impersonation client prop

wso2 · May 15, 2024 · 1e007bd · 1e007bd
1 parent 801e511
commit 1e007bd
Show file tree

Hide file tree

Showing 5 changed files with 193 additions and 34 deletions.
diff --git a/...wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java b/...wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java
@@ -25,10 +25,15 @@
 import java.util.ArrayList;
 import java.util.List;
 import org.wso2.carbon.identity.api.server.application.management.v1.AccessTokenConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.IdTokenConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.OAuth2PKCEConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.OIDCLogoutConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.PushAuthorizationRequestConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.SubjectTokenConfiguration;
 import javax.validation.constraints.*;
 
 
@@ -85,16 +90,17 @@ public static StateEnum fromValue(String value) {
     private OAuth2PKCEConfiguration pkce;
     private AccessTokenConfiguration accessToken;
     private RefreshTokenConfiguration refreshToken;
+    private SubjectTokenConfiguration subjectToken;
     private IdTokenConfiguration idToken;
     private OIDCLogoutConfiguration logout;
     private Boolean validateRequestObjectSignature = false;
     private List<String> scopeValidators = null;
+
     private ClientAuthenticationConfiguration clientAuthentication;
     private RequestObjectConfiguration requestObject;
     private PushAuthorizationRequestConfiguration pushAuthorizationRequest;
     private SubjectConfiguration subject;
     private Boolean isFAPIApplication = false;
-    private FapiMetadata fapiMetadata;
 
     /**
     **/
@@ -302,6 +308,24 @@ public void setRefreshToken(RefreshTokenConfiguration refreshToken) {
         this.refreshToken = refreshToken;
     }
 
+    /**
+    **/
+    public OpenIDConnectConfiguration subjectToken(SubjectTokenConfiguration subjectToken) {
+
+        this.subjectToken = subjectToken;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("subjectToken")
+    @Valid
+    public SubjectTokenConfiguration getSubjectToken() {
+        return subjectToken;
+    }
+    public void setSubjectToken(SubjectTokenConfiguration subjectToken) {
+        this.subjectToken = subjectToken;
+    }
+
     /**
     **/
     public OpenIDConnectConfiguration idToken(IdTokenConfiguration idToken) {
@@ -382,14 +406,14 @@ public OpenIDConnectConfiguration addScopeValidatorsItem(String scopeValidatorsI
         return this;
     }
 
-    /**
-     **/
+        /**
+    **/
     public OpenIDConnectConfiguration clientAuthentication(ClientAuthenticationConfiguration clientAuthentication) {
 
         this.clientAuthentication = clientAuthentication;
         return this;
     }
-
+    
     @ApiModelProperty(value = "")
     @JsonProperty("clientAuthentication")
     @Valid
@@ -401,13 +425,13 @@ public void setClientAuthentication(ClientAuthenticationConfiguration clientAuth
     }
 
     /**
-     **/
+    **/
     public OpenIDConnectConfiguration requestObject(RequestObjectConfiguration requestObject) {
 
         this.requestObject = requestObject;
         return this;
     }
-
+    
     @ApiModelProperty(value = "")
     @JsonProperty("requestObject")
     @Valid
@@ -419,13 +443,13 @@ public void setRequestObject(RequestObjectConfiguration requestObject) {
     }
 
     /**
-     **/
+    **/
     public OpenIDConnectConfiguration pushAuthorizationRequest(PushAuthorizationRequestConfiguration pushAuthorizationRequest) {
 
         this.pushAuthorizationRequest = pushAuthorizationRequest;
         return this;
     }
-
+    
     @ApiModelProperty(value = "")
     @JsonProperty("pushAuthorizationRequest")
     @Valid
@@ -437,13 +461,13 @@ public void setPushAuthorizationRequest(PushAuthorizationRequestConfiguration pu
     }
 
     /**
-     **/
+    **/
     public OpenIDConnectConfiguration subject(SubjectConfiguration subject) {
 
         this.subject = subject;
         return this;
     }
-
+    
     @ApiModelProperty(value = "")
     @JsonProperty("subject")
     @Valid
@@ -455,14 +479,14 @@ public void setSubject(SubjectConfiguration subject) {
     }
 
     /**
-     * Enabling this option will make the application FAPI conformant.
-     **/
+    * Enabling this option will make the application FAPI conformant.
+    **/
     public OpenIDConnectConfiguration isFAPIApplication(Boolean isFAPIApplication) {
 
         this.isFAPIApplication = isFAPIApplication;
         return this;
     }
-
+    
     @ApiModelProperty(example = "false", value = "Enabling this option will make the application FAPI conformant.")
     @JsonProperty("isFAPIApplication")
     @Valid
@@ -473,23 +497,7 @@ public void setIsFAPIApplication(Boolean isFAPIApplication) {
         this.isFAPIApplication = isFAPIApplication;
     }
 
