wso2 · Thumimku · Nov 10, 2023 · Nov 1, 2023 · Nov 9, 2023 · Nov 9, 2023
diff --git a/...arbon/identity/api/server/application/management/v1/AdvancedApplicationConfiguration.java b/...arbon/identity/api/server/application/management/v1/AdvancedApplicationConfiguration.java
@@ -25,6 +25,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import org.wso2.carbon.identity.api.server.application.management.v1.AdditionalSpProperty;
+import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfigurationAttestationMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.Certificate;
 import javax.validation.constraints.*;
 
@@ -44,6 +45,8 @@ public class AdvancedApplicationConfiguration  {
     private Boolean returnAuthenticatedIdpList;
     private Boolean enableAuthorization;
     private Boolean fragment;
+    private Boolean enableAPIBasedAuthentication;
+    private AdvancedApplicationConfigurationAttestationMetaData attestationMetaData;
     private List<AdditionalSpProperty> additionalSpProperties = null;
     private Boolean useExternalConsentPage;
 
@@ -217,6 +220,43 @@ public void setFragment(Boolean fragment) {
         this.fragment = fragment;
     }
 
+    /**
+    * Decides whether API Based Authentication is enabled for this application.
+    **/
+    public AdvancedApplicationConfiguration enableAPIBasedAuthentication(Boolean enableAPIBasedAuthentication) {
+
+        this.enableAPIBasedAuthentication = enableAPIBasedAuthentication;
+        return this;
+    }
+
+    @ApiModelProperty(example = "false", value = "Decides whether API Based Authentication is enabled for this application.")
+    @JsonProperty("enableAPIBasedAuthentication")
+    @Valid
+    public Boolean getEnableAPIBasedAuthentication() {
+        return enableAPIBasedAuthentication;
+    }
+    public void setEnableAPIBasedAuthentication(Boolean enableAPIBasedAuthentication) {
+        this.enableAPIBasedAuthentication = enableAPIBasedAuthentication;
+    }
+
+    /**
+    **/
+    public AdvancedApplicationConfiguration attestationMetaData(AdvancedApplicationConfigurationAttestationMetaData attestationMetaData) {
+
+        this.attestationMetaData = attestationMetaData;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("attestationMetaData")
+    @Valid
+    public AdvancedApplicationConfigurationAttestationMetaData getAttestationMetaData() {
+        return attestationMetaData;
+    }
+    public void setAttestationMetaData(AdvancedApplicationConfigurationAttestationMetaData attestationMetaData) {
+        this.attestationMetaData = attestationMetaData;
+    }
+
     /**
     **/
     public AdvancedApplicationConfiguration additionalSpProperties(List<AdditionalSpProperty> additionalSpProperties) {
@@ -264,12 +304,14 @@ public boolean equals(java.lang.Object o) {
             Objects.equals(this.returnAuthenticatedIdpList, advancedApplicationConfiguration.returnAuthenticatedIdpList) &&
             Objects.equals(this.enableAuthorization, advancedApplicationConfiguration.enableAuthorization) &&
             Objects.equals(this.fragment, advancedApplicationConfiguration.fragment) &&
+            Objects.equals(this.enableAPIBasedAuthentication, advancedApplicationConfiguration.enableAPIBasedAuthentication) &&
+            Objects.equals(this.attestationMetaData, advancedApplicationConfiguration.attestationMetaData) &&
             Objects.equals(this.additionalSpProperties, advancedApplicationConfiguration.additionalSpProperties);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(saas, discoverableByEndUsers, certificate, skipLoginConsent, skipLogoutConsent, useExternalConsentPage, returnAuthenticatedIdpList, enableAuthorization, fragment, additionalSpProperties);
+        return Objects.hash(saas, discoverableByEndUsers, certificate, skipLoginConsent, skipLogoutConsent, useExternalConsentPage, returnAuthenticatedIdpList, enableAuthorization, fragment, enableAPIBasedAuthentication, attestationMetaData, additionalSpProperties);
     }
 
