Updated Grant Type Implementation

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java

@@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions;
 
 
 /**
- * This hold the constants related oauth extensions.
+ * This hold the OAuthConstants related oauth extensions.
  */
-public class Constants {
+public class OAuthConstants {
 
     public static final String DEFAULT_DEVICE_ASSERTION = "device";
     public static final String DEFAULT_USERNAME_IDENTIFIER = "username";

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java

@@ -301,7 +301,7 @@ public class OAuthExtUtils {
                 DeviceRequestDTO deviceRequestDTO = null;
                 RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
                 for (RequestParameter parameter : parameters) {
-                    if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
+                    if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) {
                         String deviceJson = parameter.getValue()[0];
                         Gson gson = new Gson();
                         deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)),
@@ -309,26 +309,31 @@ public class OAuthExtUtils {
                     }
                 }
                 if (deviceRequestDTO != null) {
-                    String scopeName = deviceRequestDTO.getScope();
-                    List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
-                    DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
-                            .getDeviceAccessAuthorizationService()
-                            .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
-                    if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) {
-                        String scopes[] = tokReqMsgCtx.getScope();
-                        String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
-                                .getAuthorizedDevices().size()];
-                        int scopeIndex = 0;
-                        for (String scope : scopes) {
-                            authorizedScopes[scopeIndex] = scope;
-                            scopeIndex++;
-                        }
-                        for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
-                            authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
-                                    deviceIdentifier.getId() + ":" + scopeName;
-                            scopeIndex++;
+                    String requestScopes = deviceRequestDTO.getScope();
+                    String scopeNames[] = requestScopes.split(" ");
+                    for (String scopeName : scopeNames) {
+                        List<DeviceIdentifier> deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers();
+                        DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance()
+                                .getDeviceAccessAuthorizationService()
+                                .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName));
+                        if (deviceAuthorizationResult != null &&
+                                deviceAuthorizationResult.getAuthorizedDevices() != null) {
+                            String scopes[] = tokReqMsgCtx.getScope();
+                            String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult
+                                    .getAuthorizedDevices().size()];
+                            int scopeIndex = 0;
+                            for (String scope : scopes) {
+                                authorizedScopes[scopeIndex] = scope;
+                                scopeIndex++;
+                            }
+                            for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) {
+                                authorizedScopes[scopeIndex] =
+                                        DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" +
+                                                deviceIdentifier.getId() + ":" + scopeName;
+                                scopeIndex++;
+                            }
+                            tokReqMsgCtx.setScope(authorizedScopes);
                         }
-                        tokReqMsgCtx.setScope(authorizedScopes);
                     }
                 }
             }  catch (DeviceAccessAuthorizationException e) {

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java

@@ -18,13 +18,10 @@
 
 package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
 
-import com.google.gson.Gson;
-import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler;
-import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
-import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO;
+import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
 import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.model.RequestParameter;
@@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant
         RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
         for (RequestParameter parameter : parameters) {
             switch (parameter.getKey()) {
-                case Constants.DEFAULT_USERNAME_IDENTIFIER:
+                case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER:
                     String username = parameter.getValue()[0];
                     tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username);
                     break;
 
-                case Constants.DEFAULT_PASSWORD_IDENTIFIER:
+                case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER:
                     String password = parameter.getValue()[0];
                     tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password);
                     break;

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
 
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
+import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator<HttpServl
     public ExtendedDeviceJWTGrantValidator() {
         requiredParams.add(OAuth.OAUTH_GRANT_TYPE);
         requiredParams.add(OAuth.OAUTH_ASSERTION);
-        requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
     }
 }

components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDevicePasswordGrantValidator.java

@@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators;
 
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.validators.AbstractValidator;
-import org.wso2.carbon.device.mgt.oauth.extensions.Constants;
+import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -32,6 +32,6 @@ public class ExtendedDevicePasswordGrantValidator extends AbstractValidator<Http
     public ExtendedDevicePasswordGrantValidator() {
         requiredParams.add(OAuth.OAUTH_USERNAME);
         requiredParams.add(OAuth.OAUTH_PASSWORD);
-        requiredParams.add(Constants.DEFAULT_DEVICE_ASSERTION);
+        requiredParams.add(OAuthConstants.DEFAULT_DEVICE_ASSERTION);
     }
 }

