Support JWT Tokens in portal apps

[dushaniw]

Problem

Currently portal apps only work with opaque tokens. To add support for JWT tokens, OAuthJWTAuthenticatorImpl needs additional changes to validate issuer and signature from resident identity provider.

Solution

Implement logic to local resident idp and validate token issuer and set certificate and other details in JWTValidator impl instance.

Affected Component

APIM

Version

4.3.0 - M2

Implementation

No response

Related Issues

No response

Suggested Labels

No response

[dushaniw]

To support tenant logins, it is mandatory to append tenant domain to the local subject identifier.

[chamilaadhi]

PR for identity-inbound-auth-oauth component wso2-extensions/identity-inbound-auth-oauth#2384

PR for carbon-identity-framework for config changes wso2/carbon-identity-framework#5547

[chamilaadhi]

carbon-apimgt fix wso2/carbon-apimgt#12297

[chamilaadhi]

Integration test update to run with JWT wso2/product-apim#13394

[chamilaadhi]

14 Integration tests failing. Currently checking them

    [INFO] Results:
    [INFO]
    [ERROR] Failures:
    [ERROR] org.wso2.am.integration.tests.api.lifecycle.APITagVisibilityByRoleTestCase.testAPITagVisibilityAuthorisedUser
    [INFO]   Run 1: PASS
    [INFO]   Run 2: PASS
    [INFO]   Run 3: PASS
    [ERROR]   Run 4: APITagVisibilityByRoleTestCase.testAPITagVisibilityAuthorisedUser:188 Restricted visibility tag is not available for authorised user expected [true] but found [false]
    [INFO]   Run 5: PASS
    [INFO]
    [ERROR] org.wso2.am.integration.tests.api.lifecycle.APIVisibilityWithDirectURLTestCase.testDirectLink
    [INFO]   Run 1: PASS
    [INFO]   Run 2: PASS
    [INFO]   Run 3: PASS
    [INFO]   Run 4: PASS
    [ERROR]   Run 5: APIVisibilityWithDirectURLTestCase.testDirectLink:152 » Api
    [INFO]
    [ERROR]   APIProductLifecycleTest.destroy:265 » Api
    [ERROR] org.wso2.am.integration.tests.apiproduct.lifecycle.APIProductLifecycleTest.testCreateAPIProduct
    [INFO]   Run 1: PASS
    [INFO]   Run 2: PASS
    [INFO]   Run 3: PASS
    [INFO]   Run 4: PASS
    [ERROR]   Run 5: APIProductLifecycleTest.testCreateAPIProduct:131 expected [true] but found [false]
    [INFO]
    [ERROR]   CrossTenantSubscriptionTestCase.testCreateSubscriptionFromTenant1AppToTenant2APIRestrictedPolicy:573 null
    [ERROR]   CrossTenantSubscriptionTestCase.testCreateSubscriptionFromTenant2AppToTenant1APIRestrictedPolicy:559 null
    [ERROR]   APIInvocationWithMessageTypeProperty.testInovkeAPIWithMessageTypePropertyInSequence:67 » NullPointer
    [ERROR] org.wso2.am.integration.tests.other.APIScopeTestCase.destroy
    [ERROR]   Run 1: APIScopeTestCase.destroy:517->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:901 Unable to retrieve revisionsnull expected [200] but found [0]
    [ERROR]   Run 2: APIScopeTestCase.destroy:516->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:901 Unable to retrieve revisionsnull expected [200] but found [0]
    [ERROR]   Run 3: APIScopeTestCase.destroy:516->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:901 Unable to retrieve revisionsnull expected [200] but found [0]
    [ERROR]   Run 4: APIScopeTestCase.destroy:516->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:901 Unable to retrieve revisionsnull expected [200] but found [0]
    [INFO]
    [ERROR] org.wso2.am.integration.tests.other.APIScopeTestCase.testSetScopeToResourceTestCase
    [INFO]   Run 1: PASS
    [ERROR]   Run 2: APIScopeTestCase.testSetScopeToResourceTestCase:219 » Api
    [INFO]   Run 3: PASS
    [INFO]   Run 4: PASS
    [INFO]   Run 5: PASS
    [INFO]
    [ERROR] org.wso2.am.integration.tests.other.PublisherAccessControlTestCase.destroy
    [ERROR]   Run 1: PublisherAccessControlTestCase.destroy:342->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:901 Unable to retrieve revisionsnull expected [200] but found [0]
    [ERROR]   Run 2: PublisherAccessControlTestCase.destroy:342->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:900 » NullPointer
    [ERROR]   Run 3: PublisherAccessControlTestCase.destroy:342->APIMIntegrationBaseTest.undeployAndDeleteAPIRevisionsUsingRest:900 » NullPointer
    [INFO]
    [ERROR] org.wso2.am.integration.tests.other.PublisherAccessControlTestCase.testAPIAdditionWithAccessControlRestriction
    [INFO]   Run 1: PASS
    [INFO]   Run 2: PASS
    [ERROR]   Run 3: PublisherAccessControlTestCase.testAPIAdditionWithAccessControlRestriction:197->APIManagerLifecycleBaseTest.createAndPublishAPIUsingRest:442 » Api
    [INFO]   Run 4: PASS
    [INFO]   Run 5: PASS
    [INFO]
    [ERROR] org.wso2.am.integration.tests.restapi.ContentSearchTestCase.testContentSearchWithAccessControl
    [INFO]   Run 1: PASS
    [INFO]   Run 2: PASS
    [INFO]   Run 3: PASS
    [ERROR]   Run 4: ContentSearchTestCase.testContentSearchWithAccessControl:268 » Api
    [INFO]   Run 5: PASS
    [INFO]
    [ERROR]   OpenIDTokenAPITestCase.setEnvironment:77 » Api
    [ERROR] org.wso2.am.integration.tests.token.TokenAPITestCase.testTokenAPITestCase
    [INFO]   Run 1: PASS
    [ERROR]   Run 2: TokenAPITestCase.testTokenAPITestCase:130 » Api
    [INFO]   Run 3: PASS
    [INFO]   Run 4: PASS
    [INFO]
    [INFO]
    [ERROR] Tests run: 1674, Failures: 14, Errors: 0, Skipped: 1    

[chamilaadhi]

Fixed cross tenant scenario from wso2/carbon-apimgt@448687f and secondary user store scenarios from wso2/carbon-apimgt@99c4044

Now all integration tests pass

[chamilaadhi]

Add config to enable JWT for portals with wso2/carbon-apimgt@bc3869d and wso2/apim-apps#583

[chamilaadhi]

bug fix wso2/carbon-apimgt#12323, wso2/apim-apps#633

[chamilaadhi]

Docs
4.3.0 wso2/docs-apim#7783
Master: wso2/docs-apim#7784