Add useClientIdAsSubClaimForAppTokens and omitUsernameInIntrospectionRespForAppTokens configs to app

components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/ApplicationDTO.java

@@ -64,6 +64,8 @@ public class ApplicationDTO  {
 
 
     private String jwksUri = null;
+    private Boolean useClientIdAsSubClaimForAppTokens;
+    private Boolean omitUsernameInIntrospectionRespForAppTokens;
     private String tokenEndpointAuthMethod = null;
     private Boolean tokenEndpointAllowReusePvtKeyJwt = null;
     private String tokenEndpointAuthSigningAlg = null;
@@ -285,6 +287,30 @@ public void setJwksUri(String jwksUri) {
         this.jwksUri = jwksUri;
     }
 
+  @ApiModelProperty(value = "")
+  @JsonProperty("use_client_id_as_sub_claim_for_app_tokens")
+  public Boolean isUseClientIdAsSubClaimForAppTokens() {
+
+    return useClientIdAsSubClaimForAppTokens;
+  }
+
+  public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+
+    this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+  }
+
+  @ApiModelProperty(value = "")
+  @JsonProperty("omit_username_in_introspection_resp_for_app_tokens")
+  public Boolean isOmitUsernameInIntrospectionRespForAppTokens() {
+
+    return omitUsernameInIntrospectionRespForAppTokens;
+  }
+
+  public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+
+    this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+  }
+
   @ApiModelProperty(value = "")
   @JsonProperty("token_endpoint_auth_method")
   public String getTokenEndpointAuthMethod() {
@@ -477,6 +503,9 @@ public String toString()  {
     sb.append("  extPkceSupportPlain: ").append(extPkceSupportPlain).append("\n");
     sb.append("  extPublicClient: ").append(extPublicClient).append("\n");
     sb.append("  jwksUri: ").append(jwksUri).append("\n");
+    sb.append("  useClientIdAsSubClaimForAppTokens: ").append(useClientIdAsSubClaimForAppTokens).append("\n");
+    sb.append("  omitUsernameInIntrospectionRespForAppTokens: ")
+            .append(omitUsernameInIntrospectionRespForAppTokens).append("\n");
     sb.append("  tokenEndpointAuthMethod: ").append(tokenEndpointAuthMethod).append("\n");
     sb.append("  tokenEndpointAuthSigningAlg: ").append(tokenEndpointAuthSigningAlg).append("\n");
     sb.append("  sectorIdentifierUri: ").append(sectorIdentifierUri).append("\n");

components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/RegistrationRequestDTO.java

@@ -47,6 +47,8 @@ public class RegistrationRequestDTO  {
   private boolean extPkceSupportPlain;
   private boolean extPublicClient;
   private String extTokenType = null;
+  private Boolean useClientIdAsSubClaimForAppTokens;
+  private Boolean omitUsernameInIntrospectionRespForAppTokens;
   private String tokenEndpointAuthMethod = null;
   private String tokenEndpointAuthSigningAlg = null;
   private Boolean tokenEndpointAllowReusePvtKeyJwt;
@@ -325,6 +327,24 @@ public void setExtPublicClient(boolean extPublicClient) {
     this.extPublicClient = extPublicClient;
   }
 
+  @ApiModelProperty(value = "")
+  @JsonProperty("use_client_id_as_sub_claim_for_app_tokens")
+  public Boolean isUseClientIdAsSubClaimForAppTokens() {
+    return useClientIdAsSubClaimForAppTokens;
+  }
+  public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+    this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+  }
+
+  @ApiModelProperty(value = "")
+  @JsonProperty("omit_username_in_introspection_resp_for_app_tokens")
+  public Boolean isOmitUsernameInIntrospectionRespForAppTokens() {
+    return omitUsernameInIntrospectionRespForAppTokens;
+  }
+  public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+    this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+  }
+
   @ApiModelProperty(value = "")
   @JsonProperty("token_endpoint_auth_method")
   public String getTokenEndpointAuthMethod() {
@@ -528,6 +548,9 @@ public String toString()  {
     sb.append("  ext_pkce_mandatory: ").append(extPkceMandatory).append("\n");
     sb.append("  ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n");
     sb.append("  ext_public_client: ").append(extPublicClient).append("\n");
+    sb.append("  use_client_id_as_sub_claim_for_app_tokens: ").append(useClientIdAsSubClaimForAppTokens).append("\n");
+    sb.append("  omit_username_in_introspection_resp_for_app_tokens: ")
+            .append(omitUsernameInIntrospectionRespForAppTokens).append("\n");
     sb.append("  token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n");
     sb.append("  token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n");
     sb.append("  sector_identifier_uri: ").append(sectorIdentifierUri).append("\n");

