Add JWT token as default token for portals

wso2 · Feb 28, 2024 · 6d84775 · 6d84775
1 parent 4900ea0
commit 6d84775
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 10 deletions.
diff --git a/...t/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java b/...t/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java
@@ -2145,6 +2145,8 @@ public static class JwtTokenConstants {
         public static final String TOKEN_TYPE = "token_type";
         public static final String API_KEY_TOKEN_TYPE = "apiKey";
         public static final String DECODING_ALGORITHM_BASE64URL = "base64url";
+        public static final String APP_DOMAIN = "app_domain";
+        public static final String USER_DOMAIN = "user_domain";
     }
 
     public static final String SIGNATURE_ALGORITHM_RS256 = "RS256";

diff --git a/...r/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web/impl/RegistrationServiceImpl.java b/...r/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web/impl/RegistrationServiceImpl.java
@@ -326,14 +326,6 @@ private OAuthApplicationInfo createApplication(String applicationName, OAuthAppR
             logoutConsentProperty.setValue(APIConstants.APP_SKIP_LOGOUT_CONSENT_VALUE);
             serviceProviderProperties.add(logoutConsentProperty);
 
-            if (APIConstants.JWT.equals(applicationInfo.getTokenType())) {
-                LocalAndOutboundAuthenticationConfig localAndOutboundConfig =
-                        new LocalAndOutboundAuthenticationConfig();
-                localAndOutboundConfig.setSkipConsent(true);
-                localAndOutboundConfig.setSkipLogoutConsent(true);
-                localAndOutboundConfig.setUseTenantDomainInLocalSubjectIdentifier(true);
-                serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundConfig);
-            }
             String orgId = null;
             try {
                 orgId = RestApiUtil.getValidatedOrganization(securityContext);

diff --git a/...il/src/main/java/org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl.java b/...il/src/main/java/org/wso2/carbon/apimgt/rest/api/util/impl/OAuthJwtAuthenticatorImpl.java
@@ -143,7 +143,12 @@ private boolean handleScopeValidation(Message message, SignedJWTInfo signedJWTIn
         String maskedToken = message.get(RestApiConstants.MASKED_TOKEN).toString();
         OAuthTokenInfo oauthTokenInfo = new OAuthTokenInfo();
         oauthTokenInfo.setAccessToken(accessToken);
-        oauthTokenInfo.setEndUserName(signedJWTInfo.getJwtClaimsSet().getSubject());
+        String tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
+        if (signedJWTInfo.getJwtClaimsSet().getClaim(JwtTokenConstants.USER_DOMAIN) != null) {
+            tenantDomain = (String) signedJWTInfo.getJwtClaimsSet().getClaim(JwtTokenConstants.USER_DOMAIN);
+        } 
+        log.debug("Tenant domain for user " + tenantDomain);
+        oauthTokenInfo.setEndUserName(signedJWTInfo.getJwtClaimsSet().getSubject() + "@" + tenantDomain);
         oauthTokenInfo.setConsumerKey(signedJWTInfo.getJwtClaimsSet().getStringClaim(JWTConstants.AUTHORIZED_PARTY));
         String scopeClaim = signedJWTInfo.getJwtClaimsSet().getStringClaim(JwtTokenConstants.SCOPE);
         if (scopeClaim != null) {
@@ -160,7 +165,7 @@ private boolean handleScopeValidation(Message message, SignedJWTInfo signedJWTIn
                 //Add the user scopes list extracted from token to the cxf message
                 message.getExchange().put(RestApiConstants.USER_REST_API_SCOPES, oauthTokenInfo.getScopes());
                 //If scope validation successful then set tenant name and user name to current context
-                String tenantDomain = MultitenantUtils.getTenantDomain(oauthTokenInfo.getEndUserName());
+
                 int tenantId;
                 PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                 RealmService realmService = (RealmService) carbonContext.getOSGiService(RealmService.class, null);
@@ -328,6 +333,10 @@ private JWTValidator validateAndGetJWTValidatorForIssuer(JWTClaimsSet jwtClaimsS
                     + tokenIssuer + ") does not match with the token issuer (" + tokenIssuers.keySet() + ")");
         }
         String residentTenantDomain = APIConstants.SUPER_TENANT_DOMAIN;
+        if (jwtClaimsSet.getClaim(JwtTokenConstants.APP_DOMAIN) != null) {
+            residentTenantDomain = (String) jwtClaimsSet.getClaim(JwtTokenConstants.APP_DOMAIN);
+        } 
+        log.debug("Tenant domain for residant IDP " + residentTenantDomain);
         IdentityProvider residentIDP = validateAndGetResidentIDPForIssuer(residentTenantDomain, tokenIssuer);
         if (residentIDP == null) {
             //invalid issuer. invalid token