Skip to content

Commit

Permalink
Fix callback url resolving logic for api based authn
Browse files Browse the repository at this point in the history
  • Loading branch information
@ImalshaG
ImalshaG committed May 6, 2024
1 parent ddd3275 commit aaf534d
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 12 deletions.
46 changes: 36 additions & 10 deletions ...a/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,9 @@ protected String getAuthorizationServerEndpoint(Map<String, String> authenticato
* configuration.
* @return Callback URL configured in OIDC federated authenticator configuration. If it is empty returns
* /commonauth endpoint URL path as the default value.
* @deprecated use {@link #getCallbackUrl(Map, AuthenticationContext)}.
*/
@Deprecated
protected String getCallbackUrl(Map<String, String> authenticatorProperties) {

String callbackUrl = authenticatorProperties.get(IdentityApplicationConstants.OAuth2.CALLBACK_URL);
Expand All @@ -295,6 +297,33 @@ protected String getCallbackUrl(Map<String, String> authenticatorProperties) {
return callbackUrl;
}

/**
* Returns the callback URL of the IdP Hub.
*
* @param authenticatorProperties Authentication properties configured in OIDC federated authenticator
* configuration.
* @param context Authentication context.
* @return If API based authn flow, returns the redirect URL from the authentication context. If not returns the
* callback URL configured in OIDC federated authenticator configuration and if it is empty returns
* /commonauth endpoint URL path as the default value.
*/
protected String getCallbackUrl(Map<String, String> authenticatorProperties, AuthenticationContext context) {

if (Boolean.parseBoolean((String) context.getProperty(IS_API_BASED))) {
return (String) context.getProperty(REDIRECT_URL);
}
String callbackUrl = authenticatorProperties.get(IdentityApplicationConstants.OAuth2.CALLBACK_URL);
if (StringUtils.isBlank(callbackUrl)) {
try {
callbackUrl = ServiceURLBuilder.create().addPath(FrameworkConstants.COMMONAUTH).build()
.getAbsolutePublicURL();
} catch (URLBuilderException e) {
throw new RuntimeException("Error occurred while building URL in tenant qualified mode.", e);
}
}
return callbackUrl;
}

/**
* Resolve the callback URL from the context properties to use in the API based authentication flow.
*
Expand Down Expand Up @@ -379,6 +408,10 @@ protected String getAuthenticateUser(AuthenticationContext context, Map<String,
return (String) oidcClaims.get(OIDCAuthenticatorConstants.Claim.SUB);
}

/**
* @deprecated use {@link #getCallbackUrl(Map, AuthenticationContext)} instead.
*/
@Deprecated
protected String getCallBackURL(Map<String, String> authenticatorProperties) {

return getCallbackUrl(authenticatorProperties);
Expand Down Expand Up @@ -514,11 +547,8 @@ protected String prepareLoginPage(HttpServletRequest request, AuthenticationCont
if (authenticatorProperties != null) {
String clientId = authenticatorProperties.get(OIDCAuthenticatorConstants.CLIENT_ID);
String authorizationEP = getOIDCAuthzEndpoint(authenticatorProperties);
String callbackurl = getCallbackUrl(authenticatorProperties);
String callbackurl = getCallbackUrl(authenticatorProperties, context);

if (Boolean.parseBoolean((String) context.getProperty(IS_API_BASED))) {
callbackurl = resolveCallBackURLForAPIBasedAuthFlow(context);
}
String state = getStateParameter(request, context, authenticatorProperties);
context.setProperty(OIDCAuthenticatorConstants.AUTHENTICATOR_NAME + STATE_PARAM_SUFFIX, state);
String nonce = UUID.randomUUID().toString();
Expand Down Expand Up @@ -1321,7 +1351,7 @@ protected void initiateLogoutRequest(HttpServletRequest request, HttpServletResp
paramMap.put(OIDCAuthenticatorConstants.ID_TOKEN_HINT, idTokenHint);
}

String callback = getCallbackUrl(context.getAuthenticatorProperties());
String callback = getCallbackUrl(context.getAuthenticatorProperties(), context);
paramMap.put(OIDCAuthenticatorConstants.POST_LOGOUT_REDIRECT_URI, callback);

String sessionID = getStateParameter(request, context, context.getAuthenticatorProperties());
Expand Down Expand Up @@ -1493,11 +1523,7 @@ protected OAuthClientRequest getAccessTokenRequest(AuthenticationContext context

String callbackUrl = getCallbackUrlFromInitialRequestParamMap(context);
if (StringUtils.isBlank(callbackUrl)) {
if (Boolean.parseBoolean((String) context.getProperty(IS_API_BASED))) {
callbackUrl = resolveCallBackURLForAPIBasedAuthFlow(context);
} else {
callbackUrl = getCallbackUrl(authenticatorProperties);
}
callbackUrl = getCallbackUrl(authenticatorProperties, context);
}

boolean isHTTPBasicAuth = Boolean.parseBoolean(authenticatorProperties.get(OIDCAuthenticatorConstants
Expand Down
4 changes: 2 additions & 2 deletions ...g/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ public void testGetAuthorizationServerEndpoint() throws IOException {
@Test
public void testGetCallbackUrl() throws IOException {

assertEquals(openIDConnectAuthenticator.getCallBackURL(authenticatorProperties),
assertEquals(openIDConnectAuthenticator.getCallbackUrl(authenticatorProperties, mockAuthenticationContext),
"http://localhost:8080/playground2/oauth2client",
"Callback URL is not valid.");
}
Expand Down Expand Up @@ -359,7 +359,7 @@ public void testRequiredIDToken() throws IOException {
@Test
public void testGetCallBackURL() throws IOException {

assertEquals(openIDConnectAuthenticator.getCallBackURL(authenticatorProperties),
assertEquals(openIDConnectAuthenticator.getCallbackUrl(authenticatorProperties, mockAuthenticationContext),
"http://localhost:8080/playground2/oauth2client",
"Callback URL is not valid.");
}
Expand Down

0 comments on commit aaf534d

Please sign in to comment.