From f4bcaad4891937553cdbfd40fae55ea674a78344 Mon Sep 17 00:00:00 2001 From: pujavs <43700552+pujavs@users.noreply.github.com> Date: Sat, 21 Sep 2024 14:16:38 +0530 Subject: [PATCH] feat(config-api): client token mgt endpoint (#9554) * fix(config-api): asset mgt endpoint fixes Signed-off-by: pujavs * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs * feat(config-api): asset upload mgt ehancement and fido Signed-off-by: pujavs * fix(config-api): asset upload Signed-off-by: pujavs * fix(config-api): lock review comments Signed-off-by: pujavs * feat(config-api): lock code review comments Signed-off-by: pujavs * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs * feat(config-api): lock master renamed to lock server Signed-off-by: pujavs * feat(config-api): fido2 delete functionality Signed-off-by: pujavs * fix(config-api): acr validation Signed-off-by: pujavs * feat(config-api): doc(config-api): IDP schema attribute descriptions #9187 Signed-off-by: pujavs * feat(config-api): sync with main Signed-off-by: pujavs * feat(config-api): uploading assets via API generates 2 entries #9178 Signed-off-by: pujavs * feat(config-api): asset mgt, fido and IDP changes Signed-off-by: pujavs * feat(config-api): fido2 device endpoint Signed-off-by: pujavs * feat(config-api): fido2 endpoint Signed-off-by: pujavs * feat(config-api): fido2 endpoint Signed-off-by: pujavs * feat(config-api): sync with main Signed-off-by: pujavs * feat(config-api): sync with main Signed-off-by: pujavs * feat(config-api): sync with main Signed-off-by: pujavs * feat(config-api): resolved sonar review issues Signed-off-by: pujavs * feat(config-api): sonar review comment fix Signed-off-by: pujavs * feat(config-api): swagger spec Signed-off-by: pujavs * feat(config-api): saml config attribute description Signed-off-by: pujavs * doc(config-api): added SAML attribute description Signed-off-by: pujavs * doc(config-api): added SAML attribute description Signed-off-by: pujavs * feat(config-api): sync with main Signed-off-by: pujavs * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs * fix(jans-lock): code review comment fix isssue#9305 Signed-off-by: pujavs * feat(config-api): lock review point Signed-off-by: pujavs * fix(lock): code review comment Signed-off-by: pujavs * fix(lock): code review comment Signed-off-by: pujavs * fix(config-api): sync with main Signed-off-by: pujavs * feat(config-api): lock endpoint fixes and SAML IDP NPE Signed-off-by: pujavs * feat(config-api): asset enhancement Signed-off-by: pujavs * feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403 Signed-off-by: pujavs * fix(config-api): scope validation issue #9426 Signed-off-by: pujavs * fix(config-api): asset delete error fix Signed-off-by: pujavs * feat(config-api): sysnc with main Signed-off-by: pujavs * fix(config-ap): lock audit endpoint parameter declaration error#9460 Signed-off-by: pujavs * feat(config-api): client token functionality Signed-off-by: pujavs * fix(Config-api): lock audit endpoint path param rectification Signed-off-by: pujavs * feat(config-api): clint token endpoint - wip Signed-off-by: pujavs * feat(config-api): clint token endpoint Signed-off-by: pujavs * feat(config-api): client token endpoint Signed-off-by: pujavs * feat(config-api): client token endpoint Signed-off-by: pujavs * feat(config-api): token endpoint Signed-off-by: pujavs * feat(config-api): token endpoint Signed-off-by: pujavs --------- Signed-off-by: pujavs Co-authored-by: YuriyZ --- .../configapi/util/ApiAccessConstants.java | 10 +- .../io/jans/configapi/util/ApiConstants.java | 5 + .../docs/jans-config-api-swagger.yaml | 147 ++++++++++++++++- .../default/config-api-test.properties | 2 +- .../profiles/jans-ui.jans.io/test.properties | 2 +- .../test.properties | 2 +- .../profiles/local/test.properties | 2 +- .../jans/configapi/rest/ApiApplication.java | 16 +- .../rest/resource/auth/TokenResource.java | 146 +++++++++++++++++ .../security/client/AuthClientFactory.java | 33 +++- .../service/auth/ClientAuthService.java | 42 +++++ .../service/auth/ConfigurationService.java | 4 + .../main/resources/config-api-rs-protect.json | 152 ++++++++++++++++++ .../resources/example/token/token-get.json | 61 +++++++ .../feature/token/client-token.feature | 32 ++++ .../test/resources/karate-config-jenkins.js | 1 + .../src/test/resources/karate-config.js | 1 + 17 files changed, 637 insertions(+), 21 deletions(-) create mode 100644 jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java create mode 100644 jans-config-api/server/src/main/resources/example/token/token-get.json create mode 100644 jans-config-api/server/src/test/resources/feature/token/client-token.feature diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java index b69ce14b6c9..b9515651759 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiAccessConstants.java @@ -43,7 +43,15 @@ private ApiAccessConstants() { public static final String OPENID_CLIENTS_READ_ACCESS = "https://jans.io/oauth/config/openid/clients.readonly"; public static final String OPENID_CLIENTS_WRITE_ACCESS = "https://jans.io/oauth/config/openid/clients.write"; public static final String OPENID_CLIENTS_DELETE_ACCESS = "https://jans.io/oauth/config/openid/clients.delete"; - + + public static final String TOKEN_READ_ACCESS = "https://jans.io/oauth/config/token.readonly"; + public static final String TOKEN_WRITE_ACCESS = "https://jans.io/oauth/config/token.write"; + public static final String TOKEN_DELETE_ACCESS = "https://jans.io/oauth/config/token.delete"; + + public static final String SESSION_READ_ACCESS = "https://jans.io/oauth/config/session.readonly"; + public static final String SESSION_WRITE_ACCESS = "https://jans.io/oauth/config/session.write"; + public static final String SESSION_DELETE_ACCESS = "https://jans.io/oauth/config/session.delete"; + public static final String UMA_RESOURCES_READ_ACCESS = "https://jans.io/oauth/config/uma/resources.readonly"; public static final String UMA_RESOURCES_WRITE_ACCESS = "https://jans.io/oauth/config/uma/resources.write"; public static final String UMA_RESOURCES_DELETE_ACCESS = "https://jans.io/oauth/config/uma/resources.delete"; diff --git a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java index af089aa3a08..3df5b776b97 100644 --- a/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java +++ b/jans-config-api/common/src/main/java/io/jans/configapi/util/ApiConstants.java @@ -30,6 +30,7 @@ private ApiConstants() {} public static final String UMA = "/uma"; public static final String DYN_REGISTRATION = "/dyn_registration"; public static final String SESSION = "/session"; + public static final String CLIENT = "/client"; public static final String CLIENTS = "/clients"; public static final String OPENID = "/openid"; public static final String SCOPES = "/scopes"; @@ -42,6 +43,7 @@ private ApiConstants() {} public static final String GRANT = "/grant"; public static final String SUBJECT = "/subject"; public static final String TOKEN = "/token"; + public static final String REVOKE = "/revoke"; public static final String SEPARATOR = "/"; public static final String SERVER_CONFIG = "/server-config"; public static final String SERVER_CLEANUP = "/server-cleanup"; @@ -104,6 +106,8 @@ private ApiConstants() {} public static final String AUTHORIZATIONS = "/authorizations"; public static final String USERID_PATH = "{userId}"; public static final String SERVICE_NAME_PARAM_PATH = "/{service-name}"; + public static final String TOKEN_PATH = "/{token}"; + public static final String TOKEN_CODE_PATH = "/{tknCde}"; public static final String USERID = "userId"; public static final String USERNAME = "username"; @@ -128,6 +132,7 @@ private ApiConstants() {} public static final String USERDN = "userDn"; public static final String PLUGIN_NAME = "pluginName"; public static final String SERVICE_NAME = "service-name"; + public static final String TOKEN_CODE_PARAM = "tknCde"; public static final String ALL = "all"; diff --git a/jans-config-api/docs/jans-config-api-swagger.yaml b/jans-config-api/docs/jans-config-api-swagger.yaml index 268fefd7a43..20ef79cf80f 100644 --- a/jans-config-api/docs/jans-config-api-swagger.yaml +++ b/jans-config-api/docs/jans-config-api-swagger.yaml @@ -40,6 +40,8 @@ tags: - name: Configuration – Config API - name: Client Authorization - name: Jans Assets +- name: Tokens +- name: Sessions paths: /api/v1/health/app-version: get: @@ -7612,6 +7614,129 @@ paths: - oauth2: - https://jans.io/oauth/config/stats.readonly - jans_stat + /api/v1/token/client/{clientId}: + get: + tags: + - OAuth - OpenID Connect - Clients + summary: Get client token details + description: Get client token details + operationId: get-token-details + parameters: + - name: clientId + in: path + description: Script identifier + required: true + schema: + type: string + responses: + "200": + description: Ok + content: + application/json: + schema: + $ref: '#/components/schemas/PagedResult' + examples: + Response example: + description: Response example + value: | + { + "start": 0, + "totalEntriesCount": 3, + "entriesCount": 3, + "entries": [ + { + "dn": "tknCde=4960533184fab18d8932045b70de17f827c916010ab5d5c86f7202ca6cf7c176,ou=tokens,o=jans", + "grantId": "82736426-1a72-46bb-8e76-52f3bca2c614", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:30", + "expirationDate": "2024-10-30T12:55:30", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "4960533184fab18d8932045b70de17f827c916010ab5d5c86f7202ca6cf7c176", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "uIw3N7qeRiKR1pvzE1OmxQ", + "attributes": { + "online_access": false, + "statusListIndex": 1101 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + }, + { + "dn": "tknCde=5495ac7fedd47f57a10f314896fe88d415dbec067c7cea5d57138e2723b73e84,ou=tokens,o=jans", + "grantId": "2c4123dd-886f-447e-a65d-207bf60c3307", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:37", + "expirationDate": "2024-10-30T12:55:37", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "5495ac7fedd47f57a10f314896fe88d415dbec067c7cea5d57138e2723b73e84", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "bgPvtouST66zHFaH4vrWhA", + "attributes": { + "online_access": false, + "statusListIndex": 1102 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + }, + { + "dn": "tknCde=f0977b8c359446ff7a5aa157a930c89506485b266d988507478e367f53fd5445,ou=tokens,o=jans", + "grantId": "d0c427ec-0c6e-4fdf-83eb-43a19e633eec", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:37", + "expirationDate": "2024-10-20T12:55:37", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "f0977b8c359446ff7a5aa157a930c89506485b266d988507478e367f53fd5445", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "1DnmKY6pS1S6XeKSHAj2Ag", + "attributes": { + "online_access": false, + "statusListIndex": 1103 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + } + ] + } + "401": + description: Unauthorized + "404": + description: Not Found + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/config/token.readonly + /api/v1/token/revoke/{tknCde}: + delete: + tags: + - OAuth - OpenID Connect - Clients + summary: Revoke client token. + description: Revoke client token. + operationId: revoke-token + parameters: + - name: tknCde + in: path + description: Token Code + required: true + schema: + type: string + responses: + "204": + description: No Content + "400": + description: Bad Request + "401": + description: Unauthorized + "404": + description: Not Found + "500": + description: InternalServerError + security: + - oauth2: + - https://jans.io/oauth/config/token.delete /api/v1/uma/resources: get: tags: @@ -8370,17 +8495,16 @@ components: type: string selected: type: boolean - adminCanView: + userCanEdit: type: boolean adminCanEdit: type: boolean userCanView: type: boolean - userCanEdit: + adminCanView: type: boolean userCanAccess: type: boolean - adminCanAccess: type: boolean whitePagesCanView: @@ -9009,6 +9133,9 @@ components: type: boolean disableU2fEndpoint: type: boolean + deviceSessionLifetimeInSeconds: + type: integer + format: int32 rotateDeviceSecret: type: boolean returnDeviceSecretFromAuthzEndpoint: @@ -10372,14 +10499,14 @@ components: type: boolean internal: type: boolean - locationPath: - type: string locationType: type: string enum: - ldap - db - file + locationPath: + type: string baseDn: type: string ScriptError: @@ -10808,10 +10935,10 @@ components: ttl: type: integer format: int32 - persisted: - type: boolean opbrowserState: type: string + persisted: + type: boolean SessionIdAccessMap: type: object properties: @@ -11009,3 +11136,9 @@ components: https://jans.io/oauth/config/jans_asset-read: View Jans Assets https://jans.io/oauth/config/jans_asset-write: Manage Jans Assets https://jans.io/oauth/config/jans_asset-delete: Delete Jans Assets + https://jans.io/oauth/config/token.readonly: View Token details + https://jans.io/oauth/config/token.write: Manage Token details + https://jans.io/oauth/config/token.delete: Delete Token details + https://jans.io/oauth/config/session.readonly: View Session details + https://jans.io/oauth/config/session.write: Manage Session details + https://jans.io/oauth/config/session.delete: Delete Session details diff --git a/jans-config-api/profiles/default/config-api-test.properties b/jans-config-api/profiles/default/config-api-test.properties index 3711c79d887..695a67eebfa 100644 --- a/jans-config-api/profiles/default/config-api-test.properties +++ b/jans-config-api/profiles/default/config-api-test.properties @@ -1,7 +1,7 @@ # The URL of your Jans installation test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write https://jans.io/oauth/config/token.readonly https://jans.io/oauth/config/token.write https://jans.io/oauth/config/token.delete https://jans.io/oauth/config/session.readonly https://jans.io/oauth/config/session.write https://jans.io/oauth/config/session.delete token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/jans-ui.jans.io/test.properties b/jans-config-api/profiles/jans-ui.jans.io/test.properties index 3ccb666fa39..bbccec18e75 100644 --- a/jans-config-api/profiles/jans-ui.jans.io/test.properties +++ b/jans-config-api/profiles/jans-ui.jans.io/test.properties @@ -1,4 +1,4 @@ -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write https://jans.io/oauth/config/token.readonly https://jans.io/oauth/config/token.write https://jans.io/oauth/config/token.delete https://jans.io/oauth/config/session.readonly https://jans.io/oauth/config/session.write https://jans.io/oauth/config/session.delete # Test env Setting token.endpoint=https://jans-ui.jans.io/jans-auth/restv1/token diff --git a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties index adf5c6ba663..f329fc0a1d8 100644 --- a/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties +++ b/jans-config-api/profiles/jenkins-config-api.gluu.org/test.properties @@ -1,6 +1,6 @@ test.server=https://jenkins-config-api.gluu.org -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write https://jans.io/oauth/config/token.readonly https://jans.io/oauth/config/token.write https://jans.io/oauth/config/token.delete https://jans.io/oauth/config/session.readonly https://jans.io/oauth/config/session.write https://jans.io/oauth/config/session.delete token.endpoint=https://jenkins-config-api.gluu.org/jans-auth/restv1/token token.grant.type=client_credentials diff --git a/jans-config-api/profiles/local/test.properties b/jans-config-api/profiles/local/test.properties index 0760b0986ab..9c4a0518418 100644 --- a/jans-config-api/profiles/local/test.properties +++ b/jans-config-api/profiles/local/test.properties @@ -1,5 +1,5 @@ #LOCAL -test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write +test.scopes=https://jans.io/oauth/config/acrs.readonly https://jans.io/oauth/config/acrs.write https://jans.io/oauth/config/attributes.readonly https://jans.io/oauth/config/attributes.write https://jans.io/oauth/config/attributes.delete https://jans.io/oauth/config/cache.readonly https://jans.io/oauth/config/cache.write https://jans.io/oauth/config/openid/clients.readonly https://jans.io/oauth/config/openid/clients.write https://jans.io/oauth/config/openid/clients.delete https://jans.io/oauth/jans-auth-server/config/properties.readonly https://jans.io/oauth/jans-auth-server/config/properties.write https://jans.io/oauth/config/smtp.readonly https://jans.io/oauth/config/smtp.write https://jans.io/oauth/config/smtp.delete https://jans.io/oauth/config/scripts.readonly