components/org.wso2.carbon.identity.api.server.dcr/src/gen/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/dto/UpdateRequestDTO.java

@@ -51,6 +51,8 @@ public class UpdateRequestDTO {
     private String requestObjectEncryptionAlgorithm = null;
     private String requestObjectEncryptionMethod = null;
     private String softwareStatement = null;
+    private Boolean useClientIdAsSubClaimForAppTokens;
+    private Boolean omitUsernameInIntrospectionRespForAppTokens;
     private final Map<String, Object> additionalAttributes = new HashMap<>();
     private String extAllowedAudience;
 
@@ -265,6 +267,24 @@ public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) {
         this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
     }
 
+    @ApiModelProperty(value = "")
+    @JsonProperty("use_client_id_as_sub_claim_for_app_tokens")
+    public Boolean isUseClientIdAsSubClaimForAppTokens() {
+        return useClientIdAsSubClaimForAppTokens;
+    }
+    public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+        this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("omit_username_in_introspection_resp_for_app_tokens")
+    public Boolean isOmitUsernameInIntrospectionRespForAppTokens() {
+        return omitUsernameInIntrospectionRespForAppTokens;
+    }
+    public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+        this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+    }
+
     @ApiModelProperty(value = "")
     @JsonProperty("sector_identifier_uri")
     public String getSectorIdentifierUri() {
@@ -444,6 +464,9 @@ public String toString() {
         sb.append("  ext_pkce_mandatory: ").append(extPkceMandatory).append("\n");
         sb.append("  ext_pkce_support_plain: ").append(extPkceSupportPlain).append("\n");
         sb.append("  ext_public_client: ").append(extPublicClient).append("\n");
+        sb.append("  use_client_id_as_sub_claim_for_app_tokens: ").append(useClientIdAsSubClaimForAppTokens).append("\n");
+        sb.append("  omit_username_in_introspection_resp_for_app_tokens: ")
+                .append(omitUsernameInIntrospectionRespForAppTokens).append("\n");
         sb.append("  token_endpoint_auth_method: ").append(tokenEndpointAuthMethod).append("\n");
         sb.append("  token_endpoint_auth_signing_alg: ").append(tokenEndpointAuthSigningAlg).append("\n");
         sb.append("  sector_identifier_uri: ").append(sectorIdentifierUri).append("\n");

components/org.wso2.carbon.identity.api.server.dcr/src/main/java/org/wso2/carbon/identity/oauth2/dcr/endpoint/util/DCRMUtils.java

