diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java index 69d7351e69..060dbdc90e 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java @@ -33,6 +33,21 @@ public class ApplicationDTO { private String clientName = null; + private String jwksUri = null; + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; /** @@ -106,7 +121,148 @@ public void setClientName(String clientName) { this.clientName = clientName; } - + @ApiModelProperty + @JsonProperty("jwks_uri") + public String getJwksUri() { + return jwksUri; + } + + public void setJwksUri(String jwksUri) { + this.jwksUri = jwksUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } @Override public String toString() { diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java index acc2606301..7b607649ee 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java @@ -1,11 +1,12 @@ package org.wso2.carbon.identity.oauth2.dcr.endpoint.dto; +import java.util.ArrayList; +import java.util.List; + import com.fasterxml.jackson.annotation.JsonProperty; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; -import java.util.ArrayList; -import java.util.List; import javax.validation.constraints.NotNull; @@ -40,14 +41,27 @@ public class RegistrationRequestDTO { private boolean extPkceMandatory; private boolean extPkceSupportPlain; private boolean extPublicClient; - + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private String softwareStatement = null; @ApiModelProperty(required = true) @JsonProperty("redirect_uris") public List getRedirectUris() { return redirectUris; } - public void setRedirectUris(List redirectUris) { this.redirectUris = redirectUris; } @@ -57,7 +71,6 @@ public void setRedirectUris(List redirectUris) { public String getClientName() { return clientName; } - public void setClientName(String clientName) { this.clientName = clientName; } @@ -67,7 +80,6 @@ public void setClientName(String clientName) { public List getGrantTypes() { return grantTypes; } - public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } @@ -77,7 +89,6 @@ public void setGrantTypes(List grantTypes) { public String getApplicationType() { return applicationType; } - public void setApplicationType(String applicationType) { this.applicationType = applicationType; } @@ -295,6 +306,148 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("software_statement") + public String getSoftwareStatement() { + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + @Override public String toString() { StringBuilder sb = new StringBuilder(); @@ -326,6 +479,21 @@ public String toString() { sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); + sb.append(" token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sector_identifier_uri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); + sb.append(" require_signed_request_object: ").append(requireSignedRequestObject).append("\n"); + sb.append(" require_pushed_authorization_requests: ").append(requirePushAuthorizationRequest).append("\n"); + sb.append(" tls_client_certificate_bound_access_tokens: ") + .append(tlsClientCertificateBoundAccessToken).append("\n"); + sb.append(" subject_type: ").append(subjectType).append("\n"); + sb.append(" request_object_encryption_alg: ").append(requestObjectEncryptionAlgorithm).append("\n"); + sb.append(" request_object_encryption_enc").append(requestObjectEncryptionMethod).append("\n"); sb.append("}\n"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java index 00383b17b7..58fa01db1f 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java @@ -1,19 +1,22 @@ package org.wso2.carbon.identity.oauth2.dcr.endpoint.dto; +import java.util.ArrayList; +import java.util.List; + import com.fasterxml.jackson.annotation.JsonProperty; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; -import java.util.ArrayList; -import java.util.List; +import javax.validation.constraints.NotNull; -@ApiModel +@ApiModel(description = "") public class UpdateRequestDTO { private List redirectUris = new ArrayList<>(); private String clientName = null; private List grantTypes = new ArrayList<>(); + private String jwksUri = null; private String tokenType = null; private String clientId = null; private String clientSecret = null; @@ -28,8 +31,23 @@ public class UpdateRequestDTO { private boolean extPkceMandatory; private boolean extPkceSupportPlain; private boolean extPublicClient; - - @ApiModelProperty + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSigningAlg = null; + private String sectorIdentifierUri = null; + private String idTokenSignedResponseAlg = null; + private String idTokenEncryptedResponseAlg = null; + private String idTokenEncryptedResponseEnc = null; + private String requestObjectSigningAlg = null; + private String tlsClientAuthSubjectDn = null; + private boolean requirePushAuthorizationRequest; + private boolean requireSignedRequestObject; + private boolean tlsClientCertificateBoundAccessToken; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private String softwareStatement = null; + + @ApiModelProperty(value = "") @JsonProperty("redirect_uris") public List getRedirectUris() { return redirectUris; @@ -198,6 +216,166 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_method") + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("token_endpoint_auth_signing_alg") + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("sector_identifier_uri") + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_signed_response_alg") + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_alg") + public String getIdTokenEncryptedResponseAlg() { + return idTokenEncryptedResponseAlg; + } + + public void setIdTokenEncryptedResponseAlg(String idTokenEncryptedResponseAlg) { + this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("id_token_encrypted_response_enc") + public String getIdTokenEncryptedResponseEnc() { + return idTokenEncryptedResponseEnc; + } + + public void setIdTokenEncryptedResponseEnc(String idTokenEncryptedResponseEnc) { + this.idTokenEncryptedResponseEnc = idTokenEncryptedResponseEnc; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_signing_alg") + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_auth_subject_dn") + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_pushed_authorization_requests") + public boolean isRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + + public void setRequirePushAuthorizationRequest(boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @ApiModelProperty(value = "") + @JsonProperty("require_signed_request_object") + public boolean isRequireSignedRequestObject() { + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + this.requireSignedRequestObject = requireSignedRequestObject; + } + + @ApiModelProperty(value = "") + @JsonProperty("tls_client_certificate_bound_access_tokens") + public boolean isTlsClientCertificateBoundAccessToken() { + return tlsClientCertificateBoundAccessToken; + } + + public void setTlsClientCertificateBoundAccessToken(boolean