Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(config-api): client token mgt endpoint #9554

Merged
merged 93 commits into from
Sep 21, 2024
Merged

feat(config-api): client token mgt endpoint #9554

merged 93 commits into from
Sep 21, 2024

Conversation

pujavs
Copy link
Contributor

@pujavs pujavs commented Sep 20, 2024

Prepare

Description

Target issue

closes #9413

Implementation Details

Test and Document the changes

  • [] Static code analysis has been run locally and issues have been fixed
  • [] Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@pujavs
fix(config-api): asset mgt endpoint fixes
a3f3a66 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
9e309c0 
…ns-config-fix
@pujavs
feat(config-api): asset upload mgt ehancement and fido
59fd269 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): asset upload mgt ehancement and fido
5a6396a 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): asset upload mgt ehancement and fido
521f7b1 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
73618dd 
…ns-config-fix
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
583c881 
…ns-config-fix
@pujavs
fix(config-api): asset upload
95c57e4 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
ca50ec7 
…ns-config-fix
@pujavs
fix(config-api): lock review comments
bbcbc92 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): lock code review comments
2bb92e3 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): lock master renamed to lock server
c900d5f 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
eb62da4 
…ns-config-fix
@pujavs
feat(config-api): lock master renamed to lock server
6fad621 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
d17d2e6 
…ns-config-fix
@pujavs
feat(config-api): lock master renamed to lock server
7fefadb 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): lock master renamed to lock server
cf85c47 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
c0444b5 
…ns-config-fix
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
ccf9ace 
…ns-config-fix
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
2d4a379 
…ns-config-fix
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
dd6555c 
…ns-config-fix
@pujavs
feat(config-api): fido2 delete functionality
4696f98 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
3b51e0d 
…ns-config-fix
@pujavs
fix(config-api): acr validation
5af8a00 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): doc(config-api): IDP schema attribute descriptions #…
88e3a20 
…9187

Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): sync with main
cadc584 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): sync with main
c4eb118 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): uploading assets via API generates 2 entries #9178
4de3cc0 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): asset mgt, fido and IDP changes
dfbc4f1 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): fido2 device endpoint
c3ba202 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
eafad7e 
…ns-config-fix
@pujavs
feat(config-api): clint token endpoint
8a6766a 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
07e1a8e 
…ns-config-fix
@pujavs
feat(config-api): client token endpoint
189d6b0 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
ab9687a 
…ns-config-fix
@pujavs
feat(config-api): client token endpoint
1878163 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Merge branch 'main' of https://github.com/JanssenProject/jans into ja…
33c6795 
…ns-config-fix
@pujavs
feat(config-api): token endpoint
b18c2f4 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
feat(config-api): token endpoint
89a18b2 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs pujavs mentioned this pull request Sep 20, 2024
Closed
11 tasks
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 20, 2024
edited
Loading

DryRun Security Summary

The pull request primarily focuses on expanding the functionality of the Jans Config API, particularly in the areas of token and session management, by introducing new API endpoints, OAuth scopes, and configuration settings to provide more granular control and visibility over the application's authentication and authorization mechanisms.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on expanding the functionality of the Jans Config API, particularly in the areas of token and session management. The changes introduce new API endpoints, OAuth scopes, and configuration settings to provide more granular control and visibility over the application's authentication and authorization mechanisms.

From an application security perspective, these changes are generally positive, as they demonstrate the application's effort to implement robust security measures. The introduction of new scopes for managing tokens and sessions, as well as the addition of token revocation functionality, are important security features that can help mitigate the risk of unauthorized access or misuse of sensitive resources.

However, it is crucial to review the implementation of these new features to ensure they are properly secured and aligned with industry best practices. This includes verifying the input validation, access control, and secure handling of sensitive data, such as tokens, client credentials, and configuration settings. Additionally, the application should have appropriate logging and monitoring mechanisms in place to detect and respond to any suspicious activities related to token or session management.

Files Changed:

  1. ApiConstants.java: This file has been updated to add new API endpoints, parameters, and connection pool properties related to the management of tokens, sessions, and other configuration-related resources.

  2. ApiAccessConstants.java: New access scope constants have been added for managing tokens and sessions, which is a positive step towards more granular access control.

  3. config-api-test.properties: The list of OAuth scopes has been expanded to cover a wide range of configuration-related operations, including read, write, and delete permissions for various components.