https://jans.io/oauth/config/scripts.write https://jans.io/oauth/config/scripts.delete https://jans.io/oauth/config/fido2.readonly https://jans.io/oauth/config/fido2.write https://jans.io/oauth/config/fido2.delete https://jans.io/oauth/config/jwks.readonly https://jans.io/oauth/config/jwks.write https://jans.io/oauth/config/jwks.delete https://jans.io/oauth/config/database/ldap.readonly https://jans.io/oauth/config/database/ldap.write https://jans.io/oauth/config/database/ldap.delete https://jans.io/oauth/config/logging.readonly https://jans.io/oauth/config/logging.write https://jans.io/oauth/config/scopes.readonly https://jans.io/oauth/config/scopes.write https://jans.io/oauth/config/scopes.delete https://jans.io/oauth/config/uma/resources.readonly https://jans.io/oauth/config/uma/resources.write https://jans.io/oauth/config/uma/resources.delete https://jans.io/oauth/config/database/sql.readonly https://jans.io/oauth/config/database/sql.write https://jans.io/oauth/config/database/sql.delete https://jans.io/oauth/config/stats.readonly jans_stat https://jans.io/scim/users.read https://jans.io/scim/users.write https://jans.io/oauth/config/scim/users.read https://jans.io/oauth/config/scim/users.write https://jans.io/scim/config.readonly https://jans.io/scim/config.write https://jans.io/oauth/config/organization.readonly https://jans.io/oauth/config/organization.write https://jans.io/oauth/config/user.readonly https://jans.io/oauth/config/user.write https://jans.io/oauth/config/user.delete https://jans.io/oauth/config/agama.readonly https://jans.io/oauth/config/agama.write https://jans.io/oauth/config/agama.delete https://jans.io/oauth/jans-auth-server/session.readonly https://jans.io/oauth/jans-auth-server/session.delete revoke_session https://jans.io/oauth/config/read-all https://jans.io/oauth/config/write-all https://jans.io/oauth/config/delete-all https://jans.io/oauth/config/openid-read https://jans.io/oauth/config/openid-write https://jans.io/oauth/config/openid-delete https://jans.io/oauth/config/uma-read https://jans.io/oauth/config/uma-write https://jans.io/oauth/config/uma-delete https://jans.io/oauth/jans-auth-server/config/adminui/user/role.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/role.write https://jans.io/oauth/jans-auth-server/config/adminui/read-all https://jans.io/oauth/jans-auth-server/config/adminui/write-all https://jans.io/oauth/jans-auth-server/config/adminui/user/role.delete https://jans.io/oauth/jans-auth-server/config/adminui/delete-all https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.write https://jans.io/oauth/jans-auth-server/config/adminui/user/permission.delete https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.readonly https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.write https://jans.io/oauth/jans-auth-server/config/adminui/user/rolePermissionMapping.delete https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/plugin.readonly https://jans.io/oauth/client/authorizations.readonly https://jans.io/oauth/client/authorizations.delete https://jans.io/oauth/config/cacherefresh.readonly https://jans.io/oauth/config/cacherefresh.write https://jans.io/oauth/config/saml.readonly https://jans.io/oauth/config/saml.write https://jans.io/oauth/config/saml-config.readonly https://jans.io/oauth/config/saml-config.write https://jans.io/oauth/config/saml-client-scope.readonly https://jans.io/oauth/config/saml-client-scope.write https://jans.io/idp/config.readonly https://jans.io/idp/config.write https://jans.io/idp/realm.readonly https://jans.io/idp/realm.write https://jans.io/idp/realm.write https://jans.io/idp/saml.readonly https://jans.io/idp/saml.write https://jans.io/oauth/config/app-version.readonly https://jans.io/oauth/kc-link-config.readonly https://jans.io/oauth/kc-link-config.write https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://pujavs-definite-dory.gluu.info/jans-config-api/api/v1/jans-assets/upload-asset https://jans.io/oauth/config/jans_asset-write https://jans.io/oauth/config/jans_asset-delete https://jans.io/oauth/lock/read-all https://jans.io/oauth/lock/write-all https://jans.io/oauth/lock-config.readonly https://jans.io/oauth/lock-config.write https://jans.io/oauth/lock/audit.readonly https://jans.io/oauth/lock/audit.write https://jans.io/oauth/lock/health.readonly https://jans.io/oauth/lock/health.write https://jans.io/oauth/lock/log.readonly https://jans.io/oauth/lock/log.write https://jans.io/oauth/lock/telemetry.readonly https://jans.io/oauth/lock/telemetry.write https://jans.io/oauth/config/token.readonly https://jans.io/oauth/config/token.write https://jans.io/oauth/config/token.delete https://jans.io/oauth/config/session.readonly https://jans.io/oauth/config/session.write https://jans.io/oauth/config/session.delete # jans.server token.endpoint=https://jans.server3/jans-auth/restv1/token diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java index 868c6d95a04..1e169cb086c 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/ApiApplication.java @@ -51,7 +51,10 @@ @Tag(name = "Auth - Session Management"), @Tag(name = "Organization Configuration"), @Tag(name = "Auth Server Health - Check"), @Tag(name = "Plugins"), @Tag(name = "Configuration – Config API"), @Tag(name = "Client Authorization"), - @Tag(name = "Jans Assets")}, + @Tag(name = "Jans Assets"), + @Tag(name = "Tokens"), + @Tag(name = "Sessions"), + }, servers = { @Server(url = "https://jans.local.io", description = "The