diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java index 3865722114..aa12ee9581 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.common/src/main/java/org/wso2/carbon/identity/api/server/application/management/common/ApplicationManagementConstants.java @@ -53,6 +53,18 @@ private ApplicationManagementConstants() { public static final String ISSUER = "issuer"; public static final String RBAC = "RBAC"; public static final String NO_POLICY = "NO POLICY"; + public static final String NONE = "None"; + public static final String TOKEN_EP_SIGNATURE_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + + "SupportedTokenEndpointSigningAlgorithms.SupportedTokenEndpointSigningAlgorithm"; + public static final String ID_TOKEN_SIGNATURE_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + + "SupportedIDTokenSigningAlgorithms.SupportedIDTokenSigningAlgorithm"; + public static final String REQUEST_OBJECT_SIGNATURE_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + + "SupportedRequestObjectSigningAlgorithms.SupportedRequestObjectSigningAlgorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_ALGORITHMS_SUPPORTED = "OAuth.OpenIDConnect." + + "SupportedRequestObjectEncryptionAlgorithms.SupportedRequestObjectEncryptionAlgorithm"; + public static final String REQUEST_OBJECT_ENCRYPTION_METHODS_SUPPORTED = "OAuth.OpenIDConnect." + + "SupportedRequestObjectEncryptionMethods.SupportedRequestObjectEncryptionMethod"; + public static final String DEFAULT_SUBJECT_TYPE = "OAuth.OpenIDConnect.DefaultSubjectType"; public static final String NON_EXISTING_USER_CODE = "30007 - "; diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java new file mode 100644 index 0000000000..bb93182817 --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationConfiguration.java @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class ClientAuthenticationConfiguration { + + private String tokenEndpointAuthMethod; + private String tokenEndpointAuthSigningAlg; + private String tlsClientAuthSubjectDn; + + /** + **/ + public ClientAuthenticationConfiguration tokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + return this; + } + + @ApiModelProperty(example = "true", value = "") + @JsonProperty("tokenEndpointAuthMethod") + @Valid + public String getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + /** + **/ + public ClientAuthenticationConfiguration tokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + return this; + } + + @ApiModelProperty(example = "PS256", value = "") + @JsonProperty("tokenEndpointAuthSigningAlg") + @Valid + public String getTokenEndpointAuthSigningAlg() { + return tokenEndpointAuthSigningAlg; + } + public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) { + this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg; + } + + /** + **/ + public ClientAuthenticationConfiguration tlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + return this; + } + + @ApiModelProperty(example = "CN=John Doe,OU=OrgUnit,O=Organization,L=Colombo,ST=Western,C=LK", value = "") + @JsonProperty("tlsClientAuthSubjectDn") + @Valid + public String getTlsClientAuthSubjectDn() { + return tlsClientAuthSubjectDn; + } + public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) { + this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ClientAuthenticationConfiguration clientAuthenticationConfiguration = (ClientAuthenticationConfiguration) o; + return Objects.equals(this.tokenEndpointAuthMethod, clientAuthenticationConfiguration.tokenEndpointAuthMethod) && + Objects.equals(this.tokenEndpointAuthSigningAlg, clientAuthenticationConfiguration.tokenEndpointAuthSigningAlg) && + Objects.equals(this.tlsClientAuthSubjectDn, clientAuthenticationConfiguration.tlsClientAuthSubjectDn); + } + + @Override + public int hashCode() { + return Objects.hash(tokenEndpointAuthMethod, tokenEndpointAuthSigningAlg, tlsClientAuthSubjectDn); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class ClientAuthenticationConfiguration {\n"); + + sb.append(" tokenEndpointAuthMethod: ").append(toIndentedString(tokenEndpointAuthMethod)).append("\n"); + sb.append(" tokenEndpointAuthSigningAlg: ").append(toIndentedString(tokenEndpointAuthSigningAlg)).append("\n"); + sb.append(" tlsClientAuthSubjectDn: ").append(toIndentedString(tlsClientAuthSubjectDn)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethod.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethod.java new file mode 100644 index 0000000000..7bc5f58224 --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethod.java @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class ClientAuthenticationMethod { + + private String name; + private String displayName; + + /** + **/ + public ClientAuthenticationMethod name(String name) { + + this.name = name; + return this; + } + + @ApiModelProperty(example = "private_key_jwt", value = "") + @JsonProperty("name") + @Valid + public String getName() { + return name; + } + public void setName(String name) { + this.name = name; + } + + /** + **/ + public ClientAuthenticationMethod displayName(String displayName) { + + this.displayName = displayName; + return this; + } + + @ApiModelProperty(example = "Private Key JWT", value = "") + @JsonProperty("displayName") + @Valid + public String getDisplayName() { + return displayName; + } + public void setDisplayName(String displayName) { + this.displayName = displayName; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ClientAuthenticationMethod clientAuthenticationMethod = (ClientAuthenticationMethod) o; + return Objects.equals(this.name, clientAuthenticationMethod.name) && + Objects.equals(this.displayName, clientAuthenticationMethod.displayName); + } + + @Override + public int hashCode() { + return Objects.hash(name, displayName); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class ClientAuthenticationMethod {\n"); + + sb.append(" name: ").append(toIndentedString(name)).append("\n"); + sb.append(" displayName: ").append(toIndentedString(displayName)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethodMetadata.