diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java index e9ec5506e0..c77aa70598 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/AccessTokenIssuer.java @@ -457,10 +457,13 @@ private OAuth2AccessTokenRespDTO validateGrantAndIssueToken(OAuth2AccessTokenReq AuthenticatedUser authorizedUser = tokReqMsgCtx.getAuthorizedUser(); ServiceProvider serviceProvider = getServiceProvider(tokReqMsgCtx.getOauth2AccessTokenReqDTO()); + boolean useClientIdAsSubClaimForAppTokensEnabledServerConfig = OAuthServerConfiguration.getInstance() + .isUseClientIdAsSubClaimForAppTokensEnabled(); boolean useClientIdAsSubClaimForAppTokensEnabled = OAuth2Util .isAllowedToStopUsingAppOwnerForTokenIdentification(serviceProvider.getApplicationVersion()); if (authorizedUser.getAuthenticatedSubjectIdentifier() == null) { - if (!isOfTypeApplicationUser && useClientIdAsSubClaimForAppTokensEnabled) { + if ((!isOfTypeApplicationUser && (useClientIdAsSubClaimForAppTokensEnabled + || useClientIdAsSubClaimForAppTokensEnabledServerConfig))) { authorizedUser.setAuthenticatedSubjectIdentifier(oAuthAppDO.getOauthConsumerKey()); } else { authorizedUser.setAuthenticatedSubjectIdentifier(getSubjectClaim(serviceProvider, authorizedUser)); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java index 676b0c3a67..5165c5a1e1 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/TokenValidationHandler.java @@ -568,6 +568,8 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation String tokenType = accessTokenDO.getTokenType(); + boolean removeUsernameFromAppTokenEnabledServerConfig = OAuthServerConfiguration.getInstance() + .isRemoveUsernameFromIntrospectionResponseForAppTokensEnabled(); String appResidentTenantDomain = OAuth2Util.getTenantDomain(accessTokenDO.getAppResidentTenantId()); String consumerKey = accessTokenDO.getConsumerKey(); ServiceProvider serviceProvider = OAuth2Util.getServiceProvider(consumerKey, appResidentTenantDomain); @@ -582,7 +584,8 @@ private OAuth2IntrospectionResponseDTO validateAccessToken(OAuth2TokenValidation // token scopes introResp.setScope(OAuth2Util.buildScopeString((accessTokenDO.getScope()))); // set user-name - if (!removeUsernameFromAppTokenEnabled || !isAppTokenType) { + if (!(removeUsernameFromAppTokenEnabled || removeUsernameFromAppTokenEnabledServerConfig) + || !isAppTokenType) { introResp.setUsername(getAuthzUser(accessTokenDO)); } // add client id