().anyMatch(authenticator
+            if (fapiAllowedAuthMethods.stream().anyMatch(authenticator
                     .getSupportedClientAuthenticationMethods()::contains)) {
-                return Collections.emptyList();
+                filteredAuthenticators.add(authenticator);
             }
         }
 
-        return configuredAuthenticators;
+        return filteredAuthenticators;
     }
 
     /**
