Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix consent page for mandatory attributes #2685

Merged
merged 1 commit into from
Jan 23, 2025
+20 −14
Merged

Fix consent page for mandatory attributes #2685

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 20 additions & 14 deletions ...oint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java
View file
Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ during post consent handling to get the original ConsentClaimsData object (Assum
value.setRequestedClaims(removeConsentRequestedNullUserAttributes(value.getRequestedClaims(),
loggedInUser.getUserAttributes(), spTenantDomain));
List<ClaimMetaData> requestedOidcClaimsList =
getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain);
getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain, false);
value.setRequestedClaims(requestedOidcClaimsList);
}

@@ -3333,15 +3333,17 @@ private String handlePreConsent(OAuth2Parameters oauth2Params, AuthenticatedUser
removeConsentRequestedNullUserAttributes(claimsForApproval.getRequestedClaims(),
user.getUserAttributes(), spTenantDomain));
List<ClaimMetaData> requestedOidcClaimsList =
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain);
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain, false);
if (CollectionUtils.isNotEmpty(requestedOidcClaimsList)) {
requestClaimsQueryParam = REQUESTED_CLAIMS + "=" +
buildConsentClaimString(requestedOidcClaimsList);
}

if (CollectionUtils.isNotEmpty(claimsForApproval.getMandatoryClaims())) {
List<ClaimMetaData> mandatoryOidcClaims =
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain, true);
if (CollectionUtils.isNotEmpty(mandatoryOidcClaims)) {
mandatoryClaimsQueryParam = MANDATORY_CLAIMS + "=" +
buildConsentClaimString(claimsForApproval.getMandatoryClaims());
buildConsentClaimString(mandatoryOidcClaims);
}
additionalQueryParam = buildQueryParamString(requestClaimsQueryParam, mandatoryClaimsQueryParam);
}
@@ -3424,17 +3426,19 @@ private List<ClaimMetaData> removeConsentRequestedNullUserAttributes(List<ClaimM
}

/**
* Filter requested claims based on OIDC claims and return the claims which includes in OIDC.
* Filter requested or mandatory claims based on OIDC claims and return the claims included in OIDC.
*
* @param claimsForApproval Consent required claims.
* @param oauth2Params OAuth parameters.
* @param spTenantDomain Tenant domain.
* @return Requested OIDC claim list.
* @param isMandatory If true, filter mandatory claims; otherwise, filter requested claims.
* @return Filtered OIDC claim list.
* @throws RequestObjectException If an error occurred while getting essential claims for the session data key.
* @throws ClaimMetadataException If an error occurred while getting claim mappings.
*/
private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsForApproval,
OAuth2Parameters oauth2Params, String spTenantDomain)
OAuth2Parameters oauth2Params, String spTenantDomain,
boolean isMandatory)
throws RequestObjectException, ClaimMetadataException {

List<ClaimMetaData> requestedOidcClaimsList = new ArrayList<>();
@@ -3447,15 +3451,14 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF

List<String> essentialRequestedClaims = new ArrayList<>();

if (oauth2Params.isRequestObjectFlow()) {
if (!isMandatory && oauth2Params.isRequestObjectFlow()) {
// Get the requested claims came through request object.
List<RequestedClaim> requestedClaimsOfIdToken = EndpointUtil.getRequestObjectService()
.getRequestedClaimsForSessionDataKey(oauth2Params.getSessionDataKey(), false);

List<RequestedClaim> requestedClaimsOfUserInfo = EndpointUtil.getRequestObjectService()
.getRequestedClaimsForSessionDataKey(oauth2Params.getSessionDataKey(), true);


// Get the list of id token's essential claims.
for (RequestedClaim requestedClaim : requestedClaimsOfIdToken) {
if (requestedClaim.isEssential()) {
@@ -3473,7 +3476,7 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF

// Add user info's essential claims requested using claims parameter. Claims for id_token are skipped
// since claims parameter does not support id_token yet.
if (oauth2Params.getEssentialClaims() != null) {
if (!isMandatory && oauth2Params.getEssentialClaims() != null) {
essentialRequestedClaims.addAll(OAuth2Util.getEssentialClaims(oauth2Params.getEssentialClaims(),
USERINFO));
}
@@ -3506,10 +3509,13 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF
}
}

/* Check whether the local claim of oidc claims contains the requested claims or essential claims of
request object contains the requested claims, If it contains add it as requested claim.
*/
for (ClaimMetaData claimMetaData : claimsForApproval.getRequestedClaims()) {
// Determine the source claims list based on whether it is mandatory or requested.
List<ClaimMetaData> approvalPendingClaims = isMandatory
? claimsForApproval.getMandatoryClaims()
: claimsForApproval.getRequestedClaims();

// Filter claims based on OIDC mappings.
for (ClaimMetaData claimMetaData : approvalPendingClaims) {
if (localClaimsOfOidcClaims.contains(claimMetaData.getClaimUri()) ||
localClaimsOfEssentialClaims.contains(claimMetaData.getClaimUri())) {
requestedOidcClaimsList.add(claimMetaData);