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethodMetadata.java new file mode 100644 index 0000000000..b4f513a157 --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/ClientAuthenticationMethodMetadata.java @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +public class ClientAuthenticationMethodMetadata { + + private List options = null; + + + /** + **/ + public ClientAuthenticationMethodMetadata options(List options) { + + this.options = options; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("options") + @Valid + public List getOptions() { + return options; + } + public void setOptions(List options) { + this.options = options; + } + + public ClientAuthenticationMethodMetadata addOptionsItem(ClientAuthenticationMethod optionsItem) { + if (this.options == null) { + this.options = new ArrayList<>(); + } + this.options.add(optionsItem); + return this; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + ClientAuthenticationMethodMetadata clientAuthenticationMethodMetadata = (ClientAuthenticationMethodMetadata) o; + return Objects.equals(this.options, clientAuthenticationMethodMetadata.options); + } + + @Override + public int hashCode() { + return Objects.hash(options); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class ClientAuthenticationMethodMetadata {\n"); + + sb.append(" options: ").append(toIndentedString(options)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/IdTokenConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/IdTokenConfiguration.java index 095a10e805..1899e46e59 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/IdTokenConfiguration.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/IdTokenConfiguration.java @@ -37,6 +37,7 @@ public class IdTokenConfiguration { private Long expiryInSeconds; private List audience = null; + private String idTokenSignedResponseAlg; private IdTokenEncryptionConfiguration encryption; @@ -84,6 +85,24 @@ public IdTokenConfiguration addAudienceItem(String audienceItem) { return this; } + /** + **/ + public IdTokenConfiguration idTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + return this; + } + + @ApiModelProperty(example = "PS256", value = "") + @JsonProperty("idTokenSignedResponseAlg") + @Valid + public String getIdTokenSignedResponseAlg() { + return idTokenSignedResponseAlg; + } + public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) { + this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; + } + /** **/ public IdTokenConfiguration encryption(IdTokenEncryptionConfiguration encryption) { @@ -116,12 +135,13 @@ public boolean equals(java.lang.Object o) { IdTokenConfiguration idTokenConfiguration = (IdTokenConfiguration) o; return Objects.equals(this.expiryInSeconds, idTokenConfiguration.expiryInSeconds) && Objects.equals(this.audience, idTokenConfiguration.audience) && + Objects.equals(this.idTokenSignedResponseAlg, idTokenConfiguration.idTokenSignedResponseAlg) && Objects.equals(this.encryption, idTokenConfiguration.encryption); } @Override public int hashCode() { - return Objects.hash(expiryInSeconds, audience, encryption); + return Objects.hash(expiryInSeconds, audience, idTokenSignedResponseAlg, encryption); } @Override @@ -132,6 +152,7 @@ public String toString() { sb.append(" expiryInSeconds: ").append(toIndentedString(expiryInSeconds)).append("\n"); sb.append(" audience: ").append(toIndentedString(audience)).append("\n"); + sb.append(" idTokenSignedResponseAlg: ").append(toIndentedString(idTokenSignedResponseAlg)).append("\n"); sb.append(" encryption: ").append(toIndentedString(encryption)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java index c4d70dad28..827674c829 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OIDCMetaData.java @@ -44,6 +44,13 @@ public class OIDCMetaData { private MetadataProperty scopeValidators; private MetadataProperty accessTokenType; private MetadataProperty accessTokenBindingType; + private ClientAuthenticationMethodMetadata tokenEndpointAuthMethod; + private MetadataProperty tokenEndpointSignatureAlgorithm; + private MetadataProperty idTokenSignatureAlgorithm; + private MetadataProperty requestObjectSignatureAlgorithm; + private MetadataProperty requestObjectEncryptionAlgorithm; + private MetadataProperty requestObjectEncryptionMethod; + private MetadataProperty subjectType; /** **/ @@ -225,6 +232,131 @@ public void setAccessTokenBindingType(MetadataProperty accessTokenBindingType) { this.accessTokenBindingType = accessTokenBindingType; } + /** + **/ + public OIDCMetaData tokenEndpointAuthMethod(ClientAuthenticationMethodMetadata tokenEndpointAuthMethod) { + + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("tokenEndpointAuthMethod") + @Valid + public ClientAuthenticationMethodMetadata getTokenEndpointAuthMethod() { + return tokenEndpointAuthMethod; + } + public void setTokenEndpointAuthMethod(ClientAuthenticationMethodMetadata tokenEndpointAuthMethod) { + this.tokenEndpointAuthMethod = tokenEndpointAuthMethod; + } + + /** + **/ + public OIDCMetaData tokenEndpointSignatureAlgorithm(MetadataProperty tokenEndpointSignatureAlgorithm) { + + this.tokenEndpointSignatureAlgorithm = tokenEndpointSignatureAlgorithm; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("tokenEndpointSignatureAlgorithm") + @Valid + public MetadataProperty getTokenEndpointSignatureAlgorithm() { + return tokenEndpointSignatureAlgorithm; + } + public void setTokenEndpointSignatureAlgorithm(MetadataProperty tokenEndpointSignatureAlgorithm) { + this.tokenEndpointSignatureAlgorithm = tokenEndpointSignatureAlgorithm; + } + + /** + **/ + public