JanssenProject · yuriyz · Sep 5, 2022 · Sep 5, 2022
@@ -105,6 +105,7 @@ public class RegisterRequest extends BaseRequest {
     private Integer defaultMaxAge;
     private List<String> defaultAcrValues;
     private String initiateLoginUri;
+    private List<String> groups;
     private List<String> postLogoutRedirectUris;
     private List<String> requestUris;
     private List<String> authorizedOrigins;
@@ -154,6 +155,7 @@ public RegisterRequest() {
         this.contacts = new ArrayList<>();
         this.defaultAcrValues = new ArrayList<>();
         this.postLogoutRedirectUris = new ArrayList<>();
+        this.groups = new ArrayList<>();
         this.requestUris = new ArrayList<>();
         this.authorizedOrigins = new ArrayList<>();
         this.scope = new ArrayList<>();
@@ -1074,6 +1076,24 @@ public void setInitiateLoginUri(String initiateLoginUri) {
         this.initiateLoginUri = initiateLoginUri;
     }
 
+    /**
+     * Returns groups
+     *
+     * @return groups
+     */
+    public List<String> getGroups() {
+        return groups;
+    }
+
+    /**
+     * Sets groups
+     *
+     * @param groups groups
+     */
+    public void setGroups(List<String> groups) {
+        this.groups = groups;
+    }
+
     /**
      * Returns the URLs supplied by the RP to request that the user be redirected to this location after a logout has
      * been performed.
@@ -1357,6 +1377,7 @@ public static RegisterRequest fromJson(JSONObject requestObject) throws JSONExce
         result.setClaimsRedirectUris(extractListByKey(requestObject, CLAIMS_REDIRECT_URIS.toString()));
         result.setInitiateLoginUri(requestObject.optString(INITIATE_LOGIN_URI.toString()));
         result.setPostLogoutRedirectUris(extractListByKey(requestObject, POST_LOGOUT_REDIRECT_URIS.toString()));
+        result.setGroups(extractListByKey(requestObject, GROUPS.toString()));
         result.setDefaultAcrValues(extractListByKey(requestObject, DEFAULT_ACR_VALUES.toString()));
         result.setFrontChannelLogoutUri(requestObject.optString(FRONT_CHANNEL_LOGOUT_URI.toString()));
         result.setFrontChannelLogoutSessionRequired(requestObject.optBoolean(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
@@ -1570,6 +1591,9 @@ public void getParameters(BiFunction<String, Object, Void> function) {
         if (StringUtils.isNotBlank(initiateLoginUri)) {
             function.apply(INITIATE_LOGIN_URI.toString(), initiateLoginUri);
         }
+        if (groups != null && !groups.isEmpty()) {
+            function.apply(GROUPS.toString(), toJSONArray(groups));
+        }
         if (postLogoutRedirectUris != null && !postLogoutRedirectUris.isEmpty()) {
             function.apply(POST_LOGOUT_REDIRECT_URIS.toString(), toJSONArray(postLogoutRedirectUris));
         }

@@ -242,9 +242,20 @@ public class Client extends DeletableEntity implements Serializable {
     @AttributeName(name = "o")
     private String organization;
 
+    @AttributeName(name = "jansGrp")
+    private String[] groups;
+
     @Expiration
     private Integer ttl;
 
+    public String[] getGroups() {
+        return groups;
+    }
+
+    public void setGroups(String[] groups) {
+        this.groups = groups;
+    }
+
     public String getOrganization() {
         return organization;
     }

@@ -1274,6 +1274,11 @@ paths:
                     processing requests from the Client.
                   items:
                     type: string
+                groups:
+                  type: array
+                  description: Array of client's groups.
+                  items:
+                    type: string
                 initiate_login_uri:
                   type: string
                   description: Specifies the URI using the https scheme that the authorization server can call to initiate a login at the client.
@@ -1612,6 +1617,11 @@ paths:
                 initiate_login_uri:
                   type: string
                   description: Specifies the URI using the https scheme that the authorization server can call to initiate a login at the client.
+                groups:
+                  type: array
+                  description: Array of client's groups.
+                  items:
+                    type: string
                 post_logout_redirect_uris:
                   type: array
                   description: Provide the URLs supplied by the RP to request that the user be redirected to this location after a logout has been
@@ -1949,6 +1959,11 @@ paths:
                   initiate_login_uri:
                     type: string
                     description: Specifies the URI using the https scheme that the authorization server can call to initiate a login at the client.
+                  groups:
+                    type: array
+                    description: Array of client's groups.
+                    items:
+                      type: string
                   post_logout_redirect_uris:
                     type: array
                     description: Provide the URLs supplied by the RP to request that the user be redirected to this location after a logout has been

