-
Notifications
You must be signed in to change notification settings - Fork 414
Add versioning support for Pre-Issue Access Token action (v1) #3009
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
Lashen1227
wants to merge
14
commits into
wso2-extensions:master
Choose a base branch
from
Lashen1227:feat/v1/pre-issue-access-token-action-token-exchange
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
af28bed
implement pre-issue access token action versioning and token exchange…
Lashen1227 7ecfab2
Merge branch 'wso2-extensions:master' into feat/pre-issue-access-toke…
Lashen1227 737570f
refactor: improve log initialization formatting in PreIssueAccessToke…
Lashen1227 ed8cbb0
feat: add support for actor claim in access token generation
Lashen1227 e4579dc
feat: enhance user resolution for federated and local users in access…
Lashen1227 a900f9e
remove support for version 2 in pre-issue access token action
Lashen1227 ae5b267
stabilize PreIssueAccessTokenRequestBuilderV1 tests
Lashen1227 72a8c74
fix action context retrieval in PreIssueAccessTokenRequestBuilderV1 t…
Lashen1227 e62914e
pass mock context to buildActionExecutionRequest in PreIssueAccessTok…
Lashen1227 18ac9d8
feat: refactor PreIssueAccessTokenRequestBuilderV1 tests and introduc…
Lashen1227 01318a4
feat: extend grant type support in authorization grant handler and up…
Lashen1227 44bc3e7
Merge branch 'master' into feat/v1/pre-issue-access-token-action-toke…
Lashen1227 39974e4
fix: update copyright year
Lashen1227 1882d85
fix: update copyright year
Lashen1227 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
31 changes: 31 additions & 0 deletions
31
...va/org/wso2/carbon/identity/oauth/action/constant/PreIssueAccessTokenActionConstants.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| /* | ||
| * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com). | ||
| * | ||
| * WSO2 LLC. licenses this file to you under the Apache License, | ||
| * Version 2.0 (the "License"); you may not use this file except | ||
| * in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.wso2.carbon.identity.oauth.action.constant; | ||
|
|
||
| /** | ||
| * Constants related to Pre Issue Access Token Action. | ||
| */ | ||
| public class PreIssueAccessTokenActionConstants { | ||
|
|
||
| public static final String ACTION_VERSION_V1 = "v1"; | ||
|
|
||
| private PreIssueAccessTokenActionConstants() { | ||
|
|
||
| } | ||
| } |
57 changes: 57 additions & 0 deletions
57
...o2/carbon/identity/oauth/action/execution/PreIssueAccessTokenActionVersioningHandler.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| /* | ||
| * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com). | ||
| * | ||
| * WSO2 LLC. licenses this file to you under the Apache License, | ||
| * Version 2.0 (the "License"); you may not use this file except | ||
| * in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.wso2.carbon.identity.oauth.action.execution; | ||
|
|
||
| import org.wso2.carbon.identity.action.execution.api.exception.ActionExecutionException; | ||
| import org.wso2.carbon.identity.action.execution.api.model.ActionExecutionRequestContext; | ||
| import org.wso2.carbon.identity.action.execution.api.model.ActionType; | ||
| import org.wso2.carbon.identity.action.execution.api.model.FlowContext; | ||
| import org.wso2.carbon.identity.action.execution.api.service.impl.DefaultActionVersioningHandler; | ||
| import org.wso2.carbon.identity.action.management.api.model.Action; | ||
| import org.wso2.carbon.identity.oauth.action.versioning.ActionTriggerEvaluatorFactory; | ||
| import org.wso2.carbon.identity.oauth.action.versioning.ActionTriggerEvaluatorForVersion; | ||
|
|
||
| /** | ||
| * Implementation of the Version handler for pre issue access token action. | ||
| */ | ||
| public class PreIssueAccessTokenActionVersioningHandler extends DefaultActionVersioningHandler { | ||
|
|
||
| ActionTriggerEvaluatorFactory factory = ActionTriggerEvaluatorFactory.getInstance(); | ||
