From 2b4089f5f1d5b2d47c44b9c7b1ceeb91d72e5ae0 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Wed, 24 Apr 2024 10:50:47 +0300 Subject: [PATCH] feat(jans-auth): removed extra info from `acr` claim in `id_token` when it's an agama flow https://github.com/JanssenProject/jans/issues/8348 Signed-off-by: YuriyZ --- .../io/jans/as/server/service/AcrService.java | 20 +++++++++++++++++++ .../as/server/service/AcrServiceTest.java | 17 ++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java index 89ebc3925f9..345afa09972 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/AcrService.java @@ -52,6 +52,8 @@ public static boolean isAgama(String acr) { } public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrChangedException { + removeParametersForAgamaAcr(authzRequest); + applyAcrMappings(authzRequest); checkClientAuthorizedAcrs(authzRequest, client); @@ -60,6 +62,24 @@ public void validateAcrs(AuthzRequest authzRequest, Client client) throws AcrCha checkAcrChanged(authzRequest, identity.getSessionId()); // check after redirect uri is validated } + public static void removeParametersForAgamaAcr(AuthzRequest authzRequest) { + final List acrValues = authzRequest.getAcrValuesList(); + for (int i = 0; i < acrValues.size(); i++) { + final String acr = acrValues.get(i); + acrValues.set(i, removeParametersFromAgamaAcr(acr)); + } + + final String result = implode(acrValues, " "); + authzRequest.setAcrValues(result); + } + + public static String removeParametersFromAgamaAcr(String acr) { + if (isAgama(acr)) { + return StringUtils.substringBefore(acr, "-"); + } + return acr; + } + public void checkClientAuthorizedAcrs(AuthzRequest authzRequest, Client client) { final List authorizedAcrs = client.getAttributes().getAuthorizedAcrValues(); if (authorizedAcrs.isEmpty()) { diff --git a/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java b/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java index 42f134d496b..fc7872fd8cf 100644 --- a/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java +++ b/jans-auth-server/server/src/test/java/io/jans/as/server/service/AcrServiceTest.java @@ -52,6 +52,23 @@ public class AcrServiceTest { @Mock private AppConfiguration appConfiguration; + @Test + public void removeParametersFromAgamaAcr_whenAcrHasParameters_shouldRemoveParameters() { + assertEquals(AcrService.removeParametersFromAgamaAcr("agama_flow-parameter1"), "agama_flow"); + assertEquals(AcrService.removeParametersFromAgamaAcr("agama_io.jans.flow-parameter1"), "agama_io.jans.flow"); + assertEquals(AcrService.removeParametersFromAgamaAcr("agama_io.jans.flow"), "agama_io.jans.flow"); + } + + @Test + public void removeParametersFromAgamaAcr_whenAuthzRequestIsWithAcrWithParameters_shouldRemoveParameters() { + AuthzRequest authzRequest = new AuthzRequest(); + authzRequest.setAcrValues("agama_io.jans.flow-parameter1 acr2"); + + AcrService.removeParametersForAgamaAcr(authzRequest); + + assertEquals(authzRequest.getAcrValues(), "agama_io.jans.flow acr2"); + } + @Test public void isAgama_whenAcrIsNullOrNonAgama_shouldReturnFalse() { assertFalse(AcrService.isAgama(null));