@@ -231,6 +231,11 @@ public enum RegisterRequestParam {
      */
     INITIATE_LOGIN_URI("initiate_login_uri"),
 
+    /**
+     * Groups (roles)
+     */
+    GROUPS("groups"),
+
     /**
      * URL supplied by the RP to request that the user be redirected to this location after a logout has been performed,
      */

@@ -30,63 +30,7 @@
 
 import java.util.List;
 
-import static io.jans.as.model.register.RegisterRequestParam.ACCESS_TOKEN_AS_JWT;
-import static io.jans.as.model.register.RegisterRequestParam.ACCESS_TOKEN_LIFETIME;
-import static io.jans.as.model.register.RegisterRequestParam.ACCESS_TOKEN_SIGNING_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.ALLOW_SPONTANEOUS_SCOPES;
-import static io.jans.as.model.register.RegisterRequestParam.APPLICATION_TYPE;
-import static io.jans.as.model.register.RegisterRequestParam.AUTHORIZATION_ENCRYPTED_RESPONSE_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.AUTHORIZATION_ENCRYPTED_RESPONSE_ENC;
-import static io.jans.as.model.register.RegisterRequestParam.AUTHORIZATION_SIGNED_RESPONSE_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.AUTHORIZED_ORIGINS;
-import static io.jans.as.model.register.RegisterRequestParam.BACKCHANNEL_LOGOUT_SESSION_REQUIRED;
-import static io.jans.as.model.register.RegisterRequestParam.BACKCHANNEL_LOGOUT_URI;
-import static io.jans.as.model.register.RegisterRequestParam.CLAIMS;
-import static io.jans.as.model.register.RegisterRequestParam.CLAIMS_REDIRECT_URIS;
-import static io.jans.as.model.register.RegisterRequestParam.CLIENT_NAME;
-import static io.jans.as.model.register.RegisterRequestParam.CLIENT_URI;
-import static io.jans.as.model.register.RegisterRequestParam.CONTACTS;
-import static io.jans.as.model.register.RegisterRequestParam.DEFAULT_ACR_VALUES;
-import static io.jans.as.model.register.RegisterRequestParam.DEFAULT_MAX_AGE;
-import static io.jans.as.model.register.RegisterRequestParam.FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED;
-import static io.jans.as.model.register.RegisterRequestParam.FRONT_CHANNEL_LOGOUT_URI;
-import static io.jans.as.model.register.RegisterRequestParam.GRANT_TYPES;
-import static io.jans.as.model.register.RegisterRequestParam.ID_TOKEN_ENCRYPTED_RESPONSE_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.ID_TOKEN_ENCRYPTED_RESPONSE_ENC;
-import static io.jans.as.model.register.RegisterRequestParam.ID_TOKEN_SIGNED_RESPONSE_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.INITIATE_LOGIN_URI;
-import static io.jans.as.model.register.RegisterRequestParam.JWKS;
-import static io.jans.as.model.register.RegisterRequestParam.JWKS_URI;
-import static io.jans.as.model.register.RegisterRequestParam.KEEP_CLIENT_AUTHORIZATION_AFTER_EXPIRATION;
-import static io.jans.as.model.register.RegisterRequestParam.LOGO_URI;
-import static io.jans.as.model.register.RegisterRequestParam.PAR_LIFETIME;
-import static io.jans.as.model.register.RegisterRequestParam.POLICY_URI;
-import static io.jans.as.model.register.RegisterRequestParam.POST_LOGOUT_REDIRECT_URIS;
-import static io.jans.as.model.register.RegisterRequestParam.PUBLIC_SUBJECT_IDENTIFIER_ATTRIBUTE;
-import static io.jans.as.model.register.RegisterRequestParam.REDIRECT_URIS;
-import static io.jans.as.model.register.RegisterRequestParam.REDIRECT_URIS_REGEX;
-import static io.jans.as.model.register.RegisterRequestParam.REQUEST_OBJECT_ENCRYPTION_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.REQUEST_OBJECT_ENCRYPTION_ENC;
-import static io.jans.as.model.register.RegisterRequestParam.REQUEST_OBJECT_SIGNING_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.REQUEST_URIS;
-import static io.jans.as.model.register.RegisterRequestParam.REQUIRE_PAR;
-import static io.jans.as.model.register.RegisterRequestParam.RESPONSE_TYPES;