Jans server") }) @@ -113,6 +116,12 @@ @OAuthScope(name = ApiAccessConstants.JANS_ASSET_READ_ACCESS, description = "View Jans Assets"), @OAuthScope(name = ApiAccessConstants.JANS_ASSET_WRITE_ACCESS, description = "Manage Jans Assets"), @OAuthScope(name = ApiAccessConstants.JANS_ASSET_DELETE_ACCESS, description = "Delete Jans Assets"), + @OAuthScope(name = ApiAccessConstants.TOKEN_READ_ACCESS, description = "View Token details"), + @OAuthScope(name = ApiAccessConstants.TOKEN_WRITE_ACCESS, description = "Manage Token details"), + @OAuthScope(name = ApiAccessConstants.TOKEN_DELETE_ACCESS, description = "Delete Token details"), + @OAuthScope(name = ApiAccessConstants.SESSION_READ_ACCESS, description = "View Session details"), + @OAuthScope(name = ApiAccessConstants.SESSION_WRITE_ACCESS, description = "Manage Session details"), + @OAuthScope(name = ApiAccessConstants.SESSION_DELETE_ACCESS, description = "Delete Session details") } ))) @@ -156,11 +165,14 @@ public Set> getClasses() { classes.add(PluginResource.class); classes.add(ConfigApiResource.class); classes.add(ClientAuthResource.class); - + classes.add(TokenResource.class); + log.info("appConfiguration:{}",appConfiguration ); if(appConfiguration!=null && appConfiguration.getAssetMgtConfiguration()!=null && appConfiguration.getAssetMgtConfiguration().isAssetMgtEnabled()) { classes.add(AssetResource.class); } + + log.error("\n\n All classes:{}",classes+"\n\n\n"); return classes; } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java new file mode 100644 index 00000000000..9113cc314a4 --- /dev/null +++ b/jans-config-api/server/src/main/java/io/jans/configapi/rest/resource/auth/TokenResource.java @@ -0,0 +1,146 @@ +/* + * Janssen Project software is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. + * + * Copyright (c) 2020, Janssen Project + */ + +package io.jans.configapi.rest.resource.auth; + +import static io.jans.as.model.util.Util.escapeLog; +import io.jans.as.common.model.registration.Client; +import io.jans.configapi.core.rest.ProtectedApi; +import io.jans.model.JansAttribute; +import io.jans.model.SearchRequest; +import io.jans.model.token.TokenEntity; +import io.jans.orm.model.PagedResult; +import io.jans.configapi.service.auth.ClientAuthService; +import io.jans.configapi.service.auth.ClientService; +import io.jans.configapi.util.ApiAccessConstants; +import io.jans.configapi.util.ApiConstants; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.ExampleObject; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import io.swagger.v3.oas.annotations.security.*; + +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.validation.constraints.NotNull; +import jakarta.ws.rs.*; +import jakarta.ws.rs.core.MediaType; +import jakarta.ws.rs.core.Response; + +import java.util.*; + +@Path(ApiConstants.TOKEN) +@Produces(MediaType.APPLICATION_JSON) +@Consumes(MediaType.APPLICATION_JSON) +@ApplicationScoped +public class TokenResource extends ConfigBaseResource { + + private class TokenEntityPagedResult extends PagedResult { + }; + + @Inject + ClientAuthService clientAuthService; + + @Inject + ClientService clientService; + + @Operation(summary = "Get client token details", description = "Get client token details", operationId = "get-token-details", tags = { + "OAuth - OpenID Connect - Clients" }, security = @SecurityRequirement(name = "oauth2", scopes = { + ApiAccessConstants.TOKEN_READ_ACCESS })) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Ok", content = @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = PagedResult.class), examples = @ExampleObject(name = "Response example", value = "example/token/token-get.json"))), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "404", description = "Not Found"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @GET + @ProtectedApi(scopes = { ApiAccessConstants.TOKEN_READ_ACCESS }, groupScopes = { + ApiAccessConstants.TOKEN_WRITE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_READ_ACCESS }) + @Path(ApiConstants.CLIENT + ApiConstants.CLIENTID_PATH) + public Response getClientToken( + @Parameter(description = "Script identifier") @PathParam(ApiConstants.CLIENTID) @NotNull String clientId) { + + if (logger.isInfoEnabled()) { + logger.info("Serach tokens by clientId:{}", escapeLog(clientId)); + } + checkNotNull(clientId, ApiConstants.CLIENTID); + + // validate clientId + Client client = clientService.getClientByInum(clientId); + checkResourceNotNull(client, "Client"); + logger.debug("Serach tokens by client:{}", client); + + SearchRequest searchReq = createSearchRequest(clientAuthService.geTokenDn(null), clientId, "tknCde", + ApiConstants.ASCENDING, Integer.parseInt(ApiConstants.DEFAULT_LIST_START_INDEX), + Integer.parseInt(ApiConstants.DEFAULT_LIST_SIZE), null, null, this.getMaxCount(), null, + JansAttribute.class); + + TokenEntityPagedResult tokenEntityPagedResult = searchTokenByClientId(searchReq); + logger.info("Asset fetched based on name are:{}", tokenEntityPagedResult); + return Response.ok(tokenEntityPagedResult).build(); + + } + + @Operation(summary = "Revoke client token.", description = "Revoke client token.", operationId = "revoke-token", tags = { + "OAuth - OpenID Connect - Clients" }, security = @SecurityRequirement(name = "oauth2", scopes = { + ApiAccessConstants.TOKEN_DELETE_ACCESS })) + @ApiResponses(value = { @ApiResponse(responseCode = "204", description = "No Content"), + @ApiResponse(responseCode = "400", description = "Bad