From a1b73c750016249ed706c9396572d79dfa2215ef Mon Sep 17 00:00:00 2001 From: malithie Date: Tue, 6 Aug 2024 12:14:37 +0530 Subject: [PATCH 1/3] Engage pre-issue-access-token action from server-level. --- .../grant/AbstractAuthorizationGrantHandler.java | 13 ++++++++----- .../token/handlers/grant/RefreshGrantHandler.java | 8 +++++--- pom.xml | 2 +- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java index 9d45411bd3..c7bfab496b 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java @@ -496,11 +496,14 @@ private boolean checkExecutePreIssueAccessTokensActions(OAuthTokenReqMessageCont OAuthAppDO oAuthAppBean = getoAuthApp(tokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId()); String grantType = tokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType(); - // Allow for following grant types and for JWT access tokens only. - return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || - OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) || - OAuthConstants.GrantTypes.PASSWORD.equals(grantType) || - OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) && + // Allow for following grant types and for JWT access tokens if, + // pre issue access token action invocation is enabled at server level. + return OAuthComponentServiceHolder.getInstance().getActionExecutorService() + .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) && + (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || + OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) || + OAuthConstants.GrantTypes.PASSWORD.equals(grantType) || + OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) && JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType()); } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java index c474bf1450..826ef29b0f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java @@ -718,9 +718,11 @@ private boolean checkExecutePreIssueAccessTokensActions(RefreshTokenValidationDa String grantType = refreshTokenValidationDataDO.getGrantType(); // Allow if refresh token is issued for token requests from following grant types and, - // for JWT access tokens only. - return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || - OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) && + // for JWT access tokens if pre issue access token action invocation is enabled at server level. + return OAuthComponentServiceHolder.getInstance().getActionExecutorService() + .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) && + (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || + OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) && JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType()); } diff --git a/pom.xml b/pom.xml index 5a336ed08c..e00cbe8439 100644 --- a/pom.xml +++ b/pom.xml @@ -909,7 +909,7 @@ [1.0.1, 2.0.0) - 7.3.50 + 7.3.60 [5.25.234, 8.0.0) From 4adc02cfda8e0090bd4bb951dffcb410839123f1 Mon Sep 17 00:00:00 2001 From: malithie Date: Tue, 6 Aug 2024 12:14:37 +0530 Subject: [PATCH 2/3] Engage pre-issue-access-token action from server-level. --- .../grant/AbstractAuthorizationGrantHandler.java | 13 ++++++++----- .../token/handlers/grant/RefreshGrantHandler.java | 8 +++++--- pom.xml | 2 +- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java index 9d45411bd3..c7bfab496b 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java @@ -496,11 +496,14 @@ private boolean checkExecutePreIssueAccessTokensActions(OAuthTokenReqMessageCont OAuthAppDO oAuthAppBean = getoAuthApp(tokenReqMessageContext.getOauth2AccessTokenReqDTO().getClientId()); String grantType = tokenReqMessageContext.getOauth2AccessTokenReqDTO().getGrantType(); - // Allow for following grant types and for JWT access tokens only. - return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || - OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) || - OAuthConstants.GrantTypes.PASSWORD.equals(grantType) || - OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) && + // Allow for following grant types and for JWT access tokens if, + // pre issue access token action invocation is enabled at server level. + return OAuthComponentServiceHolder.getInstance().getActionExecutorService() + .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) && + (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || + OAuthConstants.GrantTypes.CLIENT_CREDENTIALS.equals(grantType) || + OAuthConstants.GrantTypes.PASSWORD.equals(grantType) || + OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(grantType)) && JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType()); } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java index c474bf1450..826ef29b0f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/RefreshGrantHandler.java @@ -718,9 +718,11 @@ private boolean checkExecutePreIssueAccessTokensActions(RefreshTokenValidationDa String grantType = refreshTokenValidationDataDO.getGrantType(); // Allow if refresh token is issued for token requests from following grant types and, - // for JWT access tokens only. - return (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || - OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) && + // for JWT access tokens if pre issue access token action invocation is enabled at server level. + return OAuthComponentServiceHolder.getInstance().getActionExecutorService() + .isExecutionEnabled(ActionType.PRE_ISSUE_ACCESS_TOKEN) && + (OAuthConstants.GrantTypes.AUTHORIZATION_CODE.equals(grantType) || + OAuthConstants.GrantTypes.PASSWORD.equals(grantType)) && JWT_TOKEN_TYPE.equals(oAuthAppBean.getTokenType()); } diff --git a/pom.xml b/pom.xml index 5a336ed08c..02d79cbf01 100644 --- a/pom.xml +++ b/pom.xml @@ -909,7 +909,7 @@ [1.0.1, 2.0.0) - 7.3.50 + 7.3.61 [5.25.234, 8.0.0) From 01767a6b446ad027e396cb5a86e75e33d4eb54db Mon Sep 17 00:00:00 2001 From: Ashan Thamara Palihakkara <75057725+ashanthamara@users.noreply.github.com> Date: Tue, 6 Aug 2024 14:56:26 +0530 Subject: [PATCH 3/3] bump framework version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 02d79cbf01..90d0caaea6 100644 --- a/pom.xml +++ b/pom.xml @@ -909,7 +909,7 @@ [1.0.1, 2.0.0) - 7.3.61 + 7.3.62 [5.25.234, 8.0.0)