tlsClientCertificateBoundAccessToken) { + this.tlsClientCertificateBoundAccessToken = tlsClientCertificateBoundAccessToken; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject_type") + public String getSubjectType() { + return subjectType; + } + + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_alg") + public String getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + @ApiModelProperty(value = "") + @JsonProperty("request_object_encryption_enc") + public String getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + @ApiModelProperty(value = "") + @JsonProperty("software_statement") + public String getSoftwareStatement() { + return softwareStatement; + } + public void setSoftwareStatement(String softwareStatement) { + this.softwareStatement = softwareStatement; + } + + @ApiModelProperty + @JsonProperty("jwks_uri") + public String getJwksUri() { + return jwksUri; + } + + public void setJwksUri(String jwksUri) { + this.jwksUri = jwksUri; + } + + @Override public String toString() { StringBuilder sb = new StringBuilder(); @@ -205,13 +383,13 @@ public String toString() { sb.append(" redirect_uris: ").append(redirectUris).append("\n"); sb.append(" client_name: ").append(clientName).append("\n"); - sb.append(" grant_types: ").append(grantTypes).append("\n"); - sb.append(" token_type_extension: ").append(tokenType).append("\n"); - sb.append(" client_id: ").append(clientId).append("\n"); + sb.append(" grant_types: ").append(clientId).append("\n"); sb.append(" client_secret: ").append(clientSecret).append("\n"); + sb.append(" grant_types: ").append(grantTypes).append("\n"); sb.append(" backchannel_logout_uri: ").append(backchannelLogoutUri).append("\n"); sb.append(" backchannel_logout_session_required: ").append(backchannelLogoutSessionRequired).append("\n"); sb.append(" ext_application_display_name: ").append(extApplicationDisplayName).append("\n"); + sb.append(" tokenTypeExtension: ").append(tokenType).append("\n"); sb.append(" ext_application_owner: ").append(extApplicationOwner).append("\n"); sb.append(" ext_application_token_lifetime: ").append(extApplicationTokenLifetime).append("\n"); sb.append(" ext_user_token_lifetime: ").append(extUserTokenLifetime).append("\n"); @@ -220,6 +398,14 @@ public String toString() { sb.append(" ext_pkce_mandatory: ").append(extPkceMandatory).append("\n"); sb.append(" ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n"); sb.append(" ext_public_client: ").append(extPublicClient).append("\n"); + sb.append(" token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n"); + sb.append(" token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n"); + sb.append(" sector_identifier_uri: ").append(sectorIdentifierUri).append("\n"); + sb.append(" id_token_signed_response_alg: ").append(idTokenSignedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_alg: ").append(idTokenEncryptedResponseAlg).append("\n"); + sb.append(" id_token_encrypted_response_enc: ").append(idTokenEncryptedResponseEnc).append("\n"); + sb.append(" request_object_signing_alg: ").append(requestObjectSigningAlg).append("\n"); + sb.append(" tls_client_auth_subject_dn: ").append(tlsClientAuthSubjectDn).append("\n"); sb.append("}\n"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java index 6e278f3316..5671679652 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java @@ -78,6 +78,27 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest( appRegistrationRequest.setExtPkceMandatory(registrationRequestDTO.getExtPkceMandatory()); appRegistrationRequest.setExtPkceSupportPlain(registrationRequestDTO.getExtPkceSupportPlain()); appRegistrationRequest.setExtPublicClient(registrationRequestDTO.getExtPublicClient()); + appRegistrationRequest.setJwksURI(registrationRequestDTO.getJwksUri()); + appRegistrationRequest.setTokenEndpointAuthMethod(registrationRequestDTO.getTokenEndpointAuthMethod()); + appRegistrationRequest.setTokenEndpointAuthSignatureAlgorithm + (registrationRequestDTO.getTokenEndpointAuthSigningAlg()); + appRegistrationRequest.setSectorIdentifierURI(registrationRequestDTO.getSectorIdentifierUri()); + appRegistrationRequest.setIdTokenSignatureAlgorithm(registrationRequestDTO.getIdTokenSignedResponseAlg()); + appRegistrationRequest.setIdTokenEncryptionAlgorithm(registrationRequestDTO.getIdTokenEncryptedResponseAlg()); + appRegistrationRequest.setIdTokenEncryptionMethod(registrationRequestDTO.getIdTokenEncryptedResponseEnc()); + appRegistrationRequest.setRequestObjectSignatureAlgorithm(registrationRequestDTO.getRequestObjectSigningAlg()); + appRegistrationRequest.setRequestObjectEncryptionAlgorithm + (registrationRequestDTO.getRequestObjectEncryptionAlgorithm()); + appRegistrationRequest.setRequestObjectEncryptionMethod + (registrationRequestDTO.getRequestObjectEncryptionMethod()); + appRegistrationRequest.setTlsClientAuthSubjectDN(registrationRequestDTO.getTlsClientAuthSubjectDn()); + appRegistrationRequest.setRequirePushedAuthorizationRequests + (registrationRequestDTO.isRequireSignedRequestObject()); + appRegistrationRequest.setRequireSignedRequestObject(registrationRequestDTO.isRequireSignedRequestObject()); + appRegistrationRequest.setTlsClientCertificateBoundAccessTokens + (registrationRequestDTO.isTlsClientCertificateBoundAccessToken()); + appRegistrationRequest.setSubjectType(registrationRequestDTO.getSubjectType()); + appRegistrationRequest.setSoftwareStatement(registrationRequestDTO.getSoftwareStatement()); return appRegistrationRequest; } @@ -99,8 +120,27 @@ public static ApplicationUpdateRequest getApplicationUpdateRequest(UpdateRequest applicationUpdateRequest.setExtPkceMandatory(updateRequestDTO.getExtPkceMandatory()); applicationUpdateRequest.setExtPkceSupportPlain(updateRequestDTO.getExtPkceSupportPlain()); applicationUpdateRequest.setExtPublicClient(updateRequestDTO.getExtPublicClient()); + applicationUpdateRequest.setJwksURI(updateRequestDTO.getJwksUri()); + applicationUpdateRequest.setTokenEndpointAuthMethod(updateRequestDTO.getTokenEndpointAuthMethod()); + applicationUpdateRequest.setTokenEndpointAuthSignatureAlgorithm + (updateRequestDTO.getTokenEndpointAuthSigningAlg()); + applicationUpdateRequest.setSectorIdentifierURI(updateRequestDTO.getSectorIdentifierUri()); + applicationUpdateRequest.setIdTokenSignatureAlgorithm(updateRequestDTO.getIdTokenSignedResponseAlg()); + applicationUpdateRequest.setIdTokenEncryptionAlgorithm(updateRequestDTO.getIdTokenEncryptedResponseAlg()); + applicationUpdateRequest.setIdTokenEncryptionMethod(updateRequestDTO.getIdTokenEncryptedResponseEnc()); + applicationUpdateRequest.setRequestObjectSignatureAlgorithm( + updateRequestDTO.getRequestObjectSigningAlg()); + applicationUpdateRequest.setRequestObjectEncryptionAlgorithm( + updateRequestDTO.getRequestObjectEncryptionAlgorithm()); + applicationUpdateRequest.setRequestObjectEncryptionMethod(updateRequestDTO.getRequestObjectEncryptionMethod()); + applicationUpdateRequest.setTlsClientAuthSubjectDN(updateRequestDTO.getTlsClientAuthSubjectDn()); + applicationUpdateRequest.setRequirePushedAuthorizationRequests(updateRequestDTO.isRequireSignedRequestObject()); + applicationUpdateRequest.setRequireSignedRequestObject(updateRequestDTO.isRequireSignedRequestObject()); + applicationUpdateRequest.setTlsClientCertificateBoundAccessTokens + (updateRequestDTO.isTlsClientCertificateBoundAccessToken()); + applicationUpdateRequest.setSubjectType(updateRequestDTO.getSubjectType()); + applicationUpdateRequest.setSoftwareStatement(updateRequestDTO.getSoftwareStatement()); return applicationUpdateRequest; - } public static void handleErrorResponse(DCRMException dcrmException, Log log) throws DCRMEndpointException { @@ -174,7 +214,21 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic specification we have to set the expiration time to 0. https://openid.net/specs/openid-connect-registration-1_0.html */ applicationDTO.setClientSecretExpiresAt(0L); - + applicationDTO.setJwksUri(application.getJwksURI()); + applicationDTO.