Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for rich authorization requests #2511

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

Add support for rich authorization requests #2511

Show file tree
Hide file tree
Changes from 25 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
c8d568e
accept and persist authorization_details of authorize request
VimukthiRajapaksha Jul 2, 2024
f7544ce
Accept and persist authorization_details of token request
VimukthiRajapaksha Jul 26, 2024
dd8f27f
resolve merge conflicts
VimukthiRajapaksha Jul 31, 2024
824163c
Add unit tests for the rar module
VimukthiRajapaksha Aug 7, 2024
3360d4e
Merge remote-tracking branch 'origin/master' into master_rar
VimukthiRajapaksha Aug 7, 2024
3031c32
Add unit tests
VimukthiRajapaksha Sep 3, 2024
376e5cc
Fix merge conflicts
VimukthiRajapaksha Sep 3, 2024
b12db7c
Add schema validation
VimukthiRajapaksha Oct 8, 2024
8256664
Merge branch 'master' into master_rar
VimukthiRajapaksha Oct 8, 2024
c3c9fe9
Add unit tests to discovery endpoint
VimukthiRajapaksha Oct 9, 2024
7e5ac32
Change schema type to CLOB
VimukthiRajapaksha Oct 25, 2024
d5249a2
Resolve merge conflicts
VimukthiRajapaksha Oct 25, 2024
ca2f054
Resolve merge conflicts
VimukthiRajapaksha Oct 28, 2024
9c8fe25
Resolve merge conflicts
VimukthiRajapaksha Oct 28, 2024
ffba19a
Add license headers
VimukthiRajapaksha Oct 28, 2024
4c56858
Add a config method to check if RAR is enabled
VimukthiRajapaksha Nov 13, 2024
7a90b09
Resolve merge conflicts
VimukthiRajapaksha Nov 13, 2024
faa5e31
Fix refresh token introspection issue
VimukthiRajapaksha Nov 13, 2024
4a156b2
Resolve merge conflicts
VimukthiRajapaksha Dec 18, 2024
bc0ac7d
resolve merge conflicts
VimukthiRajapaksha Jan 9, 2025
95792de
Resolve test failures
VimukthiRajapaksha Jan 17, 2025
d5fde99
Merge remote-tracking branch 'origin/master' into master_rar
VimukthiRajapaksha Jan 17, 2025
61bf493
Improve unit tests coverage
VimukthiRajapaksha Jan 17, 2025
f523061
bump carbon.identity.framework.version to support authorization details
VimukthiRajapaksha Jan 17, 2025
be2070a
Add logic to check RAR is enabled
VimukthiRajapaksha Jan 17, 2025
0c03aa3
Update license to 2025
VimukthiRajapaksha Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions components/org.wso2.carbon.identity.discovery/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@
<groupId>org.wso2.carbon.identity.framework</groupId>
<artifactId>org.wso2.carbon.identity.claim.metadata.mgt</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth.rar</artifactId>
</dependency>
<!--Test Dependencies-->
<dependency>
<groupId>org.testng</groupId>
Expand Down
7 changes: 7 additions & 0 deletions ...entity.discovery/src/main/java/org/wso2/carbon/identity/discovery/DiscoveryConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -377,4 +377,11 @@ public class DiscoveryConstants {
* Authorization Server.
*/
public static final String MTLS_ENDPOINT_ALIASES = "mtls_endpoint_aliases";

/**
* authorization_details_types_supported.
* <p>OPTIONAL. JSON array containing the authorization details types the AS supports.</p>
* @see <a href='https://datatracker.ietf.org/doc/html/rfc9396.txt#name-metadata'>rfc9396</a>
*/
public static final String AUTHORIZATION_DETAILS_TYPES_SUPPORTED = "authorization_details_types_supported";
}
13 changes: 13 additions & 0 deletions ...discovery/src/main/java/org/wso2/carbon/identity/discovery/OIDProviderConfigResponse.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ public class OIDProviderConfigResponse {
private Boolean tlsClientCertificateBoundAccessTokens;
private String mtlsTokenEndpoint;
private String mtlsPushedAuthorizationRequestEndpoint;
private String[] authorizationDetailsTypesSupported;

private static final String MUTUAL_TLS_ALIASES_ENABLED = "OAuth.MutualTLSAliases.Enabled";

