diff --git a/components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java b/components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java index dbf46dccee..1a14006349 100644 --- a/components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java +++ b/components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java @@ -95,6 +95,23 @@ public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest reque IdentityConstants.OAuth.OIDC_CHECK_SESSION_EP_URL)); providerConfig.setEndSessionEndpoint(IdentityUtil.getProperty( IdentityConstants.OAuth.OIDC_LOGOUT_EP_URL)); + + try { + providerConfig.setUserinfoSigningAlgValuesSupported(new String[] { + OAuth2Util.mapSignatureAlgorithmForJWSAlgorithm( + OAuthServerConfiguration.getInstance().getUserInfoJWTSignatureAlgorithm()).getName() + }); + } catch (IdentityOAuth2Exception e) { + throw new ServerConfigurationException("Unsupported signature algorithm configured.", e); + } + providerConfig.setTokenEndpointAuthMethodsSupported( + OAuth2Util.getSupportedClientAuthenticationMethods().stream().toArray(String[]::new)); + providerConfig.setGrantTypesSupported(OAuth2Util.getSupportedGrantTypes().stream().toArray(String[]::new)); + providerConfig.setRequestParameterSupported(String.valueOf(OAuth2Util.isRequestParameterSupported())); + providerConfig.setClaimsParameterSupported(String.valueOf(OAuth2Util.isClaimsParameterSupported())); + providerConfig.setRequestObjectSigningAlgValuesSupported( + OAuth2Util.getRequestObjectSigningAlgValuesSupported().stream().toArray(String[]::new)); + return providerConfig; } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java index 3894374828..63767d75be 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java @@ -88,6 +88,7 @@ import org.wso2.carbon.identity.oauth2.token.JWTTokenIssuer; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.identity.oauth2.token.OauthTokenIssuer; +import org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler; import org.wso2.carbon.identity.openidconnect.model.RequestedClaim; import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.registry.core.Resource; @@ -132,6 +133,7 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; import javax.xml.namespace.QName; import javax.xml.stream.XMLInputFactory; import javax.xml.stream.XMLStreamException; @@ -259,6 +261,11 @@ public class OAuth2Util { private static final String SHA384 = "SHA-384"; private static final String SHA512 = "SHA-512"; + // Supported Client Authentication Methods + private static final String CLIENT_SECRET_BASIC = "client_secret_basic"; + private static final String CLIENT_SECRET_POST = "client_secret_post"; + private static final String PRIVATE_KEY_JWT = "private_key_jwt"; + private OAuth2Util() { } @@ -1305,29 +1312,24 @@ public static void initiateOIDCScopes(int tenantId) { public static List getOIDCScopes(String tenantDomain) { + List scopes = new ArrayList<>(); try { int tenantId = OAuthComponentServiceHolder.getInstance().getRealmService().getTenantManager() .getTenantId(tenantDomain); - Registry registry = OAuth2ServiceComponentHolder.getRegistryService().getConfigSystemRegistry(tenantId); + // Get the scopes from the cache or the db + List scopesDTOList = OAuthTokenPersistenceFactory.getInstance().getScopeClaimMappingDAO(). + getScopes(tenantId); - if (registry.resourceExists(OAuthConstants.SCOPE_RESOURCE_PATH)) { - Resource resource = registry.get(OAuthConstants.SCOPE_RESOURCE_PATH); - Properties properties = resource.getProperties(); - Enumeration e = properties.propertyNames(); - List scopes = new ArrayList<>(); - while (e.hasMoreElements()) { - String scope = (String) e.nextElement(); - // Remove hidden registry properties from Scopes. - if (StringUtils.isNotBlank(scope) && !scope.startsWith(REG_HIDDEN_PROPERTY_PREFIX)) { - scopes.add(scope); - } + if (CollectionUtils.isNotEmpty(scopesDTOList)) { + for (ScopeDTO scope : scopesDTOList) { + scopes.add(scope.getName()); } - return scopes; } - } catch (RegistryException | UserStoreException e) { - log.error("Error while retrieving registry collection for :" + OAuthConstants.SCOPE_RESOURCE_PATH, e); + + } catch (UserStoreException | IdentityOAuth2Exception e) { + log.error("Error while retrieving OIDC scopes.", e); } - return new ArrayList<>(); + return scopes; } public static AccessTokenDO getAccessTokenDOfromTokenIdentifier(String accessTokenIdentifier) throws @@ -2506,5 +2508,70 @@ public static void triggerOnIntrospectionExceptionListeners(OAuth2TokenValidatio } } } + + /** + * Get the supported oauth grant types + * + * @return list of grant types + */ + public static List getSupportedGrantTypes() { + + Map supportedGrantTypesMap = OAuthServerConfiguration.getInstance() + .getSupportedGrantTypes(); + List supportedGrantTypes = new ArrayList<>(); + if (supportedGrantTypesMap != null && !supportedGrantTypesMap.isEmpty()) { + supportedGrantTypes = supportedGrantTypesMap.keySet().stream().collect(Collectors.toList()); + } + return supportedGrantTypes; + } + + /** + * Get the supported client authentication methods + * + * @return list of client authentication methods + */ + public static List getSupportedClientAuthenticationMethods() { + + List clientAuthenticationMethods = new ArrayList<>(); + clientAuthenticationMethods.add(CLIENT_SECRET_BASIC); + clientAuthenticationMethods.add(CLIENT_SECRET_POST); + + return clientAuthenticationMethods; + } + + /** + * Get the supported request object signing algorithms + * + * @return list of algorithms + */ + public static List getRequestObjectSigningAlgValuesSupported() { + + List requestObjectSigningAlgValues = new ArrayList<>(); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS256.