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); + applicationDTO.setTokenEndpointAuthSigningAlg(application.getTokenEndpointAuthSignatureAlgorithm()); + applicationDTO.setSectorIdentifierUri(application.getSectorIdentifierURI()); + applicationDTO.setIdTokenSignedResponseAlg(application.getIdTokenSignatureAlgorithm()); + applicationDTO.setIdTokenEncryptedResponseAlg(application.getIdTokenEncryptionAlgorithm()); + applicationDTO.setIdTokenEncryptedResponseEnc(application.getIdTokenEncryptionMethod()); + applicationDTO.setRequireSignedRequestObject(application.isRequestObjectSignatureValidationEnabled()); + applicationDTO.setRequestObjectSigningAlg(application.getRequestObjectSignatureAlgorithm()); + applicationDTO.setTlsClientAuthSubjectDn(application.getTlsClientAuthSubjectDN()); + applicationDTO.setSubjectType(application.getSubjectType()); + applicationDTO.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); + applicationDTO.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); + applicationDTO.setRequirePushAuthorizationRequest(application.isRequirePushedAuthorizationRequests()); + applicationDTO.setTlsClientCertificateBoundAccessToken(application.isTlsClientCertificateBoundAccessTokens()); return applicationDTO; } diff --git a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml index a8bc490201..b88df48270 100644 --- a/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml +++ b/components/org.wso2.carbon.identity.api.server.dcr/src/main/resources/api.identity.oauth.dcr.endpoint.yaml @@ -332,6 +332,36 @@ definitions: type: boolean ext_public_client: type: boolean + token_endpoint_auth_method: + type: string + token_endpoint_auth_signing_alg: + type: string + sector_identifier_uri: + type: string + id_token_signed_response_alg: + type: string + id_token_encrypted_response_alg: + type: string + id_token_encrypted_response_enc: + type: string + authorization_signed_response_alg: + type: string + request_object_signing_alg: + type: string + tls_client_auth_subject_dn: + type: string + require_signed_request_object: + type: boolean + require_pushed_authorization_requests: + type: boolean + tls_client_certificate_bound_access_tokens: + type: boolean + subject_type: + type: string + request_object_encryption_alg: + type: string + request_object_encryption_enc: + type: string #----------------------------------------------------- # The Application Update Request Object #----------------------------------------------------- @@ -380,6 +410,36 @@ definitions: type: boolean ext_public_client: type: boolean + token_endpoint_auth_method: + type: string + token_endpoint_auth_signing_alg: + type: string + sector_identifier_uri: + type: string + id_token_signed_response_alg: + type: string + id_token_encrypted_response_alg: + type: string + id_token_encrypted_response_enc: + type: string + authorization_signed_response_alg: + type: string + request_object_signing_alg: + type: string + tls_client_auth_subject_dn: + type: string + require_signed_request_object: + type: boolean + require_pushed_authorization_requests: + type: boolean + tls_client_certificate_bound_access_tokens: + type: boolean + subject_type: + type: string + request_object_encryption_alg: + type: string + request_object_encryption_enc: + type: string #----------------------------------------------------- # The OAuth2 Application Object #----------------------------------------------------- diff --git a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java index 990f8267ac..c9af8e9692 100644 --- a/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java +++ b/components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java @@ -188,6 +188,8 @@ public final class OAuthConstants { public static final String ORG_ID = "org_id"; public static final String IS_FAPI_CONFORMANT_APP = "isFAPIConformant"; public static final String ENABLE_FAPI = "OAuth.OpenIDConnect.FAPI.EnableFAPIValidation"; + public static final String IS_THIRD_PARTY_APP = "isThirdPartyApp"; + private OAuthConstants() { @@ -520,6 +522,17 @@ public static class OIDCConfigProperties { "tokenRevocationWithIDPSessionTermination"; public static final String TOKEN_BINDING_VALIDATION = "tokenBindingValidation"; public static final String TOKEN_BINDING_TYPE_NONE = "None"; + public static final String TOKEN_AUTH_METHOD = "tokenEndpointAuthMethod"; + public static final String TOKEN_AUTH_SIGNATURE_ALGORITHM = "tokenEndpointAuthSigningAlg"; + public static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri"; + public static final String ID_TOKEN_SIGNATURE_ALGORITHM = "idTokenSignedResponseAlg"; + public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHM = "requestObjectSigningAlg"; + public static final String TLS_SUBJECT_DN = "tlsClientAuthSubjectDn"; + public static final String IS_PUSH_AUTH = "requirePushAuthorizationRequest"; + public static final String IS_CERTIFICATE_BOUND_ACCESS_TOKEN = "tlsClientCertificateBoundAccessToken"; + public static final String SUBJECT_TYPE = "subjectType"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHM = "requestObjectEncryptionAlgorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_METHOD = "requestObjectEncryptionMethod"; private OIDCConfigProperties() { diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java index 6e62c1be2b..61c5c06965 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java @@ -33,6 +33,21 @@ public class Application implements Serializable { private String clientSecret = null; private List redirectUris = null; private List grantTypes = null; + private String jwksURI = null; + private String tokenEndpointAuthMethod = null; + private String tokenEndpointAuthSignatureAlgorithm = null; + private String sectorIdentifierURI = null; + private String idTokenSignatureAlgorithm = null; + private String requestObjectSignatureAlgorithm = null; + private String tlsClientAuthSubjectDN = null; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType = null; + private String requestObjectEncryptionAlgorithm = null; + private