diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/constants.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java similarity index 76% rename from components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/constants.java rename to components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java index b9f5080555c..eff890831de 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/constants.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthConstants.java @@ -2,9 +2,9 @@ package org.wso2.carbon.device.mgt.oauth.extensions; /** - * This hold the constants related oauth extensions. + * This hold the OAuthConstants related oauth extensions. */ -public class Constants { +public class OAuthConstants { public static final String DEFAULT_DEVICE_ASSERTION = "device"; public static final String DEFAULT_USERNAME_IDENTIFIER = "username"; diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java index b6e5c2947c7..b52d94b657a 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/OAuthExtUtils.java @@ -301,7 +301,7 @@ public class OAuthExtUtils { DeviceRequestDTO deviceRequestDTO = null; RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); for (RequestParameter parameter : parameters) { - if (Constants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { + if (OAuthConstants.DEFAULT_DEVICE_ASSERTION.equals(parameter.getKey())) { String deviceJson = parameter.getValue()[0]; Gson gson = new Gson(); deviceRequestDTO = gson.fromJson(new String(Base64.decodeBase64(deviceJson)), @@ -309,26 +309,31 @@ public class OAuthExtUtils { } } if (deviceRequestDTO != null) { - String scopeName = deviceRequestDTO.getScope(); - List deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); - DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() - .getDeviceAccessAuthorizationService() - .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); - if (deviceAuthorizationResult != null && deviceAuthorizationResult.getAuthorizedDevices() != null) { - String scopes[] = tokReqMsgCtx.getScope(); - String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult - .getAuthorizedDevices().size()]; - int scopeIndex = 0; - for (String scope : scopes) { - authorizedScopes[scopeIndex] = scope; - scopeIndex++; - } - for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { - authorizedScopes[scopeIndex] = DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + - deviceIdentifier.getId() + ":" + scopeName; - scopeIndex++; + String requestScopes = deviceRequestDTO.getScope(); + String scopeNames[] = requestScopes.split(" "); + for (String scopeName : scopeNames) { + List deviceIdentifiers = deviceRequestDTO.getDeviceIdentifiers(); + DeviceAuthorizationResult deviceAuthorizationResult = OAuthExtensionsDataHolder.getInstance() + .getDeviceAccessAuthorizationService() + .isUserAuthorized(deviceIdentifiers, username, getPermissions(scopeName)); + if (deviceAuthorizationResult != null && + deviceAuthorizationResult.getAuthorizedDevices() != null) { + String scopes[] = tokReqMsgCtx.getScope(); + String authorizedScopes[] = new String[scopes.length + deviceAuthorizationResult + .getAuthorizedDevices().size()]; + int scopeIndex = 0; + for (String scope : scopes) { + authorizedScopes[scopeIndex] = scope; + scopeIndex++; + } + for (DeviceIdentifier deviceIdentifier : deviceAuthorizationResult.getAuthorizedDevices()) { + authorizedScopes[scopeIndex] = + DEFAULT_SCOPE_TAG + ":" + deviceIdentifier.getType() + ":" + + deviceIdentifier.getId() + ":" + scopeName; + scopeIndex++; + } + tokReqMsgCtx.setScope(authorizedScopes); } - tokReqMsgCtx.setScope(authorizedScopes); } } } catch (DeviceAccessAuthorizationException e) { diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java index cc329158ee2..04418991eed 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedDeviceMgtPasswordGrantHandler.java @@ -18,13 +18,10 @@ package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant; -import com.google.gson.Gson; -import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.apimgt.keymgt.handlers.ExtendedPasswordGrantHandler; -import org.wso2.carbon.device.mgt.oauth.extensions.Constants; -import org.wso2.carbon.device.mgt.oauth.extensions.DeviceRequestDTO; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; import org.wso2.carbon.device.mgt.oauth.extensions.OAuthExtUtils; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.model.RequestParameter; @@ -40,12 +37,12 @@ public class ExtendedDeviceMgtPasswordGrantHandler extends ExtendedPasswordGrant RequestParameter parameters[] = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); for (RequestParameter parameter : parameters) { switch (parameter.getKey()) { - case Constants.DEFAULT_USERNAME_IDENTIFIER: + case OAuthConstants.DEFAULT_USERNAME_IDENTIFIER: String username = parameter.getValue()[0]; tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerUsername(username); break; - case Constants.DEFAULT_PASSWORD_IDENTIFIER: + case OAuthConstants.DEFAULT_PASSWORD_IDENTIFIER: String password = parameter.getValue()[0]; tokReqMsgCtx.getOauth2AccessTokenReqDTO().setResourceOwnerPassword(password); break; diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java index 9ccadc2a488..903c3997d46 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/ExtendedDeviceJWTGrantValidator.java @@ -20,7 +20,7 @@ package org.wso2.carbon.device.mgt.oauth.extensions.validators; import org.apache.oltu.oauth2.common.OAuth; import org.apache.oltu.oauth2.common.validators.AbstractValidator; -import org.wso2.carbon.device.mgt.oauth.extensions.Constants; +import org.wso2.carbon.device.mgt.oauth.extensions.OAuthConstants; import javax.servlet.http.HttpServletRequest; @@ -34,6 +34,5 @@ public class ExtendedDeviceJWTGrantValidator extends AbstractValidator params = new ArrayList<>(); - params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE)); + params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); if (assertion == null) { throw new JWTClientException("JWT is not configured properly for user : " + username); @@ -80,9 +77,26 @@ public class JWTClient { return getTokenInfo(params, consumerKey, consumerSecret); } - /** - * {@inheritDoc} - */ + public AccessTokenInfo getAccessToken(String consumerKey, String consumerSecret, String username, String scopes, + Map paramsMap) + throws JWTClientException { + List params = new ArrayList<>(); + params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); + String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); + if (assertion == null) { + throw new JWTClientException("JWT is not configured properly for user : " + username); + } + params.add(new BasicNameValuePair(JWTConstants.JWT_PARAM_NAME, assertion)); + params.add(new BasicNameValuePair(JWTConstants.SCOPE_PARAM_NAME, scopes)); + if (paramsMap != null) { + for (String key : paramsMap.keySet()) { + params.add(new BasicNameValuePair(key, paramsMap.get(key))); + } + } + return getTokenInfo(params, consumerKey, consumerSecret); + } + + public AccessTokenInfo getAccessTokenFromRefreshToken(String refreshToken, String username, String scopes, String consumerKey, String consumerSecret) throws JWTClientException { diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/constant/JWTConstants.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/constant/JWTConstants.java index 04cf3dda560..ab6a4b142d1 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/constant/JWTConstants.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/constant/JWTConstants.java @@ -23,7 +23,7 @@ package org.wso2.carbon.identity.jwt.client.extension.constant; public class JWTConstants { public static final String OAUTH_EXPIRES_IN = "expires_in"; public static final String OAUTH_TOKEN_TYPE = "token_type"; - public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device-mgt:jwt-bearer"; + public static final String JWT_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:jwt-bearer"; public static final String GRANT_TYPE_PARAM_NAME = "grant_type"; public static final String REFRESH_TOKEN_GRANT_TYPE = "refresh_token"; public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token"; diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java index 11ee9053ae6..67ebcb40990 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/dto/JWTConfig.java @@ -1,6 +1,7 @@ package org.wso2.carbon.identity.jwt.client.extension.dto; import org.wso2.carbon.core.util.Utils; +import org.wso2.carbon.identity.jwt.client.extension.constant.JWTConstants; import java.util.ArrayList; import java.util.List; @@ -20,6 +21,7 @@ public class JWTConfig { private static final String JKS_PASSWORD ="KeyStorePassword"; private static final String JKA_PRIVATE_KEY_PASSWORD = "PrivateKeyPassword"; private static final String TOKEN_ENDPOINT = "TokenEndpoint"; + private static final String JWT_GRANT_TYPE_NAME = "GrantType"; /** * issuer of the JWT @@ -69,6 +71,11 @@ public class JWTConfig { private String privateKeyAlias; private String privateKeyPassword; + /** + * Jwt Grant Type Name + */ + private String jwtGrantType; + /** * @param properties load the config from the properties file. */ @@ -89,6 +96,8 @@ public class JWTConfig { privateKeyAlias = properties.getProperty(JKS_PRIVATE_KEY_ALIAS); privateKeyPassword = properties.getProperty(JKA_PRIVATE_KEY_PASSWORD); tokenEndpoint = properties.getProperty(TOKEN_ENDPOINT, ""); + jwtGrantType = properties.getProperty(JWT_GRANT_TYPE_NAME, JWTConstants.JWT_GRANT_TYPE); + } private static List getAudience(String audience){ @@ -146,4 +155,8 @@ public class JWTConfig { public String getTokenEndpoint() { return Utils.replaceSystemProperty(tokenEndpoint); } + + public String getJwtGrantType() { + return jwtGrantType; + } } diff --git a/pom.xml b/pom.xml index fd0e907c7da..7e11f962d7c 100644 --- a/pom.xml +++ b/pom.xml @@ -780,6 +780,11 @@ org.wso2.carbon.apimgt.keymgt.client ${carbon.api.mgt.version} + + org.wso2.carbon.apimgt + org.wso2.carbon.apimgt.keymgt + ${carbon.api.mgt.version} + org.wso2.carbon.apimgt org.wso2.carbon.apimgt.impl