Expand Down Expand Up @@ -530,6 +531,16 @@ public void setMtlsPushedAuthorizationRequestEndpoint(String mtlsPushedAuthoriza
this.mtlsPushedAuthorizationRequestEndpoint = mtlsPushedAuthorizationRequestEndpoint;
}

public String[] getAuthorizationDetailsTypesSupported() {

return this.authorizationDetailsTypesSupported;
}

public void setAuthorizationDetailsTypesSupported(String[] authorizationDetailsTypesSupported) {

this.authorizationDetailsTypesSupported = authorizationDetailsTypesSupported;
}

public Map<String, Object> getConfigMap() {
Map<String, Object> configMap = new HashMap<String, Object>();
configMap.put(DiscoveryConstants.ISSUER.toLowerCase(), this.issuer);
Expand Down Expand Up @@ -604,6 +615,8 @@ public Map<String, Object> getConfigMap() {
this.mtlsPushedAuthorizationRequestEndpoint);
configMap.put(DiscoveryConstants.MTLS_ENDPOINT_ALIASES, mtlsAliases);
}
configMap.put(DiscoveryConstants.AUTHORIZATION_DETAILS_TYPES_SUPPORTED,
this.authorizationDetailsTypesSupported);
return configMap;
}
}
8 changes: 8 additions & 0 deletions ...very/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.OAuth2Constants;
import org.wso2.carbon.identity.oauth2.rar.core.AuthorizationDetailsProcessorFactory;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

import java.net.URISyntaxException;
Expand Down Expand Up @@ -152,6 +153,13 @@ public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest reque
.contains(OAuth2Constants.TokenBinderType.CERTIFICATE_BASED_TOKEN_BINDER));
providerConfig.setMtlsTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSTokenEPUrl());
providerConfig.setMtlsPushedAuthorizationRequestEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSParEPUrl());

final Set<String> authorizationDetailTypes = AuthorizationDetailsProcessorFactory.getInstance()
.getSupportedAuthorizationDetailTypes();
if (authorizationDetailTypes != null && !authorizationDetailTypes.isEmpty()) {
providerConfig
.setAuthorizationDetailsTypesSupported(authorizationDetailTypes.stream().toArray(String[]::new));
}
return providerConfig;
}
}
21 changes: 19 additions & 2 deletions .../src/test/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilderTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,17 @@
import org.wso2.carbon.identity.discovery.internal.OIDCDiscoveryDataHolder;
import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.identity.oauth2.rar.core.AuthorizationDetailsProcessorFactory;
import org.wso2.carbon.identity.oauth2.util.OAuth2Util;

import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;

import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.nullable;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.spy;
Expand Down Expand Up @@ -84,7 +87,9 @@ public void testBuildOIDProviderConfig() throws Exception {
OAuthServerConfiguration mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class);
oAuthServerConfiguration.when(
OAuthServerConfiguration::getInstance).thenReturn(mockOAuthServerConfiguration);
try (MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);) {
try (MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);
MockedStatic<AuthorizationDetailsProcessorFactory> factoryMockedStatic =
mockStatic(AuthorizationDetailsProcessorFactory.class)) {

OIDCDiscoveryDataHolder mockOidcDiscoveryDataHolder = spy(new OIDCDiscoveryDataHolder());
mockOidcDiscoveryDataHolder.setClaimManagementService(mockClaimMetadataManagementService);
Expand All @@ -107,6 +112,11 @@ public void testBuildOIDProviderConfig() throws Exception {
.thenReturn(JWSAlgorithm.RS256);
when(mockOidProviderRequest.getTenantDomain()).thenReturn(
MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);