String requestObjectEncryptionMethod = null; + private boolean isRequestObjectSignatureValidationEnabled; + private String idTokenEncryptionAlgorithm = null; + private String idTokenEncryptionMethod = null; public String getClientName() { @@ -83,7 +98,154 @@ public void setGrantTypes(List grantTypes) { this.grantTypes = grantTypes; } + public String getJwksURI() { + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + + this.jwksURI = jwksURI; + } + + public String getTokenEndpointAuthMethod() { + + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getIdTokenSignatureAlgorithm() { + + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + public String getRequestObjectSignatureAlgorithm() { + + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean isRequirePushedAuthorizationRequests() { + + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + + return subjectType; + } + + public void setSubjectType(String subjectType) { + + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public boolean isRequestObjectSignatureValidationEnabled() { + + return isRequestObjectSignatureValidationEnabled; + } + + public void setRequestObjectSignatureValidationEnabled(boolean requestObjectSignatureValidationEnabled) { + + isRequestObjectSignatureValidationEnabled = requestObjectSignatureValidationEnabled; + } + + public String getIdTokenEncryptionAlgorithm() { + + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } @Override public String toString() { diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java index bf2a2ea0b1..5d8a07ec75 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java @@ -47,6 +47,32 @@ public class ApplicationRegistrationRequest implements Serializable { private boolean extPkceMandatory = false; private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; + private String jwksURI; + private String softwareStatement; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String idTokenEncryptionAlgorithm; + private String idTokenEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private boolean requireSignedRequestObject; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; + + public String getJwksURI() { + + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + + this.jwksURI = jwksURI; + } public List getRedirectUris() { @@ -320,4 +346,155 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + + public String getTokenEndpointAuthMethod() { + + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getRequestObjectSignatureAlgorithm() { + + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + public String getSubjectType() { + + return subjectType; + } + + public void setSubjectType(String subjectType) { + + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public String getIdTokenSignatureAlgorithm() { + + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getIdTokenEncryptionAlgorithm() { + + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } + + public boolean isRequirePushedAuthorizationRequests() { + + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public boolean isRequireSignedRequestObject() { + + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + + this.requireSignedRequestObject = requireSignedRequestObject; + } + + public String getSoftwareStatement() { + + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + + this.softwareStatement = softwareStatement; + } + + } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java index f948ad6167..c103508542 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java @@ -43,6 +43,22 @@ public class ApplicationUpdateRequest implements Serializable { private boolean extPkceMandatory = false; private boolean extPkceSupportPlain = false; private boolean extPublicClient = false; + private String jwksURI = null; + private String softwareStatement; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String idTokenEncryptionAlgorithm; + private String idTokenEncryptionMethod; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private boolean requireSignedRequestObject; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; public List getRedirectUris() { @@ -255,4 +271,164 @@ public void setExtPublicClient(boolean extPublicClient) { this.extPublicClient = extPublicClient; } + + public String getTokenEndpointAuthMethod() { + + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getRequestObjectSignatureAlgorithm() { + + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + public String getSubjectType() { + + return subjectType; + } + + public void setSubjectType(String subjectType) { + + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + public String getIdTokenSignatureAlgorithm() { + + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + public String getIdTokenEncryptionAlgorithm() { + + return idTokenEncryptionAlgorithm; + } + + public void setIdTokenEncryptionAlgorithm(String idTokenEncryptionAlgorithm) { + + this.idTokenEncryptionAlgorithm = idTokenEncryptionAlgorithm; + } + + public String getIdTokenEncryptionMethod() { + + return idTokenEncryptionMethod; + } + + public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) { + + this.idTokenEncryptionMethod = idTokenEncryptionMethod; + } + + public boolean isRequirePushedAuthorizationRequests() { + + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public boolean isRequireSignedRequestObject() { + + return requireSignedRequestObject; + } + + public void setRequireSignedRequestObject(boolean requireSignedRequestObject) { + + this.requireSignedRequestObject = requireSignedRequestObject; + } + + public String getSoftwareStatement() { + + return softwareStatement; + } + + public void setSoftwareStatement(String softwareStatement) { + + this.softwareStatement = softwareStatement; + } + + public String getJwksURI() { + + return jwksURI; + } + + public void setJwksURI(String jwksURI) { + + this.jwksURI = jwksURI; + } + } diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java index 16c0a4f50a..f26fe2bfb3 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java @@ -85,7 +85,17 @@ public class DCRMService { public Application getApplication(String clientId) throws DCRMException { validateRequestTenantDomain(clientId); - return buildResponse(getApplicationById(clientId, DCRMUtils.isApplicationRolePermissionRequired())); + OAuthConsumerAppDTO consumerAppDTO = getApplicationById( + clientId, DCRMUtils.isApplicationRolePermissionRequired()); + // Get the jwksURI from the service provider. + String applicationName = consumerAppDTO.getApplicationName(); + String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); + ServiceProvider serviceProvider = getServiceProvider(applicationName, tenantDomain); + String jwksURI = serviceProvider.getJwksUri(); + if (StringUtils.isNotEmpty(jwksURI)) { + consumerAppDTO.setJwksURI(jwksURI); + } + return buildResponse(consumerAppDTO); } /** @@ -213,7 +223,10 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str } // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(sp, updateRequest.getExtApplicationDisplayName()); - + // Update jwksURI. + if (StringUtils.isNotEmpty(updateRequest.getJwksURI())) { + sp.setJwksUri(updateRequest.getJwksURI()); + } // Need to create a deep clone, since modifying the fields of the original object, // will modify the cached SP object. ServiceProvider clonedSP = cloneServiceProvider(sp); @@ -259,6 +272,45 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str if (updateRequest.getExtIdTokenLifetime() != null) { appDTO.setIdTokenExpiryTime(updateRequest.getExtIdTokenLifetime()); } + if (updateRequest.getTokenEndpointAuthMethod() != null) { + appDTO.setTokenEndpointAuthMethod(updateRequest.getTokenEndpointAuthMethod()); + } + if (updateRequest.getTokenEndpointAuthSignatureAlgorithm() != null) { + appDTO.setTokenEndpointAuthSignatureAlgorithm + (updateRequest.getTokenEndpointAuthSignatureAlgorithm()); + } + if (updateRequest.getSectorIdentifierURI() != null) { + appDTO.setSectorIdentifierURI(updateRequest.getSectorIdentifierURI()); + } + if (updateRequest.getIdTokenSignatureAlgorithm() != null) { + appDTO.setIdTokenSignatureAlgorithm(updateRequest.getIdTokenSignatureAlgorithm()); + } + if (updateRequest.getIdTokenEncryptionAlgorithm() != null) { + appDTO.setIdTokenEncryptionAlgorithm(updateRequest.getIdTokenEncryptionAlgorithm()); + } + if (updateRequest.getIdTokenEncryptionMethod() != null) { + appDTO.setIdTokenEncryptionMethod(updateRequest.getIdTokenEncryptionMethod()); + } + if (updateRequest.getRequestObjectSignatureAlgorithm() != null) { + appDTO.setRequestObjectSignatureValidationEnabled + (updateRequest.isRequireSignedRequestObject()); + } + if (updateRequest.getTlsClientAuthSubjectDN() != null) { + appDTO.setTlsClientAuthSubjectDN(updateRequest.getTlsClientAuthSubjectDN()); + } + if (updateRequest.getSubjectType() != null) { + appDTO.setSubjectType(updateRequest.getSubjectType()); + } + if (updateRequest.getRequestObjectEncryptionAlgorithm() != null) { + appDTO.setRequestObjectEncryptionAlgorithm + (updateRequest.getRequestObjectEncryptionAlgorithm()); + } + if (updateRequest.getRequestObjectEncryptionMethod() != null) { + appDTO.setRequestObjectEncryptionMethod(updateRequest.getRequestObjectEncryptionMethod()); + } + appDTO.setRequestObjectSignatureValidationEnabled(updateRequest.isRequireSignedRequestObject()); + appDTO.setRequirePushedAuthorizationRequests(updateRequest.isRequirePushedAuthorizationRequests()); + appDTO.setTlsClientCertificateBoundAccessTokens(updateRequest.isTlsClientCertificateBoundAccessTokens()); appDTO.setPkceMandatory(updateRequest.isExtPkceMandatory()); appDTO.setPkceSupportPlain(updateRequest.isExtPkceSupportPlain()); appDTO.setBypassClientCredentials(updateRequest.isExtPublicClient()); @@ -267,8 +319,10 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str throw DCRMUtils.generateServerException( DCRMConstants.ErrorMessages.FAILED_TO_UPDATE_APPLICATION, clientId, e); } - - return buildResponse(getApplicationById(clientId)); + OAuthConsumerAppDTO oAuthConsumerAppDTO = getApplicationById(clientId); + // Setting the jwksURI to be sent in the response. + oAuthConsumerAppDTO.setJwksURI(updateRequest.getJwksURI()); + return buildResponse(oAuthConsumerAppDTO); } /** @@ -380,9 +434,15 @@ private Application createOAuthApplication(ApplicationRegistrationRequest regist // Update the service provider properties list with the display name property. updateServiceProviderPropertyList(serviceProvider, registrationRequest.getExtApplicationDisplayName()); + // Store jwksURI. + if (StringUtils.isNotEmpty(registrationRequest.getJwksURI())) { + serviceProvider.setJwksUri(registrationRequest.getJwksURI()); + } try { updateServiceProviderWithOAuthAppDetails(serviceProvider, createdApp, applicationOwner, tenantDomain); + // Setting the jwksURI to be sent in the response. + createdApp.setJwksURI(registrationRequest.getJwksURI()); } catch (DCRMException ex) { // Delete the OAuth app created. This will also remove the registered SP for the OAuth app. deleteApplication(createdApp.getOauthConsumerKey()); @@ -407,7 +467,21 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp) { grantTypesList = Arrays.asList(createdApp.getGrantTypes().split(" ")); } application.setGrantTypes(grantTypesList); - + application.setJwksURI(createdApp.getJwksURI()); + application.setTokenEndpointAuthMethod(createdApp.getTokenEndpointAuthMethod()); + application.setTokenEndpointAuthSignatureAlgorithm(createdApp.getTokenEndpointAuthSignatureAlgorithm()); + application.setSectorIdentifierURI(createdApp.getSectorIdentifierURI()); + application.setIdTokenSignatureAlgorithm(createdApp.getIdTokenSignatureAlgorithm()); + application.setIdTokenEncryptionAlgorithm(createdApp.getIdTokenEncryptionAlgorithm()); + application.setIdTokenEncryptionMethod(createdApp.getIdTokenEncryptionMethod()); + application.setRequestObjectSignatureValidationEnabled(createdApp.isRequestObjectSignatureValidationEnabled()); + application.setRequestObjectSignatureAlgorithm(createdApp.getRequestObjectSignatureAlgorithm()); + application.setTlsClientAuthSubjectDN(createdApp.getTlsClientAuthSubjectDN()); + application.setSubjectType(createdApp.getSubjectType()); + application.setRequestObjectEncryptionAlgorithm(createdApp.getRequestObjectEncryptionAlgorithm()); + application.setRequestObjectEncryptionMethod(createdApp.getRequestObjectEncryptionMethod()); + application.setRequirePushedAuthorizationRequests(createdApp.getRequirePushedAuthorizationRequests()); + application.setTlsClientCertificateBoundAccessTokens(createdApp.getTlsClientCertificateBoundAccessTokens()); return application; } @@ -477,6 +551,48 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist if (registrationRequest.getExtIdTokenLifetime() != null) { oAuthConsumerApp.setIdTokenExpiryTime(registrationRequest.getExtIdTokenLifetime()); } + if (registrationRequest.getTokenEndpointAuthMethod() != null) { + oAuthConsumerApp.setTokenEndpointAuthMethod(registrationRequest.getTokenEndpointAuthMethod()); + } + if (registrationRequest.getTokenEndpointAuthSignatureAlgorithm() != null) { + oAuthConsumerApp.setTokenEndpointAuthSignatureAlgorithm + (registrationRequest.getTokenEndpointAuthSignatureAlgorithm()); + } + if (registrationRequest.getSectorIdentifierURI() != null) { + oAuthConsumerApp.setSectorIdentifierURI(registrationRequest.getSectorIdentifierURI()); + } + if (registrationRequest.getIdTokenSignatureAlgorithm() != null) { + oAuthConsumerApp.setIdTokenSignatureAlgorithm(registrationRequest.getIdTokenSignatureAlgorithm()); + } + if (registrationRequest.getIdTokenEncryptionAlgorithm() != null) { + oAuthConsumerApp.setIdTokenEncryptionAlgorithm(registrationRequest.getIdTokenEncryptionAlgorithm()); + oAuthConsumerApp.setIdTokenEncryptionEnabled(true); + } + if (registrationRequest.getIdTokenEncryptionMethod() != null) { + oAuthConsumerApp.setIdTokenEncryptionMethod(registrationRequest.getIdTokenEncryptionMethod()); + } + if (registrationRequest.getRequestObjectSignatureAlgorithm() != null) { + oAuthConsumerApp.setRequestObjectSignatureAlgorithm( + (registrationRequest.getRequestObjectSignatureAlgorithm())); + } + if (registrationRequest.getTlsClientAuthSubjectDN() != null) { + oAuthConsumerApp.setTlsClientAuthSubjectDN(registrationRequest.getTlsClientAuthSubjectDN()); + } + if (registrationRequest.getSubjectType() != null) { + oAuthConsumerApp.setSubjectType(registrationRequest.getSubjectType()); + } + if (registrationRequest.getRequestObjectEncryptionAlgorithm() != null) { + oAuthConsumerApp.setRequestObjectEncryptionAlgorithm + (registrationRequest.getRequestObjectEncryptionAlgorithm()); + } + if (registrationRequest.getRequestObjectEncryptionMethod() != null) { + oAuthConsumerApp.setRequestObjectEncryptionMethod(registrationRequest.getRequestObjectEncryptionMethod()); + } + oAuthConsumerApp.setRequestObjectSignatureValidationEnabled(registrationRequest.isRequireSignedRequestObject()); + oAuthConsumerApp.setRequirePushedAuthorizationRequests( + registrationRequest.isRequirePushedAuthorizationRequests()); + oAuthConsumerApp.setTlsClientCertificateBoundAccessTokens( + registrationRequest.isTlsClientCertificateBoundAccessTokens()); oAuthConsumerApp.setPkceMandatory(registrationRequest.isExtPkceMandatory()); oAuthConsumerApp.setPkceSupportPlain(registrationRequest.isExtPkceSupportPlain()); oAuthConsumerApp.setBypassClientCredentials(registrationRequest.isExtPublicClient()); diff --git a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java index 67c7153702..04bd2a8edb 100644 --- a/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java +++ b/components/org.wso2.carbon.identity.oauth.dcr/src/test/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMServiceTest.java @@ -94,6 +94,7 @@ public class DCRMServiceTest extends PowerMockTestCase { private String dummyCallbackUrl = "dummyCallbackUrl"; private final String dummyTemplateName = "dummyTemplateName"; private final String dummyBackchannelLogoutUri = "http://backchannel.com/"; + private final String dummyJwskUri = "http://localhost.com/jwks"; @Mock private OAuthConsumerAppDTO dto; @@ -286,6 +287,12 @@ public void getApplicationDTOTest() throws Exception { PrivilegedCarbonContext.getThreadLocalCarbonContext().setUserRealm(mockedUserRealm); when(mockedUserRealm.getUserStoreManager()).thenReturn(mockedUserStoreManager); when(mockedUserStoreManager.isUserInRole(anyString(), anyString())).thenReturn(true); + ServiceProvider serviceProvider = new ServiceProvider(); + serviceProvider.setJwksUri("dummyJwksUri"); + when(mockApplicationManagementService.getServiceProvider(anyString(), anyString())) + .thenReturn(serviceProvider); + when(mockApplicationManagementService.getServiceProvider(anyString(), anyString())) + .thenReturn(new ServiceProvider()); Application application = dcrmService.getApplication(dummyConsumerKey); assertEquals(application.getClientId(), dummyConsumerKey); diff --git a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl index f4a605afda..fcba65ab1c 100644 --- a/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl +++ b/components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl @@ -397,6 +397,7 @@ + @@ -406,17 +407,29 @@ + + + + + + + + + + + + diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java index 39ade0cb43..5db97b8685 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthAdminServiceImpl.java @@ -345,6 +345,19 @@ public OAuthConsumerAppDTO registerAndRetrieveOAuthApplicationData(OAuthConsumer app.setTokenBindingValidationEnabled(application.isTokenBindingValidationEnabled()); app.setTokenRevocationWithIDPSessionTerminationEnabled( application.isTokenRevocationWithIDPSessionTerminationEnabled()); + app.setTokenEndpointAuthMethod(application.getTokenEndpointAuthMethod()); + app.setTokenEndpointAuthSignatureAlgorithm( + application.getTokenEndpointAuthSignatureAlgorithm()); + app.setSectorIdentifierURI(application.getSectorIdentifierURI()); + app.setIdTokenSignatureAlgorithm(application.getIdTokenSignatureAlgorithm()); + app.setRequestObjectSignatureAlgorithm(application.getRequestObjectSignatureAlgorithm()); + app.setTlsClientAuthSubjectDN(application.getTlsClientAuthSubjectDN()); + app.setSubjectType(application.getSubjectType()); + app.setRequestObjectEncryptionAlgorithm(application.getRequestObjectEncryptionAlgorithm()); + app.setRequestObjectEncryptionMethod(application.getRequestObjectEncryptionMethod()); + app.setRequirePushedAuthorizationRequests(application.getRequirePushedAuthorizationRequests()); + app.setTlsClientCertificateBoundAccessTokens( + application.getTlsClientCertificateBoundAccessTokens()); } dao.addOAuthApplication(app); AppInfoCache.getInstance().addToCache(app.getOauthConsumerKey(), app); @@ -623,6 +636,19 @@ public void updateConsumerApplication(OAuthConsumerAppDTO consumerAppDTO) throws oauthappdo.setTokenRevocationWithIDPSessionTerminationEnabled(consumerAppDTO .isTokenRevocationWithIDPSessionTerminationEnabled()); oauthappdo.setTokenBindingValidationEnabled(consumerAppDTO.isTokenBindingValidationEnabled()); + oauthappdo.setTokenEndpointAuthMethod(consumerAppDTO.getTokenEndpointAuthMethod()); + oauthappdo.setTokenEndpointAuthSignatureAlgorithm( + consumerAppDTO.getTokenEndpointAuthSignatureAlgorithm()); + oauthappdo.setSectorIdentifierURI(consumerAppDTO.getSectorIdentifierURI()); + oauthappdo.setIdTokenSignatureAlgorithm(consumerAppDTO.getIdTokenSignatureAlgorithm()); + oauthappdo.setRequestObjectSignatureAlgorithm(consumerAppDTO.getRequestObjectSignatureAlgorithm()); + oauthappdo.setTlsClientAuthSubjectDN(consumerAppDTO.getTlsClientAuthSubjectDN()); + oauthappdo.setSubjectType(consumerAppDTO.getSubjectType()); + oauthappdo.setRequestObjectEncryptionAlgorithm(consumerAppDTO.getRequestObjectEncryptionAlgorithm()); + oauthappdo.setRequestObjectEncryptionMethod(consumerAppDTO.getRequestObjectEncryptionMethod()); + oauthappdo.setRequirePushedAuthorizationRequests(consumerAppDTO.getRequirePushedAuthorizationRequests()); + oauthappdo.setTlsClientCertificateBoundAccessTokens( + consumerAppDTO.getTlsClientCertificateBoundAccessTokens()); } dao.updateConsumerApplication(oauthappdo); AppInfoCache.getInstance().addToCache(oauthappdo.getOauthConsumerKey(), oauthappdo); @@ -934,8 +960,8 @@ public void updateConsumerAppState(String consumerKey, String newState) throws I if (initiatorId.isPresent()) { AuditLog.AuditLogBuilder auditLogBuilder = new AuditLog.AuditLogBuilder( initiatorId.get(), USER, consumerKey, TARGET_APPLICATION, - OAuthConstants.LogConstants.UPDATE_APP_STATE) - .data(Map.of("state", newState)); + OAuthConstants.LogConstants.UPDATE_APP_STATE); + triggerAuditLogEvent(auditLogBuilder, true); } else { LOG.error("Error getting the logged in userId"); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java index 0348d0aca5..6721b11f2d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/OAuthUtil.java @@ -496,6 +496,17 @@ public static OAuthConsumerAppDTO buildConsumerAppDTO(OAuthAppDO