From 7b94665df8f23d608b5c0235371b3adc7ae7a9d3 Mon Sep 17 00:00:00 2001 From: Anju Chamantha Date: Tue, 2 Jan 2024 07:20:10 +0530 Subject: [PATCH] [FAPI] fix consent flow with scope claims --- .../configure_is_fapi.py | 42 ++++++++++++++++++- oidc-fapi-conformance-tests/constants_fapi.py | 20 +++++++++ 2 files changed, 60 insertions(+), 2 deletions(-) diff --git a/oidc-fapi-conformance-tests/configure_is_fapi.py b/oidc-fapi-conformance-tests/configure_is_fapi.py index f2f0185a596..7435c46a029 100644 --- a/oidc-fapi-conformance-tests/configure_is_fapi.py +++ b/oidc-fapi-conformance-tests/configure_is_fapi.py @@ -67,6 +67,42 @@ def get_application_id_by_sp_name(name): print("Error occurred: " + str(error)) exit(1) +# set application scope claims for the given application, this is needed to allow or deny consent with provided scope +def set_application_scopes_for_consent(application_id): + print(">>> Setting Application scope claims.") + try: + body = json.dumps(constants.SET_SCOPE_CLAIMS_BODY_PAYLOAD) + response = requests.patch(url=constants.APPLICATION_ENDPOINT + "/" + application_id, + headers=constants.HEADERS_WITH_AUTH, data=body, verify=False) + response.raise_for_status() + except HTTPError as http_error: + print(http_error) + print(response.text) + exit(1) + except Exception as error: + print("\nError occurred: " + str(error)) + exit(1) + else: + print(">>> Application scope claims set successfully.") + +# Skip login consent is true by default, here we disable it to go consent flows +def disable_skipping_consent(application_id): + print(">>> Setting Skip Login consent to false.") + try: + body = json.dumps(constants.DISABLE_SKIP_CONSENT_BODY_PAYLOAD) + response = requests.patch(url=constants.APPLICATION_ENDPOINT + "/" + application_id, + headers=constants.HEADERS_WITH_AUTH, data=body, verify=False) + response.raise_for_status() + except HTTPError as http_error: + print(http_error) + print(response.text) + exit(1) + except Exception as error: + print("\nError occurred: " + str(error)) + exit(1) + else: + print(">>> Disabled Skip Login consent successfully.") + # returns service provider details with given application id def get_service_provider_details(application_id): try: @@ -169,12 +205,12 @@ def json_config_builder(service_provider_1, service_provider_2, output_file_path }, "client": { "client_id": service_provider_1['clientId'], - "scope": "openid profile abc", + "scope": "openid profile", "jwks": client_configs['client']['jwks'] }, "client2": { "client_id": service_provider_2['clientId'], - "scope": "openid profile abc", + "scope": "openid profile", "jwks": client_configs['client2']['jwks'] }, "mtls": client_configs['mtls'], @@ -238,6 +274,8 @@ def createSPApp(app_json): dcr(app_json) app_id = get_application_id_by_sp_name(app_json.get("client_name")) app_details = get_service_provider_details(app_id) + set_application_scopes_for_consent(app_id) + disable_skipping_consent(app_id) configure_acr(app_id) return app_details diff --git a/oidc-fapi-conformance-tests/constants_fapi.py b/oidc-fapi-conformance-tests/constants_fapi.py index 603e2f51dce..69b6e832ff0 100644 --- a/oidc-fapi-conformance-tests/constants_fapi.py +++ b/oidc-fapi-conformance-tests/constants_fapi.py @@ -11,6 +11,26 @@ SCOPES = "internal_user_mgt_update internal_application_mgt_create internal_application_mgt_view internal_login " \ "internal_claim_meta_update internal_application_mgt_update internal_scope_mgt_create" +SET_SCOPE_CLAIMS_BODY_PAYLOAD = { + "claimConfiguration": { + "dialect": "LOCAL", + "requestedClaims": [ + { + "claim": { + "uri": "http://wso2.org/claims/username" + }, + "mandatory": "false" + } + ] + } +} + +DISABLE_SKIP_CONSENT_BODY_PAYLOAD = { + "advancedConfigurations": { + "skipLoginConsent": "false" + } +} + HEADERS_WITH_AUTH = {'Content-Type': 'application/json', 'Connection': 'keep-alive', 'Authorization': 'Basic YWRtaW46YWRtaW4='}