@@ -78,6 +78,10 @@ public static ApplicationRegistrationRequest getApplicationRegistrationRequest(
         appRegistrationRequest.setExtPkceMandatory(registrationRequestDTO.getExtPkceMandatory());
         appRegistrationRequest.setExtPkceSupportPlain(registrationRequestDTO.getExtPkceSupportPlain());
         appRegistrationRequest.setExtPublicClient(registrationRequestDTO.getExtPublicClient());
+        appRegistrationRequest.setUseClientIdAsSubClaimForAppTokens(
+                registrationRequestDTO.isUseClientIdAsSubClaimForAppTokens());
+        appRegistrationRequest.setOmitUsernameInIntrospectionRespForAppTokens(
+                registrationRequestDTO.isOmitUsernameInIntrospectionRespForAppTokens());
         appRegistrationRequest.setExtTokenType(registrationRequestDTO.getExtTokenType());
         appRegistrationRequest.setJwksURI(registrationRequestDTO.getJwksUri());
         appRegistrationRequest.setTokenEndpointAuthMethod(registrationRequestDTO.getTokenEndpointAuthMethod());
@@ -127,6 +131,10 @@ public static ApplicationUpdateRequest getApplicationUpdateRequest(UpdateRequest
         applicationUpdateRequest.setExtPublicClient(updateRequestDTO.getExtPublicClient());
         applicationUpdateRequest.setExtTokenType(updateRequestDTO.getExtTokenType());
         applicationUpdateRequest.setJwksURI(updateRequestDTO.getJwksUri());
+        applicationUpdateRequest.setUseClientIdAsSubClaimForAppTokens(
+                updateRequestDTO.isUseClientIdAsSubClaimForAppTokens());
+        applicationUpdateRequest.setOmitUsernameInIntrospectionRespForAppTokens(
+                updateRequestDTO.isOmitUsernameInIntrospectionRespForAppTokens());
         applicationUpdateRequest.setTokenEndpointAuthMethod(updateRequestDTO.getTokenEndpointAuthMethod());
         applicationUpdateRequest.setTokenEndpointAllowReusePvtKeyJwt(
                 updateRequestDTO.isTokenEndpointAllowReusePvtKeyJwt());
@@ -247,6 +255,9 @@ public static ApplicationDTO getApplicationDTOFromApplication(Application applic
         applicationDTO.setIdTokenSignedResponseAlg(application.getIdTokenSignatureAlgorithm());
         applicationDTO.setIdTokenEncryptedResponseAlg(application.getIdTokenEncryptionAlgorithm());
         applicationDTO.setIdTokenEncryptedResponseEnc(application.getIdTokenEncryptionMethod());
+        applicationDTO.setUseClientIdAsSubClaimForAppTokens(application.getUseClientIdAsSubClaimForAppTokens());
+        applicationDTO.setOmitUsernameInIntrospectionRespForAppTokens(
+                application.getOmitUsernameInIntrospectionRespForAppTokens());
         applicationDTO.setRequireSignedRequestObject(application.isRequestObjectSignatureValidationEnabled());
         applicationDTO.setRequestObjectSigningAlg(application.getRequestObjectSignatureAlgorithm());
         applicationDTO.setTlsClientAuthSubjectDn(application.getTlsClientAuthSubjectDN());

components/org.wso2.carbon.identity.oauth.common/src/main/java/org/wso2/carbon/identity/oauth/common/OAuthConstants.java

@@ -623,6 +623,15 @@ public static class OIDCConfigProperties {
         public static final String TOKEN_REVOCATION_WITH_IDP_SESSION_TERMINATION =
                 "tokenRevocationWithIDPSessionTermination";
         public static final String TOKEN_BINDING_VALIDATION = "tokenBindingValidation";
+        public static final String USE_CLIENT_ID_AS_SUB_CLAIM_FOR_APP_TOKENS = "useClientIdAsSubClaimForAppTokens";
+        public static final boolean USE_CLIENT_ID_AS_SUB_CLAIM_FOR_APP_TOKENS_OLD_APP_DEFAULT_VALUE = false;
+        public static final boolean USE_CLIENT_ID_AS_SUB_CLAIM_FOR_APP_TOKENS_NEW_APP_DEFAULT_VALUE = true;
+        public static final String OMIT_USERNAME_IN_INTROSPECTION_RESP_FOR_APP_TOKEN =
+                "omitUsernameInIntrospectionRespForAppTokens";
+        public static final boolean OMIT_USERNAME_IN_INTROSPECTION_RESP_FOR_APP_TOKEN_OLD_APP_DEFAULT_VALUE =
+                false;
+        public static final boolean OMIT_USERNAME_IN_INTROSPECTION_RESP_FOR_APP_TOKEN_NEW_APP_DEFAULT_VALUE =
+                true;
         public static final String TOKEN_BINDING_TYPE_NONE = "None";
         public static final String TOKEN_AUTH_METHOD =  "tokenEndpointAuthMethod";
         public static final String TOKEN_EP_ALLOW_REUSE_PVT_KEY_JWT =  "tokenEndpointAllowReusePvtKeyJwt";

components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/Application.java

@@ -61,6 +61,9 @@ public class Application implements Serializable {
     private String idTokenEncryptionAlgorithm = null;
     private String idTokenEncryptionMethod = null;
     private String softwareStatement = null;
+    private Boolean useClientIdAsSubClaimForAppTokens;
+    private Boolean omitUsernameInIntrospectionRespForAppTokens;
+
     private Map<String, Object> additionalAttributes;
     private String extAllowedAudience;
 
