.commitlintrc.json

+{
+  "extends": ["@perun/commitlint-config-perun"]
+}

.gitlab-ci.yml

 include:
-  - project: perun-proxy-aai/common
+  - project: perun/common
     file: /templates/.gitlab-ci-template.yml
 
 maven-build:
+  # keep Java 17
+  image: registry.gitlab.ics.muni.cz:443/perun/ci/pipeline-components/maven:3-eclipse-temurin-17
   artifacts:
     paths:
       - perun-oidc-server/target/*.war

.npmrc

+@perun:registry=https://gitlab.ics.muni.cz/api/v4/packages/npm/

.releaserc.json

 {
-  "extends": ["@perun-proxy-aai/semantic-release-proxy-config"],
+  "extends": ["@perun/semantic-release-perun-config"],
   "plugins": [
     "@semantic-release/commit-analyzer",
     "@semantic-release/release-notes-generator",

CHANGELOG.md

+# [17.1.0](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v17.0.5...v17.1.0) (2024-02-05)
+
+
+### Bug Fixes
+
+* 🐛 dynreg resource claim and allowed resource comparation ([21ceb47](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/21ceb47e21a1a10524e7410ef77e038b06ebc87a))
+* 🐛 use def. scopes if no scope param is present in tok exch ([9eef74b](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/9eef74b41250f7134561b38d52bed0444bbecb58))
+
+
+### Features
+
+* envri theme ([36dbfe5](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/36dbfe507aeb92d1d12108be930421c96aa01d72))
+
 ## [17.0.5](https://gitlab.ics.muni.cz/perun-proxy-aai/java/OpenID-Connect-Java-Spring-Server/compare/v17.0.4...v17.0.5) (2024-01-23)
 
 

package.json

+{
+  "name": "OpenID-Connect-Java-Spring-Server",
+  "version": "0.0.0-development",
+  "private": true,
+  "devDependencies": {
+    "@commitlint/config-conventional": "17.8.1",
+    "@commitlint/cz-commitlint": "17.8.1",
+    "@perun/commitlint-config-perun": "^1.0.0",
+    "@perun/semantic-release-perun-config": "^1.0.1",
+    "commitizen": "4.3.0",
+    "inquirer": "8.2.6",
+    "prettier": "^3.2.4"
+  },
+  "config": {
+    "commitizen": {
+      "path": "./node_modules/@commitlint/cz-commitlint"
+    }
+  }
+}

perun-oidc-server-webapp/pom.xml

@@ -21,7 +21,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>17.0.5</version>
+		<version>17.1.0</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/footer.tag

@@ -4,6 +4,7 @@
 <%@ taglib prefix="cesnet" tagdir="/WEB-INF/tags/cesnet" %>
 <%@ taglib prefix="einfra" tagdir="/WEB-INF/tags/einfra" %>
 <%@ taglib prefix="ceitec" tagdir="/WEB-INF/tags/ceitec" %>
+<%@ taglib prefix="envri" tagdir="/WEB-INF/tags/envri" %>
 <%@ taglib prefix="muni" tagdir="/WEB-INF/tags/muni" %>
 <%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
 <%@ attribute name="baseURL" required="true" %>
@@ -20,6 +21,9 @@
     <c:when test="${theme eq 'ceitec'}">
         <ceitec:footer baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
     </c:when>
+    <c:when test="${theme eq 'envri'}">
+        <envri:footer baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
+    </c:when>
     <c:when test="${theme eq 'muni'}">
         <muni:footer/>
     </c:when>

perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/common/header.tag

@@ -4,6 +4,7 @@
 <%@ taglib prefix="cesnet" tagdir="/WEB-INF/tags/cesnet" %>
 <%@ taglib prefix="einfra" tagdir="/WEB-INF/tags/einfra" %>
 <%@ taglib prefix="ceitec" tagdir="/WEB-INF/tags/ceitec" %>
+<%@ taglib prefix="envri" tagdir="/WEB-INF/tags/envri" %>
 <%@ taglib prefix="muni" tagdir="/WEB-INF/tags/muni" %>
 <%@ attribute name="title" required="true" %>
 <%@ attribute name="reqURL" required="true" %>
@@ -22,6 +23,9 @@
     <c:when test="${theme eq 'ceitec'}">
         <ceitec:header title="${title}" reqURL="${reqURL}" cssLinks="${cssLinks}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
     </c:when>
+    <c:when test="${theme eq 'envri'}">
+        <envri:header title="${title}" reqURL="${reqURL}" cssLinks="${cssLinks}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
+    </c:when>
     <c:when test="${theme eq 'muni'}">
         <muni:header title="${title}" reqURL="${reqURL}" cssLinks="${cssLinks}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
     </c:when>

perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/envri/footer.tag

+<%@ tag pageEncoding="UTF-8" trimDirectiveWhitespaces="true" %>
+<%@ attribute name="js" required="false"%>
+<%@ attribute name="baseURL" required="true"%>
+<%@ attribute name="samlResourcesURL" required="true"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
+<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common" %>
+<jsp:useBean id="date" class="java.util.Date" />
+
+<div style="text-align: center;">
+    <div id="footer" style="display: flex; justify-content: space-between; margin: 0 auto; max-width: 1000px;">
+        <div>
+            <img src="${samlResourcesURL}/module.php/perun/res/img/envri_logo_120.png" alt="ENVRI Logo">
+        </div>
+        <div>
+            <img src="${samlResourcesURL}/module.php/perun/res/img/eu_logo_120.png" alt="EU Logo">
+        </div>
+        <div>
+            <p>Virtual ENVRI community platform is maintained thanks to ENVRI-FAIR project.
+                The project received funding from the European Union’s Horizon 2020 research and innovation
+                programme under grant agreement No 824068.</p>
+            <p>ENVRI-FAIR is coordinated by Forschungszentrum Jülich.</p>
+            <p><a href="mailto:elter@ics.muni.cz">elter@ics.muni.cz</a></p>
+            <p>Copyright © ENVRI-FAIR <?php echo date("Y"); ?></p>
+        </div>
+    </div>
+</div>