Request"), + @ApiResponse(responseCode = "401", description = "Unauthorized"), + @ApiResponse(responseCode = "404", description = "Not Found"), + @ApiResponse(responseCode = "500", description = "InternalServerError") }) + @DELETE + @ProtectedApi(scopes = { ApiAccessConstants.TOKEN_DELETE_ACCESS }, groupScopes = { + ApiAccessConstants.OPENID_DELETE_ACCESS }, superScopes = { ApiAccessConstants.SUPER_ADMIN_DELETE_ACCESS }) + @Path(ApiConstants.REVOKE + ApiConstants.TOKEN_CODE_PATH) + public Response revokeClientToken( + @Parameter(description = "Token Code") @PathParam(ApiConstants.TOKEN_CODE_PARAM) @NotNull String tknCde) { + if (logger.isInfoEnabled()) { + logger.info("Revoke token - tknCde():{}", escapeLog(tknCde)); + } + + checkResourceNotNull(tknCde, ApiConstants.TOKEN_CODE_PARAM); + clientAuthService.revokeTokenEntity(tknCde); + logger.info(" Successfully deleted token identified by tknCde:{}", tknCde); + + return Response.noContent().build(); + } + + private TokenEntityPagedResult searchTokenByClientId(SearchRequest searchReq) { + + logger.debug("Search asset by name params - searchReq:{} ", searchReq); + TokenEntityPagedResult tokenEntityPagedResult = null; + PagedResult pagedResult = clientAuthService.getTokenOfClient(searchReq); + + logger.debug("PagedResult - pagedResult:{}", pagedResult); + if (pagedResult != null) { + logger.debug( + "Asset fetched - pagedResult.getTotalEntriesCount():{}, pagedResult.getEntriesCount():{}, pagedResult.getEntries():{}", + pagedResult.getTotalEntriesCount(), pagedResult.getEntriesCount(), pagedResult.getEntries()); + tokenEntityPagedResult = getTokenEntityPagedResult(pagedResult); + } + + logger.debug("Asset tokenEntityPagedResult:{} ", tokenEntityPagedResult); + return tokenEntityPagedResult; + } + + private TokenEntityPagedResult getTokenEntityPagedResult(PagedResult pagedResult) { + TokenEntityPagedResult tokenEntityPagedResult = null; + if (pagedResult != null) { + List tokenEntityList = pagedResult.getEntries(); + tokenEntityPagedResult = new TokenEntityPagedResult(); + tokenEntityPagedResult.setStart(pagedResult.getStart()); + tokenEntityPagedResult.setEntriesCount(pagedResult.getEntriesCount()); + tokenEntityPagedResult.setTotalEntriesCount(pagedResult.getTotalEntriesCount()); + tokenEntityPagedResult.setEntries(tokenEntityList); + } + return tokenEntityPagedResult; + } + +} diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java b/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java index 4b9d1b65f94..eafb6894490 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/security/client/AuthClientFactory.java @@ -35,7 +35,6 @@ import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.MultivaluedHashMap; import jakarta.ws.rs.core.Response; - import org.eclipse.microprofile.rest.client.annotation.RegisterProvider; import org.jboss.resteasy.client.jaxrs.ResteasyWebTarget; import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine; @@ -48,7 +47,7 @@ public class AuthClientFactory { private static final String CONTENT_TYPE = "Content-Type"; - + private static final String AUTHORIZATION = "Authorization"; private static Logger log = LoggerFactory.getLogger(AuthClientFactory.class); public static IntrospectionService getIntrospectionService(String url, boolean followRedirects) { @@ -101,7 +100,7 @@ public static TokenResponse requestAccessToken(final String tokenUrl, final Stri tokenRequest.setAuthUsername(clientId); tokenRequest.setAuthPassword(clientSecret); Builder request = getClientBuilder(tokenUrl); - request.header("Authorization", "Basic " + tokenRequest.getEncodedCredentials()); + request.header(AUTHORIZATION, "Basic " + tokenRequest.getEncodedCredentials()); request.header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED); final MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap<>( tokenRequest.getParameters()); @@ -123,6 +122,27 @@ public static TokenResponse requestAccessToken(final String tokenUrl, final Stri return null; } + public static Response revokeToken(final String revokeUrl, final String clientId, final String token, + final String tokenTypeHint) { + log.debug("Request for Access Token - revokeUrl:{}, clientId:{}, token:{} , tokenTypeHint:{}", revokeUrl, + clientId, token, tokenTypeHint); + + Builder request = getClientBuilder(revokeUrl); + request.header(AUTHORIZATION, token); + request.header(CONTENT_TYPE, MediaType.APPLICATION_JSON); + + log.debug(" request:{}}", request); + MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap<>(); + multivaluedHashMap.add("token", token); + multivaluedHashMap.add("token_type_hint", tokenTypeHint); + multivaluedHashMap.add("client_id", clientId); + + Response response = request.post(Entity.entity(Entity.form(multivaluedHashMap), MediaType.APPLICATION_JSON)); + log.debug(" response:{}", response); + + return response; + } + public static String getIntrospectionEndpoint(String issuer) throws JsonProcessingException { log.debug(" Get Introspection Endpoint - issuer:{}", issuer); String configurationEndpoint = issuer + "/.well-known/openid-configuration"; @@ -191,14 +211,13 @@ public static JSONWebKeySet getJSONWebKeys(String jwksUri) { } public static RevokeSessionResponse revokeSession(String url, String token, String userId) { - log.debug("Request for Access Token - url:{}, token:{}, userId:{} ", url, - token, userId); + log.debug("Request for Access Token - url:{}, token:{}, userId:{} ", url, token, userId); Response response = null; try { RevokeSessionRequest