|
|
||
| @Override | ||
| public ActionType getSupportedActionType() { | ||
|
|
||
| return ActionType.PRE_ISSUE_ACCESS_TOKEN; | ||
| } | ||
|
|
||
| @Override | ||
| public boolean canExecute(ActionExecutionRequestContext actionExecutionRequestContext, FlowContext flowContext) | ||
| throws ActionExecutionException { | ||
|
|
||
| Action action = actionExecutionRequestContext.getAction(); | ||
| ActionTriggerEvaluatorForVersion versionTriggerEvaluator = factory.getVersionTriggerEvaluator(action); | ||
|
|
||
| if (!versionTriggerEvaluator.isTriggerableForTokenExchangeGrant( | ||
| actionExecutionRequestContext.getActionType(), action, flowContext)) { | ||
| return false; | ||
| } | ||
|
|
||
| return true; | ||
Lashen1227 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| } | ||
| } | ||
432 changes: 4 additions & 428 deletions
432
...va/org/wso2/carbon/identity/oauth/action/execution/PreIssueAccessTokenRequestBuilder.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 47 additions & 0 deletions
47
.../java/org/wso2/carbon/identity/oauth/action/versioning/ActionTriggerEvaluatorFactory.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| /* | ||
| * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com). | ||
| * | ||
| * WSO2 LLC. licenses this file to you under the Apache License, | ||
| * Version 2.0 (the "License"); you may not use this file except | ||
| * in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.wso2.carbon.identity.oauth.action.versioning; | ||
|
|
||
| import org.wso2.carbon.identity.action.execution.api.exception.ActionExecutionException; | ||
| import org.wso2.carbon.identity.action.management.api.model.Action; | ||
| import org.wso2.carbon.identity.oauth.action.constant.PreIssueAccessTokenActionConstants; | ||
|
|
||
| /** | ||
| * Factory class for getting the ActionVersioningHandler by Action version. | ||
| */ | ||
| public class ActionTriggerEvaluatorFactory { | ||
|
|
||
| private static final ActionTriggerEvaluatorFactory instance = new ActionTriggerEvaluatorFactory(); | ||
|
|
||
| public static ActionTriggerEvaluatorFactory getInstance() { | ||
|
|
||
| return instance; | ||
| } | ||
|
|
||
| public ActionTriggerEvaluatorForVersion getVersionTriggerEvaluator(Action action) | ||
| throws ActionExecutionException { | ||
|
|
||
| switch (action.getActionVersion()) { | ||
Lashen1227 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| case PreIssueAccessTokenActionConstants.ACTION_VERSION_V1: | ||
| return ActionTriggerEvaluatorForVersion.getInstance(); | ||
| default: | ||
| throw new ActionExecutionException("Unsupported action version: " + action.getActionVersion()); | ||
Lashen1227 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| } | ||
| } | ||
| } | ||
64 changes: 64 additions & 0 deletions
64
...va/org/wso2/carbon/identity/oauth/action/versioning/ActionTriggerEvaluatorForVersion.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| /* | ||
| * Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com). | ||
| * | ||
| * WSO2 LLC. licenses this file to you under the Apache License, | ||
| * Version 2.0 (the "License"); you may not use this file except | ||
| * in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.wso2.carbon.identity.oauth.action.versioning; | ||
|
|
||
| import org.apache.commons.logging.Log; | ||
| import org.apache.commons.logging.LogFactory; | ||
| import org.wso2.carbon.identity.action.execution.api.exception.ActionExecutionException; | ||
| import org.wso2.carbon.identity.action.execution.api.model.ActionType; | ||
| import org.wso2.carbon.identity.action.execution.api.model.FlowContext; | ||
| import org.wso2.carbon.identity.action.management.api.model.Action; | ||
| import org.wso2.carbon.identity.oauth.common.OAuthConstants; | ||
| import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; | ||
|
|
||
| /** | ||
