Fix refresh token introspection issue

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/rar/token/AccessTokenResponseRARHandler.java

@@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2024, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.wso2.carbon.identity.oauth2.rar.token;
 
 import org.apache.commons.logging.Log;

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/rar/token/IntrospectionRARDataProvider.java

@@ -1,5 +1,24 @@
+/*
+ * Copyright (c) 2024, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.wso2.carbon.identity.oauth2.rar.token;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
@@ -22,6 +41,7 @@
 import java.util.Objects;
 
 import static org.wso2.carbon.identity.oauth2.rar.util.AuthorizationDetailsConstants.AUTHORIZATION_DETAILS;
+import static org.wso2.carbon.identity.oauth2.validators.RefreshTokenValidator.TOKEN_TYPE_NAME;
 
 /**
  * Class responsible for modifying the introspection response to include user-consented authorization details.
@@ -107,10 +127,8 @@ private OAuth2TokenValidationMessageContext generateOAuth2TokenValidationMessage
                     new OAuth2TokenValidationMessageContext(tokenValidationRequestDTO,
                             generateOAuth2TokenValidationResponseDTO(introspectionResponseDTO));
 
-            final AccessTokenDO accessTokenDO = OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
-                    .getVerifiedAccessToken(tokenValidationRequestDTO.getAccessToken().getIdentifier(), false);
-
-            oAuth2TokenValidationMessageContext.addProperty(OAuthConstants.ACCESS_TOKEN_DO, accessTokenDO);
+            oAuth2TokenValidationMessageContext.addProperty(OAuthConstants.ACCESS_TOKEN_DO,
+                    this.getVerifiedToken(tokenValidationRequestDTO, introspectionResponseDTO));
 
             return oAuth2TokenValidationMessageContext;
         }
@@ -130,4 +148,17 @@ private OAuth2TokenValidationResponseDTO generateOAuth2TokenValidationResponseDT
 
         return tokenValidationResponseDTO;
     }
+
+    private AccessTokenDO getVerifiedToken(final OAuth2TokenValidationRequestDTO tokenValidationRequestDTO,
+                                           final OAuth2IntrospectionResponseDTO introspectionResponseDTO)
+            throws IdentityOAuth2Exception {
+
+        if (StringUtils.equals(TOKEN_TYPE_NAME, introspectionResponseDTO.getTokenType())) {
+            return OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
+                    .getVerifiedRefreshToken(tokenValidationRequestDTO.getAccessToken().getIdentifier());
+        } else {
+            return OAuth2ServiceComponentHolder.getInstance().getTokenProvider()
+                    .getVerifiedAccessToken(tokenValidationRequestDTO.getAccessToken().getIdentifier(), false);
+        }
+    }
 }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/rar/token/JWTAccessTokenRARClaimProvider.java

@@ -1,3 +1,21 @@
+/*
+ * Copyright (c) 2024, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+ *
+ * WSO2 Inc. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
 package org.wso2.carbon.identity.oauth2.rar.token;
 
 import org.apache.commons.logging.Log;
@@ -35,8 +53,8 @@ public Map<String, Object> getAdditionalClaims(final OAuthAuthzReqMessageContext
         final Map<String, Object> additionalClaims = new HashMap<>();
         if (AuthorizationDetailsUtils.isRichAuthorizationRequest(oAuthAuthzReqMessageContext)) {
             if (log.isDebugEnabled()) {
-                log.debug("Processing Rich Authorization Request in authorization flow. authorization_details: " +
-                        oAuthAuthzReqMessageContext.getRequestedAuthorizationDetails().toJsonString());
+                log.debug("Adding authorization details into JWT token response in authorization flow: " +
+                        oAuthAuthzReqMessageContext.getRequestedAuthorizationDetails().toReadableText());
             }
             additionalClaims.put(AuthorizationDetailsConstants.AUTHORIZATION_DETAILS,
                     oAuthAuthzReqMessageContext.getApprovedAuthorizationDetails().toSet());
@@ -59,8 +77,8 @@ public Map<String, Object> getAdditionalClaims(final OAuthTokenReqMessageContext
         final Map<String, Object> additionalClaims = new HashMap<>();
         if (AuthorizationDetailsUtils.isRichAuthorizationRequest(oAuthTokenReqMessageContext)) {
             if (log.isDebugEnabled()) {
-                log.debug("Processing Rich Authorization Request in token flow.authorization_details: " +
-                        oAuthTokenReqMessageContext.getAuthorizationDetails().toJsonString());
+                log.debug("Adding authorization details into JWT token response in token flow: " +
+                        oAuthTokenReqMessageContext.getAuthorizationDetails().toReadableText());
             }
             additionalClaims.put(AuthorizationDetailsConstants.AUTHORIZATION_DETAILS,
                     oAuthTokenReqMessageContext.getAuthorizationDetails().toSet());

pom.xml

@@ -952,7 +952,7 @@
         <carbon.kernel.registry.imp.pkg.version.range>[1.0.1, 2.0.0)</carbon.kernel.registry.imp.pkg.version.range>
 
         <!-- Carbon Identity Framework version -->
-        <carbon.identity.framework.version>7.6.0</carbon.identity.framework.version>
+        <carbon.identity.framework.version>7.6.8-SNAPSHOT</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.25.234, 8.0.0)
         </carbon.identity.framework.imp.pkg.version.range>