@@ -401,6 +404,27 @@ public void setIdTokenEncryptionMethod(String idTokenEncryptionMethod) {
 
         this.idTokenEncryptionMethod = idTokenEncryptionMethod;
     }
+
+    public Boolean getUseClientIdAsSubClaimForAppTokens() {
+
+        return useClientIdAsSubClaimForAppTokens;
+    }
+
+    public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+
+        this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+    }
+
+    public Boolean getOmitUsernameInIntrospectionRespForAppTokens() {
+
+        return omitUsernameInIntrospectionRespForAppTokens;
+    }
+
+    public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+
+        this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+    }
+
     @Override
     public String toString() {
 

components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationRegistrationRequest.java

@@ -67,6 +67,8 @@ public class ApplicationRegistrationRequest implements Serializable {
     private String requestObjectEncryptionAlgorithm;
     private String requestObjectEncryptionMethod;
     private Map<String, Object> additionalAttributes;
+    private Boolean useClientIdAsSubClaimForAppTokens;
+    private Boolean omitUsernameInIntrospectionRespForAppTokens;
     private String extAllowedAudience;
 
     public void setAdditionalAttributes(Map<String, Object> additionalAttributes) {
@@ -541,5 +543,24 @@ public void setSoftwareStatement(String softwareStatement) {
         this.softwareStatement = softwareStatement;
     }
 
+    public Boolean getUseClientIdAsSubClaimForAppTokens() {
+
+        return useClientIdAsSubClaimForAppTokens;
+    }
+
+    public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+
+        this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+    }
+
+    public Boolean getOmitUsernameInIntrospectionRespForAppTokens() {
+
+        return omitUsernameInIntrospectionRespForAppTokens;
+    }
+
+    public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+
+        this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+    }
 
 }

components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/bean/ApplicationUpdateRequest.java

@@ -60,6 +60,8 @@ public class ApplicationUpdateRequest implements Serializable {
     private boolean tlsClientCertificateBoundAccessTokens;
     private boolean requireSignedRequestObject;
     private String subjectType;
+    private Boolean useClientIdAsSubClaimForAppTokens;
+    private Boolean omitUsernameInIntrospectionRespForAppTokens;
     private String requestObjectEncryptionAlgorithm;
     private String requestObjectEncryptionMethod;
     private Map<String, Object> additionalAttributes;
@@ -75,6 +77,26 @@ public Map<String, Object> getAdditionalAttributes() {
         return additionalAttributes;
     }
 
+    public Boolean getUseClientIdAsSubClaimForAppTokens() {
+
+        return useClientIdAsSubClaimForAppTokens;
+    }
+
+    public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
+
+        this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
+    }
+
+    public Boolean getOmitUsernameInIntrospectionRespForAppTokens() {
+
+        return omitUsernameInIntrospectionRespForAppTokens;
+    }
+
+    public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
+
+        this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
+    }
+
     public String getExtAllowedAudience() {
 
         return extAllowedAudience;

components/org.wso2.carbon.identity.oauth.dcr/src/main/java/org/wso2/carbon/identity/oauth/dcr/service/DCRMService.java