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS384.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS512.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.NONE.getName()); + + return requestObjectSigningAlgValues; + } + + /** + * Check whether the request object parameter is supported + * + * @return true if supported + */ + public static boolean isRequestParameterSupported() { + return Boolean.TRUE; + } + + /** + * Check whether the claims parameter is supported + * + * @return true if supported + */ + public static boolean isClaimsParameterSupported() { + return Boolean.TRUE; + } + } diff --git a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java index a479292a6a..4c26a75677 100644 --- a/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java +++ b/components/org.wso2.carbon.identity.oauth/src/test/java/org/wso2/carbon/identity/oauth2/util/OAuth2UtilTest.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.oauth2.util; +import com.nimbusds.jose.JWSAlgorithm; import org.apache.commons.codec.digest.DigestUtils; import org.mockito.Mock; import org.powermock.core.classloader.annotations.PrepareForTest; @@ -43,14 +44,18 @@ import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.model.ClientCredentialDO; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; +import org.wso2.carbon.identity.oauth2.token.handlers.grant.AuthorizationGrantHandler; import org.wso2.carbon.identity.testutil.powermock.PowerMockIdentityBaseTest; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.tenant.TenantManager; import java.sql.Timestamp; +import java.util.ArrayList; import java.util.Arrays; +import java.util.HashMap; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Random; import java.util.Set; @@ -118,6 +123,9 @@ public class OAuth2UtilTest extends PowerMockIdentityBaseTest { @Mock private TenantManager tenantManagerMock; + @Mock + private AuthorizationGrantHandler authorizationGrantHandlerMock; + @BeforeMethod public void setUp() throws Exception { authzUser = new AuthenticatedUser(); @@ -1099,4 +1107,61 @@ public void testGetAuthenticatedUser(Object authenticatedUser, AuthenticatedUser authzUser = OAuth2Util.getAuthenticatedUser(accessTokenDO); assertEquals(authzUser.isFederatedUser(), expectedIsFederatedValue); } + + @DataProvider(name = "supportedGrantTypes") + public Object[][] supportedGrantTypes() { + Map supportedGrantTypesMap = new HashMap<>(); + supportedGrantTypesMap.put("testGrantType1", authorizationGrantHandlerMock); + supportedGrantTypesMap.put("testGrantType2", authorizationGrantHandlerMock); + + List supportedGrantTypes = new ArrayList<>(); + supportedGrantTypes.add("testGrantType1"); + supportedGrantTypes.add("testGrantType2"); + + return new Object[][] { + // supportedGrantTypesMap + // supportedGrantTypes + {supportedGrantTypesMap, supportedGrantTypes}, + {new HashMap<>(), new ArrayList<>()}, + {null, new ArrayList<>()} + }; + } + + @Test(dataProvider = "supportedGrantTypes") + public void testGetSuportedGrantTypes(Map supportedGrantTypesMap, + List supportedGrantTypes) throws Exception { + + when(oauthServerConfigurationMock.getSupportedGrantTypes()).thenReturn(supportedGrantTypesMap); + assertEquals(OAuth2Util.getSupportedGrantTypes(), supportedGrantTypes); + } + + @Test + public void testGetSupportedClientAuthenticationMethods() throws Exception { + List clientAuthenticationMethods = new ArrayList<>(); + clientAuthenticationMethods.add("client_secret_basic"); + clientAuthenticationMethods.add("client_secret_post"); + + assertEquals(OAuth2Util.getSupportedClientAuthenticationMethods(), clientAuthenticationMethods); + } + + @Test + public void testGetRequestObjectSigningAlgValuesSupported() throws Exception { + List requestObjectSigningAlgValues = new ArrayList<>(); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS256.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS384.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.RS512.getName()); + requestObjectSigningAlgValues.add(JWSAlgorithm.NONE.getName()); + + assertEquals(OAuth2Util.getRequestObjectSigningAlgValuesSupported(), requestObjectSigningAlgValues); + } + + @Test + public void testIsRequestParameterSupported() throws Exception { + assertTrue(OAuth2Util.isRequestParameterSupported()); + } + + @Test + public void testIsClaimsParameterSupported() throws Exception { + assertTrue(OAuth2Util.isClaimsParameterSupported()); + } }