"renew_token_without_revoking_existing" not working for custom jwt token issuers

[tharakawijekoon]

Describe the issue:
The "renew_token_without_revoking_existing" property does not work for custom JWT token issuers implementing their own logic.

How to reproduce:

1. Take a IS-5.11.0.372 server and configure a service provider to use the client credentials grant with a custom jwt token issuer(i.e. one extending from class JWTTokenIssuer[1] but using another implementation for createJWTClaimSet method without calling super). The doc is not fixed Add Custom Token Issuer related docs #14419. The configurations that I used to setup the sample[1] are :

[[oauth.extensions.token_types]]
name = "CustomTokenIssuer"
issuer = "org.wso2.carbon.identity.extensions.CustomJWTTokenIssuer"
persist_access_token_alias = true

2. Add the following property and verify multiple JWT tokens can be retrieved with the client credentials grant without revoking the previous one.

[oauth.jwt.renew_token_without_revoking_existing]
enable = true

3. Update the server to 5.11.0.377, when getting multiple JWT tokens with the custom token issuer the previous one gets revoked.

Expected behavior:
Previous tokens issued by custom JWT token issuers(extending JWTTokenIssuer class and having their own implementation of the createJWTClaimSet method) should not be revoked when new tokens are issued.

For the custom JWT token issuers that are written extending the OauthTokenIssuerImpl class, instructions need to be provided with the changes required to the implementation so that the "renew_token_without_revoking_existing" property will work after updating the server.

The issue occurs due to the fix done for the issue #20994

There is an if condition added to check if the token type is "JWT",

        OAuthAppDO oAuthAppDO = (OAuthAppDO) tokReqMsgCtx.getProperty(OAUTH_APP);
        String tokenType = (oAuthAppDO != null) ? oAuthAppDO.getTokenType() : null;

        if (JWT.equalsIgnoreCase(tokenType)) {
            if (renewWithoutRevokingExistingEnabled && tokReqMsgCtx != null && (tokReqMsgCtx.getTokenBinding() == null
                    || StringUtils.isBlank(tokReqMsgCtx.getTokenBinding().getBindingReference()))) {
                if (OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes()
                        .contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) {
                    return UUID.randomUUID().toString();
                }
                return NONE;
            }
        }

but the tokenType will change with the name of the token issuer

[[oauth.extensions.token_types]]
name = "CustomTokenIssuer"

Environment information (Please complete the following information; remove any unnecessary fields) :

• Product Version: [IS 5.11.0.377]

[1]https://github.com/wso2/samples-is/blob/master/oauth2/custom-token-issuer/src/main/java/org/wso2/carbon/identity/extensions/CustomJWTTokenIssuer.java#L32

[KD23243]

The issue has been resolved, and the fix has been merged into the master branch [1]. Additionally, the migration documentation has been updated. Therefore this issue is can be closed.

[1] wso2-extensions/identity-inbound-auth-oauth#2630