feat(jans-auth-server): added authorization_details custom intercepti…

…on script and dynamic registration #6933 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
JanssenProject · Dec 12, 2023 · c009522 · c009522
1 parent a81c633
commit c009522
Show file tree

Hide file tree

Showing 29 changed files with 568 additions and 28 deletions.
diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/AuthorizationRequest.java b/jans-auth-server/client/src/main/java/io/jans/as/client/AuthorizationRequest.java
@@ -71,6 +71,8 @@ public class AuthorizationRequest extends BaseRequest {
     private String codeChallenge;
     private String codeChallengeMethod;
 
+    private String authorizationDetails;
+
     private String dpopJkt;
 
     private Map<String, String> customResponseHeaders;
@@ -144,6 +146,24 @@ public void setDpopJkt(String dpopJkt) {
         this.dpopJkt = dpopJkt;
     }
 
+    /**
+     * Gets authorization details
+     *
+     * @return authorization details
+     */
+    public String getAuthorizationDetails() {
+        return authorizationDetails;
+    }
+
+    /**
+     * Authorization details
+     *
+     * @param authorizationDetails authorization details
+     */
+    public void setAuthorizationDetails(String authorizationDetails) {
+        this.authorizationDetails = authorizationDetails;
+    }
+
     /**
      * Returns the response types.
      *
@@ -601,6 +621,7 @@ public String getQueryString() {
             addQueryStringParam(queryStringBuilder, AuthorizeRequestParam.CODE_CHALLENGE, codeChallenge);
             addQueryStringParam(queryStringBuilder, AuthorizeRequestParam.CODE_CHALLENGE_METHOD, codeChallengeMethod);
             addQueryStringParam(queryStringBuilder, AuthorizeRequestParam.DPOP_JKT, dpopJkt);
+            addQueryStringParam(queryStringBuilder, AuthorizeRequestParam.AUTHORIZATION_DETAILS, authorizationDetails);
             addQueryStringParam(queryStringBuilder, AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS, customResponseHeadersAsString);
 
             for (String key : getCustomParameters().keySet()) {
@@ -662,6 +683,7 @@ public Map<String, String> getParameters() {
             putNotBlank(parameters, AuthorizeRequestParam.CODE_CHALLENGE, codeChallenge);
             putNotBlank(parameters, AuthorizeRequestParam.CODE_CHALLENGE_METHOD, codeChallengeMethod);
             putNotBlank(parameters, AuthorizeRequestParam.DPOP_JKT, dpopJkt);
+            putNotBlank(parameters, AuthorizeRequestParam.AUTHORIZATION_DETAILS, authorizationDetails);
             putNotBlank(parameters, AuthorizeRequestParam.CUSTOM_RESPONSE_HEADERS, customResponseHeadersAsString);
 
             for (String key : getCustomParameters().keySet()) {

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/AuthorizeClient.java b/jans-auth-server/client/src/main/java/io/jans/as/client/AuthorizeClient.java
@@ -226,6 +226,7 @@ private AuthorizationResponse exec_() throws Exception {
         addReqParam(AuthorizeRequestParam.UI_LOCALES, uiLocalesAsString);
         addReqParam(AuthorizeRequestParam.CLAIMS_LOCALES, claimLocalesAsString);
         addReqParam(AuthorizeRequestParam.ID_TOKEN_HINT, getRequest().getIdTokenHint());
+        addReqParam(AuthorizeRequestParam.AUTHORIZATION_DETAILS, getRequest().getAuthorizationDetails());
         addReqParam(AuthorizeRequestParam.LOGIN_HINT, getRequest().getLoginHint());
         addReqParam(AuthorizeRequestParam.ACR_VALUES, acrValuesAsString);
         addReqParam(AuthorizeRequestParam.CLAIMS, claimsAsString);

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java b/jans-auth-server/client/src/main/java/io/jans/as/client/RegisterRequest.java
@@ -66,6 +66,7 @@ public class RegisterRequest extends BaseRequest {
     private List<GrantType> grantTypes;
     private ApplicationType applicationType;
     private List<String> contacts;
+    private List<String> authorizationDetailsTypes;
     private final LocalizedString clientName;
     private final LocalizedString logoUri;
     private final LocalizedString clientUri;
@@ -171,6 +172,7 @@ public RegisterRequest() {
         this.responseTypes = new ArrayList<>();
         this.grantTypes = new ArrayList<>();
         this.contacts = new ArrayList<>();
+        this.authorizationDetailsTypes = new ArrayList<>();
         this.defaultAcrValues = new ArrayList<>();
         this.minimumAcrPriorityList = new ArrayList<>();
         this.postLogoutRedirectUris = new ArrayList<>();
@@ -480,6 +482,24 @@ public void setContacts(List<String> contacts) {
         this.contacts = contacts;
     }
 