     @Override
@@ -287,6 +329,8 @@ public String toString() {
         sb.append("    returnAuthenticatedIdpList: ").append(toIndentedString(returnAuthenticatedIdpList)).append("\n");
         sb.append("    enableAuthorization: ").append(toIndentedString(enableAuthorization)).append("\n");
         sb.append("    fragment: ").append(toIndentedString(fragment)).append("\n");
+        sb.append("    enableAPIBasedAuthentication: ").append(toIndentedString(enableAPIBasedAuthentication)).append("\n");
+        sb.append("    attestationMetaData: ").append(toIndentedString(attestationMetaData)).append("\n");
         sb.append("    additionalSpProperties: ").append(toIndentedString(additionalSpProperties)).append("\n");
         sb.append("}");
         return sb.toString();

diff --git a/...server/application/management/v1/AdvancedApplicationConfigurationAttestationMetaData.java b/...server/application/management/v1/AdvancedApplicationConfigurationAttestationMetaData.java
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.api.server.application.management.v1;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import javax.validation.constraints.*;
+
+/**
+ * Decides the client attestation meta data for the application.
+ **/
+
+import io.swagger.annotations.*;
+import java.util.Objects;
+import javax.validation.Valid;
+import javax.xml.bind.annotation.*;
+@ApiModel(description = "Decides the client attestation meta data for the application.")
+public class AdvancedApplicationConfigurationAttestationMetaData  {
+
+    private Boolean enableClientAttestation;
+    private String androidPackageName;
+    private Object androidAttestationServiceCredentials;
+    private String appleAppId;
+
+    /**
+    * Decides whether client attestation enabled for this application.
+    **/
+    public AdvancedApplicationConfigurationAttestationMetaData enableClientAttestation(Boolean enableClientAttestation) {
+
+        this.enableClientAttestation = enableClientAttestation;
+        return this;
+    }
+
+    @ApiModelProperty(example = "false", value = "Decides whether client attestation enabled for this application.")
+    @JsonProperty("enableClientAttestation")
+    @Valid
+    public Boolean getEnableClientAttestation() {
+        return enableClientAttestation;
+    }
+    public void setEnableClientAttestation(Boolean enableClientAttestation) {
+        this.enableClientAttestation = enableClientAttestation;
+    }
+
+    /**
+    * Decides the android package name of the application.
+    **/
+    public AdvancedApplicationConfigurationAttestationMetaData androidPackageName(String androidPackageName) {
+
+        this.androidPackageName = androidPackageName;
+        return this;
+    }
+
+    @ApiModelProperty(example = "com.wso2.mobile.sample", value = "Decides the android package name of the application.")
+    @JsonProperty("androidPackageName")
+    @Valid
+    public String getAndroidPackageName() {
+        return androidPackageName;
+    }
+    public void setAndroidPackageName(String androidPackageName) {
+        this.androidPackageName = androidPackageName;
+    }
+
+    /**
+    * Decides the credentials for the service account to access Google Play Integrity Service.
+    **/
+    public AdvancedApplicationConfigurationAttestationMetaData androidAttestationServiceCredentials(Object androidAttestationServiceCredentials) {
+
+        this.androidAttestationServiceCredentials = androidAttestationServiceCredentials;
+        return this;
+    }
+
+    @ApiModelProperty(value = "Decides the credentials for the service account to access Google Play Integrity Service.")
+    @JsonProperty("androidAttestationServiceCredentials")
+    @Valid
+    public Object getAndroidAttestationServiceCredentials() {
+        return androidAttestationServiceCredentials;
+    }
+    public void setAndroidAttestationServiceCredentials(Object androidAttestationServiceCredentials) {
+        this.androidAttestationServiceCredentials = androidAttestationServiceCredentials;
+    }
+
+    /**
+    * Decides the apple app id which denotes {apple-teamId}.{bundleId}.
+    **/
+    public AdvancedApplicationConfigurationAttestationMetaData appleAppId(String appleAppId) {
+
+        this.appleAppId = appleAppId;
+        return this;
+    }
+
+    @ApiModelProperty(example = "APPLETEAMID.com.wso2.mobile.sample", value = "Decides the apple app id which denotes {apple-teamId}.{bundleId}.")
+    @JsonProperty("appleAppId")
+    @Valid
+    public String getAppleAppId() {
+        return appleAppId;
+    }
+    public void setAppleAppId(String appleAppId) {
+        this.appleAppId = appleAppId;
+    }
+
+
+
+    @Override
+    public boolean equals(java.lang.Object o) {
