diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java index b124fb4e91..db998ce7f1 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -654,9 +654,16 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo; try { if (username == null || password == null) { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices. + createAndRetrieveApplicationCredentials( + "ClientForConsumerRestCalls", + "client_credentials password refresh_token", + null); } else { - apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password); + apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys( + username, password, + "ClientForConsumerRestCalls", + "client_credentials password refresh_token"); } accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java index 1cdceff56a..c3911abb66 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java @@ -23,10 +23,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo; import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException; public interface APIApplicationServices { + APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType, String tokenType) + throws APIServicesException; - APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException; - - APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) + APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password, String clientName, String grantType) throws APIServicesException; AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException; diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java index 9dbd5f52cc..84c4b48022 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java @@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices { getAPIManagerConfigurationService().getAPIManagerConfiguration(); @Override - public APIApplicationKey createAndRetrieveApplicationCredentials() + public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType, String tokenType) throws APIServicesException { String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); @@ -53,9 +53,10 @@ public class APIApplicationServicesImpl implements APIApplicationServices { JSONObject jsonObject = new JSONObject(); jsonObject.put("callbackUrl", Constants.EMPTY_STRING); - jsonObject.put("clientName", Constants.CLIENT_NAME); - jsonObject.put("grantType", Constants.GRANT_TYPE); + jsonObject.put("clientName", clientName); + jsonObject.put("grantType", grantType); jsonObject.put("owner", serverUser); + jsonObject.put("tokenType", tokenType); jsonObject.put("saasApp", true); RequestBody requestBody = RequestBody.Companion.create(jsonObject.toString(), JSON); @@ -75,15 +76,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices { } @Override - public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) + public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password, String clientName, String grantType) throws APIServicesException { String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); JSONObject jsonObject = new JSONObject(); jsonObject.put("callbackUrl", Constants.EMPTY_STRING); - jsonObject.put("clientName", username); - jsonObject.put("grantType", Constants.GRANT_TYPE); + jsonObject.put("clientName", clientName); + jsonObject.put("grantType", grantType); jsonObject.put("owner", username); jsonObject.put("saasApp", true); diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java index c0324981c0..8d9c887d3d 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java @@ -30,7 +30,6 @@ public final class Constants { public static final String CLIENT_NAME = "rest_api_publisher_code"; public static final String SERVER_USER = "WorkflowConfigurations.ServerUser"; public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword"; - public static final String GRANT_TYPE = "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"; public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token"; public static final String OAUTH_EXPIRES_IN = "expires_in"; public static final String OAUTH_TOKEN_SCOPE = "scope"; diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index fe98a8cef8..9a1daff4ca 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService { APIApplicationKey apiApplicationKey; AccessTokenInfo accessTokenInfo; try { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForPublisherRESTCalls", + "client_credentials password refresh_token", + null); accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); } catch (APIServicesException e) { @@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService { APIApplicationKey apiApplicationKey; AccessTokenInfo accessTokenInfo; try { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForPublisherRESTCalls", + "client_credentials password refresh_token", + null); accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); } catch (APIServicesException e) { diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java index f600f65ee3..dadbba2650 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java @@ -818,7 +818,9 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { // "jwt", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() // .getRealmConfiguration().getAdminPassword()); APIApplicationServices apiApplicationServices = new APIApplicationServicesImpl(); - APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials(); + APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials("ClientForJWTGeneration", + "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer", + "JWT"); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx. diff --git a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/JWTClient.java index fea7e9d0cc..dd9acb64ca 100644 --- a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/JWTClient.java @@ -138,7 +138,7 @@ public class JWTClient { if (jwtConfig == null) { return null; } - URL tokenEndpoint = new URL(jwtConfig.getTokenEndpoint());// try calling /token endpoint- https://localhost:9443/oauth2/token + URL tokenEndpoint = new URL("https://localhost:9443/oauth2/token");// try calling /token endpoint- https://localhost:9443/oauth2/token HttpClient httpClient = JWTClientUtil.getHttpClient(tokenEndpoint.getProtocol()); HttpPost postMethod = new HttpPost(tokenEndpoint.toString()); postMethod.setEntity(new UrlEncodedFormEntity(nameValuePairs)); diff --git a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java index e2e5d30bb4..913a6dc2eb 100644 --- a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java @@ -224,13 +224,14 @@ public class JWTClientUtil { //set up the basic claims JWTClaimsSet.Builder claimsSet = new JWTClaimsSet.Builder(); claimsSet.issueTime(new Date(iat)); + claimsSet.claim("scope", "appm:subscribe apim:subscribe openid"); claimsSet.expirationTime(new Date(exp)); claimsSet.issuer(iss); claimsSet.subject(username); claimsSet.notBeforeTime(new Date(nbf)); claimsSet.jwtID(jti); claimsSet.audience(aud); - claimsSet.claim(SIGNED_JWT_AUTH_USERNAME, username); +// claimsSet.claim(SIGNED_JWT_AUTH_USERNAME, username); if (customClaims != null && !customClaims.isEmpty()) { for (String key : customClaims.keySet()) { claimsSet.claim(key, customClaims.get(key));