Merge pull request #631 from shashimalcse/jwt-claims

Add jwt access token claims handler support

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/gen/java/org/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java

@@ -22,6 +22,8 @@
 import com.fasterxml.jackson.annotation.JsonCreator;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
 import javax.validation.constraints.*;
 
 
@@ -38,6 +40,9 @@ public class AccessTokenConfiguration  {
     private String bindingType = "None";
     private Boolean revokeTokensWhenIDPSessionTerminated;
     private Boolean validateTokenBinding;
+    private List<String> accessTokenAttributes = null;
+
+    private Boolean accessTokenAttributesEnabled;
 
     /**
     **/
@@ -150,6 +155,51 @@ public void setValidateTokenBinding(Boolean validateTokenBinding) {
         this.validateTokenBinding = validateTokenBinding;
     }
 
+    /**
+    **/
+    public AccessTokenConfiguration accessTokenAttributes(List<String> accessTokenAttributes) {
+
+        this.accessTokenAttributes = accessTokenAttributes;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("accessTokenAttributes")
+    @Valid
+    public List<String> getAccessTokenAttributes() {
+        return accessTokenAttributes;
+    }
+    public void setAccessTokenAttributes(List<String> accessTokenAttributes) {
+        this.accessTokenAttributes = accessTokenAttributes;
+    }
+
+    public AccessTokenConfiguration addAccessTokenAttributesItem(String accessTokenAttributesItem) {
+        if (this.accessTokenAttributes == null) {
+            this.accessTokenAttributes = new ArrayList<>();
+        }
+        this.accessTokenAttributes.add(accessTokenAttributesItem);
+        return this;
+    }
+
+        /**
+    * If enabled, the access token attributes will be included in the access token.
+    **/
+    public AccessTokenConfiguration accessTokenAttributesEnabled(Boolean accessTokenAttributesEnabled) {
+
+        this.accessTokenAttributesEnabled = accessTokenAttributesEnabled;
+        return this;
+    }
+
+    @ApiModelProperty(value = "If enabled, the access token attributes will be included in the access token.")
+    @JsonProperty("accessTokenAttributesEnabled")
+    @Valid
+    public Boolean getAccessTokenAttributesEnabled() {
+        return accessTokenAttributesEnabled;
+    }
+    public void setAccessTokenAttributesEnabled(Boolean accessTokenAttributesEnabled) {
+        this.accessTokenAttributesEnabled = accessTokenAttributesEnabled;
+    }
+
 
 
     @Override
@@ -167,12 +217,14 @@ public boolean equals(java.lang.Object o) {
             Objects.equals(this.applicationAccessTokenExpiryInSeconds, accessTokenConfiguration.applicationAccessTokenExpiryInSeconds) &&
             Objects.equals(this.bindingType, accessTokenConfiguration.bindingType) &&
             Objects.equals(this.revokeTokensWhenIDPSessionTerminated, accessTokenConfiguration.revokeTokensWhenIDPSessionTerminated) &&
-            Objects.equals(this.validateTokenBinding, accessTokenConfiguration.validateTokenBinding);
+            Objects.equals(this.validateTokenBinding, accessTokenConfiguration.validateTokenBinding) &&
+            Objects.equals(this.accessTokenAttributes, accessTokenConfiguration.accessTokenAttributes) &&
+            Objects.equals(this.accessTokenAttributesEnabled, accessTokenConfiguration.accessTokenAttributesEnabled);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding);
+        return Objects.hash(type, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding, accessTokenAttributes, accessTokenAttributesEnabled);
     }
 
     @Override
@@ -187,6 +239,8 @@ public String toString() {
         sb.append("    bindingType: ").append(toIndentedString(bindingType)).append("\n");
         sb.append("    revokeTokensWhenIDPSessionTerminated: ").append(toIndentedString(revokeTokensWhenIDPSessionTerminated)).append("\n");
         sb.append("    validateTokenBinding: ").append(toIndentedString(validateTokenBinding)).append("\n");
+        sb.append("    accessTokenAttributes: ").append(toIndentedString(accessTokenAttributes)).append("\n");
+        sb.append("    accessTokenAttributesEnabled: ").append(toIndentedString(accessTokenAttributesEnabled)).append("\n");
         sb.append("}");
         return sb.toString();
     }

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java

@@ -167,9 +167,20 @@ private void updateAccessTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO,
             } else {
                 consumerAppDTO.setTokenBindingValidationEnabled(false);
             }
+
+            consumerAppDTO.setAccessTokenClaims(getAccessTokenClaims(accessToken));
+            if (accessToken.getAccessTokenAttributesEnabled() != null) {
+                consumerAppDTO.setAccessTokenClaimsSeparationEnabled(accessToken.getAccessTokenAttributesEnabled());
+            }
         }
     }
 
+    private String[] getAccessTokenClaims(AccessTokenConfiguration accessToken) {
+
+        return Optional.ofNullable(accessToken.getAccessTokenAttributes()).map(claims -> claims.toArray(new String[0]))
+                .orElse(new String[0]);
+    }
+
     private void updatePkceConfigurations(OAuthConsumerAppDTO consumerAppDTO, OAuth2PKCEConfiguration pkce) {
 
         if (pkce != null) {

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/java/org/wso2/carbon/identity/api/server/application/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java

@@ -106,7 +106,15 @@ private AccessTokenConfiguration buildTokenConfiguration(OAuthConsumerAppDTO oAu
                 .bindingType(oAuthConsumerAppDTO.getTokenBindingType())
                 .revokeTokensWhenIDPSessionTerminated(oAuthConsumerAppDTO
                         .isTokenRevocationWithIDPSessionTerminationEnabled())
-                .validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled());
+                .validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled())
+                .accessTokenAttributes(getAccessTokenAttributes(oAuthConsumerAppDTO))
+                .accessTokenAttributesEnabled(oAuthConsumerAppDTO.isAccessTokenClaimsSeparationEnabled());
+    }
+
+    private List<String> getAccessTokenAttributes(OAuthConsumerAppDTO oauthAppDTO) {
+
+        return oauthAppDTO.getAccessTokenClaims() != null ?
+                Arrays.asList(oauthAppDTO.getAccessTokenClaims()) : Collections.emptyList();
     }
 
     private RefreshTokenConfiguration buildRefreshTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) {

components/org.wso2.carbon.identity.api.server.application.management/org.wso2.carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml

@@ -3687,6 +3687,13 @@ components:
           type: boolean
           description: "If enabled, both access token and the token binding needs to be present for a successful API
           invocation."
+        accessTokenAttributes:
+          type: array
+          items:
+            type: string
+        accessTokenAttributesEnabled:
+          type: boolean
+          description: "If enabled, the access token attributes will be included in the access token."
     RefreshTokenConfiguration:
       type: object
       properties:

pom.xml

@@ -808,7 +808,7 @@
         <findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
         <maven.checkstyleplugin.excludes>**/gen/**/*</maven.checkstyleplugin.excludes>
         <identity.event.handler.version>1.8.19</identity.event.handler.version>
-        <identity.inbound.oauth2.version>7.0.120</identity.inbound.oauth2.version>
+        <identity.inbound.oauth2.version>7.0.137</identity.inbound.oauth2.version>
         <identity.inbound.saml2.version>5.11.41</identity.inbound.saml2.version>
         <commons.beanutils.version>1.9.4</commons.beanutils.version>
         <mavan.findbugsplugin.exclude.file>findbugs-exclude-filter.xml</mavan.findbugsplugin.exclude.file>