OIDCMetaData idTokenSignatureAlgorithm(MetadataProperty idTokenSignatureAlgorithm) { + + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("idTokenSignatureAlgorithm") + @Valid + public MetadataProperty getIdTokenSignatureAlgorithm() { + return idTokenSignatureAlgorithm; + } + public void setIdTokenSignatureAlgorithm(MetadataProperty idTokenSignatureAlgorithm) { + this.idTokenSignatureAlgorithm = idTokenSignatureAlgorithm; + } + + /** + **/ + public OIDCMetaData requestObjectSignatureAlgorithm(MetadataProperty requestObjectSignatureAlgorithm) { + + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("requestObjectSignatureAlgorithm") + @Valid + public MetadataProperty getRequestObjectSignatureAlgorithm() { + return requestObjectSignatureAlgorithm; + } + public void setRequestObjectSignatureAlgorithm(MetadataProperty requestObjectSignatureAlgorithm) { + this.requestObjectSignatureAlgorithm = requestObjectSignatureAlgorithm; + } + + /** + **/ + public OIDCMetaData requestObjectEncryptionAlgorithm(MetadataProperty requestObjectEncryptionAlgorithm) { + + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("requestObjectEncryptionAlgorithm") + @Valid + public MetadataProperty getRequestObjectEncryptionAlgorithm() { + return requestObjectEncryptionAlgorithm; + } + public void setRequestObjectEncryptionAlgorithm(MetadataProperty requestObjectEncryptionAlgorithm) { + this.requestObjectEncryptionAlgorithm = requestObjectEncryptionAlgorithm; + } + + /** + **/ + public OIDCMetaData requestObjectEncryptionMethod(MetadataProperty requestObjectEncryptionMethod) { + + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("requestObjectEncryptionMethod") + @Valid + public MetadataProperty getRequestObjectEncryptionMethod() { + return requestObjectEncryptionMethod; + } + public void setRequestObjectEncryptionMethod(MetadataProperty requestObjectEncryptionMethod) { + this.requestObjectEncryptionMethod = requestObjectEncryptionMethod; + } + + /** + **/ + public OIDCMetaData subjectType(MetadataProperty subjectType) { + + this.subjectType = subjectType; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("subjectType") + @Valid + public MetadataProperty getSubjectType() { + return subjectType; + } + public void setSubjectType(MetadataProperty subjectType) { + this.subjectType = subjectType; + } @Override @@ -246,12 +378,19 @@ public boolean equals(java.lang.Object o) { Objects.equals(this.idTokenEncryptionMethod, oiDCMetaData.idTokenEncryptionMethod) && Objects.equals(this.scopeValidators, oiDCMetaData.scopeValidators) && Objects.equals(this.accessTokenType, oiDCMetaData.accessTokenType) && - Objects.equals(this.accessTokenBindingType, oiDCMetaData.accessTokenBindingType); + Objects.equals(this.accessTokenBindingType, oiDCMetaData.accessTokenBindingType) && + Objects.equals(this.tokenEndpointAuthMethod, oiDCMetaData.tokenEndpointAuthMethod) && + Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.tokenEndpointSignatureAlgorithm) && + Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.idTokenSignatureAlgorithm) && + Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.requestObjectSignatureAlgorithm) && + Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.requestObjectEncryptionAlgorithm) && + Objects.equals(this.tokenEndpointSignatureAlgorithm, oiDCMetaData.requestObjectEncryptionMethod) && + Objects.equals(this.subjectType, oiDCMetaData.subjectType); } @Override public int hashCode() { - return Objects.hash(allowedGrantTypes, defaultUserAccessTokenExpiryTime, defaultApplicationAccessTokenExpiryTime, defaultRefreshTokenExpiryTime, defaultIdTokenExpiryTime, idTokenEncryptionAlgorithm, idTokenEncryptionMethod, scopeValidators, accessTokenType, accessTokenBindingType); + return Objects.hash(allowedGrantTypes, defaultUserAccessTokenExpiryTime, defaultApplicationAccessTokenExpiryTime, defaultRefreshTokenExpiryTime, defaultIdTokenExpiryTime, idTokenEncryptionAlgorithm, idTokenEncryptionMethod, scopeValidators, accessTokenType, accessTokenBindingType, tokenEndpointAuthMethod, tokenEndpointSignatureAlgorithm, idTokenSignatureAlgorithm, requestObjectSignatureAlgorithm, requestObjectEncryptionAlgorithm, requestObjectEncryptionMethod, subjectType); } @Override @@ -270,6 +409,13 @@ public String toString() { sb.append(" scopeValidators: ").append(toIndentedString(scopeValidators)).append("\n"); sb.append(" accessTokenType: ").append(toIndentedString(accessTokenType)).append("\n"); sb.append(" accessTokenBindingType: ").append(toIndentedString(accessTokenBindingType)).append("\n"); + sb.append(" tokenEndpointAuthMethod: ").append(toIndentedString(tokenEndpointAuthMethod)).append("\n"); + sb.append(" tokenEndpointSignatureAlgorithm: ").append(toIndentedString(tokenEndpointSignatureAlgorithm)).append("\n"); + sb.append(" idTokenSignatureAlgorithm: ").append(toIndentedString(idTokenSignatureAlgorithm)).append("\n"); + sb.append(" requestObjectSignatureAlgorithm: ").append(toIndentedString(requestObjectSignatureAlgorithm)).append("\n"); + sb.append(" requestObjectEncryptionAlgorithm: ").append(toIndentedString(requestObjectEncryptionAlgorithm)).append("\n"); + sb.append(" requestObjectEncryptionMethod: ").append(toIndentedString(requestObjectEncryptionMethod)).append("\n"); + sb.append(" subjectType: ").append(toIndentedString(subjectType)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java index b3016bf3a8..cf3c46e6b2 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/OpenIDConnectConfiguration.java @@ -89,7 +89,10 @@ public static StateEnum fromValue(String value) { private OIDCLogoutConfiguration logout; private Boolean validateRequestObjectSignature = false; private List scopeValidators = null; - + private ClientAuthenticationConfiguration clientAuthentication; + private RequestObjectConfiguration requestObject; + private