handle is users with config disabled.

wso2-extensions · Sep 24, 2024 · 3e3eba3 · 3e3eba3
1 parent cf4c5eb
commit 3e3eba3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/...identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/...identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java
@@ -457,10 +457,13 @@ private OAuth2AccessTokenRespDTO validateGrantAndIssueToken(OAuth2AccessTokenReq
 
             AuthenticatedUser authorizedUser = tokReqMsgCtx.getAuthorizedUser();
             ServiceProvider serviceProvider = getServiceProvider(tokReqMsgCtx.getOauth2AccessTokenReqDTO());
+            boolean useClientIdAsSubClaimForAppTokensEnabledServerConfig = OAuthServerConfiguration.getInstance()
+                    .isUseClientIdAsSubClaimForAppTokensEnabled();
             boolean useClientIdAsSubClaimForAppTokensEnabled = OAuth2Util
                     .isAllowedToStopUsingAppOwnerForTokenIdentification(serviceProvider.getApplicationVersion());
             if (authorizedUser.getAuthenticatedSubjectIdentifier() == null) {
-                if (!isOfTypeApplicationUser && useClientIdAsSubClaimForAppTokensEnabled) {
+                if ((!isOfTypeApplicationUser && (useClientIdAsSubClaimForAppTokensEnabled
+                        || useClientIdAsSubClaimForAppTokensEnabledServerConfig))) {
                     authorizedUser.setAuthenticatedSubjectIdentifier(oAuthAppDO.getOauthConsumerKey());
                 } else {
                     authorizedUser.setAuthenticatedSubjectIdentifier(getSubjectClaim(serviceProvider, authorizedUser));

diff --git a/...auth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java b/...auth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java
@@ -568,6 +568,8 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation
 
             String tokenType = accessTokenDO.getTokenType();
 
+            boolean removeUsernameFromAppTokenEnabledServerConfig = OAuthServerConfiguration.getInstance()
+                    .isRemoveUsernameFromIntrospectionResponseForAppTokensEnabled();
             String appResidentTenantDomain = OAuth2Util.getTenantDomain(accessTokenDO.getAppResidentTenantId());
             String consumerKey = accessTokenDO.getConsumerKey();
             ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, appResidentTenantDomain);
@@ -582,7 +584,8 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation
             // token scopes
             introResp.setScope(OAuth2Util.buildScopeString((accessTokenDO.getScope())));
             // set user-name
-            if (!removeUsernameFromAppTokenEnabled || !isAppTokenType) {
+            if (!(removeUsernameFromAppTokenEnabled || removeUsernameFromAppTokenEnabledServerConfig)
+                    || !isAppTokenType) {
                 introResp.setUsername(getAuthzUser(accessTokenDO));
             }
             // add client id