revokeSessionRequest = new RevokeSessionRequest("uid", "test"); - + Builder request = getClientBuilder(url); - request.header("Authorization", "Basic " + token); + request.header(AUTHORIZATION, "Basic " + token); request.header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED); final MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap<>( revokeSessionRequest.getParameters()); diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java index 0751d4a4cb5..edadb14244c 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ClientAuthService.java @@ -4,11 +4,15 @@ import io.jans.util.StringHelper; import io.jans.as.persistence.model.ClientAuthorization; import io.jans.orm.PersistenceEntryManager; +import io.jans.orm.model.PagedResult; +import io.jans.orm.model.SortOrder; import io.jans.as.common.model.registration.Client; import io.jans.as.common.service.OrganizationService; import io.jans.as.model.config.StaticConfiguration; import io.jans.as.persistence.model.Scope; import io.jans.configapi.core.model.Token; +import io.jans.model.SearchRequest; +import io.jans.model.token.TokenEntity; import static io.jans.as.model.util.Util.escapeLog; @@ -17,6 +21,7 @@ import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; +import jakarta.ws.rs.NotFoundException; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; @@ -187,4 +192,41 @@ public List getScopeList(List clientAuthorizations) } + public PagedResult getTokenOfClient(SearchRequest searchRequest) { + logger.info(" Fetch token with searchRequest:{}", searchRequest); + + Filter searchFilter = Filter.createEqualityFilter("clnId", searchRequest.getFilter()); + logger.debug("Search Token searchFilter:{}", searchFilter); + + return persistenceEntryManager.findPagedEntries(geTokenDn(null), TokenEntity.class, searchFilter, null, + searchRequest.getSortBy(), SortOrder.getByValue(searchRequest.getSortOrder()), + searchRequest.getStartIndex(), searchRequest.getCount(), searchRequest.getMaxCount()); + + } + + public void revokeTokenEntity(String tknCde) { + if (logger.isInfoEnabled()) { + logger.info(" Revoke token - tknCde:{}", escapeLog(tknCde)); + } + + TokenEntity tokenEntity = this.getTokenEntityByCode(tknCde); + logger.debug("Token to be revoked identified by tknCde:{} is:{}", tokenEntity, tknCde); + + if (tokenEntity == null) { + throw new NotFoundException("Could not find Token identified by - " + tknCde); + } + + persistenceEntryManager.removeRecursively(tokenEntity.getDn(), TokenEntity.class); + } + + public TokenEntity getTokenEntityByCode(String tknCde) { + TokenEntity tokenEntity = null; + try { + tokenEntity = persistenceEntryManager.find(TokenEntity.class, geTokenDn(tknCde)); + } catch (Exception ex) { + logger.error("Failed to get Token identified by tknCde:{" + tknCde + "}", ex); + } + return tokenEntity; + } + } diff --git a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java index befe4e502a4..30caeb63583 100644 --- a/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java +++ b/jans-config-api/server/src/main/java/io/jans/configapi/service/auth/ConfigurationService.java @@ -118,4 +118,8 @@ public void setStatsData(StatsData statsData) { public boolean isLowercaseFilter(String baseDn) { return !PersistenceEntryManager.PERSITENCE_TYPES.ldap.name().equals(persistenceManager.getPersistenceType(baseDn)); } + + public String getRevokeUrl() { + return configurationFactory.getApiAppConfiguration().getAuthOpenidRevokeUrl(); + } } diff --git a/jans-config-api/server/src/main/resources/config-api-rs-protect.json b/jans-config-api/server/src/main/resources/config-api-rs-protect.json index 4c6d369f16f..a50e2d2251c 100644 --- a/jans-config-api/server/src/main/resources/config-api-rs-protect.json +++ b/jans-config-api/server/src/main/resources/config-api-rs-protect.json @@ -3191,6 +3191,158 @@ ] } ] + }, + { + "path": "/jans-config-api/api/v1/token", + "conditions": [ + { + "httpMethods": [ + "GET" + ], + "scopes": [ + { + "inum": "1800.01.87", + "name": "https://jans.io/oauth/config/token.readonly" + } + ], + "groupScopes": [ + { + "inum": "1800.01.88", + "name": "https://jans.io/oauth/config/token.write" + } + ], + "superScopes": [ + { + "inum": "1800.03.1", + "name": "https://jans.io/oauth/config/read-all" + } + ] + }, + { + "httpMethods": [ + "PATCH", + "POST", + "PUT" + ], + "scopes": [ + { + "inum": "1800.01.88", + "name": "https://jans.io/oauth/config/token.write" + } + ], + "groupScopes": [ + { + "inum": "1800.02.2", + "name": "https://jans.io/oauth/config/openid-write" + } + ], + "superScopes": [ + { + "inum": "1800.03.2", + "name": "https://jans.io/oauth/config/write-all" + } + ] + }, + { + "httpMethods": [ + "DELETE" + ], + "scopes": [ + { + "inum": "1800.01.89", + "name": "https://jans.io/oauth/config/token.delete" + } + ], + "groupScopes": [ + { + "inum": "1800.02.3", + "name": "https://jans.io/oauth/config/openid-delete" + } + ], + "superScopes": [ + { + "inum": "1800.03.3", + "name": "https://jans.io/oauth/config/delete-all" + } + ] + } + ] + }, + { + "path": "/jans-config-api/api/v1/session", + "conditions": [ + { + "httpMethods": [ + "GET" + ], + "scopes": [ + { + "inum": "1800.01.90", + "name": "https://jans.io/oauth/config/session.readonly" + } + ], + "groupScopes": [ + { + "inum": "1800.01.91", + "name": "https://jans.io/oauth/config/session.write" + } + ], + "superScopes": [ + { + "inum": "1800.03.1", + "name": "https://jans.io/oauth/config/read-all" + } + ] + }, + { + "httpMethods": [ + "PATCH", + "POST", + "PUT" + ], + "scopes": [ + { + "inum": "1800.01.91", + "name": "https://jans.io/oauth/config/session.write" + } + ], + "groupScopes": [ + { + "inum": "1800.02.2", + "name": "https://jans.io/oauth/config/openid-write" + } + ], + "superScopes": [ + { + "inum": "1800.03.2", + "name": "https://jans.io/oauth/config/write-all" + } + ] + }, + { + "httpMethods": [ + "DELETE" + ], + "scopes": [ + { + "inum": "1800.01.92", + "name": "https://jans.io/oauth/config/session.delete" + } + ], + "groupScopes": [ + { + "inum": "1800.02.3", + "name": "https://jans.io/oauth/config/openid-delete" + } + ], + "superScopes": [ + { + "inum": "1800.03.3", + "name": "https://jans.io/oauth/config/delete-all" + } + ] + } + ] } ] } \ No newline at end of file diff --git a/jans-config-api/server/src/main/resources/example/token/token-get.json b/jans-config-api/server/src/main/resources/example/token/token-get.json new file mode 100644 index 00000000000..2e5251f90e0 --- /dev/null +++ b/jans-config-api/server/src/main/resources/example/token/token-get.json @@ -0,0 +1,61 @@ +{ + "start": 0, + "totalEntriesCount": 3, + "entriesCount": 3, + "entries": [ + { + "dn": "tknCde=4960533184fab18d8932045b70de17f827c916010ab5d5c86f7202ca6cf7c176,ou=tokens,o=jans", + "grantId": "82736426-1a72-46bb-8e76-52f3bca2c614", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:30", + "expirationDate": "2024-10-30T12:55:30", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "4960533184fab18d8932045b70de17f827c916010ab5d5c86f7202ca6cf7c176", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "uIw3N7qeRiKR1pvzE1OmxQ", + "attributes": { + "online_access": false, + "statusListIndex": 1101 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + }, + { + "dn": "tknCde=5495ac7fedd47f57a10f314896fe88d415dbec067c7cea5d57138e2723b73e84,ou=tokens,o=jans", + "grantId": "2c4123dd-886f-447e-a65d-207bf60c3307", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:37", + "expirationDate": "2024-10-30T12:55:37", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "5495ac7fedd47f57a10f314896fe88d415dbec067c7cea5d57138e2723b73e84", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "bgPvtouST66zHFaH4vrWhA", + "attributes": { + "online_access": false, + "statusListIndex": 1102 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + }, + { + "dn": "tknCde=f0977b8c359446ff7a5aa157a930c89506485b266d988507478e367f53fd5445,ou=tokens,o=jans", + "grantId": "d0c427ec-0c6e-4fdf-83eb-43a19e633eec", + "clientId": "2000.cc8b29ae-cb4a-49ea-b176-8695e53919d9", + "creationDate": "2024-09-20T12:55:37", + "expirationDate": "2024-10-20T12:55:37", + "deletable": true, + "scope": "jans_stat openid https://jans.io/oauth/jans-auth-server/config/adminui/properties.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.write https://jans.io/oauth/config/stats.readonly https://jans.io/oauth/jans-auth-server/config/adminui/license.readonly", + "tokenCode": "f0977b8c359446ff7a5aa157a930c89506485b266d988507478e367f53fd5445", + "tokenType": "access_token", + "grantType": "client_credentials", + "referenceId": "1DnmKY6pS1S6XeKSHAj2Ag", + "attributes": { + "online_access": false, + "statusListIndex": 1103 + }, + "tokenTypeEnum": "ACCESS_TOKEN" + } + ] +} \ No newline at end of file diff --git a/jans-config-api/server/src/test/resources/feature/token/client-token.feature b/jans-config-api/server/src/test/resources/feature/token/client-token.feature new file mode 100644 index 00000000000..abc28521807 --- /dev/null +++ b/jans-config-api/server/src/test/resources/feature/token/client-token.feature @@ -0,0 +1,32 @@ + +Feature: Token flow + +Background: +* def mainUrl = token_url +* def client_Url = openidclients_url + +@ignore +Scenario: Fetch all client token + Given url mainUrl + When method GET + Then status 401 + And print response + +@ignore +Scenario: Fetch all client token + Given url client_Url + And header Authorization = 'Bearer ' + accessToken + When method GET + Then status 200 + And print response + Given url mainUrl + And header Authorization = 'Bearer ' + accessToken + And param clientId = response.entries[0].inum + And print 'clientId = '+clientId + When method GET + Then status 200 + And print response + + + + diff --git a/jans-config-api/server/src/test/resources/karate-config-jenkins.js b/jans-config-api/server/src/test/resources/karate-config-jenkins.js index f7c06a1578d..33999c8bcf8 100644 --- a/jans-config-api/server/src/test/resources/karate-config-jenkins.js +++ b/jans-config-api/server/src/test/resources/karate-config-jenkins.js @@ -67,6 +67,7 @@ function() { api_config_url: baseUrl + '/jans-config-api/api/v1/api-config', agama_deployment_url: baseUrl + '/jans-config-api/api/v1/agama-deployment', clients_authorizations_url: baseUrl + '/jans-config-api/api/v1/clients/authorizations', + token_url: baseUrl + '/jans-config-api/api/v1/token', }; diff --git a/jans-config-api/server/src/test/resources/karate-config.js b/jans-config-api/server/src/test/resources/karate-config.js index 736808dc83e..b11ca003aa2 100644 --- a/jans-config-api/server/src/test/resources/karate-config.js +++ b/jans-config-api/server/src/test/resources/karate-config.js @@ -67,6 +67,7 @@ function() { api_config_url: baseUrl + '/jans-config-api/api/v1/api-config', agama_deployment_url: baseUrl + '/jans-config-api/api/v1/agama-deployment', clients_authorizations_url: baseUrl + '/jans-config-api/api/v1/clients/authorizations', + token_url: baseUrl + '/jans-config-api/api/v1/token', };