PushAuthorizationRequestConfiguration pushAuthorizationRequest; + private SubjectConfiguration subject; /** **/ @@ -377,7 +380,77 @@ public OpenIDConnectConfiguration addScopeValidatorsItem(String scopeValidatorsI return this; } - + /** + **/ + public OpenIDConnectConfiguration clientAuthentication(ClientAuthenticationConfiguration clientAuthentication) { + + this.clientAuthentication = clientAuthentication; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("clientAuthentication") + @Valid + public ClientAuthenticationConfiguration getClientAuthentication() { + return clientAuthentication; + } + public void setClientAuthentication(ClientAuthenticationConfiguration clientAuthentication) { + this.clientAuthentication = clientAuthentication; + } + + /** + **/ + public OpenIDConnectConfiguration requestObject(RequestObjectConfiguration requestObject) { + + this.requestObject = requestObject; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("requestObject") + @Valid + public RequestObjectConfiguration getRequestObject() { + return requestObject; + } + public void setRequestObject(RequestObjectConfiguration requestObject) { + this.requestObject = requestObject; + } + + /** + **/ + public OpenIDConnectConfiguration pushAuthorizationRequest(PushAuthorizationRequestConfiguration pushAuthorizationRequest) { + + this.pushAuthorizationRequest = pushAuthorizationRequest; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("pushAuthorizationRequest") + @Valid + public PushAuthorizationRequestConfiguration getPushAuthorizationRequest() { + return pushAuthorizationRequest; + } + public void setPushAuthorizationRequest(PushAuthorizationRequestConfiguration pushAuthorizationRequest) { + this.pushAuthorizationRequest = pushAuthorizationRequest; + } + + /** + **/ + public OpenIDConnectConfiguration subject(SubjectConfiguration subject) { + + this.subject = subject; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("subject") + @Valid + public SubjectConfiguration getSubject() { + return subject; + } + public void setSubject(SubjectConfiguration subject) { + this.subject = subject; + } @Override public boolean equals(java.lang.Object o) { @@ -402,12 +475,17 @@ public boolean equals(java.lang.Object o) { Objects.equals(this.idToken, openIDConnectConfiguration.idToken) && Objects.equals(this.logout, openIDConnectConfiguration.logout) && Objects.equals(this.validateRequestObjectSignature, openIDConnectConfiguration.validateRequestObjectSignature) && - Objects.equals(this.scopeValidators, openIDConnectConfiguration.scopeValidators); + Objects.equals(this.scopeValidators, openIDConnectConfiguration.scopeValidators) && + Objects.equals(this.clientAuthentication, openIDConnectConfiguration.clientAuthentication) && + Objects.equals(this.requestObject, openIDConnectConfiguration.requestObject) && + Objects.equals(this.pushAuthorizationRequest, openIDConnectConfiguration.pushAuthorizationRequest) && + Objects.equals(this.subject, openIDConnectConfiguration.subject); + } @Override public int hashCode() { - return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, accessToken, refreshToken, idToken, logout, validateRequestObjectSignature, scopeValidators); + return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, accessToken, refreshToken, idToken, logout, validateRequestObjectSignature, scopeValidators, clientAuthentication, requestObject, pushAuthorizationRequest, subject); } @Override @@ -430,6 +508,10 @@ public String toString() { sb.append(" logout: ").append(toIndentedString(logout)).append("\n"); sb.append(" validateRequestObjectSignature: ").append(toIndentedString(validateRequestObjectSignature)).append("\n"); sb.append(" scopeValidators: ").append(toIndentedString(scopeValidators)).append("\n"); + sb.append(" clientAuthentication: ").append(toIndentedString(clientAuthentication)).append("\n"); + sb.append(" requestObject: ").append(toIndentedString(requestObject)).append("\n"); + sb.append(" pushAuthorizationRequest: ").append(toIndentedString(pushAuthorizationRequest)).append("\n"); + sb.append(" subject: ").append(toIndentedString(subject)).append("\n"); sb.append("}"); return sb.toString(); } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PushAuthorizationRequestConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PushAuthorizationRequestConfiguration.java new file mode 100644 index 0000000000..9327d6ced7 --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/PushAuthorizationRequestConfiguration.java @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class PushAuthorizationRequestConfiguration { + + private Boolean requirePushAuthorizationRequest; + + /** + **/ + public PushAuthorizationRequestConfiguration requirePushAuthorizationRequest(Boolean requirePushAuthorizationRequest) { + + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + return this; + } + + @ApiModelProperty(example = "false", value = "") + @JsonProperty("requirePushAuthorizationRequest") + @Valid + public Boolean getRequirePushAuthorizationRequest() { + return requirePushAuthorizationRequest; + } + public void setRequirePushAuthorizationRequest(Boolean requirePushAuthorizationRequest) { + this.requirePushAuthorizationRequest = requirePushAuthorizationRequest; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + PushAuthorizationRequestConfiguration pushAuthorizationRequestConfiguration = (PushAuthorizationRequestConfiguration) o; + return Objects.equals(this.requirePushAuthorizationRequest, pushAuthorizationRequestConfiguration.requirePushAuthorizationRequest); + } + + @Override + public int hashCode() { + return Objects.hash(requirePushAuthorizationRequest); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class PushAuthorizationRequestConfiguration {\n"); + + sb.append(" requirePushAuthorizationRequest: ").append(toIndentedString(requirePushAuthorizationRequest)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectConfiguration.java new file mode 100644 index 0000000000..502320b968 --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectConfiguration.java @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class RequestObjectConfiguration { + + private String requestObjectSigningAlg; + + private RequestObjectEncryptionConfiguration encryption; + + /** + **/ + public RequestObjectConfiguration requestObjectSigningAlg(String requestObjectSigningAlg) { + + this.requestObjectSigningAlg = requestObjectSigningAlg; + return this; + } + + @ApiModelProperty(example = "PS256", value = "") + @JsonProperty("requestObjectSigningAlg") + @Valid + public String getRequestObjectSigningAlg() { + return requestObjectSigningAlg; + } + public void setRequestObjectSigningAlg(String requestObjectSigningAlg) { + this.requestObjectSigningAlg = requestObjectSigningAlg; + } + + /** + **/ + public RequestObjectConfiguration encryption(RequestObjectEncryptionConfiguration encryption) { + + this.encryption = encryption; + return this; + } + + @ApiModelProperty(value = "") + @JsonProperty("encryption") + @Valid + public RequestObjectEncryptionConfiguration getEncryption() { + return encryption; + } + public void setEncryption(RequestObjectEncryptionConfiguration encryption) { + this.encryption = encryption; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + RequestObjectConfiguration requestObjectConfiguration = (RequestObjectConfiguration) o; + return Objects.equals(this.requestObjectSigningAlg, requestObjectConfiguration.requestObjectSigningAlg) && + Objects.equals(this.encryption, requestObjectConfiguration.encryption); + } + + @Override + public int hashCode() { + return Objects.hash(requestObjectSigningAlg, encryption); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class RequestObjectConfiguration {\n"); + + sb.append(" requestObjectSigningAlg: ").append(toIndentedString(requestObjectSigningAlg)).append("\n"); + sb.append(" encryption: ").append(toIndentedString(encryption)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectEncryptionConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectEncryptionConfiguration.java new file mode 100644 index 0000000000..9e04d2624a --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/RequestObjectEncryptionConfiguration.java @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class RequestObjectEncryptionConfiguration { + + private String algorithm; + private String method; + + /** + **/ + public RequestObjectEncryptionConfiguration algorithm(String algorithm) { + + this.algorithm = algorithm; + return this; + } + + @ApiModelProperty(example = "RSA-OAEP", value = "") + @JsonProperty("algorithm") + @Valid + public String getAlgorithm() { + return algorithm; + } + public void setAlgorithm(String algorithm) { + this.algorithm = algorithm; + } + + /** + **/ + public RequestObjectEncryptionConfiguration method(String method) { + + this.method = method; + return this; + } + + @ApiModelProperty(example = "A128CBC+HS256", value = "") + @JsonProperty("method") + @Valid + public String getMethod() { + return method; + } + public void setMethod(String method) { + this.method = method; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + RequestObjectEncryptionConfiguration requestObjectEncryptionConfiguration = (RequestObjectEncryptionConfiguration) o; + return Objects.equals(this.algorithm, requestObjectEncryptionConfiguration.algorithm) && + Objects.equals(this.method, requestObjectEncryptionConfiguration.method); + } + + @Override + public int hashCode() { + return Objects.hash(algorithm, method); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class RequestObjectEncryptionConfiguration {\n"); + + sb.append(" algorithm: ").append(toIndentedString(algorithm)).append("\n"); + sb.append(" method: ").append(toIndentedString(method)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} + + diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/SubjectConfiguration.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/SubjectConfiguration.java new file mode 100644 index 0000000000..a7de775d2b --- /dev/null +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/SubjectConfiguration.java @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.api.server.application.management.v1; + +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.annotations.ApiModelProperty; + +import javax.validation.Valid; +import java.util.Objects; + +public class SubjectConfiguration { + + private String subjectType; + private String sectorIdentifierUri; + + /** + **/ + public SubjectConfiguration subjectType(String subjectType) { + + this.subjectType = subjectType; + return this; + } + + @ApiModelProperty(example = "public", value = "") + @JsonProperty("subjectType") + @Valid + public String getSubjectType() { + return subjectType; + } + public void setSubjectType(String subjectType) { + this.subjectType = subjectType; + } + + /** + **/ + public SubjectConfiguration sectorIdentifierUri(String sectorIdentifierUri) { + + this.sectorIdentifierUri = sectorIdentifierUri; + return this; + } + + @ApiModelProperty(example = "https://app.example.com", value = "") + @JsonProperty("sectorIdentifierUri") + @Valid + public String getSectorIdentifierUri() { + return sectorIdentifierUri; + } + public void setSectorIdentifierUri(String sectorIdentifierUri) { + this.sectorIdentifierUri = sectorIdentifierUri; + } + + @Override + public boolean equals(java.lang.Object o) { + + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + SubjectConfiguration subjectConfiguration = (SubjectConfiguration) o; + return Objects.equals(this.subjectType, subjectConfiguration.subjectType) && + Objects.equals(this.sectorIdentifierUri, subjectConfiguration.sectorIdentifierUri); + } + + @Override + public int hashCode() { + return Objects.hash(subjectType, sectorIdentifierUri); + } + + @Override + public String toString() { + + StringBuilder sb = new StringBuilder(); + sb.append("class SubjectConfiguration {\n"); + + sb.append(" subjectType: ").append(toIndentedString(subjectType)).append("\n"); + sb.append(" sectorIdentifierUri: ").append(toIndentedString(sectorIdentifierUri)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n"); + } +} diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java index 365a923f14..c9508ce370 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/ServerApplicationMetadataService.java @@ -21,10 +21,13 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants; import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementConstants.ErrorMessage; import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder; import org.wso2.carbon.identity.api.server.application.management.v1.AdaptiveAuthTemplates; import org.wso2.carbon.identity.api.server.application.management.v1.AuthProtocolMetadata; +import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationMethod; +import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationMethodMetadata; import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolMetaData; import org.wso2.carbon.identity.api.server.application.management.v1.CustomInboundProtocolProperty; import org.wso2.carbon.identity.api.server.application.management.v1.GrantType; @@ -38,9 +41,12 @@ import org.wso2.carbon.identity.application.common.model.Property; import org.wso2.carbon.identity.application.mgt.AbstractInboundAuthenticatorConfig; import org.wso2.carbon.identity.base.IdentityException; +import org.wso2.carbon.identity.core.util.IdentityUtil; import org.wso2.carbon.identity.oauth.OAuthAdminServiceImpl; +import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.dto.OAuthIDTokenAlgorithmDTO; import org.wso2.carbon.identity.oauth.dto.TokenBindingMetaDataDTO; +import org.wso2.carbon.identity.oauth2.util.OAuth2Util; import org.wso2.carbon.identity.sso.saml.SAMLSSOConfigServiceImpl; import org.wso2.carbon.security.SecurityConfigException; @@ -151,6 +157,59 @@ public OIDCMetaData getOIDCMetadata() { OIDCMetaData oidcMetaData = new OIDCMetaData(); OAuthAdminServiceImpl oAuthAdminService = ApplicationManagementServiceHolder.getOAuthAdminService(); + List tokenEpAuthMethods = Arrays.asList(OAuth2Util.getSupportedClientAuthMethods()); + List supportedClientAuthenticationMethods = new ArrayList<>(); + for (String tokenEpAuthMethod : tokenEpAuthMethods) { + ClientAuthenticationMethod clientAuthenticationMethod = new ClientAuthenticationMethod(); + clientAuthenticationMethod.setName(tokenEpAuthMethod); + if (tokenEpAuthMethod.equals("client_secret_basic")) { + clientAuthenticationMethod.setDisplayName("Client Secret Basic"); + } else if (tokenEpAuthMethod.equals("client_secret_post")) { + clientAuthenticationMethod.setDisplayName("Client Secret Post"); + } else if (tokenEpAuthMethod.equals("private_key_jwt")) { + clientAuthenticationMethod.setDisplayName("Private Key JWT"); + } else if (tokenEpAuthMethod.equals("tls_client_auth")) { + clientAuthenticationMethod.setDisplayName("Mutual TLS"); + } else { + clientAuthenticationMethod.setDisplayName(tokenEpAuthMethod); + } + supportedClientAuthenticationMethods.add(clientAuthenticationMethod); + } + oidcMetaData.setTokenEndpointAuthMethod( + new ClientAuthenticationMethodMetadata().options(supportedClientAuthenticationMethods)); + List tokenEpSigningAlgorithms = IdentityUtil + .getPropertyAsList(ApplicationManagementConstants.TOKEN_EP_SIGNATURE_ALGORITHMS_SUPPORTED); + oidcMetaData.setTokenEndpointSignatureAlgorithm(new MetadataProperty() + .options(tokenEpSigningAlgorithms)); + List idTokenSigningAlgorithms = new ArrayList<>(); + idTokenSigningAlgorithms.add(ApplicationManagementConstants.NONE); + idTokenSigningAlgorithms.addAll(IdentityUtil. + getPropertyAsList(ApplicationManagementConstants.ID_TOKEN_SIGNATURE_ALGORITHMS_SUPPORTED)); + oidcMetaData.setIdTokenSignatureAlgorithm(new MetadataProperty() + .options(idTokenSigningAlgorithms)); + List requestObjectSigningAlgorithms = new ArrayList<>(); + requestObjectSigningAlgorithms.add(ApplicationManagementConstants.NONE); + requestObjectSigningAlgorithms.addAll(IdentityUtil + .getPropertyAsList(ApplicationManagementConstants.REQUEST_OBJECT_SIGNATURE_ALGORITHMS_SUPPORTED)); + oidcMetaData.setRequestObjectSignatureAlgorithm(new MetadataProperty() + .options(requestObjectSigningAlgorithms)); + List requestObjectEncryptionAlgorithms = new ArrayList<>(); + requestObjectEncryptionAlgorithms.add(ApplicationManagementConstants.NONE); + requestObjectEncryptionAlgorithms.addAll(IdentityUtil + .getPropertyAsList(ApplicationManagementConstants.REQUEST_OBJECT_ENCRYPTION_ALGORITHMS_SUPPORTED)); + oidcMetaData.setRequestObjectEncryptionAlgorithm(new MetadataProperty() + .options(requestObjectEncryptionAlgorithms)); + List requestObjectEncryptionMethods = new ArrayList<>(); + requestObjectEncryptionMethods.add(ApplicationManagementConstants.NONE); + requestObjectEncryptionMethods.addAll(IdentityUtil + .getPropertyAsList(ApplicationManagementConstants.REQUEST_OBJECT_ENCRYPTION_METHODS_SUPPORTED)); + oidcMetaData.setRequestObjectEncryptionMethod(new MetadataProperty() + .options(requestObjectEncryptionMethods)); + List subjectTypes = Arrays.asList(OAuthConstants.SubjectType.PUBLIC.getValue(), + OAuthConstants.SubjectType.PAIRWISE.getValue()); + oidcMetaData.setSubjectType(new MetadataProperty() + .defaultValue(IdentityUtil.getProperty(ApplicationManagementConstants.DEFAULT_SUBJECT_TYPE)) + .options(subjectTypes)); List supportedGrantTypes = new LinkedList<>(Arrays.asList(oAuthAdminService.getAllowedGrantTypes())); List