From bd0b5848859f19c1c5866b2d1155e96f0a6857d9 Mon Sep 17 00:00:00 2001
From: imesh94 <imeshu@wso2.com>
Date: Wed, 13 Nov 2024 17:48:01 +0530
Subject: [PATCH] Make iat, jti and exp claims mandatory in DCR request

---
 .../dcr/model/CDSRegistrationRequest.java      | 18 ++++++++++++++++++
 .../resources/wso2is-6.0.0-deployment-cds.toml |  9 +++++++++
 2 files changed, 27 insertions(+)

diff --git a/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/dcr/model/CDSRegistrationRequest.java b/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/dcr/model/CDSRegistrationRequest.java
index 5f712bc4..f7b508b8 100644
--- a/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/dcr/model/CDSRegistrationRequest.java
+++ b/components/org.wso2.openbanking.cds.identity/src/main/java/org/wso2/openbanking/cds/identity/dcr/model/CDSRegistrationRequest.java
@@ -63,6 +63,24 @@ public RegistrationRequest getRegistrationRequest() {
         return registrationRequest;
     }
 
+    @Override
+    public String getJti() {
+
+        return registrationRequest.getJti();
+    }
+
+    @Override
+    public String getIat() {
+
+        return registrationRequest.getIat();
+    }
+
+    @Override
+    public String getExp() {
+
+        return registrationRequest.getExp();
+    }
+
     @Override
     public String getTokenEndPointAuthentication() {
 
diff --git a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
index d2d9288c..d516680c 100644
--- a/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
+++ b/toolkits/ob-is/repository/resources/wso2is-6.0.0-deployment-cds.toml
@@ -542,6 +542,15 @@ display = "ob-identifier-first"
 name = "SMSAuthentication"
 step = 2
 
+[open_banking.dcr.registration.iat]
+required = true
+
+[open_banking.dcr.registration.exp]
+required = true
+
+[open_banking.dcr.registration.jti]
+required = true
+
 [open_banking.dcr.registration.grant_types]
 allowed_values = ["authorization_code", "refresh_token", "client_credentials"]