-    /**
-     **/
-    public OpenIDConnectConfiguration fapiMetadata(FapiMetadata fapiMetadata) {
-
-        this.fapiMetadata = fapiMetadata;
-        return this;
-    }
 
-    @ApiModelProperty(value = "")
-    @JsonProperty("fapiMetadata")
-    @Valid
-    public FapiMetadata getFapiMetadata() {
-        return fapiMetadata;
-    }
-    public void setFapiMetadata(FapiMetadata fapiMetadata) {
-        this.fapiMetadata = fapiMetadata;
-    }
 
     @Override
     public boolean equals(java.lang.Object o) {
@@ -511,6 +519,7 @@ public boolean equals(java.lang.Object o) {
             Objects.equals(this.pkce, openIDConnectConfiguration.pkce) &&
             Objects.equals(this.accessToken, openIDConnectConfiguration.accessToken) &&
             Objects.equals(this.refreshToken, openIDConnectConfiguration.refreshToken) &&
+            Objects.equals(this.subjectToken, openIDConnectConfiguration.subjectToken) &&
             Objects.equals(this.idToken, openIDConnectConfiguration.idToken) &&
             Objects.equals(this.logout, openIDConnectConfiguration.logout) &&
             Objects.equals(this.validateRequestObjectSignature, openIDConnectConfiguration.validateRequestObjectSignature) &&
@@ -519,13 +528,12 @@ public boolean equals(java.lang.Object o) {
             Objects.equals(this.requestObject, openIDConnectConfiguration.requestObject) &&
             Objects.equals(this.pushAuthorizationRequest, openIDConnectConfiguration.pushAuthorizationRequest) &&
             Objects.equals(this.subject, openIDConnectConfiguration.subject) &&
-            Objects.equals(this.isFAPIApplication, openIDConnectConfiguration.isFAPIApplication) &&
-            Objects.equals(this.fapiMetadata, openIDConnectConfiguration.fapiMetadata);
+            Objects.equals(this.isFAPIApplication, openIDConnectConfiguration.isFAPIApplication);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, accessToken, refreshToken, idToken, logout, validateRequestObjectSignature, scopeValidators, clientAuthentication, requestObject, pushAuthorizationRequest, subject, isFAPIApplication, fapiMetadata);
+        return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, accessToken, refreshToken, subjectToken, idToken, logout, validateRequestObjectSignature, scopeValidators, clientAuthentication, requestObject, pushAuthorizationRequest, subject, isFAPIApplication);
     }
 
     @Override
@@ -544,6 +552,7 @@ public String toString() {
         sb.append("    pkce: ").append(toIndentedString(pkce)).append("\n");
         sb.append("    accessToken: ").append(toIndentedString(accessToken)).append("\n");
         sb.append("    refreshToken: ").append(toIndentedString(refreshToken)).append("\n");
+        sb.append("    subjectToken: ").append(toIndentedString(subjectToken)).append("\n");
         sb.append("    idToken: ").append(toIndentedString(idToken)).append("\n");
         sb.append("    logout: ").append(toIndentedString(logout)).append("\n");
         sb.append("    validateRequestObjectSignature: ").append(toIndentedString(validateRequestObjectSignature)).append("\n");
@@ -553,7 +562,6 @@ public String toString() {
         sb.append("    pushAuthorizationRequest: ").append(toIndentedString(pushAuthorizationRequest)).append("\n");
         sb.append("    subject: ").append(toIndentedString(subject)).append("\n");
         sb.append("    isFAPIApplication: ").append(toIndentedString(isFAPIApplication)).append("\n");
-        sb.append("    fapiMetadata: ").append(toIndentedString(fapiMetadata)).append("\n");
         sb.append("}");
         return sb.toString();
     }