supportedGrantTypeNames = new ArrayList<>(); // Iterate through the standard grant type names and add matching elements. diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java index 4515f431a7..7d32ce5b40 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java @@ -18,11 +18,15 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.wso2.carbon.identity.api.server.application.management.v1.AccessTokenConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.IdTokenConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OAuth2PKCEConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OIDCLogoutConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.PushAuthorizationRequestConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.core.functions.Utils; import org.wso2.carbon.identity.oauth.common.OAuthConstants; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; @@ -63,6 +67,10 @@ public OAuthConsumerAppDTO apply(String appName, OpenIDConnectConfiguration oidc updateRefreshTokenConfiguration(consumerAppDTO, oidcModel.getRefreshToken()); updateIdTokenConfiguration(consumerAppDTO, oidcModel.getIdToken()); updateOidcLogoutConfiguration(consumerAppDTO, oidcModel.getLogout()); + updateClientAuthenticationConfigurations(consumerAppDTO, oidcModel.getClientAuthentication()); + updateRequestObjectConfiguration(consumerAppDTO, oidcModel.getRequestObject()); + updatePARConfigurations(consumerAppDTO, oidcModel.getPushAuthorizationRequest()); + updateSubjectConfigurations(consumerAppDTO, oidcModel.getSubject()); return consumerAppDTO; } @@ -92,6 +100,7 @@ private void updateIdTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, IdTo .map(audiences -> audiences.toArray(new String[0])) .orElse(new String[0]) ); + consumerAppDTO.setIdTokenSignatureAlgorithm(idToken.getIdTokenSignedResponseAlg()); if (idToken.getEncryption() != null) { boolean idTokenEncryptionEnabled = isIdTokenEncryptionEnabled(idToken); @@ -101,6 +110,7 @@ private void updateIdTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, IdTo consumerAppDTO.setIdTokenEncryptionMethod(idToken.getEncryption().getMethod()); } } + } } @@ -178,4 +188,46 @@ private String getCallbackUrl(List callbackURLs) { return null; } } + + private void updateClientAuthenticationConfigurations(OAuthConsumerAppDTO appDTO, + ClientAuthenticationConfiguration clientAuthentication) { + + if (clientAuthentication != null) { + appDTO.setTokenEndpointAuthMethod(clientAuthentication.getTokenEndpointAuthMethod()); + appDTO.setTokenEndpointAuthSignatureAlgorithm(clientAuthentication.getTokenEndpointAuthSigningAlg()); + appDTO.setTlsClientAuthSubjectDN(clientAuthentication.getTlsClientAuthSubjectDn()); + } + } + + private void updatePARConfigurations(OAuthConsumerAppDTO appDTO, PushAuthorizationRequestConfiguration par) { + + if (par != null) { + appDTO.setRequirePushedAuthorizationRequests(par.getRequirePushAuthorizationRequest()); + } + } + + private void updateRequestObjectConfiguration(OAuthConsumerAppDTO consumerAppDTO, + RequestObjectConfiguration requestObject) { + + if (requestObject != null) { + + if (requestObject.getEncryption() != null && requestObject.getEncryption().getAlgorithm() != null) { + consumerAppDTO.setRequestObjectEncryptionAlgorithm(requestObject.getEncryption().getAlgorithm()); + } + if (requestObject.getEncryption() != null && requestObject.getEncryption().getMethod() != null) { + consumerAppDTO.setRequestObjectEncryptionMethod(requestObject.getEncryption().getMethod()); + } + if (requestObject.getRequestObjectSigningAlg() != null) { + consumerAppDTO.setRequestObjectSignatureAlgorithm(requestObject.getRequestObjectSigningAlg()); + } + } + } + + private void updateSubjectConfigurations(OAuthConsumerAppDTO consumerAppDTO, SubjectConfiguration subject) { + + if (subject != null) { + consumerAppDTO.setSubjectType(subject.getSubjectType()); + consumerAppDTO.setSectorIdentifierURI(subject.getSectorIdentifierUri()); + } + } } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java index a4aad84987..86ac3cc468 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java @@ -17,12 +17,17 @@ import org.apache.commons.lang.StringUtils; import org.wso2.carbon.identity.api.server.application.management.v1.AccessTokenConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.ClientAuthenticationConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.IdTokenConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.IdTokenEncryptionConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OAuth2PKCEConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OIDCLogoutConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.OpenIDConnectConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.PushAuthorizationRequestConfiguration; import org.wso2.carbon.identity.api.server.application.management.v1.RefreshTokenConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.RequestObjectEncryptionConfiguration; +import org.wso2.carbon.identity.api.server.application.management.v1.SubjectConfiguration; import org.wso2.carbon.identity.oauth.dto.OAuthConsumerAppDTO; import java.util.ArrayList; @@ -53,7 +58,11 @@ public OpenIDConnectConfiguration apply(OAuthConsumerAppDTO oauthAppDTO) { .idToken(buildIdTokenConfiguration(oauthAppDTO)) .logout(buildLogoutConfiguration(oauthAppDTO)) .scopeValidators(getScopeValidators(oauthAppDTO)) - .validateRequestObjectSignature(oauthAppDTO.isRequestObjectSignatureValidationEnabled()); + .validateRequestObjectSignature(oauthAppDTO.isRequestObjectSignatureValidationEnabled()) + .clientAuthentication(buildClientAuthenticationConfiguration(oauthAppDTO)) + .requestObject(buildRequestObjectConfiguration(oauthAppDTO)) + .pushAuthorizationRequest(buildPARAuthenticationConfiguration(oauthAppDTO)) + .subject(buildSubjectConfiguration(oauthAppDTO)); } private