feat(jans-auth): removed extra info from acr claim in id_token wh…

…en it's an agama flow (#8369) #8348 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com>
JanssenProject · Apr 24, 2024 · c76a78c · c76a78c
1 parent 7042af6
commit c76a78c
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java
@@ -52,6 +52,8 @@ public static boolean isAgama(String acr) {
     }
 
     public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrChangedException {
+        removeParametersForAgamaAcr(authzRequest);
+
         applyAcrMappings(authzRequest);
 
         checkClientAuthorizedAcrs(authzRequest, client);
@@ -60,6 +62,24 @@ public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrCha
         checkAcrChanged(authzRequest, identity.getSessionId()); // check after redirect uri is validated
     }
 
+    public static void removeParametersForAgamaAcr(AuthzRequest authzRequest) {
+        final List<String> acrValues = authzRequest.getAcrValuesList();
+        for (int i = 0; i < acrValues.size(); i++) {
+            final String acr = acrValues.get(i);
+            acrValues.set(i, removeParametersFromAgamaAcr(acr));
+        }
+
+        final String result = implode(acrValues, " ");
+        authzRequest.setAcrValues(result);
+    }
+
+    public static String removeParametersFromAgamaAcr(String acr) {
+        if (isAgama(acr)) {
+            return StringUtils.substringBefore(acr, "-");
+        }
+        return acr;
+    }
+
     public void checkClientAuthorizedAcrs(AuthzRequest authzRequest, Client client) {
         final List<String> authorizedAcrs = client.getAttributes().getAuthorizedAcrValues();
         if (authorizedAcrs.isEmpty()) {

diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java
@@ -52,6 +52,23 @@ public class AcrServiceTest {
     @Mock
     private AppConfiguration appConfiguration;
 
+    @Test
+    public void removeParametersFromAgamaAcr_whenAcrHasParameters_shouldRemoveParameters() {
+        assertEquals(AcrService.removeParametersFromAgamaAcr("agama_flow-parameter1"), "agama_flow");
+        assertEquals(AcrService.removeParametersFromAgamaAcr("agama_io.jans.flow-parameter1"), "agama_io.jans.flow");
+        assertEquals(AcrService.removeParametersFromAgamaAcr("agama_io.jans.flow"), "agama_io.jans.flow");
+    }
+
+    @Test
+    public void removeParametersFromAgamaAcr_whenAuthzRequestIsWithAcrWithParameters_shouldRemoveParameters() {
+        AuthzRequest authzRequest = new AuthzRequest();
+        authzRequest.setAcrValues("agama_io.jans.flow-parameter1 acr2");
+
+        AcrService.removeParametersForAgamaAcr(authzRequest);
+
+        assertEquals(authzRequest.getAcrValues(), "agama_io.jans.flow acr2");
+    }
+
     @Test
     public void isAgama_whenAcrIsNullOrNonAgama_shouldReturnFalse() {
         assertFalse(AcrService.isAgama(null));