From 515a525b58b8961bd7f5c3c967119685fb068094 Mon Sep 17 00:00:00 2001 From: Janak Amarasena Date: Fri, 1 Dec 2023 17:47:01 +0530 Subject: [PATCH] Add state param for api based auth --- .../magiclink/MagicLinkAuthenticator.java | 17 +++++++++++++++++ .../MagicLinkAuthenticatorConstants.java | 2 ++ 2 files changed, 19 insertions(+) diff --git a/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticator.java b/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticator.java index c02a8e4..8d07de8 100644 --- a/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticator.java +++ b/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticator.java @@ -65,6 +65,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.UUID; import java.util.concurrent.TimeUnit; import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.RequestParams.RESTART_FLOW; @@ -212,6 +213,15 @@ protected void initiateAuthenticationRequest(HttpServletRequest request, HttpSer if (StringUtils.isNotEmpty(magicToken)) { String expiryTime = TimeUnit.SECONDS.toMinutes(getExpiryTime()) + " " + TimeUnit.MINUTES.name().toLowerCase(); + if (Boolean.parseBoolean((String) context.getProperty(IS_API_BASED))) { + /* Setting a state param to the request for the client to be able to correlate the + magic link coming to the app in API based authentication flow. The code is written in + this manner as it is not possible to dynamically set params to the email template. */ + String state = UUID.randomUUID().toString(); + context.setProperty(MagicLinkAuthenticatorConstants.AUTHENTICATOR_NAME + + MagicLinkAuthenticatorConstants.STATE_PARAM_SUFFIX, state); + magicToken = magicToken + "&" + MagicLinkAuthenticatorConstants.STATE_PARAM + "=" + state; + } triggerEvent(user, context, magicToken, expiryTime); } } @@ -660,6 +670,13 @@ public Optional getAuthInitiationData(AuthenticationContext c requiredParams.add(MLT); authenticatorData.setRequiredParams(requiredParams); setAuthParams(authenticatorData); + Map additionalAuthenticationParams = new HashMap<>(); + String state = (String) context.getProperty(MagicLinkAuthenticatorConstants.AUTHENTICATOR_NAME + + MagicLinkAuthenticatorConstants.STATE_PARAM_SUFFIX); + additionalAuthenticationParams.put(MagicLinkAuthenticatorConstants.STATE_PARAM, state); + AdditionalData additionalData = new AdditionalData(); + additionalData.setAdditionalAuthenticationParams(additionalAuthenticationParams); + authenticatorData.setAdditionalData(additionalData); } return Optional.of(authenticatorData); diff --git a/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticatorConstants.java b/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticatorConstants.java index 9f044ca..10e069a 100644 --- a/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticatorConstants.java +++ b/components/org.wso2.carbon.identity.application.authenticator.magiclink/src/main/java/org/wso2/carbon/identity/application/authenticator/magiclink/MagicLinkAuthenticatorConstants.java @@ -56,6 +56,8 @@ private MagicLinkAuthenticatorConstants() { public static final String EXPIRYTIME = "expiry-time"; public static final String IS_API_BASED_AUTHENTICATION_SUPPORTED = "isAPIBasedAuthenticationSupported"; public static final String CALLBACK_URL = "callbackUrl"; + public static final String STATE_PARAM_SUFFIX = "_state_param"; + public static final String STATE_PARAM = "state"; /** * Constants related to log management.