diff --git a/.../wso2/carbon/identity/api/server/application/management/v1/SubjectTokenConfiguration.java b/.../wso2/carbon/identity/api/server/application/management/v1/SubjectTokenConfiguration.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+
+public class SubjectTokenConfiguration  {
+
+    private Boolean enable;
+    private Integer applicationSubjectTokenExpiryInSeconds;
+
+    /**
+    * If enabled, subject token can be issued for token exchange grant type.
+    **/
+    public SubjectTokenConfiguration enable(Boolean enable) {
+
+        this.enable = enable;
+        return this;
+    }
+
+    @ApiModelProperty(value = "If enabled, subject token can be issued for token exchange grant type.")
+    @JsonProperty("enable")
+    @Valid
+    public Boolean getEnable() {
+        return enable;
+    }
+    public void setEnable(Boolean enable) {
+        this.enable = enable;
+    }
+
+    /**
+    **/
+    public SubjectTokenConfiguration applicationSubjectTokenExpiryInSeconds(Integer applicationSubjectTokenExpiryInSeconds) {
+
+        this.applicationSubjectTokenExpiryInSeconds = applicationSubjectTokenExpiryInSeconds;
+        return this;
+    }
+
+    @ApiModelProperty(example = "3600", value = "")
+    @JsonProperty("applicationSubjectTokenExpiryInSeconds")
+    @Valid
+    public Integer getApplicationSubjectTokenExpiryInSeconds() {
+        return applicationSubjectTokenExpiryInSeconds;
+    }
+    public void setApplicationSubjectTokenExpiryInSeconds(Integer applicationSubjectTokenExpiryInSeconds) {
+        this.applicationSubjectTokenExpiryInSeconds = applicationSubjectTokenExpiryInSeconds;
+    }
+
+
+
+    @Override
+    public boolean equals(java.lang.Object o) {
+
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        SubjectTokenConfiguration subjectTokenConfiguration = (SubjectTokenConfiguration) o;
+        return Objects.equals(this.enable, subjectTokenConfiguration.enable) &&
+            Objects.equals(this.applicationSubjectTokenExpiryInSeconds, subjectTokenConfiguration.applicationSubjectTokenExpiryInSeconds);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(enable, applicationSubjectTokenExpiryInSeconds);
+    }
+
+    @Override
+    public String toString() {
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("class SubjectTokenConfiguration {\n");
+
+        sb.append("    enable: ").append(toIndentedString(enable)).append("\n");
+        sb.append("    applicationSubjectTokenExpiryInSeconds: ").append(toIndentedString(applicationSubjectTokenExpiryInSeconds)).append("\n");
+        sb.append("}");
+        return sb.toString();
+    }
+
+    /**
+    * Convert the given object to string with each line indented by 4 spaces
+    * (except the first line).
+    */
+    private String toIndentedString(java.lang.Object o) {
+
+        if (o == null) {
+            return "null";
+        }
+        return o.toString().replace("\n", "\n");
+    }
+}
+
diff --git a/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java
@@ -27,6 +27,7 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.SubjectTokenConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils;
 import org.wso2.carbon.identity.oauth.common.OAuthConstants;
 import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
@@ -72,6 +73,7 @@ public OAuthConsumerAppDTO apply(String appName, OpenIDConnectConfiguration oidc
         updatePARConfigurations(consumerAppDTO, oidcModel.getPushAuthorizationRequest());
         updateSubjectConfigurations(consumerAppDTO, oidcModel.getSubject());
         consumerAppDTO.setFapiConformanceEnabled(oidcModel.getIsFAPIApplication());
+        updateSubjectTokenConfigurations(consumerAppDTO, oidcModel.getSubjectToken());
 
         return consumerAppDTO;
     }
@@ -231,4 +233,13 @@ private void updateSubjectConfigurations(OAuthConsumerAppDTO consumerAppDTO, Sub
             consumerAppDTO.setSectorIdentifierURI(subject.getSectorIdentifierUri());
         }
     }
+
+    private void updateSubjectTokenConfigurations(OAuthConsumerAppDTO consumerAppDTO,
+                                                  SubjectTokenConfiguration subjectToken) {
+
+        if (subjectToken != null) {
+            consumerAppDTO.setSubjectTokenEnabled(subjectToken.getEnable());
+            consumerAppDTO.setSubjectTokenExpiryTime(subjectToken.getApplicationSubjectTokenExpiryInSeconds());
+        }
+    }
 }
diff --git a/...n/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java b/...n/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java
@@ -28,6 +28,7 @@
 import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectEncryptionConfiguration;
 import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.SubjectTokenConfiguration;
 import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO;
 
 import java.util.ArrayList;
@@ -63,7 +64,8 @@ public OpenIDConnectConfiguration apply(OAuthConsumerAppDTO oauthAppDTO) {
                 .requestObject(buildRequestObjectConfiguration(oauthAppDTO))
                 .pushAuthorizationRequest(buildPARAuthenticationConfiguration(oauthAppDTO))
                 .subject(buildSubjectConfiguration(oauthAppDTO))
-                .isFAPIApplication(oauthAppDTO.isFapiConformanceEnabled());
+                .isFAPIApplication(oauthAppDTO.isFapiConformanceEnabled())
+                .subjectToken(buildSubjectTokenConfiguration(oauthAppDTO));
     }
 
     private List<String> getScopeValidators(OAuthConsumerAppDTO oauthAppDTO) {
@@ -201,4 +203,11 @@ private SubjectConfiguration buildSubjectConfiguration(OAuthConsumerAppDTO oAuth
                 .subjectType(oAuthConsumerAppDTO.getSubjectType())
                 .sectorIdentifierUri(oAuthConsumerAppDTO.getSectorIdentifierURI());
     }
+
+    private SubjectTokenConfiguration buildSubjectTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
+
+        return new SubjectTokenConfiguration()
+                .enable(oAuthConsumerAppDTO.isSubjectTokenEnabled())
+                .applicationSubjectTokenExpiryInSeconds(oAuthConsumerAppDTO.getSubjectTokenExpiryTime());
+    }
 }