+    /**
+     * Gets authorization details types.
+     *
+     * @return authorization details types
+     */
+    public List<String> getAuthorizationDetailsTypes() {
+        return authorizationDetailsTypes;
+    }
+
+    /**
+     * Sets authorization details types
+     *
+     * @param authorizationDetailsTypes authorization details types
+     */
+    public void setAuthorizationDetailsTypes(List<String> authorizationDetailsTypes) {
+        this.authorizationDetailsTypes = authorizationDetailsTypes;
+    }
+
     /**
      * Returns the name of the Client to be presented to the user.
      *
@@ -1760,6 +1780,7 @@ public static RegisterRequest fromJson(JSONObject requestObject) throws JSONExce
         result.setGrantTypes(extractGrantTypes(requestObject));
         result.setApplicationType(ApplicationType.fromString(requestObject.optString(APPLICATION_TYPE.toString())));
         result.setContacts(extractListByKey(requestObject, CONTACTS.toString()));
+        result.setAuthorizationDetailsTypes(extractListByKey(requestObject, AUTHORIZATION_DETAILS_TYPES.toString()));
         result.setIdTokenTokenBindingCnf(requestObject.optString(ID_TOKEN_TOKEN_BINDING_CNF.toString(), ""));
 
         LocalizedString.fromJson(requestObject, CLIENT_NAME.getName(), (String key, Locale locale) -> {
@@ -1859,6 +1880,9 @@ public void getParameters(BiFunction<String, Object, Void> function) {
         if (contacts != null && !contacts.isEmpty()) {
             function.apply(CONTACTS.toString(), toJSONArray(contacts));
         }
+        if (authorizationDetailsTypes != null && !authorizationDetailsTypes.isEmpty()) {
+            function.apply(AUTHORIZATION_DETAILS_TYPES.toString(), toJSONArray(authorizationDetailsTypes));
+        }
 
         if (StringUtils.isNotBlank(jwksUri)) {
             function.apply(JWKS_URI.toString(), jwksUri);

diff --git a/jans-auth-server/client/src/main/java/io/jans/as/client/par/ParClient.java b/jans-auth-server/client/src/main/java/io/jans/as/client/par/ParClient.java
@@ -71,6 +71,7 @@ private ParResponse exec_() throws Exception {
         addReqParam(AuthorizeRequestParam.UI_LOCALES, uiLocalesAsString);
         addReqParam(AuthorizeRequestParam.CLAIMS_LOCALES, claimLocalesAsString);
         addReqParam(AuthorizeRequestParam.ID_TOKEN_HINT, getRequest().getAuthorizationRequest().getIdTokenHint());
+        addReqParam(AuthorizeRequestParam.AUTHORIZATION_DETAILS, getRequest().getAuthorizationRequest().getAuthorizationDetails());
         addReqParam(AuthorizeRequestParam.LOGIN_HINT, getRequest().getAuthorizationRequest().getLoginHint());
         addReqParam(AuthorizeRequestParam.ACR_VALUES, acrValuesAsString);
         addReqParam(AuthorizeRequestParam.CLAIMS, claimsAsString);

diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/model/authzdetails/AuthzDetail.java b/jans-auth-server/common/src/main/java/io/jans/as/common/model/authzdetails/AuthzDetail.java
@@ -0,0 +1,34 @@
+package io.jans.as.common.model.authzdetails;
+
+import org.json.JSONObject;
+
+/**
+ * @author Yuriy Z
+ */
+public class AuthzDetail {
+
+    private final JSONObject jsonObject;
+
+    public AuthzDetail(String json) {
+        this(new JSONObject(json));
+    }
+
+    public AuthzDetail(JSONObject jsonObject) {
+        this.jsonObject = jsonObject;
+    }
+
+    public JSONObject getJsonObject() {
+        return jsonObject;
+    }
+
+    public String getType() {
+        return jsonObject.optString("type");
+    }
+
+    @Override
+    public String toString() {
+        return "AuthzDetail{" +
+                "jsonObject=" + jsonObject +
+                '}';
+    }
+}
diff --git a/jans-auth-server/common/src/main/java/io/jans/as/common/model/authzdetails/AuthzDetails.java b/jans-auth-server/common/src/main/java/io/jans/as/common/model/authzdetails/AuthzDetails.java
@@ -0,0 +1,50 @@
+package io.jans.as.common.model.authzdetails;
+
+import org.json.JSONArray;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author Yuriy Z
+ */
+public class AuthzDetails {
+    private AuthzDetails() {
+    }
+
+    private final List<AuthzDetail> details = new ArrayList<>();
+
+    public static AuthzDetails of(String jsonArray) {
+        return of(new JSONArray(jsonArray));
+    }
+
+    public static AuthzDetails ofSilently(String jsonArray) {
+        try {
+            return of(new JSONArray(jsonArray));
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    public static AuthzDetails of(JSONArray jsonArray) {
+        AuthzDetails result = new AuthzDetails();
+        for (int i = 0; i < jsonArray.length(); i++) {
+            result.details.add(new AuthzDetail(jsonArray.getJSONObject(i)));
+        }
+        return result;
+    }
+
+    public List<AuthzDetail> getDetails() {
+        return details;
+    }
+
+    public Set<String> getTypes() {
+        Set<String> result = new HashSet<>();
+        for (AuthzDetail d : details) {
+            result.add(d.getType());
+        }
+        return result;
+    }
+}
diff --git a/...th-server/common/src/test/java/io/jans/as/common/model/authzdetails/AuthzDetailsTest.java b/...th-server/common/src/test/java/io/jans/as/common/model/authzdetails/AuthzDetailsTest.java
@@ -0,0 +1,33 @@
+package io.jans.as.common.model.authzdetails;
+
+import org.testng.annotations.Test;
+
+import java.util.Collections;
+import java.util.HashSet;
+
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNull;
+import static org.testng.AssertJUnit.assertNotNull;
+
+/**
+ * @author Yuriy Z
+ */
+public class AuthzDetailsTest {
+
+    @Test
+    public void ofSilently_withInvalidJson_shouldReturnNull() {
+        assertNull(AuthzDetails.ofSilently("invalidJson"));
+    }
+
+    @Test
+    public void ofSilently_withValidJson_shouldReturnNotNull() {
+        assertNotNull(AuthzDetails.ofSilently("[]"));
+    }
+
+    @Test
+    public void getTypes_withValidJson_shouldReturnNotNull() {
+        final AuthzDetails details = AuthzDetails.ofSilently("[{\"type\":\"internal_type\"}]");
+        assertNotNull(details);
+        assertEquals(details.getTypes(), new HashSet<>(Collections.singletonList("internal_type")));
+    }
+}
diff --git a/jans-auth-server/common/src/test/resources/testng.xml b/jans-auth-server/common/src/test/resources/testng.xml
@@ -7,6 +7,7 @@
             <class name="io.jans.as.common.util.RedirectUriTest"/>
             <class name="io.jans.as.common.model.registration.ClientTest"/>
             <class name="io.jans.as.common.model.registration.ClientSerializationTest"/>
+            <class name="io.jans.as.common.model.authzdetails.AuthzDetailsTest"/>
             <class name="io.jans.as.common.service.common.UserServiceTest"/>
             <class name="io.jans.as.common.service.common.InumServiceTest"/>
         </classes>

diff --git a/jans-auth-server/docs/swagger.yaml b/jans-auth-server/docs/swagger.yaml
@@ -1334,6 +1334,11 @@ paths:
                 client_name:
                   type: string
                   description: Name of the Client to be presented to the user.
+                authorization_details_types:
+                  type: array
+                    description: authorization details types (RFC9396). Fine-graned access.
+                    items:
+                      type: string
                 logo_uri:
                   type: string
                   description: URL that references a logo for the Client application
@@ -1754,6 +1759,11 @@ paths:
                   description: e-mail addresses of people responsible for this Client.
                   items:
                     type: string
+                authorization_details_types:
+                  type: array
+                    description: authorization details types (RFC9396). Fine-graned access.
+                    items:
+                      type: string
                 client_name:
                   type: string
                   description: Name of the Client to be presented to the user.
@@ -2150,6 +2160,11 @@ paths:
                     description: e-mail addresses of people responsible for this Client.
                     items:
                       type: string
+                  authorization_details_types:
+                    type: array
+                      description: authorization details types (RFC9396). Fine-graned access.
+                      items:
+                        type: string
                   client_name:
                     type: string
                     description: Name of the Client to be presented to the user.

diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/authorize/AuthorizeRequestParam.java b/jans-auth-server/model/src/main/java/io/jans/as/model/authorize/AuthorizeRequestParam.java
@@ -32,6 +32,7 @@ public final class AuthorizeRequestParam {
     public static final String ACR_VALUES = "acr_values";
     public static final String AMR_VALUES = "amr_values";
     public static final String CLAIMS = "claims";
+    public static final String AUTHORIZATION_DETAILS = "authorization_details";
     public static final String REGISTRATION = "registration";
     public static final String REQUEST = "request";
     public static final String REQUEST_URI = "request_uri";

diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java b/jans-auth-server/model/src/main/java/io/jans/as/model/configuration/AppConfiguration.java
@@ -306,9 +306,6 @@ public class AppConfiguration implements Configuration {
     @DocProperty(description = "This list details the languages and scripts supported for the user interface")
     private List<String> uiLocalesSupported;
 
-    @DocProperty(description = "This list of authorization details types supported (RFC9396).")
-    private List<String> authorizationDetailsTypesSupported;
-
     @DocProperty(description = "Specifies whether the OP supports use of the claims parameter")
     private Boolean claimsParameterSupported;
 
@@ -2170,14 +2167,6 @@ public void setIdTokenTokenBindingCnfValuesSupported(List<String> idTokenTokenBi
         this.idTokenTokenBindingCnfValuesSupported = idTokenTokenBindingCnfValuesSupported;
     }
 
-    public List<String> getAuthorizationDetailsTypesSupported() {
-        return authorizationDetailsTypesSupported;
-    }
-
-    public void setAuthorizationDetailsTypesSupported(List<String> authorizationDetailsTypesSupported) {
-        this.authorizationDetailsTypesSupported = authorizationDetailsTypesSupported;
-    }
-
     public List<String> getUiLocalesSupported() {
         return uiLocalesSupported;
     }

diff --git a/jans-auth-server/model/src/main/java/io/jans/as/model/register/RegisterRequestParam.java b/jans-auth-server/model/src/main/java/io/jans/as/model/register/RegisterRequestParam.java
@@ -67,6 +67,11 @@ public enum RegisterRequestParam {
      */
     CONTACTS("contacts"),
 
+    /**
+     * Authorization Details Types (RFC9396). Fine-grained access.
+     */
+    AUTHORIZATION_DETAILS_TYPES("authorization_details_types"),
+
     /**
      * Name of the Client to be presented to the user.
      */

diff --git a/...server/persistence-model/src/main/java/io/jans/as/persistence/model/ClientAttributes.java b/...server/persistence-model/src/main/java/io/jans/as/persistence/model/ClientAttributes.java
@@ -137,6 +137,18 @@ public class ClientAttributes implements Serializable {
     @JsonProperty("introspectionEncryptedResponseEnc")
     private String introspectionEncryptedResponseEnc;
 
+    @JsonProperty("authorizationDetailsTypes")
+    private List<String> authorizationDetailsTypes;
+
+    public List<String> getAuthorizationDetailsTypes() {
+        if (authorizationDetailsTypes == null) authorizationDetailsTypes = new ArrayList<>();
+        return authorizationDetailsTypes;
+    }
+
+    public void setAuthorizationDetailsTypes(List<String> authorizationDetailsTypes) {
+        this.authorizationDetailsTypes = authorizationDetailsTypes;
+    }
+
     public String getIntrospectionSignedResponseAlg() {
         return introspectionSignedResponseAlg;
     }
@@ -504,6 +516,7 @@ public String toString() {
                 ", introspectionSignedResponseAlg=" + introspectionSignedResponseAlg +
                 ", introspectionEncryptedResponseAlg=" + introspectionEncryptedResponseAlg +
                 ", introspectionEncryptedResponseEnc=" + introspectionEncryptedResponseEnc +
+                ", authorizationDetailsTypes=" + authorizationDetailsTypes +
                 '}';
     }
 }
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeAction.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizeAction.java
@@ -198,6 +198,7 @@ public class AuthorizeAction {
     private String requestUri;
     private String codeChallenge;
     private String codeChallengeMethod;
+    private String authorizationDetails;
     private String claims;
 
     // CIBA Request parameter
@@ -904,6 +905,14 @@ public void setCodeChallengeMethod(String codeChallengeMethod) {
         this.codeChallengeMethod = codeChallengeMethod;
     }
 
+    public String getAuthorizationDetails() {
+        return authorizationDetails;
+    }
+
+    public void setAuthorizationDetails(String authorizationDetails) {
+        this.authorizationDetails = authorizationDetails;
+    }
+
     public String getClaims() {
         return claims;
     }