| * Default implementation of the ActionVersioningHandler for PRE_ISSUE_ACCESS_TOKEN (V1 behavior). | ||
| * This class determines whether the action can be triggered based on the flow context for the action version. | ||
| */ | ||
| public class ActionTriggerEvaluatorForVersion { | ||
|
|
||
| private static final ActionTriggerEvaluatorForVersion instance = new ActionTriggerEvaluatorForVersion(); | ||
|
|
||
| private static final Log LOG = LogFactory.getLog(ActionTriggerEvaluatorForVersion.class); | ||
|
|
||
| public static ActionTriggerEvaluatorForVersion getInstance() { | ||
|
|
||
| return instance; | ||
| } | ||
|
|
||
| /** | ||
| * Evaluate whether action can be triggered based on flow context for the given action version. | ||
| * | ||
| * @param actionType Action type. | ||
| * @param action Action. | ||
| * @param flowContext Flow context. | ||
| * @return True if action can be triggered based on the flow context. | ||
| */ | ||
| public boolean isTriggerableForTokenExchangeGrant(ActionType actionType, Action action, FlowContext flowContext) | ||
| throws ActionExecutionException { | ||
Lashen1227 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| OAuthTokenReqMessageContext tokenMessageContext = | ||
| flowContext.getValue("tokenMessageContext", OAuthTokenReqMessageContext.class); | ||
| if (OAuthConstants.GrantTypes.TOKEN_EXCHANGE.equals( | ||
| tokenMessageContext.getOauth2AccessTokenReqDTO().getGrantType())) { | ||
| return false; | ||
| } | ||
Lashen1227 marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| return true; | ||
| } | ||
| } | ||
50 changes: 50 additions & 0 deletions
50
...so2/carbon/identity/oauth/action/versioning/PreIssueAccessTokenRequestBuilderFactory.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| /* | ||
| * Copyright (c) 2024-2025, WSO2 LLC. (http://www.wso2.com). | ||
| * | ||
| * WSO2 LLC. licenses this file to you under the Apache License, | ||
| * Version 2.0 (the "License"); you may not use this file except | ||
| * in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, | ||
| * software distributed under the License is distributed on an | ||
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
| * KIND, either express or implied. See the License for the | ||
| * specific language governing permissions and limitations | ||
| * under the License. | ||
| */ | ||
|
|
||
| package org.wso2.carbon.identity.oauth.action.versioning; | ||
|
|
||
| import org.wso2.carbon.identity.action.execution.api.exception.ActionExecutionRequestBuilderException; | ||
| import org.wso2.carbon.identity.action.execution.api.service.ActionExecutionRequestBuilder; | ||
| import org.wso2.carbon.identity.oauth.action.constant.PreIssueAccessTokenActionConstants; | ||
| import org.wso2.carbon.identity.oauth.action.versioning.v1.PreIssueAccessTokenRequestBuilderV1; | ||
|
|
||
| /** | ||
| * Factory class for getting the PreIssueAccessRequestBuilder by Action version. | ||
| */ | ||
| public class PreIssueAccessTokenRequestBuilderFactory { | ||
|
|
||
| private static final PreIssueAccessTokenRequestBuilderFactory instance = | ||
| new PreIssueAccessTokenRequestBuilderFactory(); | ||
|
|
||
| public static PreIssueAccessTokenRequestBuilderFactory getInstance() { | ||
|
|
||
| return instance; | ||
| } | ||
|
|
||
| public ActionExecutionRequestBuilder getActionExecutionRequestBuilder(String actionVersion) | ||
| throws ActionExecutionRequestBuilderException { | ||
Lashen1227 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| switch (actionVersion) { | ||
| case PreIssueAccessTokenActionConstants.ACTION_VERSION_V1: | ||
| return new PreIssueAccessTokenRequestBuilderV1(); | ||
Lashen1227 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| default: | ||
| throw new ActionExecutionRequestBuilderException( | ||
| "Unsupported pre-issue-access token action version: " + actionVersion); | ||
| } | ||
| } | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.