AuthorizationDetailsProcessorFactory factoryMock = spy(AuthorizationDetailsProcessorFactory.class);
doReturn(Collections.emptySet()).when(factoryMock).getSupportedAuthorizationDetailTypes();
factoryMockedStatic.when(AuthorizationDetailsProcessorFactory::getInstance).thenReturn(factoryMock);

assertNotNull(providerConfigBuilder.buildOIDProviderConfig(mockOidProviderRequest));
}
}
Expand Down Expand Up @@ -194,7 +204,9 @@ public void testBuildOIDProviderConfig4() throws Exception {
MockedStatic<OIDCDiscoveryDataHolder> oidcDiscoveryDataHolder =
mockStatic(OIDCDiscoveryDataHolder.class);
MockedStatic<OAuth2Util> oAuth2Util = mockStatic(OAuth2Util.class);
MockedStatic<DiscoveryUtil> discoveryUtil = mockStatic(DiscoveryUtil.class);) {
MockedStatic<DiscoveryUtil> discoveryUtil = mockStatic(DiscoveryUtil.class);
MockedStatic<AuthorizationDetailsProcessorFactory> factoryMockedStatic =
mockStatic(AuthorizationDetailsProcessorFactory.class)) {
OAuthServerConfiguration mockOAuthServerConfiguration = mock(OAuthServerConfiguration.class);
oAuthServerConfiguration.when(
OAuthServerConfiguration::getInstance).thenReturn(mockOAuthServerConfiguration);
Expand Down Expand Up @@ -223,9 +235,14 @@ public void testBuildOIDProviderConfig4() throws Exception {
when(mockOidProviderRequest.getTenantDomain()).thenReturn(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
when(mockOAuthServerConfiguration.getUserInfoJWTSignatureAlgorithm()).thenReturn(idTokenSignatureAlgorithm);

AuthorizationDetailsProcessorFactory factoryMock = spy(AuthorizationDetailsProcessorFactory.class);
doReturn(Collections.singleton("test_type")).when(factoryMock).getSupportedAuthorizationDetailTypes();
factoryMockedStatic.when(AuthorizationDetailsProcessorFactory::getInstance).thenReturn(factoryMock);

OIDProviderConfigResponse response = providerConfigBuilder.buildOIDProviderConfig(mockOidProviderRequest);
assertNotNull(response);
assertEquals(response.getIssuer(), dummyIdIssuer);
assertEquals(response.getAuthorizationDetailsTypesSupported()[0], "test_type");
}
}

Expand Down
4 changes: 4 additions & 0 deletions ...tity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -767,6 +767,9 @@ public static class ActionIDs {
public static final String VALIDATE_EXISTING_CONSENT = "validate-existing-consent";
public static final String GENERATE_INTROSPECTION_RESPONSE = "generate-introspect-response";
public static final String RECEIVE_REVOKE_REQUEST = "receive-revoke-request";
public static final String VALIDATE_AUTHORIZATION_DETAILS = "validate-authorization-details";
public static final String VALIDATE_AUTHORIZATION_DETAILS_BEFORE_CONSENT
= "validate-authorization-details-before-consent";
}

/**
Expand All @@ -787,6 +790,7 @@ public static class InputKeys {
public static final String PROMPT = "prompt";
public static final String APP_STATE = "app state";
public static final String IMPERSONATOR = "impersonator";
public static final String REQUESTED_AUTHORIZATION_DETAILS = "requested authorization details";
}

/**
Expand Down
4 changes: 4 additions & 0 deletions components/org.wso2.carbon.identity.oauth.endpoint/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,10 @@
<artifactId>jackson-core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
<artifactId>org.wso2.carbon.identity.oauth.rar</artifactId>
</dependency>

<!--Test Dependencies-->
<dependency>
Expand Down
Loading
Loading