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java

@@ -44,6 +44,7 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
 
 /**
  * this class represents an implementation of Token Client which is based on JWT
@@ -63,14 +64,10 @@ public class JWTClient {
 		this.isDefaultJWTClient = isDefaultJWTClient;
 	}
 
-
-	/**
-	 * {@inheritDoc}
-	 */
 	public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes)
 			throws JWTClientException {
 		List<NameValuePair> params = new ArrayList<>();
-		params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
+		params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
 		String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
 		if (assertion == null) {
 			throw new JWTClientException("JWT is not configured properly for user : " + username);
@@ -80,9 +77,26 @@ public class JWTClient {
 		return getTokenInfo(params, consumerKey, consumerSecret);
 	}
 
-	/**
-	 * {@inheritDoc}
-	 */
+	public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes,
+										  Map<String, String> paramsMap)
+			throws JWTClientException {
+		List<NameValuePair> params = new ArrayList<>();
+		params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType()));
+		String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
+		if (assertion == null) {
+			throw new JWTClientException("JWT is not configured properly for user : " + username);
+		}
+		params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion));
+		params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes));
+		if (paramsMap != null) {
+			for (String key : paramsMap.keySet()) {
+				params.add(new BasicNameValuePair(key, paramsMap.get(key)));
+			}
+		}
+		return getTokenInfo(params, consumerKey, consumerSecret);
+	}
+
+
 	public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes,
 														  String consumerKey, String consumerSecret)
 			throws JWTClientException {

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/constant/JWTConstants.java

@@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant;
 public class JWTConstants {
 	public static final String OAUTH_EXPIRES_IN = "expires_in";
 	public static final String OAUTH_TOKEN_TYPE = "token_type";
-	public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer";
+	public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer";
 	public static final String GRANT_TYPE_PARAM_NAME = "grant_type";
 	public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token";
 	public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token";

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java

@@ -1,6 +1,7 @@
 package org.wso2.carbon.identity.jwt.client.extension.dto;
 
 import org.wso2.carbon.core.util.Utils;
+import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -20,6 +21,7 @@ public class JWTConfig {
 	private static final String JKS_PASSWORD ="KeyStorePassword";
 	private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword";
 	private static final String TOKEN_ENDPOINT = "TokenEndpoint";
+	private static final String JWT_GRANT_TYPE_NAME = "GrantType";
 
 	/**
 	 * issuer of the JWT
@@ -69,6 +71,11 @@ public class JWTConfig {
 	private String privateKeyAlias;
 	private String privateKeyPassword;
 
+	/**
+	 * Jwt Grant Type Name
+	 */
+	private String jwtGrantType;
+
 	/**
 	 * @param properties load the config from the properties file.
 	 */
@@ -89,6 +96,8 @@ public class JWTConfig {
 		privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS);
 		privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD);
 		tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, "");
+		jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE);
+
 	}
 
 	private static List<String> getAudience(String audience){
@@ -146,4 +155,8 @@ public class JWTConfig {
 	public String getTokenEndpoint() {
 		return Utils.replaceSystemProperty(tokenEndpoint);
 	}
+
+	public String getJwtGrantType() {
+		return jwtGrantType;
+	}
 }

pom.xml

@@ -780,6 +780,11 @@
                 <artifactId>org.wso2.carbon.apimgt.keymgt.client</artifactId>
                 <version>${carbon.api.mgt.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.wso2.carbon.apimgt</groupId>
+                <artifactId>org.wso2.carbon.apimgt.keymgt</artifactId>
+                <version>${carbon.api.mgt.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.wso2.carbon.apimgt</groupId>
                 <artifactId>org.wso2.carbon.apimgt.impl</artifactId>