appDO) { dto.setTokenRevocationWithIDPSessionTerminationEnabled(appDO .isTokenRevocationWithIDPSessionTerminationEnabled()); dto.setTokenBindingValidationEnabled(appDO.isTokenBindingValidationEnabled()); + dto.setTokenEndpointAuthMethod(appDO.getTokenEndpointAuthMethod()); + dto.setTokenEndpointAuthSignatureAlgorithm(appDO.getTokenEndpointAuthSignatureAlgorithm()); + dto.setSectorIdentifierURI(appDO.getSectorIdentifierURI()); + dto.setIdTokenSignatureAlgorithm(appDO.getIdTokenSignatureAlgorithm()); + dto.setRequestObjectSignatureAlgorithm(appDO.getRequestObjectSignatureAlgorithm()); + dto.setTlsClientAuthSubjectDN(appDO.getTlsClientAuthSubjectDN()); + dto.setSubjectType(appDO.getSubjectType()); + dto.setRequestObjectEncryptionAlgorithm(appDO.getRequestObjectEncryptionAlgorithm()); + dto.setRequestObjectEncryptionMethod(appDO.getRequestObjectEncryptionMethod()); + dto.setRequirePushedAuthorizationRequests(appDO.isRequirePushedAuthorizationRequests()); + dto.setTlsClientCertificateBoundAccessTokens(appDO.isTlsClientCertificateBoundAccessTokens()); return dto; } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java index 06bf2f7ce9..9844d78602 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java @@ -73,8 +73,19 @@ import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTED; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_ENCRYPTION_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.ID_TOKEN_SIGNATURE_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_CERTIFICATE_BOUND_ACCESS_TOKEN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.IS_PUSH_AUTH; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.RENEW_REFRESH_TOKEN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_ENCRYPTION_ALGORITHM; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_ENCRYPTION_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_SIGNATURE_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.REQUEST_OBJECT_SIGNED; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.SECTOR_IDENTIFIER_URI; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.SUBJECT_TYPE; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TLS_SUBJECT_DN; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_AUTH_METHOD; +import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_AUTH_SIGNATURE_ALGORITHM; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_TYPE_NONE; import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_BINDING_VALIDATION; @@ -852,6 +863,50 @@ private void addOrUpdateOIDCSpProperty(OAuthAppDO oauthAppDO, TOKEN_BINDING_VALIDATION, String.valueOf(oauthAppDO.isTokenBindingValidationEnabled()), prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TOKEN_AUTH_METHOD, oauthAppDO.getTokenEndpointAuthMethod(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TOKEN_AUTH_SIGNATURE_ALGORITHM, oauthAppDO.getTokenEndpointAuthSignatureAlgorithm(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + SECTOR_IDENTIFIER_URI, oauthAppDO.getSectorIdentifierURI(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + ID_TOKEN_SIGNATURE_ALGORITHM, oauthAppDO.getIdTokenSignatureAlgorithm(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_SIGNATURE_ALGORITHM, oauthAppDO.getRequestObjectSignatureAlgorithm(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, oauthAppDO.getRequestObjectEncryptionAlgorithm(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + REQUEST_OBJECT_ENCRYPTION_METHOD, oauthAppDO.getRequestObjectEncryptionMethod(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + TLS_SUBJECT_DN, oauthAppDO.getTlsClientAuthSubjectDN(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + IS_PUSH_AUTH, String.valueOf(oauthAppDO.isRequirePushedAuthorizationRequests()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + IS_CERTIFICATE_BOUND_ACCESS_TOKEN, String.valueOf(oauthAppDO.isTlsClientCertificateBoundAccessTokens()), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + + addOrUpdateOIDCSpProperty(preprocessedClientId, spTenantId, spOIDCProperties, + SUBJECT_TYPE, oauthAppDO.getSubjectType(), + prepStatementForPropertyAdd, preparedStatementForPropertyUpdate); + // Execute batched add/update/delete. prepStatementForPropertyAdd.executeBatch(); preparedStatementForPropertyUpdate.executeBatch(); @@ -1436,6 +1491,41 @@ private void addServiceProviderOIDCProperties(Connection connection, TOKEN_BINDING_VALIDATION, String.valueOf(consumerAppDO.isTokenBindingValidationEnabled())); + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TOKEN_AUTH_METHOD, consumerAppDO.getTokenEndpointAuthMethod()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TOKEN_AUTH_SIGNATURE_ALGORITHM, consumerAppDO.getTokenEndpointAuthSignatureAlgorithm()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, SECTOR_IDENTIFIER_URI, + consumerAppDO.getSectorIdentifierURI()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + ID_TOKEN_SIGNATURE_ALGORITHM, consumerAppDO.getIdTokenSignatureAlgorithm()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_SIGNATURE_ALGORITHM, consumerAppDO.getRequestObjectSignatureAlgorithm()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_ENCRYPTION_ALGORITHM, consumerAppDO.getRequestObjectEncryptionAlgorithm()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + REQUEST_OBJECT_ENCRYPTION_METHOD, consumerAppDO.getRequestObjectEncryptionMethod()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + TLS_SUBJECT_DN, consumerAppDO.getTlsClientAuthSubjectDN()); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + IS_PUSH_AUTH, + String.valueOf(consumerAppDO.isRequirePushedAuthorizationRequests())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + IS_CERTIFICATE_BOUND_ACCESS_TOKEN, + String.valueOf(consumerAppDO.isTlsClientCertificateBoundAccessTokens())); + + addToBatchForOIDCPropertyAdd(processedClientId, spTenantId, prepStmtAddOIDCProperty, + SUBJECT_TYPE, consumerAppDO.getSubjectType()); + prepStmtAddOIDCProperty.executeBatch(); } } @@ -1539,6 +1629,55 @@ private void setSpOIDCProperties(Map> spOIDCProperties, OAu String renewRefreshToken = getFirstPropertyValue(spOIDCProperties, RENEW_REFRESH_TOKEN); oauthApp.setRenewRefreshTokenEnabled(renewRefreshToken); + String tokenAuthMethod = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_METHOD); + if (tokenAuthMethod != null) { + oauthApp.setTokenEndpointAuthMethod(tokenAuthMethod); + } + String tokenSignatureAlgorithm = getFirstPropertyValue(spOIDCProperties, TOKEN_AUTH_SIGNATURE_ALGORITHM); + if (tokenSignatureAlgorithm != null) { + oauthApp.setTokenEndpointAuthSignatureAlgorithm(tokenSignatureAlgorithm); + } + String sectorIdentifierURI = getFirstPropertyValue(spOIDCProperties, SECTOR_IDENTIFIER_URI); + if (sectorIdentifierURI != null) { + oauthApp.setSectorIdentifierURI(sectorIdentifierURI); + } + String idTokenSignatureAlgorithm = getFirstPropertyValue(spOIDCProperties, ID_TOKEN_SIGNATURE_ALGORITHM); + if (idTokenSignatureAlgorithm != null) { + oauthApp.setIdTokenSignatureAlgorithm(idTokenSignatureAlgorithm); + } + String