Introduce JWT Access Token Attributes

features/admin.applications.v1/components/access-token-attribute-option.tsx

@@ -0,0 +1,75 @@
+/**
+ * Copyright (c) 2024, WSO2 LLC. (https://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import Checkbox from "@oxygen-ui/react/Checkbox";
+import Grid from "@oxygen-ui/react/Grid";
+import ListItemText from "@oxygen-ui/react/ListItemText";
+import { IdentifiableComponentInterface } from "@wso2is/core/models";
+import { Code } from "@wso2is/react-components";
+import React, {
+ FunctionComponent,
+ HTMLAttributes,
+ ReactElement
+} from "react";
+
+interface AccessTokenAttributeOption extends IdentifiableComponentInterface {
+ /**
+ * Is the option selected.
+ */
+ selected?: boolean;
+ /**
+ * The display name of the option.
+ */
+ displayName: string;
+ /**
+ * The claim URI of the option.
+ */
+ claimURI: string;
+ /**
+ * The props passed to the option.
+ */
+ renderOptionProps: HTMLAttributes<HTMLLIElement>
+}
+
+export const AccessTokenAttributeOption: FunctionComponent<AccessTokenAttributeOption> = (
+ props: AccessTokenAttributeOption
+): ReactElement => {
+
+ const {
+ selected,
+ displayName,
+ claimURI,
+ renderOptionProps
+ } = props;
+
+ return (
+ <li { ...renderOptionProps }>
+ <Grid container justifyContent="space-between" alignItems="center" xs={ 12 }>
+ <Grid container alignItems="center" xs={ 8 }>
+ <Grid>
+ <Checkbox checked={ selected } />
+ </Grid>
+ <Grid xs={ 5 }>
+ <ListItemText primary={ displayName } />
+ <Code>{ claimURI }</Code>
+ </Grid>
+ </Grid>
+ </Grid>
+ </li>
+ );
+};

features/admin.applications.v1/components/forms/inbound-oidc-form.scss

@@ -20,3 +20,18 @@
  margin-top: 0 !important;
  margin-right: 1rem !important;
 }
+
+.access-token-attributes-feature-banner {
+ padding-top: 1rem !important;
+}
+
+.access-token-attributes-dropdown {
+ padding-top: 1rem !important;
+}
+
+.access-token-attributes-dropdown-input {
+ input {
+ border: none !important;
+ width: auto !important;
+ }
+}

features/admin.applications.v1/components/settings/access-configuration.tsx

@@ -24,7 +24,7 @@
  store
 } from "@wso2is/admin.core.v1";
 import { applicationConfig } from "@wso2is/admin.extensions.v1";
 import { hasRequiredScopes } from "@wso2is/core/helpers";
 import { AlertLevels, IdentifiableComponentInterface, SBACInterface } from "@wso2is/core/models";
 import { addAlert } from "@wso2is/core/store";
 import { FormValue } from "@wso2is/forms";
@@ -216,6 +216,7 @@
  isLoading,
  setIsLoading,
  onUpdate,
+ onProtocolUpdate,
  allowedOriginList,
  onAllowedOriginsUpdate,
  onApplicationSecretRegenerate,
@@ -377,7 +378,7 @@
  ".genericError.message")
  }));
  }).finally(() => {
- onUpdate(appId);
+ onProtocolUpdate();
  if (!updateError) {
  createSAMLApplication();
  }

features/admin.applications.v1/models/application-inbound.ts

@@ -127,8 +127,9 @@ interface AccessTokenConfigurationInterface {
  bindingType?: SupportedAccessTokenBindingTypes | string;
  revokeTokensWhenIDPSessionTerminated?: boolean;
  validateTokenBinding?: boolean;
+ accessTokenAttributes?: string[];
+ accessTokenAttributesEnabled?: boolean;
 }
-
 interface RefreshTokenConfigurationInterface {
  expiryInSeconds?: number;
  renewRefreshToken?: boolean;

modules/i18n/src/models/namespaces/applications-ns.ts

@@ -1323,6 +1323,15 @@ export interface ApplicationsNS {
  invalid: string;
  };
  };
+ accessTokenAttributes: {
+ hint: string;
+ label:string;
+ placeholder: string;
+ enable: {
+ hint: string;
+ label: string;
+ };
+ };
  };
  };
  idToken: {

modules/i18n/src/translations/en-US/portals/applications.ts

@@ -1574,6 +1574,22 @@ export const applications: ApplicationsNS = {
  empty: "Please fill the audience",
  invalid: "Please avoid special characters like commas (,)"
  }
+ },
+ accessTokenAttributes: {
+ hint : "Select the attributes that should be included in the <1>access_token</1>.",
+ label: "Access Token Attributes",
+ placeholder: "Search by attribute name",
+ enable: {
+ hint : "Previously, attributes that are set as requested in the User Attributes " +
+ "section were automatically added to <1>access_token</1>. Now, you can choose which " +
+ "user attributes are included in the <1>access_token</1>. To enable this new feature, " +
+ "select <1>Enable Access Token Attributes</1> and update your application. When updating, " +
+ "attributes that are set as requested in the User Attribute section will be set as " +
+ "Access Token Attributes. Once updated, only selected attributes from the Access " +
+ "Token Attributes will be included in the <1>access_token</1> without requiring OIDC scopes. " +
+ "Important: This change is irreversible. Proceed with caution.",
+ label: "Enable Access Token Attributes"
+ }
  }
  },
  heading: "Access Token",