New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to access organization resources in tenant perspective #295

Closed

ShanChathusanda93 wants to merge 4 commits into wso2-extensions:master from ShanChathusanda93:tenant-perspective-org-access-branch

Contributor

ShanChathusanda93 commented Nov 1, 2024 •

edited

Loading

Proposed changes in this pull request

$subject
Improvement for : Support for creating OAuth 2.0 clients inside B2B organizations for B2B API access wso2/product-is#21208
From this fix the organization related APIs can be executed from the tenant perspective for the allowed endpoints which are configured as follows.

<OrgContextsToRewriteInTenantPerspective>
    <WebApp>
        <Context>
            <BasePath>/api/</BasePath>
            <SubPaths>
                <Path>/api/identity/oauth2/dcr/</Path>
            </SubPaths>
        </Context>
        <Context>
            <BasePath>/oauth2/</BasePath>
            <SubPaths>
                <Path>/oauth2/token</Path>
                <Path>/oauth2/introspect</Path>
            </SubPaths>
        </Context>
    </WebApp>
</OrgContextsToRewriteInTenantPerspective>

DCR endpoint will create the OAuth2 applications in the sub organization level
- Path : /t/{tenant-domain}/o/{org-id}/api/identity/oauth2/dcr/v1.1/register
Token generation and introspection
- Path : /t/{tenant-domain}/o/{org-id}/oauth2/token?scope=openid ...
When access tokens are handled the tokens will be handled from the sub organization level by checking the type of the application which are using the token service.

When should this PR be merged

This PR needs to be merged once a new kernel version is released with the changes in : Introduce application resident organization in carbon context wso2/carbon-kernel#4104

ShanChathusanda93 commented

View reviewed changes

pom.xml Outdated

@@ @@ -385,8 +385,8 @@ @@
                       <osgi.util.tracker.imp.pkg.version.range>[1.5.1, 2.0.0)</osgi.util.tracker.imp.pkg.version.range>
                       <!-- Carbon Kernel version -->
-                      <carbon.kernel.version>4.9.17</carbon.kernel.version>
-                      <carbon.kernel.feature.version>4.9.0</carbon.kernel.feature.version>
+                      <carbon.kernel.version>4.10.24</carbon.kernel.version>

Contributor Author

ShanChathusanda93 Nov 1, 2024 •

edited

Loading

Need to update this with the new release version with the changes in wso2/carbon-kernel#4104

Contributor Author

ShanChathusanda93 Dec 3, 2024

Updated to the latest kernel release 4.10.26[1]

[1] https://github.com/wso2/carbon-kernel/tree/v4.10.26

sahandilshan reviewed

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java Outdated Show resolved Hide resolved

ShanChathusanda93 commented

View reviewed changes

.../src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java Outdated Show resolved Hide resolved

ShanChathusanda93 commented

View reviewed changes

.../src/main/java/org/wso2/carbon/identity/context/rewrite/valve/TenantContextRewriteValve.java Show resolved Hide resolved

ShanChathusanda93 force-pushed the tenant-perspective-org-access-branch branch from 693f0cf to 85ded2d Compare

November 27, 2024 05:17

AnuradhaSK reviewed

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java Outdated Show resolved Hide resolved


          Add support to access organization resources in tenant perspective

e308fa5

ShanChathusanda93 force-pushed the tenant-perspective-org-access-branch branch 2 times, most recently from 7b7ab3b to 095707b Compare

December 1, 2024 08:38


          Remove sub org app check from authz and token handlers

fddecc4

ShanChathusanda93 force-pushed the tenant-perspective-org-access-branch branch from 095707b to fddecc4 Compare

December 1, 2024 18:58


          Update dependency versions

c2e5c0f

ShanChathusanda93 commented

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java Outdated

                               ServiceProvider serviceProvider = null;
                               String serviceProviderName = null;
                               String serviceProviderUUID = null;
+                              String accessingTenantDomain = null;

Contributor Author

ShanChathusanda93 Dec 3, 2024

applicationResidentTenantDomain

ShanChathusanda93 commented

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java

+                                      serviceProvider = OAuth2Util.getServiceProvider(
+                                              oAuth2IntrospectionResponseDTO.getClientId(), accessingTenantDomain);
+                                      boolean isSharedApp = Arrays.stream(serviceProvider.getSpProperties()).anyMatch(
+                                              property -> "isAppShared".equals(property.getName()) &&

Contributor Author

ShanChathusanda93 Dec 3, 2024

isAppShared - > Use a contant

Contributor Author

ShanChathusanda93 Dec 3, 2024

Use the existing contant

ShanChathusanda93 commented

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java Outdated

+                                      accessingTenantDomain = authorizedUser.getTenantDomain();
+                                      serviceProvider = OAuth2Util.getServiceProvider(
+                                              oAuth2IntrospectionResponseDTO.getClientId(), accessingTenantDomain);
+                                      boolean isSharedApp = Arrays.stream(serviceProvider.getSpProperties()).anyMatch(

Contributor Author

ShanChathusanda93 Dec 3, 2024

Suggested change

      
                                    boolean isSharedApp = Arrays.stream(serviceProvider.getSpProperties()).anyMatch(
          
                                    boolean isB2BSharedApp = Arrays.stream(serviceProvider.getSpProperties()).anyMatch(

ShanChathusanda93 commented

View reviewed changes

...c/main/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java

-                                  serviceProviderTenantDomain =
-                                          OAuth2Util.getTenantDomainOfOauthApp(oAuth2IntrospectionResponseDTO.getClientId());
+                                  if (StringUtils.isNotEmpty(accessingTenantDomain)) {
+                                      serviceProviderTenantDomain =

Contributor Author

ShanChathusanda93 Dec 3, 2024

Remove the method because we are extracting the tenant domain from above


          Improve token handler

bda6b9f

Contributor Author

ShanChathusanda93 commented Dec 3, 2024

Closing this PR since the PR is devided to two parts [1][2]

[1] #298
[2] Will be updated

ShanChathusanda93 closed this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet