Skip to content

Commit

Permalink
[SYNCOPE-1788] Allow JWKS value for OIDC client applications (#550)
Browse files Browse the repository at this point in the history
  • Loading branch information
SamuelGaro authored Nov 15, 2023
1 parent 8eb9360 commit 38dac05
Show file tree
Hide file tree
Showing 13 changed files with 215 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,10 @@
*/
package org.apache.syncope.client.console.clientapps;

import jakarta.ws.rs.core.MediaType;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
Expand All @@ -37,6 +40,7 @@
import org.apache.syncope.client.console.rest.RealmRestClient;
import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
import org.apache.syncope.client.console.wicket.markup.html.form.AjaxSearchFieldPanel;
import org.apache.syncope.client.console.wicket.markup.html.form.BinaryFieldPanel;
import org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel;
import org.apache.syncope.client.console.wicket.markup.html.form.PolicyRenderer;
import org.apache.syncope.client.ui.commons.Constants;
Expand All @@ -53,9 +57,11 @@
import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.policy.PolicyTO;
import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
Expand Down Expand Up @@ -344,6 +350,51 @@ protected Iterator<String> getChoices(final String input) {
"field", "logoutUri", new PropertyModel<>(clientAppTO, "logoutUri"), false);
logoutUri.addValidator(new UrlValidator());
fields.add(logoutUri);

BinaryFieldPanel jwks = new BinaryFieldPanel(
"field",
"jwks",
new Model<>() {

private static final long serialVersionUID = 7666049400663637482L;

@Override
public String getObject() {
OIDCRPClientAppTO oidcRPCA = (OIDCRPClientAppTO) clientAppTO;
return StringUtils.isBlank(oidcRPCA.getJwks())
? null
: Base64.getEncoder().encodeToString(
oidcRPCA.getJwks().getBytes(StandardCharsets.UTF_8));
}

@Override
public void setObject(final String object) {
OIDCRPClientAppTO oidcRPCA = (OIDCRPClientAppTO) clientAppTO;
if (StringUtils.isBlank(object)) {
oidcRPCA.setJwks(null);
} else {
oidcRPCA.setJwks(
new String(Base64.getDecoder().decode(object), StandardCharsets.UTF_8));
}
}
},
MediaType.APPLICATION_JSON,
"client-jwks");
fields.add(jwks);

AjaxTextFieldPanel jwksUri = new AjaxTextFieldPanel(
"field", "jwksUri", new PropertyModel<>(clientAppTO, "jwksUri"), false);
jwksUri.addValidator(new UrlValidator());
fields.add(jwksUri);

AjaxDropDownChoicePanel<OIDCClientAuthenticationMethod> tokenEndpointAuthenticationMethod =
new AjaxDropDownChoicePanel<>(
"field",
"tokenEndpointAuthenticationMethod",
new PropertyModel<>(clientAppTO, "tokenEndpointAuthenticationMethod"),
false);
tokenEndpointAuthenticationMethod.setChoices(List.of(OIDCClientAuthenticationMethod.values()));
fields.add(tokenEndpointAuthenticationMethod);
break;

case SAML2SP:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Configuration history
logoutType=Logout Type
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Historique de configuration
logoutType=Logout Type
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider per ${name}
ticketExpirationPolicy=Politica Ticket Expiration
auditHistory.title=Storico delle configurazioni
logoutType=Tipo Logout
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Metodo di autenticazione dell'endpoint token
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
logoutType=Logout Type
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
logoutType=Logout Type
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,6 @@ usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
logoutType=Logout Type
jwks=JWKS
jwksUri=JWKS URI
tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import java.util.List;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
Expand Down Expand Up @@ -53,10 +54,17 @@ public class OIDCRPClientAppTO extends ClientAppTO {

private final List<String> scopes = new ArrayList<>();

private String logoutUri;

private boolean bypassApprovalPrompt = true;

private String jwks;

private String jwksUri;

private OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod =
OIDCClientAuthenticationMethod.client_secret_basic;

private String logoutUri;

@JacksonXmlProperty(localName = "_class", isAttribute = true)
@JsonProperty("_class")
@Schema(name = "_class", requiredMode = Schema.RequiredMode.REQUIRED,
Expand Down Expand Up @@ -116,14 +124,6 @@ public void setSubjectType(final OIDCSubjectType subjectType) {
this.subjectType = subjectType;
}

public String getLogoutUri() {
return logoutUri;
}

public void setLogoutUri(final String logoutUri) {
this.logoutUri = logoutUri;
}

public boolean isJwtAccessToken() {
return jwtAccessToken;
}
Expand All @@ -146,6 +146,39 @@ public void setBypassApprovalPrompt(final boolean bypassApprovalPrompt) {
this.bypassApprovalPrompt = bypassApprovalPrompt;
}

