diff --git a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTGrantHandler.java b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTGrantHandler.java index 90bba018517..006317f1794 100644 --- a/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTGrantHandler.java +++ b/components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/grant/ExtendedJWTGrantHandler.java @@ -25,6 +25,7 @@ import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler; +import org.wso2.carbon.identity.oauth2.model.RequestParameter; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; @@ -34,6 +35,7 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils; @SuppressWarnings("unused") public class ExtendedJWTGrantHandler extends JWTBearerGrantHandler { private static Log log = LogFactory.getLog(ExtendedJWTGrantHandler.class); + private static final String TENANT_DOMAIN_KEY = "tenantDomain"; @Override public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) { @@ -42,10 +44,18 @@ public class ExtendedJWTGrantHandler extends JWTBearerGrantHandler { @Override public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception { - /** - * This is added to skip per tenant IDP creation. - */ - tokReqMsgCtx.getOauth2AccessTokenReqDTO().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); + + RequestParameter[] requestParameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters(); + for (RequestParameter requestParameter : requestParameters) { + if (TENANT_DOMAIN_KEY.equals(requestParameter.getKey())) { + String[] values = requestParameter.getValue(); + if (values != null && values.length > 0) { + tokReqMsgCtx.getOauth2AccessTokenReqDTO() + .setTenantDomain(values[0]); + } + } + } + return super.validateGrant(tokReqMsgCtx); } } diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties index b0d9a4c18d7..0c9641fa2da 100644 --- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties +++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties @@ -19,7 +19,7 @@ #issuer of the JWT iss=wso2.org/products/iot -TokenEndpoint=https://${iot.gateway.host}:${iot.gateway.https.port}/token +TokenEndpoint=https://${iot.gateway.host}:${iot.gateway.https.port}/token?tenantDomain=carbon.super #audience of JWT claim #comma seperated values