+
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        AdvancedApplicationConfigurationAttestationMetaData advancedApplicationConfigurationAttestationMetaData = (AdvancedApplicationConfigurationAttestationMetaData) o;
+        return Objects.equals(this.enableClientAttestation, advancedApplicationConfigurationAttestationMetaData.enableClientAttestation) &&
+            Objects.equals(this.androidPackageName, advancedApplicationConfigurationAttestationMetaData.androidPackageName) &&
+            Objects.equals(this.androidAttestationServiceCredentials, advancedApplicationConfigurationAttestationMetaData.androidAttestationServiceCredentials) &&
+            Objects.equals(this.appleAppId, advancedApplicationConfigurationAttestationMetaData.appleAppId);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(enableClientAttestation, androidPackageName, androidAttestationServiceCredentials, appleAppId);
+    }
+
+    @Override
+    public String toString() {
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("class AdvancedApplicationConfigurationAttestationMetaData {\n");
+
+        sb.append("    enableClientAttestation: ").append(toIndentedString(enableClientAttestation)).append("\n");
+        sb.append("    androidPackageName: ").append(toIndentedString(androidPackageName)).append("\n");
+        sb.append("    androidAttestationServiceCredentials: ").append(toIndentedString(androidAttestationServiceCredentials)).append("\n");
+        sb.append("    appleAppId: ").append(toIndentedString(appleAppId)).append("\n");
+        sb.append("}");
+        return sb.toString();
+    }
+
+    /**
+    * Convert the given object to string with each line indented by 4 spaces
+    * (except the first line).
+    */
+    private String toIndentedString(java.lang.Object o) {
+
+        if (o == null) {
+            return "null";
+        }
+        return o.toString().replace("\n", "\n");
+    }
+}
+
diff --git a/...erver/application/management/v1/core/functions/application/ServiceProviderToApiModel.java b/...erver/application/management/v1/core/functions/application/ServiceProviderToApiModel.java
@@ -23,6 +23,7 @@
 import org.wso2.carbon.identity.api.server.application.management.common.ApplicationManagementServiceHolder;
 import org.wso2.carbon.identity.api.server.application.management.v1.AdditionalSpProperty;
 import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfiguration;
+import org.wso2.carbon.identity.api.server.application.management.v1.AdvancedApplicationConfigurationAttestationMetaData;
 import org.wso2.carbon.identity.api.server.application.management.v1.ApplicationResponseModel;
 import org.wso2.carbon.identity.api.server.application.management.v1.AssociatedRolesConfig;
 import org.wso2.carbon.identity.api.server.application.management.v1.AuthenticationSequence;
@@ -46,6 +47,7 @@
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
 import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
+import org.wso2.carbon.identity.application.common.model.ClientAttestationMetaData;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
 import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
 import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
@@ -71,6 +73,10 @@
 import static org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.UpdateAdvancedConfigurations.TYPE_JWKS;
 import static org.wso2.carbon.identity.api.server.application.management.v1.core.functions.application.UpdateAdvancedConfigurations.TYPE_PEM;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.ALLOWED_ROLE_AUDIENCE_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.ANDROID_PACKAGE_NAME_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.APPLE_APP_ID_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_API_BASED_AUTHENTICATION_ENABLED_PROPERTY_NAME;
+import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_ATTESTATION_ENABLED_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.IS_MANAGEMENT_APP_SP_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.TEMPLATE_ID_SP_PROPERTY_NAME;
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.USE_USER_ID_FOR_DEFAULT_SUBJECT;
@@ -418,9 +424,40 @@ private AdvancedApplicationConfiguration buildAdvancedAppConfiguration(ServicePr
                 .useExternalConsentPage(authConfig.isUseExternalConsentPage())
                 .certificate(getCertificate(serviceProvider))
                 .fragment(isFragmentApp(serviceProvider))
+                .enableAPIBasedAuthentication(serviceProvider.isAPIBasedAuthenticationEnabled())
+                .attestationMetaData(getAttestationMetaData(serviceProvider))
                 .additionalSpProperties(getSpProperties(serviceProvider));
     }
 
