Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add useClientIdAsSubClaimForAppTokens and omitUsernameInIntrospectionRespForAppTokens configs to app #644

Merged
merged 2 commits into from
Aug 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,8 @@ public static StateEnum fromValue(String value) {
private RefreshTokenConfiguration refreshToken;
private SubjectTokenConfiguration subjectToken;
private IdTokenConfiguration idToken;
private Boolean useClientIdAsSubClaimForAppTokens;
private Boolean omitUsernameInIntrospectionRespForAppTokens;
private OIDCLogoutConfiguration logout;
private Boolean validateRequestObjectSignature = false;
private List<String> scopeValidators = null;
Expand Down Expand Up @@ -358,6 +360,45 @@ public void setIdToken(IdTokenConfiguration idToken) {
this.idToken = idToken;
}

/**
* If enabled, client_id will be sent as the subject claim value for app tokens.
*/
public OpenIDConnectConfiguration useClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {

this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
return this;
}

@ApiModelProperty("If enable, client_id will be sent as the sub claim value for app tokens.")
@JsonProperty("useClientIdAsSubClaimForAppTokens")
@Valid
public Boolean getUseClientIdAsSubClaimForAppTokens() {
return useClientIdAsSubClaimForAppTokens;
}
public void setUseClientIdAsSubClaimForAppTokens(Boolean useClientIdAsSubClaimForAppTokens) {
this.useClientIdAsSubClaimForAppTokens = useClientIdAsSubClaimForAppTokens;
}

/**
* If enabled, username will not be sent in the introspection response for app tokens.
*/
public OpenIDConnectConfiguration omitUsernameInIntrospectionRespForAppTokens(
Boolean omitUsernameInIntrospectionRespForAppTokens) {

this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
return this;
}

@ApiModelProperty("If enabled, username will not be sent in the introspection response for app tokens.")
@JsonProperty("omitUsernameInIntrospectionRespForAppTokens")
@Valid
public Boolean getOmitUsernameInIntrospectionRespForAppTokens() {
return omitUsernameInIntrospectionRespForAppTokens;
}
public void setOmitUsernameInIntrospectionRespForAppTokens(Boolean omitUsernameInIntrospectionRespForAppTokens) {
this.omitUsernameInIntrospectionRespForAppTokens = omitUsernameInIntrospectionRespForAppTokens;
}

/**
**/
public OpenIDConnectConfiguration logout(OIDCLogoutConfiguration logout) {
Expand Down Expand Up @@ -552,6 +593,10 @@ public boolean equals(java.lang.Object o) {
Objects.equals(this.refreshToken, openIDConnectConfiguration.refreshToken) &&
Objects.equals(this.subjectToken, openIDConnectConfiguration.subjectToken) &&
Objects.equals(this.idToken, openIDConnectConfiguration.idToken) &&
Objects.equals(this.useClientIdAsSubClaimForAppTokens,
openIDConnectConfiguration.useClientIdAsSubClaimForAppTokens) &&
Objects.equals(this.omitUsernameInIntrospectionRespForAppTokens,
openIDConnectConfiguration.omitUsernameInIntrospectionRespForAppTokens) &&
Objects.equals(this.logout, openIDConnectConfiguration.logout) &&
Objects.equals(this.validateRequestObjectSignature, openIDConnectConfiguration.validateRequestObjectSignature) &&
Objects.equals(this.scopeValidators, openIDConnectConfiguration.scopeValidators) &&
Expand All @@ -566,7 +611,7 @@ public boolean equals(java.lang.Object o) {
@Override
public int hashCode() {

return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, hybridFlow, accessToken, refreshToken, subjectToken, idToken, logout, validateRequestObjectSignature, scopeValidators, clientAuthentication, requestObject, pushAuthorizationRequest, subject, isFAPIApplication, fapiMetadata);
return Objects.hash(clientId, clientSecret, state, grantTypes, callbackURLs, allowedOrigins, publicClient, pkce, hybridFlow, accessToken, refreshToken, subjectToken, idToken, useClientIdAsSubClaimForAppTokens, omitUsernameInIntrospectionRespForAppTokens, logout, validateRequestObjectSignature, scopeValidators, clientAuthentication, requestObject, pushAuthorizationRequest, subject, isFAPIApplication, fapiMetadata);
}