  4. test.properties: Similar updates to the OAuth scopes have been made in the test configuration files, indicating the application's focus on improving its authentication and authorization mechanisms.

  5. jans-config-api-swagger.yaml: New API endpoints for retrieving and revoking client tokens have been added, which enhances the application's token management capabilities.

  6. TokenResource.java, ClientAuthService.java, and related classes: These classes have been updated to implement the new token and session management functionality, including methods for retrieving, revoking, and managing tokens.

  7. AuthClientFactory.java: A new revokeToken() method has been added to provide a centralized way of revoking access tokens, which is a crucial security feature.

  8. ConfigurationService.java: A new method getRevokeUrl() has been added to retrieve the OpenID Connect revoke URL from the application's configuration.

  9. Various test-related files: Changes have been made to the test configuration and scenarios to ensure the proper functioning of the token-related functionality.

Overall, the code changes in this pull request appear to be focused on enhancing the security and manageability of the Jans Config API, particularly in the areas of authentication and authorization. As an application security engineer, I would recommend thoroughly reviewing the implementation of these new features to ensure they are properly secured and aligned with industry best practices.

Code Analysis

We ran 9 analyzers against 17 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 15 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added comp-jans-config-api Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Sep 20, 2024
yuriyz
yuriyz requested changes Sep 20, 2024
View reviewed changes
Copy link
Contributor

@yuriyz yuriyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pujavs I see /server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java.bak

Do we need it ?

@yuriyz yuriyz enabled auto-merge (squash) September 20, 2024 15:16
@pujavs
feat(config-api): token endpoint
256aff3 
Signed-off-by: pujavs <pujas.works@gmail.com>
@pujavs
Copy link
Contributor Author

pujavs commented Sep 20, 2024

@pujavs I see /server/src/main/java/io/jans/configapi/rest/resource/auth/ClientsResource.java.bak

Do we need it ?

Thanks for pointing this out, have removed it

@pujavs pujavs requested a review from yuriyz September 20, 2024 15:23
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Sep 20, 2024

Quality Gate Failed Quality Gate failed for 'jans-config-api-parent'

Failed conditions
3 New Vulnerabilities (required ≤ 0)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

@yuriyz yuriyz merged commit f4bcaad into main Sep 21, 2024
12 of 13 checks passed
@yuriyz yuriyz deleted the jans-config-fix branch September 21, 2024 08:46
imShakil pushed a commit that referenced this pull request Oct 3, 2024
@pujavs @yuriyz @imShakil
feat(config-api): client token mgt endpoint (#9554)
1277a14 
* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): asset upload

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): lock review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): acr validation

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): swagger spec

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): saml config attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock review point

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(lock): code review comment

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(lock): code review comment

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint fixes and SAML IDP NPE

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset enhancement

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): scope validation issue #9426

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): asset delete error fix

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sysnc with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-ap): lock audit endpoint parameter declaration error#9460

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token functionality

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(Config-api): lock audit endpoint path param rectification

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): clint token endpoint - wip

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): clint token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
yuriyz added a commit that referenced this pull request Nov 7, 2024
@pujavs @yuriyz
feat(config-api): client token mgt endpoint (#9554)
732eba4 
* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): asset upload

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): lock review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): acr validation

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): swagger spec

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): saml config attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock review point

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(lock): code review comment

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(lock): code review comment

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): sync with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): lock endpoint fixes and SAML IDP NPE

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): asset enhancement

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): scope validation issue #9426

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-api): asset delete error fix

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): sysnc with main

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(config-ap): lock audit endpoint parameter declaration error#9460

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token functionality

Signed-off-by: pujavs <pujas.works@gmail.com>

* fix(Config-api): lock audit endpoint path param rectification

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): clint token endpoint - wip

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): clint token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

* feat(config-api): token endpoint

Signed-off-by: pujavs <pujas.works@gmail.com>

---------

Signed-off-by: pujavs <pujas.works@gmail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
Former-commit-id: f4bcaad
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devrimyatar devrimyatar devrimyatar approved these changes

@yuriyz yuriyz yuriyz approved these changes

@yurem yurem Awaiting requested review from yurem yurem is a code owner

Assignees
No one assigned
Labels
comp-jans-config-api Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat (jans-tui): Show tokens in Client View
4 participants
@pujavs @yuriyz @devrimyatar @mo-auto