public String getJwks() {
return jwks;
}

public void setJwks(final String jwks) {
this.jwks = jwks;
}

public String getJwksUri() {
return jwksUri;
}

public void setJwksUri(final String jwksUri) {
this.jwksUri = jwksUri;
}

public OIDCClientAuthenticationMethod getTokenEndpointAuthenticationMethod() {
return tokenEndpointAuthenticationMethod;
}

public void setTokenEndpointAuthenticationMethod(
final OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod) {
this.tokenEndpointAuthenticationMethod = tokenEndpointAuthenticationMethod;
}

public String getLogoutUri() {
return logoutUri;
}

public void setLogoutUri(final String logoutUri) {
this.logoutUri = logoutUri;
}

@Override
public boolean equals(final Object obj) {
if (obj == null) {
Expand All @@ -167,10 +200,13 @@ public boolean equals(final Object obj) {
.append(this.redirectUris, rhs.redirectUris)
.append(this.supportedGrantTypes, rhs.supportedGrantTypes)
.append(this.supportedResponseTypes, rhs.supportedResponseTypes)
.append(this.logoutUri, rhs.logoutUri)
.append(this.jwtAccessToken, rhs.jwtAccessToken)
.append(this.scopes, rhs.scopes)
.append(this.bypassApprovalPrompt, rhs.bypassApprovalPrompt)
.append(this.jwks, rhs.jwks)
.append(this.jwksUri, rhs.jwksUri)
.append(this.tokenEndpointAuthenticationMethod, rhs.tokenEndpointAuthenticationMethod)
.append(this.logoutUri, rhs.logoutUri)
.isEquals();
}

Expand All @@ -185,10 +221,13 @@ public int hashCode() {
.append(redirectUris)
.append(supportedGrantTypes)
.append(supportedResponseTypes)
.append(logoutUri)
.append(jwtAccessToken)
.append(scopes)
.append(bypassApprovalPrompt)
.append(jwks)
.append(jwksUri)
.append(tokenEndpointAuthenticationMethod)
.append(logoutUri)
.toHashCode();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.syncope.common.lib.types;

public enum OIDCClientAuthenticationMethod {
client_secret_basic,
client_secret_post,
client_secret_jwt,
private_key_jwt,
tls_client_auth;

}
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
package org.apache.syncope.core.persistence.api.entity.am;

import java.util.Set;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
Expand Down Expand Up @@ -57,7 +58,20 @@ public interface OIDCRPClientApp extends ClientApp {

void setSubjectType(OIDCSubjectType subjectType);

String getJwks();

void setJwks(String jwks);

String getJwksUri();

void setJwksUri(String jwksUri);

OIDCClientAuthenticationMethod getTokenEndpointAuthenticationMethod();

void setTokenEndpointAuthenticationMethod(OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod);

String getLogoutUri();

void setLogoutUri(String logoutUri);

}
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import jakarta.persistence.Transient;
import java.util.HashSet;
import java.util.Set;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
Expand Down Expand Up @@ -100,6 +101,13 @@ public class JPAOIDCRPClientApp extends AbstractClientApp implements OIDCRPClien
@Transient
private Set<String> scopesSet = new HashSet<>();

@Lob
private String jwks;

private String jwksUri;

private OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod;

private String logoutUri;

@Override
Expand Down Expand Up @@ -182,6 +190,38 @@ public Set<String> getScopes() {
return scopesSet;
}

@Override
public String getJwks() {
return jwks;
}

@Override
public void setJwks(final String jwks) {
this.jwks = jwks;
}

@Override
public String getJwksUri() {
return jwksUri;
}

@Override
public void setJwksUri(final String jwksUri) {
this.jwksUri = jwksUri;
}

@Override
public OIDCClientAuthenticationMethod getTokenEndpointAuthenticationMethod() {
return tokenEndpointAuthenticationMethod;
}

@Override
public void setTokenEndpointAuthenticationMethod(
final OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod) {

this.tokenEndpointAuthenticationMethod = tokenEndpointAuthenticationMethod;
}

@Override
public String getLogoutUri() {
return logoutUri;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,9 @@ protected void doUpdate(final OIDCRPClientApp clientApp, final OIDCRPClientAppTO
clientApp.getScopes().clear();
clientApp.getScopes().addAll(clientAppTO.getScopes());
clientApp.setLogoutUri(clientAppTO.getLogoutUri());
clientApp.setJwks(clientAppTO.getJwks());
clientApp.setJwksUri(clientAppTO.getJwksUri());
clientApp.setTokenEndpointAuthenticationMethod(clientAppTO.getTokenEndpointAuthenticationMethod());
}

protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp clientApp) {
Expand All @@ -254,6 +257,9 @@ protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp clientApp)
clientAppTO.setLogoutUri(clientApp.getLogoutUri());
clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
clientAppTO.setJwks(clientApp.getJwks());
clientAppTO.setJwksUri(clientApp.getJwksUri());
clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());

return clientAppTO;
}
Expand Down
Loading

0 comments on commit 38dac05

Please sign in to comment.