chore: merge branch 'fix_dynreg' into 'main'

fix:  parsing body in dynreg, JSON keys need to be in snakecas

See merge request perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server!368

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/ClientDetailsEntity.java

@@ -423,4 +423,32 @@ public class ClientDetailsEntity implements ClientDetails {
 		}
 	}
 
+	public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
+		if (accessTokenValiditySeconds == null || accessTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.accessTokenValiditySeconds = accessTokenValiditySeconds;
+	}
+
+	public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
+		if (refreshTokenValiditySeconds == null || refreshTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
+	}
+
+	public void setIdTokenValiditySeconds(Integer idTokenValiditySeconds) {
+		if (idTokenValiditySeconds == null || idTokenValiditySeconds < 0 ) {
+			return;
+		}
+		this.idTokenValiditySeconds = idTokenValiditySeconds;
+	}
+
+	public void setDeviceCodeValiditySeconds(Integer deviceCodeValiditySeconds) {
+		if (deviceCodeValiditySeconds == null || deviceCodeValiditySeconds < 0 ) {
+			return;
+		}
+		this.deviceCodeValiditySeconds = deviceCodeValiditySeconds;
+	}
+
 }

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DynamicallyRegisteredRequestBody.java

 package cz.muni.ics.oauth2.model;
 
+import com.fasterxml.jackson.annotation.JsonAlias;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import lombok.AllArgsConstructor;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -16,90 +18,133 @@ import java.util.Set;
 @EqualsAndHashCode
 @NoArgsConstructor
 @AllArgsConstructor
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class DynamicallyRegisteredRequestBody {
 
+    @JsonAlias("client_name")
     private String clientName;
 
+    @JsonAlias("client_description")
     private String clientDescription;
 
+    @JsonAlias("redirect_uris")
     private Set<String> redirectUris = new HashSet<>();
 
+    @JsonAlias("client_uri")
     private String clientUri;
 
+    @JsonAlias("contacts")
     private Set<String> contacts = new HashSet<>();
 
+    @JsonAlias("tos_uri")
     private String tosUri;
 
+    @JsonAlias("token_endpoint_auth_method")
     private String tokenEndpointAuthMethod;
 
+    @JsonAlias("scope")
     private Set<String> scope = new HashSet<>();
 
+    @JsonAlias("grant_types")
     private Set<String> grantTypes = new HashSet<>();
 
+    @JsonAlias("response_types")
     private Set<String> responseTypes = new HashSet<>();
 
+    @JsonAlias("policy_uri")
     private String policyUri;
 
+    @JsonAlias("jwks_uri")
     private String jwksUri;
 
+    @JsonAlias("jwks")
     private String jwks;
 
+    @JsonAlias("software_id")
     private String softwareId;
 
+    @JsonAlias("software_version")
     private String softwareVersion;
 
+    @JsonAlias("application_type")
     private String applicationType;
 
+    @JsonAlias("sector_identifier_uri")
     private String sectorIdentifierUri;
 
+    @JsonAlias("subject_type")
     private String subjectType;
 
+    @JsonAlias("request_object_signing_alg")
     private String requestObjectSigningAlg = null;
 
+    @JsonAlias("userinfo_signed_response_alg")
     private String userInfoSignedResponseAlg = null;
 
+    @JsonAlias("userinfo_encrypted_response_alg")
     private String userInfoEncryptedResponseAlg = null;
 
+    @JsonAlias("userinfo_encrypted_response_enc")
     private String userInfoEncryptedResponseEnc = null;
 
+    @JsonAlias("id_token_signed_response_alg")
     private String idTokenSignedResponseAlg = null;
 
+    @JsonAlias("id_token_encrypted_response_alg")
     private String idTokenEncryptedResponseAlg = null;
 
+    @JsonAlias("id_token_encrypted_response_enc")
     private String idTokenEncryptedResponseEnc = null;
 
+    @JsonAlias("token_endpoint_auth_signing_alg")
     private String tokenEndpointAuthSigningAlg = null;
 
+    @JsonAlias("default_max_age")
     private Integer defaultMaxAge;
 
+    @JsonAlias("require_auth_time")
     private Boolean requireAuthTime;
 
+    @JsonAlias("default_acr_values")
     private Set<String> defaultACRvalues;
 
+    @JsonAlias("initiate_login_uri")
     private String initiateLoginUri;
 
+    @JsonAlias("post_logout_redirect_uris")
     private Set<String> postLogoutRedirectUris = new HashSet<>();
 
+    @JsonAlias("request_uris")
     private Set<String> requestUris = new HashSet<>();
 
+    @JsonAlias("access_token_validity_seconds")
     private Integer accessTokenValiditySeconds = 0;
 
+    @JsonAlias("refresh_token_validity_seconds")
     private Integer refreshTokenValiditySeconds = 0;
 
+    @JsonAlias("resources")
     private Set<String> resourceIds = new HashSet<>();
 
+    @JsonAlias("reuse_refresh_token")
     private boolean reuseRefreshToken = true;
 
+    @JsonAlias("id_token_validity_seconds")
     private Integer idTokenValiditySeconds;
 
+    @JsonAlias("clear_access_tokens_on_refresh")
     private boolean clearAccessTokensOnRefresh = true;
 
+    @JsonAlias("device_code_validity_seconds")
     private Integer deviceCodeValiditySeconds = 0;
 
+    @JsonAlias("claim_redirect_uris")
     private Set<String> claimsRedirectUris = new HashSet<>();
 
+    @JsonAlias("software_statement")
     private String softwareStatement;
 
+    @JsonAlias("code_challenge_method")
     private String codeChallengeMethod;
 
 }

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DynamicClientRegistrationServiceImpl.java

@@ -25,6 +25,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 
 import java.text.ParseException;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.UUID;
 
@@ -125,8 +126,11 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
         if (!AuthMethod.isSupported(tokenEndpointAuthMethod)) {
             throw new InvalidRequestException("Unsupported token endpoint auth method: " + tokenEndpointAuthMethod);
         }
+
         Set<String> scope = clientRequest.getScope();
-        if (scope != null && !scope.isEmpty()) {
+        if (scope == null) {
+            clientRequest.setScope(new HashSet<>());
+        } else if (!scope.isEmpty()) {
             Set<SystemScope> allScopes = scopeService.getAll();
             for (String scopeStr: scope) {
                 if (!allScopes.contains(scopeService.fromString(scopeStr))) {
@@ -144,23 +148,44 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
                 "refresh_token",
                 "urn:ietf:params:oauth:grant-type:token-exchange",
                 "urn:ietf:params:oauth:grant-type:device_code");
-        if (grants != null && !grants.isEmpty()) {
+        if (grants == null) {
+            clientRequest.setGrantTypes(new HashSet<>());
+            grants = clientRequest.getGrantTypes();
+        } else if (!grants.isEmpty()) {
             for (String grant : grants) {
                 if (!supportedGrants.contains(grant)) {
                     throw new InvalidRequestException("Unsupported grant type requested: " + grant);
                 }
             }
         }
+
         //TODO: check grants are supported by injecting the configuration of supported response types
         Set<String> responseTypes = clientRequest.getResponseTypes();
-        Set<String> supportedResponseTypes = Set.of("code", "token id_token");
-        if (responseTypes != null && !responseTypes.isEmpty()) {
+        Set<String> supportedResponseTypes = Set.of("code", "token id_token", "id_token token");
+        if (responseTypes == null) {
+            clientRequest.setResponseTypes(new HashSet<>());
+            responseTypes = clientRequest.getResponseTypes();
+        } else if (!responseTypes.isEmpty()) {
             for (String responseType : responseTypes) {
                 if (!supportedResponseTypes.contains(responseType)) {
                     throw new InvalidRequestException("Unsupported response type requested: " + responseType);
                 }
             }
         }
+
+        if (grants.contains("authorization_code") && (!responseTypes.contains("code"))) {
+            throw new InvalidRequestException("Grant 'authorization_code' requires response type 'code'");
+        }
+        if (grants.contains("implicit")
+                && !responseTypes.contains("token")
+                && !responseTypes.contains("token id_token")
+                && !responseTypes.contains("id_token token")
+        ) {
+            throw new InvalidRequestException("Grant 'implicit' requires response type 'token id_token' or 'id_token'");
+        }
+        if (!grants.contains("authorization_code") && !grants.contains("implicit") && !responseTypes.isEmpty()) {
+            throw new InvalidRequestException("Requested grant types do not match with response types (should be empty)");
+        }
         if (StringUtils.hasText(clientRequest.getJwks())) {
             try {
                 JWKSet.parse(clientRequest.getJwks());
@@ -322,6 +347,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
         client.setClearAccessTokensOnRefresh(requestedRegistration.isClearAccessTokensOnRefresh());
         client.setDeviceCodeValiditySeconds(requestedRegistration.getDeviceCodeValiditySeconds());
         client.setClaimsRedirectUris(requestedRegistration.getClaimsRedirectUris());
+
         if (StringUtils.hasText(requestedRegistration.getSoftwareStatement())) {
             client.setSoftwareStatement(JWTParser.parse(requestedRegistration.getSoftwareStatement()));
         }
@@ -329,6 +355,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
         if (StringUtils.hasText(requestedRegistration.getCodeChallengeMethod())) {
             client.setCodeChallengeMethod(PKCEAlgorithm.getByAlgorithmName(requestedRegistration.getCodeChallengeMethod()));
         }
+
         client.setDynamicallyRegistered(true);
         client.setAcceptedTos(tokenClient.isAcceptedTos());
         client.setJurisdiction(tokenClient.getJurisdiction());