@@ -355,6 +355,13 @@ public Application updateApplication(ApplicationUpdateRequest updateRequest, Str
             if (updateRequest.getExtIdTokenLifetime() != null) {
                 appDTO.setIdTokenExpiryTime(updateRequest.getExtIdTokenLifetime());
             }
+            if (updateRequest.getUseClientIdAsSubClaimForAppTokens() != null) {
+                appDTO.setUseClientIdAsSubClaimForAppTokens(updateRequest.getUseClientIdAsSubClaimForAppTokens());
+            }
+            if (updateRequest.getOmitUsernameInIntrospectionRespForAppTokens() != null) {
+                appDTO.setOmitUsernameInIntrospectionRespForAppTokens(
+                        updateRequest.getOmitUsernameInIntrospectionRespForAppTokens());
+            }
             if (updateRequest.getTokenEndpointAuthMethod() != null) {
                 appDTO.setTokenEndpointAuthMethod(updateRequest.getTokenEndpointAuthMethod());
             }
@@ -694,6 +701,9 @@ private Application buildResponse(OAuthConsumerAppDTO createdApp, String tenantD
         application.setExtTokenType(createdApp.getTokenType());
         application.setJwksURI(createdApp.getJwksURI());
         application.setTokenEndpointAuthMethod(createdApp.getTokenEndpointAuthMethod());
+        application.setUseClientIdAsSubClaimForAppTokens(createdApp.isUseClientIdAsSubClaimForAppTokens());
+        application.setOmitUsernameInIntrospectionRespForAppTokens(
+                createdApp.isOmitUsernameInIntrospectionRespForAppTokens());
         application.setTokenEndpointAllowReusePvtKeyJwt(createdApp.isTokenEndpointAllowReusePvtKeyJwt());
         application.setTokenEndpointAuthSignatureAlgorithm(createdApp.getTokenEndpointAuthSignatureAlgorithm());
         application.setSectorIdentifierURI(createdApp.getSectorIdentifierURI());
@@ -786,6 +796,14 @@ private OAuthConsumerAppDTO createOAuthApp(ApplicationRegistrationRequest regist
         if (registrationRequest.getExtIdTokenLifetime() != null) {
             oAuthConsumerApp.setIdTokenExpiryTime(registrationRequest.getExtIdTokenLifetime());
         }
+        if (registrationRequest.getUseClientIdAsSubClaimForAppTokens() != null) {
+            oAuthConsumerApp.setUseClientIdAsSubClaimForAppTokens(
+                    registrationRequest.getUseClientIdAsSubClaimForAppTokens());
+        }
+        if (registrationRequest.getOmitUsernameInIntrospectionRespForAppTokens() != null) {
+            oAuthConsumerApp.setOmitUsernameInIntrospectionRespForAppTokens(
+                    registrationRequest.getOmitUsernameInIntrospectionRespForAppTokens());
+        }
         if (registrationRequest.getTokenEndpointAuthMethod() != null) {
             oAuthConsumerApp.setTokenEndpointAuthMethod(registrationRequest.getTokenEndpointAuthMethod());
         }

components/org.wso2.carbon.identity.oauth.stub/src/main/resources/OAuthAdminService.wsdl

@@ -414,6 +414,7 @@
                     <xs:element minOccurs="0" name="jwksURI" nillable="true" type="xs:string"/>
                     <xs:element minOccurs="0" name="oauthConsumerKey" nillable="true" type="xs:string"/>
                     <xs:element minOccurs="0" name="oauthConsumerSecret" nillable="true" type="xs:string"/>
+                    <xs:element minOccurs="0" name="omitUsernameInIntrospectionRespForAppTokens" nillable="true" type="xs:boolean"/>
                     <xs:element minOccurs="0" name="pkceMandatory" type="xs:boolean"/>
                     <xs:element minOccurs="0" name="pkceSupportPlain" type="xs:boolean"/>
                     <xs:element minOccurs="0" name="refreshTokenExpiryTime" type="xs:long"/>
@@ -437,6 +438,7 @@
                     <xs:element minOccurs="0" name="tokenEndpointAuthSignatureAlgorithm" nillable="true" type="xs:string"/>
                     <xs:element minOccurs="0" name="tokenRevocationWithIDPSessionTerminationEnabled" type="xs:boolean"/>
                     <xs:element minOccurs="0" name="tokenType" nillable="true" type="xs:string"/>
+                    <xs:element minOccurs="0" name="useClientIdAsSubClaimForAppTokens" nillable="true" type="xs:boolean"/>
                     <xs:element minOccurs="0" name="userAccessTokenExpiryTime" type="xs:long"/>
                     <xs:element minOccurs="0" name="username" nillable="true" type="xs:string"/>
                 </xs:sequence>