@Override
Expand All @@ -588,6 +633,8 @@ public String toString() {
sb.append(" refreshToken: ").append(toIndentedString(refreshToken)).append("\n");
sb.append(" subjectToken: ").append(toIndentedString(subjectToken)).append("\n");
sb.append(" idToken: ").append(toIndentedString(idToken)).append("\n");
sb.append(" useClientIdAsSubClaimForAppTokens: ").append(toIndentedString(useClientIdAsSubClaimForAppTokens)).append("\n");
sb.append(" omitUsernameInIntrospectionRespForAppTokens: ").append(toIndentedString(omitUsernameInIntrospectionRespForAppTokens)).append("\n");
sb.append(" logout: ").append(toIndentedString(logout)).append("\n");
sb.append(" validateRequestObjectSignature: ").append(toIndentedString(validateRequestObjectSignature)).append("\n");
sb.append(" scopeValidators: ").append(toIndentedString(scopeValidators)).append("\n");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ public OAuthConsumerAppDTO apply(String appName, OpenIDConnectConfiguration oidc
consumerAppDTO.setBypassClientCredentials(oidcModel.getPublicClient());
consumerAppDTO.setRequestObjectSignatureValidationEnabled(oidcModel.getValidateRequestObjectSignature());

consumerAppDTO.setUseClientIdAsSubClaimForAppTokens(oidcModel.getUseClientIdAsSubClaimForAppTokens());
consumerAppDTO.setOmitUsernameInIntrospectionRespForAppTokens(
oidcModel.getOmitUsernameInIntrospectionRespForAppTokens());

updateAllowedOrigins(consumerAppDTO, oidcModel.getAllowedOrigins());
updatePkceConfigurations(consumerAppDTO, oidcModel.getPkce());
updateHybridFlowConfigurations(consumerAppDTO, oidcModel.getHybridFlow());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@ public OpenIDConnectConfiguration apply(OAuthConsumerAppDTO oauthAppDTO) {
.accessToken(buildTokenConfiguration(oauthAppDTO))
.refreshToken(buildRefreshTokenConfiguration(oauthAppDTO))
.idToken(buildIdTokenConfiguration(oauthAppDTO))
.useClientIdAsSubClaimForAppTokens(oauthAppDTO.isUseClientIdAsSubClaimForAppTokens())
.omitUsernameInIntrospectionRespForAppTokens(
oauthAppDTO.isOmitUsernameInIntrospectionRespForAppTokens())
.logout(buildLogoutConfiguration(oauthAppDTO))
.scopeValidators(getScopeValidators(oauthAppDTO))
.validateRequestObjectSignature(oauthAppDTO.isRequestObjectSignatureValidationEnabled())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3603,6 +3603,12 @@ components:
Enabling this option will allow the client to authenticate without a
client secret.
example: false
useClientIdAsSubClaimForAppTokens:
type: boolean
description: If enabled, client_id will be sent as the sub claim value for app tokens.
omitUsernameInIntrospectionRespForAppTokens:
type: boolean
description: If enabled, username will not be sent in the introspection response for app tokens.
pkce:
$ref: '#/components/schemas/OAuth2PKCEConfiguration'
accessToken:
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -808,7 +808,7 @@
<findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
<maven.checkstyleplugin.excludes>**/gen/**/*</maven.checkstyleplugin.excludes>
<identity.event.handler.version>1.8.19</identity.event.handler.version>
<identity.inbound.oauth2.version>7.0.137</identity.inbound.oauth2.version>
<identity.inbound.oauth2.version>7.0.140</identity.inbound.oauth2.version>
<identity.inbound.saml2.version>5.11.41</identity.inbound.saml2.version>
<commons.beanutils.version>1.9.4</commons.beanutils.version>
<mavan.findbugsplugin.exclude.file>findbugs-exclude-filter.xml</mavan.findbugsplugin.exclude.file>
Expand Down
Loading