-import static io.jans.as.model.register.RegisterRequestParam.RPT_AS_JWT;
-import static io.jans.as.model.register.RegisterRequestParam.RUN_INTROSPECTION_SCRIPT_BEFORE_ACCESS_TOKEN_CREATION_AS_JWT_AND_INCLUDE_CLAIMS;
-import static io.jans.as.model.register.RegisterRequestParam.SCOPE;
-import static io.jans.as.model.register.RegisterRequestParam.SECTOR_IDENTIFIER_URI;
-import static io.jans.as.model.register.RegisterRequestParam.SOFTWARE_ID;
-import static io.jans.as.model.register.RegisterRequestParam.SOFTWARE_STATEMENT;
-import static io.jans.as.model.register.RegisterRequestParam.SOFTWARE_VERSION;
-import static io.jans.as.model.register.RegisterRequestParam.SPONTANEOUS_SCOPES;
-import static io.jans.as.model.register.RegisterRequestParam.SUBJECT_TYPE;
-import static io.jans.as.model.register.RegisterRequestParam.TLS_CLIENT_AUTH_SUBJECT_DN;
-import static io.jans.as.model.register.RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD;
-import static io.jans.as.model.register.RegisterRequestParam.TOKEN_ENDPOINT_AUTH_SIGNING_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.TOS_URI;
-import static io.jans.as.model.register.RegisterRequestParam.USERINFO_ENCRYPTED_RESPONSE_ALG;
-import static io.jans.as.model.register.RegisterRequestParam.USERINFO_ENCRYPTED_RESPONSE_ENC;
-import static io.jans.as.model.register.RegisterRequestParam.USERINFO_SIGNED_RESPONSE_ALG;
+import static io.jans.as.model.register.RegisterRequestParam.*;
 import static io.jans.as.model.register.RegisterResponseParam.CLIENT_ID_ISSUED_AT;
 import static io.jans.as.model.register.RegisterResponseParam.CLIENT_SECRET;
 import static io.jans.as.model.register.RegisterResponseParam.CLIENT_SECRET_EXPIRES_AT;
@@ -171,6 +115,7 @@ public JSONObject getJSONObject(Client client) throws JSONException, StringEncry
         Util.addToJSONObjectIfNotNull(responseJsonObject, DEFAULT_ACR_VALUES.toString(), client.getDefaultAcrValues());
         Util.addToJSONObjectIfNotNull(responseJsonObject, INITIATE_LOGIN_URI.toString(), client.getInitiateLoginUri());
         Util.addToJSONObjectIfNotNull(responseJsonObject, POST_LOGOUT_REDIRECT_URIS.toString(), client.getPostLogoutRedirectUris());
+        Util.addToJSONObjectIfNotNull(responseJsonObject, GROUPS.toString(), client.getGroups());
         Util.addToJSONObjectIfNotNull(responseJsonObject, REQUEST_URIS.toString(), client.getRequestUris());
         Util.addToJSONObjectIfNotNull(responseJsonObject, AUTHORIZED_ORIGINS.toString(), client.getAuthorizedOrigins());
         Util.addToJSONObjectIfNotNull(responseJsonObject, RPT_AS_JWT.toString(), client.isRptAsJwt());

@@ -255,6 +255,12 @@ public void updateClientFromRequestObject(Client client, RegisterRequest request
         if (StringUtils.isNotBlank(requestObject.getInitiateLoginUri())) {
             client.setInitiateLoginUri(requestObject.getInitiateLoginUri());
         }
+
+        final List<String> groups = requestObject.getGroups();
+        if (groups != null && !groups.isEmpty()) {
+            client.setGroups(new HashSet<>(groups).toArray(new String[0])); // remove duplicates
+        }
+
         List<String> postLogoutRedirectUris = requestObject.getPostLogoutRedirectUris();
         if (postLogoutRedirectUris != null && !postLogoutRedirectUris.isEmpty()) {
             postLogoutRedirectUris = new ArrayList<>(new HashSet<>(postLogoutRedirectUris)); // Remove repeated elements

@@ -1212,7 +1212,7 @@
       "x_origin": "Jans created attribute"
     },
     {
-      "desc": "Usr group",
+      "desc": "Group",
       "equality": "caseIgnoreMatch",
       "names": [
         "jansGrp"
@@ -3468,6 +3468,7 @@
       "kind": "STRUCTURAL",
       "may": [
         "o",
+        "jansGrp",
         "displayName",
         "description",
         "inum",