+    /**
+     * Retrieves the attestation metadata for an application's advanced configuration based on the provided
+     * service provider.
+     *
+     * @param serviceProvider The service provider for which attestation metadata is required.
+     * @return An instance of AdvancedApplicationConfigurationAttestationMetaData containing attestation data.
+     */
+    private AdvancedApplicationConfigurationAttestationMetaData getAttestationMetaData
+                                                                (ServiceProvider serviceProvider) {
+
+        // Retrieve the client attestation metadata from the service provider.
+        ClientAttestationMetaData clientAttestationMetaData = serviceProvider.getClientAttestationMetaData();
+
+        // If the client attestation metadata is not available, create a new instance.
+        if (clientAttestationMetaData == null) {
+            clientAttestationMetaData = new ClientAttestationMetaData();
+        }
+
+        // Create and configure an instance of AdvancedApplicationConfigurationAttestationMetaData
+        // based on the client attestation metadata.
+        return new AdvancedApplicationConfigurationAttestationMetaData()
+                .enableClientAttestation(clientAttestationMetaData.isAttestationEnabled())
+                .androidPackageName(clientAttestationMetaData.getAndroidPackageName())
+                .appleAppId(clientAttestationMetaData.getAppleAppId())
+                .androidAttestationServiceCredentials(clientAttestationMetaData
+                        .getAndroidAttestationServiceCredentials());
+    }
+
+
     private List<AdditionalSpProperty> getSpProperties(ServiceProvider serviceProvider) {
 
         ServiceProviderProperty[] serviceProviderProperties = serviceProvider.getSpProperties();
@@ -453,6 +490,15 @@ private ServiceProviderProperty[] removeAndSetSpProperties(ServiceProviderProper
             spPropertyList.removeIf(property -> USE_USER_ID_FOR_DEFAULT_SUBJECT.equals(property.getName()));
             spPropertyList.removeIf(property -> TEMPLATE_ID_SP_PROPERTY_NAME.equals(property.getName()));
             spPropertyList.removeIf(property -> IS_MANAGEMENT_APP_SP_PROPERTY_NAME.equals(property.getName()));
+            spPropertyList.removeIf(property -> IS_ATTESTATION_ENABLED_PROPERTY_NAME.equals(property.getName()));
+            spPropertyList.removeIf(property ->
+                    IS_API_BASED_AUTHENTICATION_ENABLED_PROPERTY_NAME.equals(property.getName()));
+            spPropertyList.removeIf(property ->
+                    ANDROID_PACKAGE_NAME_PROPERTY_NAME.equals(property.getName()));
+            spPropertyList.removeIf(property ->
+                    ANDROID_PACKAGE_NAME_PROPERTY_NAME.equals(property.getName()));
+            spPropertyList.removeIf(property ->
+                    APPLE_APP_ID_PROPERTY_NAME.equals(property.getName()));
             spPropertyList.removeIf(property -> ALLOWED_ROLE_AUDIENCE_PROPERTY_NAME.equals(property.getName()));
             return spPropertyList.toArray(new ServiceProviderProperty[0]);
     }