feat(jans-linux-setup): added token exchange grant type (#2768)

Native SSO #2518 #2767
JanssenProject · Oct 28, 2022 · b3abcfe · b3abcfe
1 parent 7c7af09
commit b3abcfe
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 8 deletions.
diff --git a/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md b/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md
@@ -98,7 +98,8 @@ Getting access token for scope https://jans.io/oauth/jans-auth-server/config/pro
     "urn:ietf:params:oauth:grant-type:device_code",
     "client_credentials",
     "urn:ietf:params:oauth:grant-type:uma-ticket",
-    "implicit"
+    "implicit",
+    "urn:ietf:params:oauth:grant-type:token-exchange"
   ],
   "subjectTypesSupported": [
     "public",
@@ -368,6 +369,7 @@ Getting access token for scope https://jans.io/oauth/jans-auth-server/config/pro
     "urn:ietf:params:oauth:grant-type:device_code",
     "client_credentials",
     "urn:ietf:params:oauth:grant-type:uma-ticket",
+    "urn:ietf:params:oauth:grant-type:token-exchange",
     "implicit"
   ],
   "cssLocation": null,

diff --git a/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md b/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md
@@ -71,6 +71,7 @@ Select 1 to get all the details about Jans authorization server configuration. I
     "refresh_token",
     "urn:ietf:params:oauth:grant-type:uma-ticket",
     "urn:ietf:params:oauth:grant-type:device_code",
+    "urn:ietf:params:oauth:grant-type:token-exchange",
     "implicit",
     "authorization_code"
   ],
@@ -341,6 +342,7 @@ Select 1 to get all the details about Jans authorization server configuration. I
     "refresh_token",
     "urn:ietf:params:oauth:grant-type:uma-ticket",
     "urn:ietf:params:oauth:grant-type:device_code",
+    "urn:ietf:params:oauth:grant-type:token-exchange",
     "implicit",
     "authorization_code"
   ],

diff --git a/jans-auth-server/server/conf/jans-config.json b/jans-auth-server/server/conf/jans-config.json
@@ -58,7 +58,8 @@
         "refresh_token",
         "urn:ietf:params:oauth:grant-type:uma-ticket",
         "urn:openid:params:grant-type:ciba",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "subjectTypesSupported":[
         "public",

diff --git a/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json
@@ -74,7 +74,8 @@
         "client_credentials",
         "authorization_code",
         "refresh_token",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "allowIdTokenWithoutImplicitGrantType": true,
     "subjectTypesSupported":[

diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py
@@ -235,7 +235,7 @@ def load_test_data(self):
                                     'dynamicRegistrationCustomAttributes': [ "jansTrustedClnt", "myCustomAttr1", "myCustomAttr2", "jansInclClaimsInIdTkn" ],
                                     'dynamicRegistrationExpirationTime': 86400,
                                     'grantTypesAndResponseTypesAutofixEnabled': True,
-                                    'dynamicGrantTypeDefault': [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code" ],
+                                    'dynamicGrantTypeDefault': [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange" ],
                                     'legacyIdTokenClaims': True,
                                     'authenticationFiltersEnabled': True,
                                     'clientAuthenticationFiltersEnabled': True,
@@ -252,7 +252,7 @@ def load_test_data(self):
                                     'userInfoSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ],
                                     'consentGatheringScriptBackwardCompatibility': False,
                                     'claimsParameterSupported': True,
-                                    'grantTypesSupported': [ 'urn:openid:params:grant-type:ciba', 'authorization_code', 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:ietf:params:oauth:grant-type:device_code', 'client_credentials', 'implicit', 'refresh_token', 'password' ],
+                                    'grantTypesSupported': [ 'urn:openid:params:grant-type:ciba', 'authorization_code', 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:ietf:params:oauth:grant-type:device_code', 'client_credentials', 'implicit', 'refresh_token', 'password', 'urn:ietf:params:oauth:grant-type:token-exchange' ],
                                     'idTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ],
                                     'accessTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ],
                                     'requestObjectSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ],

diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json
@@ -62,7 +62,8 @@
         "client_credentials",
         "refresh_token",
         "urn:ietf:params:oauth:grant-type:uma-ticket",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "subjectTypesSupported":[
         "public",
@@ -278,7 +279,8 @@
         "client_credentials",
         "refresh_token",
         "urn:ietf:params:oauth:grant-type:uma-ticket",
-        "urn:ietf:params:oauth:grant-type:device_code"
+        "urn:ietf:params:oauth:grant-type:device_code",
+        "urn:ietf:params:oauth:grant-type:token-exchange"
     ],
     "claimsParameterSupported":false,
     "requestParameterSupported":true,

diff --git a/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md b/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md
@@ -25,7 +25,8 @@ III. These changes should be applied to oxAuth config.
       "password",
       "client_credentials",
       "refresh_token",
-      "urn:ietf:params:oauth:grant-type:uma-ticket"
+      "urn:ietf:params:oauth:grant-type:uma-ticket",
+      "urn:ietf:params:oauth:grant-type:token-exchange"
    ],
 
 5. "legacyIdTokenClaims":true