requestObjectSignatureAlgorithm = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_SIGNATURE_ALGORITHM); + if (requestObjectSignatureAlgorithm != null) { + oauthApp.setRequestObjectSignatureAlgorithm(requestObjectSignatureAlgorithm); + } + String tlsClientAuthSubjectDn = getFirstPropertyValue( + spOIDCProperties, TLS_SUBJECT_DN); + if (tlsClientAuthSubjectDn != null) { + oauthApp.setTlsClientAuthSubjectDN(tlsClientAuthSubjectDn); + } + String subjectType = getFirstPropertyValue(spOIDCProperties, SUBJECT_TYPE); + if (subjectType != null) { + oauthApp.setSubjectType(subjectType); + } + String requestObjectEncryptionAlgorithm = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_ALGORITHM); + if (requestObjectEncryptionAlgorithm != null) { + oauthApp.setRequestObjectEncryptionAlgorithm(requestObjectEncryptionAlgorithm); + } + String requestObjectEncryptionMethod = getFirstPropertyValue( + spOIDCProperties, REQUEST_OBJECT_ENCRYPTION_METHOD); + if (requestObjectEncryptionMethod != null) { + oauthApp.setRequestObjectEncryptionMethod(requestObjectEncryptionMethod); + } + String isPAR = getFirstPropertyValue(spOIDCProperties, IS_PUSH_AUTH); + if (isPAR != null) { + oauthApp.setRequirePushedAuthorizationRequests(Boolean.parseBoolean(isPAR)); + } + String isCertificateBoundAccessToken = getFirstPropertyValue( + spOIDCProperties, IS_CERTIFICATE_BOUND_ACCESS_TOKEN); + if (isCertificateBoundAccessToken != null) { + oauthApp.setTlsClientCertificateBoundAccessTokens(Boolean.parseBoolean(isCertificateBoundAccessToken)); + } } private String getFirstPropertyValue(Map> propertyMap, String key) { diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java index 60e6362a4e..365921ac17 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDO.java @@ -78,6 +78,17 @@ public class OAuthAppDO extends InboundConfigurationProtocol implements Serializ private String tokenBindingType; private boolean tokenRevocationWithIDPSessionTerminationEnabled; private boolean tokenBindingValidationEnabled; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; public AuthenticatedUser getAppOwner() { @@ -341,4 +352,112 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl this.tokenBindingValidationEnabled = tokenBindingValidationEnabled; } + public String getTokenEndpointAuthMethod() { + + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + + this.sectorIdentifierURI = sectorIdentifierURI; + } + + public String getIdTokenSignatureAlgorithm() { + + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + public String getRequestObjectSignatureAlgorithm() { + + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean isRequirePushedAuthorizationRequests() { + + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean isTlsClientCertificateBoundAccessTokens() { + + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + + return subjectType; + } + + public void setSubjectType(String subjectType) { + + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java index 4c6e3d2cf9..c28154e78a 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dto/OAuthConsumerAppDTO.java @@ -52,7 +52,27 @@ public class OAuthConsumerAppDTO { private String tokenBindingType; private boolean tokenRevocationWithIDPSessionTerminationEnabled; private boolean tokenBindingValidationEnabled; + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSignatureAlgorithm; + private String sectorIdentifierURI; + private String idTokenSignatureAlgorithm; + private String requestObjectSignatureAlgorithm; + private String tlsClientAuthSubjectDN; + private boolean requirePushedAuthorizationRequests; + private boolean tlsClientCertificateBoundAccessTokens; + private String subjectType; + private String requestObjectEncryptionAlgorithm; + private String requestObjectEncryptionMethod; + private String jwksURI; + public String getJwksURI() { + + return jwksURI; + } + public void setJwksURI(String jwksURi) { + + this.jwksURI = jwksURi; + } public long getUserAccessTokenExpiryTime() { return userAccessTokenExpiryTime; } @@ -252,7 +272,7 @@ public boolean isBypassClientCredentials() { * This method is deprecated. Use the 'isBypassClientCredentials' method instead. */ @Deprecated - public boolean getBypassClientCredentials() { + public boolean getBypassClientCredentials() { return bypassClientCredentials; } @@ -300,5 +320,113 @@ public void setTokenBindingValidationEnabled(boolean tokenBindingValidationEnabl this.tokenBindingValidationEnabled = tokenBindingValidationEnabled; } + + public String getTokenEndpointAuthMethod() { + + return tokenEndpointAuthMethod; + } + + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + public String getTokenEndpointAuthSignatureAlgorithm() { + + return tokenEndpointAuthSignatureAlgorithm; + } + + public void setTokenEndpointAuthSignatureAlgorithm(String tokenEndpointAuthSignatureAlgorithm) { + + this.tokenEndpointAuthSignatureAlgorithm = tokenEndpointAuthSignatureAlgorithm; + } + + public String getSectorIdentifierURI() { + + return sectorIdentifierURI; + } + + public void setSectorIdentifierURI(String sectorIdentifierURI) { + + this.sectorIdentifierURI = sectorIdentifierURI; + } + public String getRequestObjectSignatureAlgorithm() { + + return requestObjectSignatureAlgorithm; + } + + public void setRequestObjectSignatureAlgorithm(String requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + public String getTlsClientAuthSubjectDN() { + + return tlsClientAuthSubjectDN; + } + + public void setTlsClientAuthSubjectDN(String tlsClientAuthSubjectDN) { + + this.tlsClientAuthSubjectDN = tlsClientAuthSubjectDN; + } + + public boolean getRequirePushedAuthorizationRequests() { + + return requirePushedAuthorizationRequests; + } + + public void setRequirePushedAuthorizationRequests(boolean requirePushedAuthorizationRequests) { + + this.requirePushedAuthorizationRequests = requirePushedAuthorizationRequests; + } + + public boolean getTlsClientCertificateBoundAccessTokens() { + + return tlsClientCertificateBoundAccessTokens; + } + + public void setTlsClientCertificateBoundAccessTokens(boolean tlsClientCertificateBoundAccessTokens) { + + this.tlsClientCertificateBoundAccessTokens = tlsClientCertificateBoundAccessTokens; + } + + public String getSubjectType() { + + return subjectType; + } + + public void setSubjectType(String subjectType) { + + this.subjectType = subjectType; + } + + public String getRequestObjectEncryptionAlgorithm() { + + return requestObjectEncryptionAlgorithm; + } + + public void setRequestObjectEncryptionAlgorithm(String requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + public String getRequestObjectEncryptionMethod() { + + return requestObjectEncryptionMethod; + } + + public void setRequestObjectEncryptionMethod(String requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + public String getIdTokenSignatureAlgorithm() { + + return idTokenSignatureAlgorithm; + } + + public void setIdTokenSignatureAlgorithm(String idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } }