Modify the OIDC Authenticator to support for the API Based Authentica…

…tion

components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OIDCAuthenticatorConstants.java

@@ -59,6 +59,12 @@ private OIDCAuthenticatorConstants() {
     public static final Pattern OIDC_BACKCHANNEL_LOGOUT_ENDPOINT_URL_PATTERN = Pattern.compile("(.*)/identity/oidc" +
             "/slo(.*)");
     public static final String OIDC_FEDERATION_NONCE = "oidc_federation_nonce";
+    public static final String AUTHENTICATOR_OIDC = "authenticator.oidc";
+    public static final String REQUIRED_PARAMS = "required_params";
+    public static final String REDIRECT_URL = "redirect_url";
+    public static final String ADDITIONAL_DATA = "_additional_data";
+    public static final String PROMPT_TYPE = "PROMPT_TYPE";
+    public static final String REDIRECTION_PROMPT = "REDIRECTION_PROMPT";
 
     public class AuthenticatorConfParams {
 

components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java

@@ -43,6 +43,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.LogoutFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
 import org.wso2.carbon.identity.application.authenticator.oidc.internal.OpenIDConnectAuthenticatorDataHolder;
@@ -84,18 +85,19 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
+import java.util.Optional;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.*;
 import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.Claim.NONCE;
 import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.LogConstants.ActionIDs.PROCESS_AUTHENTICATION_RESPONSE;
 import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.LogConstants.ActionIDs.INITIATE_OUTBOUND_AUTH_REQUEST;
 import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.LogConstants.OUTBOUND_AUTH_OIDC_SERVICE;
-import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.OIDC_FEDERATION_NONCE;
 import static org.wso2.carbon.identity.base.IdentityConstants.FEDERATED_IDP_SESSION_ID;
 
 public class OpenIDConnectAuthenticator extends AbstractApplicationAuthenticator
@@ -493,6 +495,7 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, HttpSer
                         loginPage = loginPage + queryString;
                     }
                 }
+                context.setProperty(OIDCAuthenticatorConstants.AUTHENTICATOR_NAME + "_additional_data", loginPage);
                 response.sendRedirect(loginPage);
                 if (LoggerUtils.isDiagnosticLogsEnabled() && diagnosticLogBuilder != null) {
                     diagnosticLogBuilder.resultMessage("Redirecting to the federated IDP login page.");
@@ -648,6 +651,12 @@ protected void processAuthenticationResponse(HttpServletRequest request, HttpSer
         }
     }
 
+    @Override
+    public String getI18nKey() {
+
+        return AUTHENTICATOR_OIDC;
+    }
+
     /**
      * Retrieves or maps the ID token according to the flow supported by the authenticator.
      * Overridden in Google Authenticator for Google one tap.
@@ -1116,6 +1125,50 @@ public List<Property> getConfigurationProperties() {
         return configProperties;
     }
 
+    /**
+     * This method is responsible for validating whether the authenticator is supported for API Based Authentication.
+     *
+     * @return true if the authenticator is supported for API Based Authentication.
+     */
+    @Override
+    public boolean isAPIBasedAuthenticationSupported() {
+
+        return true;
+    }
+
+    /**
+     * This method is responsible for obtaining authenticator-specific data needed to
+     * initialize the authentication process within the provided authentication context.
+     *
+     * @param context The authentication context containing information about the current authentication attempt.
+     * @return An {@code Optional} containing an {@code AuthenticatorData} object representing the initiation data.
+     *         If the initiation data is available, it is encapsulated within the {@code Optional}; otherwise,
+     *         an empty {@code Optional} is returned.
+     */
+    @Override
+    public Optional<AuthenticatorData> getAuthInitiationData(AuthenticationContext context) {
+
+        AuthenticatorData authenticatorData = new AuthenticatorData();
+        authenticatorData.setName(getName());
+        authenticatorData.setDisplayName(getFriendlyName());
+        authenticatorData.setI18nKey(getI18nKey());
+        String idpName = context.getExternalIdP().getIdPName();
+        authenticatorData.setIdp(idpName);
+
+        List<String> requiredParameterList = new ArrayList<>();
+        requiredParameterList.add(OIDCAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE);
+        requiredParameterList.add(OIDCAuthenticatorConstants.OAUTH2_PARAM_STATE);
+
+        Map<String, String> additionalData = new HashMap<>();
+        additionalData.put(REQUIRED_PARAMS, requiredParameterList.toString());
+        additionalData.put(REDIRECT_URL,
+                (String) context.getProperty(OIDCAuthenticatorConstants.AUTHENTICATOR_NAME + ADDITIONAL_DATA));
+        additionalData.put(PROMPT_TYPE, REDIRECTION_PROMPT);
+        authenticatorData.setAdditionalData(additionalData);
+
+        return Optional.of(authenticatorData);
+    }
+
     /**
      * @subject
      */

components/org.wso2.carbon.identity.application.authenticator.oidc/src/test/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticatorTest.java

@@ -43,6 +43,8 @@
 import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
 import org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException;
 import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatorData;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
 import org.wso2.carbon.identity.application.authenticator.oidc.internal.OpenIDConnectAuthenticatorDataHolder;
@@ -67,7 +69,10 @@
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.HashMap;
+import java.util.List;
+import java.util.ArrayList;
 import java.util.Map;
+import java.util.Optional;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -85,6 +90,7 @@
 import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
 import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.OIDC_FEDERATION_NONCE;
+import static org.wso2.carbon.identity.application.authenticator.oidc.OIDCAuthenticatorConstants.REDIRECTION_PROMPT;
 
 /***
  * Unit test class for OpenIDConnectAuthenticatorTest class.
@@ -171,6 +177,7 @@ public class OpenIDConnectAuthenticatorTest extends PowerMockTestCase {
     private static OAuthClientResponse token;
     private Map<String, String> paramValueMap;
     private int TENANT_ID = 1234;
+    private AuthenticationRequest mockAuthenticationRequest = new AuthenticationRequest();
 
     @BeforeTest
     public void init() {
@@ -706,6 +713,45 @@ private void mockAuthenticationRequestContext(AuthenticationContext mockAuthenti
         when(mockAuthenticationContext.getProperty("oidc:param.map")).thenReturn(paramValueMap);
         when(mockAuthenticationContext.getContextIdentifier()).thenReturn("");
         when(mockAuthenticationContext.getExternalIdP()).thenReturn(getDummyExternalIdPConfig());
+        when(mockAuthenticationContext.getAuthenticationRequest()).thenReturn(mockAuthenticationRequest);
+    }
+
+    @Test
+    public void testIsAPIBasedAuthenticationSupported() {
+
+        boolean isAPIBasedAuthenticationSupported = openIDConnectAuthenticator.isAPIBasedAuthenticationSupported();
+        Assert.assertTrue(isAPIBasedAuthenticationSupported);
+    }
+
+    @Test
+    public void testGetAuthInitiationData() {
+
+        when(mockAuthenticationContext.getExternalIdP()).thenReturn(externalIdPConfig);
+        when(externalIdPConfig.getIdPName()).thenReturn("LOCAL");
+        when(mockAuthenticationContext.getAuthenticationRequest()).thenReturn(mockAuthenticationRequest);
+        Optional<AuthenticatorData> authenticatorData = openIDConnectAuthenticator.getAuthInitiationData
+                (mockAuthenticationContext);
+
+        List<String> requiredParameterList = new ArrayList<>();
+        requiredParameterList.add(OIDCAuthenticatorConstants.OAUTH2_GRANT_TYPE_CODE);
+        requiredParameterList.add(OIDCAuthenticatorConstants.OAUTH2_PARAM_STATE);
+
+        Map<String, String> additionalData = new HashMap<>();
+        additionalData.put(OIDCAuthenticatorConstants.REQUIRED_PARAMS, requiredParameterList.toString());
+        additionalData.put(OIDCAuthenticatorConstants.PROMPT_TYPE, REDIRECTION_PROMPT);
+
+        Assert.assertTrue(authenticatorData.isPresent());
+        AuthenticatorData authenticatorDataObj = authenticatorData.get();
+        authenticatorDataObj.setAdditionalData(additionalData);
+        Assert.assertEquals(authenticatorDataObj.getName(), "OpenIDConnectAuthenticator");
+        Assert.assertEquals(authenticatorDataObj.getI18nKey(), "authenticator.oidc");
+        Assert.assertEquals(authenticatorDataObj.getDisplayName(), "openidconnect");
+
+        // Iterate through the map and assert values
+        for (Map.Entry<String, String> entry : additionalData.entrySet()) {
+            String key = entry.getKey();
+            Assert.assertTrue(authenticatorDataObj.getAdditionalData().containsKey(key));
+        }
     }
 
     private ExternalIdPConfig getDummyExternalIdPConfig() {

pom.xml

@@ -304,7 +304,7 @@
         <identity.application.auth.oidc.package.export.version>${project.version}
         </identity.application.auth.oidc.package.export.version>
 
-        <carbon.identity.framework.version>5.25.260</carbon.identity.framework.version>
+        <carbon.identity.framework.version>5.25.386</carbon.identity.framework.version>
         <oltu.version>1.0.0.wso2v3</oltu.version>
         <json-smart.version>2.4.7</json-smart.version>
         <json.wso2.version>3.0.0.wso2v2</json.wso2.version>