List getScopeValidators(OAuthConsumerAppDTO oauthAppDTO) { @@ -100,6 +109,7 @@ private IdTokenConfiguration buildIdTokenConfiguration(OAuthConsumerAppDTO oAuth return new IdTokenConfiguration() .expiryInSeconds(oAuthConsumerAppDTO.getIdTokenExpiryTime()) .audience(getAudiences(oAuthConsumerAppDTO)) + .idTokenSignedResponseAlg(oAuthConsumerAppDTO.getIdTokenSignatureAlgorithm()) .encryption(buildIdTokenEncryptionConfiguration(oAuthConsumerAppDTO)); } @@ -146,4 +156,48 @@ private List getCallbackUrls(OAuthConsumerAppDTO oauthApp) { } return callbackUris; } + + private ClientAuthenticationConfiguration buildClientAuthenticationConfiguration(OAuthConsumerAppDTO appDTO) { + + return new ClientAuthenticationConfiguration() + .tokenEndpointAuthMethod(appDTO.getTokenEndpointAuthMethod()) + .tokenEndpointAuthSigningAlg(appDTO.getTokenEndpointAuthSignatureAlgorithm()) + .tlsClientAuthSubjectDn(appDTO.getTlsClientAuthSubjectDN()); + } + + private RequestObjectConfiguration buildRequestObjectConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) { + + return new RequestObjectConfiguration() + .requestObjectSigningAlg(oAuthConsumerAppDTO.getRequestObjectSignatureAlgorithm()) + .encryption(buildRequestObjectEncryptionConfiguration(oAuthConsumerAppDTO)); + } + + private RequestObjectEncryptionConfiguration buildRequestObjectEncryptionConfiguration(OAuthConsumerAppDTO appDTO) { + + String algorithm = appDTO.getRequestObjectEncryptionAlgorithm(); + String method = appDTO.getRequestObjectEncryptionMethod(); + + if (StringUtils.equals(algorithm, "null") || StringUtils.isBlank(algorithm)) { + algorithm = ""; + } + if (StringUtils.equals(method, "null") || StringUtils.isBlank(method)) { + method = ""; + } + return new RequestObjectEncryptionConfiguration() + .algorithm(algorithm) + .method(method); + } + + private PushAuthorizationRequestConfiguration buildPARAuthenticationConfiguration(OAuthConsumerAppDTO appDTO) { + + return new PushAuthorizationRequestConfiguration() + .requirePushAuthorizationRequest(appDTO.getRequirePushedAuthorizationRequests()); + } + + private SubjectConfiguration buildSubjectConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) { + + return new SubjectConfiguration() + .subjectType(oAuthConsumerAppDTO.getSubjectType()) + .sectorIdentifierUri(oAuthConsumerAppDTO.getSectorIdentifierURI()); + } } diff --git a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml index d4ec0f049e..043dfd7eb7 100644 --- a/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml +++ b/components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml @@ -3280,6 +3280,14 @@ components: - XACML Scope Validator items: type: string + clientAuthentication: + $ref: '#/components/schemas/ClientAuthenticationConfiguration' + requestObject: + $ref: '#/components/schemas/RequestObjectConfiguration' + pushAuthorizationRequest: + $ref: '#/components/schemas/PushAuthorizationRequestConfiguration' + subject: + $ref: '#/components/schemas/SubjectConfiguration' OAuth2PKCEConfiguration: type: object properties: @@ -3342,6 +3350,9 @@ components: - 'http://idp.abc.com' items: type: string + idTokenSignedResponseAlg: + type: string + example: 'PS256' encryption: $ref: '#/components/schemas/IdTokenEncryptionConfiguration' IdTokenEncryptionConfiguration: @@ -3357,6 +3368,50 @@ components: method: type: string example: A128CBC+HS256 + ClientAuthenticationConfiguration: + type: object + properties: + tokenEndpointAuthMethod: + type: string + example: 'client_secret_basic' + tokenEndpointAuthSigningAlg: + type: string + example: 'PS256' + tlsClientAuthSubjectDnUpdated: + type: string + example: 'CN=John Doe,OU=OrgUnit,O=Organization,L=Colombo,ST=Western,C=LK' + RequestObjectConfiguration: + type: object + properties: + requestObjectSigningAlg: + type: string + example: 'PS256' + encryption: + $ref: '#/components/schemas/RequestObjectEncryptionConfiguration' + RequestObjectEncryptionConfiguration: + type: object + properties: + algorithm: + type: string + example: RSA-OAEP + method: + type: string + example: A128CBC+HS256 + PushAuthorizationRequestConfiguration: + type: object + properties: + requirePushAuthorizationRequest: + type: boolean + example: false + SubjectConfiguration: + type: object + properties: + subjectType: + type: string + example: 'public' + sectorIdentifierUri: + type: string + example: 'https://app.example.com' OIDCLogoutConfiguration: type: object properties: @@ -3497,6 +3552,22 @@ components: defaultValue: type: string example: 'Option 1' + ClientAuthenticationMethodMetadata: + type: object + properties: + options: + type: array + items: + $ref: '#/components/schemas/ClientAuthenticationMethod' + ClientAuthenticationMethod: + type: object + properties: + name: + type: string + example: private_key_jwt + displayName: + type: string + example: Private Key JWT GrantTypeMetaData: type: object properties: @@ -3556,6 +3627,20 @@ components: $ref: '#/components/schemas/MetadataProperty' accessTokenBindingType: $ref: '#/components/schemas/MetadataProperty' + tokenEndpointAuthMethod: + $ref: '#/components/schemas/ClientAuthenticationMethodMetadata' + tokenEndpointSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + idTokenSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectSignatureAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectEncryptionAlgorithm: + $ref: '#/components/schemas/MetadataProperty' + requestObjectEncryptionMethod: + $ref: '#/components/schemas/MetadataProperty' + subjectType: + $ref: '#/components/schemas/MetadataProperty' WSTrustMetaData: type: object properties: diff --git a/pom.xml b/pom.xml index 2216b28d9e..c2fde58a28 100644 --- a/pom.xml +++ b/pom.xml @@ -765,7 +765,7 @@ 5.2.0 **/gen/**/* 1.4.4 - 6.11.51 + 6.11.165 5.11.16 1.9.4 findbugs-exclude-filter.xml