perun-oidc-server-webapp/src/main/webapp/WEB-INF/tags/envri/header.tag

+<%@ tag pageEncoding="UTF-8" trimDirectiveWhitespaces="true" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="o" tagdir="/WEB-INF/tags/common" %>
+<%@ attribute name="title" required="true" %>
+<%@ attribute name="reqURL" required="true" %>
+<%@ attribute name="baseURL" required="true" %>
+<%@ attribute name="samlResourcesURL" required="true" %>
+<%@ attribute name="cssLinks" required="true" type="java.util.ArrayList<java.lang.String>" %>
+
+<c:set var="logoURL" value="${samlResourcesURL}/module.php/perun/res/img/envri_logo_200.png"/>
+
+<o:headerInit title="${title}" reqURL="${reqURL}" baseURL="${baseURL}" samlResourcesURL="${samlResourcesURL}"/>
+
+<link rel="icon" href="resources/images/envri.ico" />
+<link rel="stylesheet" type="text/css" href="${samlResourcesURL}/module.php/perun/res/bootstrap/css/bootstrap.min.css" />
+<link rel="stylesheet" type="text/css" href="${samlResourcesURL}/module.php/perun/res/css/envri.css" />
+
+<o:headerCssLinks cssLinks="${cssLinks}"/>
+
+</head>
+
+<o:headerBody logoURL="${logoURL}"/>

perun-oidc-server/pom.xml

@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>17.0.5</version>
+		<version>17.1.0</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DynamicallyRegisteredRequestBody.java

@@ -124,7 +124,7 @@ public class DynamicallyRegisteredRequestBody {
     private Integer refreshTokenValiditySeconds = 0;
 
     @JsonAlias("resources")
-    private Set<String> resourceIds = new HashSet<>();
+    private Set<String> resource = new HashSet<>();
 
     @JsonAlias("reuse_refresh_token")
     private boolean reuseRefreshToken = true;

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/model/DynamicallyRegisteredRequestBodyResponse.java

@@ -106,7 +106,7 @@ public class DynamicallyRegisteredRequestBodyResponse extends DynamicallyRegiste
         this.setRequestUris(registeredClient.getRequestUris());
         this.setAccessTokenValiditySeconds(registeredClient.getAccessTokenValiditySeconds());
         this.setRefreshTokenValiditySeconds(registeredClient.getRefreshTokenValiditySeconds());
-        this.setResourceIds(registeredClient.getResourceIds());
+        this.setResource(registeredClient.getResourceIds());
         this.setReuseRefreshToken(registeredClient.isReuseRefreshToken());
         this.setIdTokenValiditySeconds(registeredClient.getIdTokenValiditySeconds());
         this.setClearAccessTokensOnRefresh(registeredClient.isClearAccessTokensOnRefresh());

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/service/impl/DynamicClientRegistrationServiceImpl.java

@@ -7,7 +7,6 @@ import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jwt.JWTParser;
 import cz.muni.ics.jwt.encryption.service.JWTEncryptionAndDecryptionService;
 import cz.muni.ics.jwt.signer.service.JWTSigningAndValidationService;
-import cz.muni.ics.oauth2.exception.InvalidTargetException;
 import cz.muni.ics.oauth2.model.ClientDetailsEntity;
 import cz.muni.ics.oauth2.model.DynamicallyRegisteredRequestBody;
 import cz.muni.ics.oauth2.model.PKCEAlgorithm;
@@ -108,7 +107,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
             );
         }
 
-        Set<String> requestedResourceIds = requestedRegistration.getResourceIds();
+        Set<String> requestedResourceIds = requestedRegistration.getResource();
         Set<String> authResourceIds = tokenClient.getResourceIds();
         if (requestedResourceIds != null && authResourceIds != null
                 && !authResourceIds.containsAll(requestedResourceIds)
@@ -341,7 +340,7 @@ public class DynamicClientRegistrationServiceImpl implements DynamicClientRegist
         client.setRequestUris(requestedRegistration.getRequestUris());
         client.setAccessTokenValiditySeconds(requestedRegistration.getAccessTokenValiditySeconds());
         client.setRefreshTokenValiditySeconds(requestedRegistration.getRefreshTokenValiditySeconds());
-        client.setResourceIds(requestedRegistration.getResourceIds());
+        client.setResourceIds(requestedRegistration.getResource());
         client.setReuseRefreshToken(requestedRegistration.isReuseRefreshToken());
         client.setIdTokenValiditySeconds(requestedRegistration.getIdTokenValiditySeconds());
         client.setClearAccessTokensOnRefresh(requestedRegistration.isClearAccessTokensOnRefresh());

perun-oidc-server/src/main/java/cz/muni/ics/oauth2/token/exchange/OAuthTokenExchangeGranter.java

@@ -116,8 +116,11 @@ public class OAuthTokenExchangeGranter extends BaseTokenExchangeGranter {
 
 		token.setClient(client);
 		Set<String> scopes = new HashSet<>();
-		if (tokenRequest.getScope() != null) {
+		if (tokenRequest.getScope() != null && !tokenRequest.getScope().isEmpty()) {
 			scopes.addAll(tokenRequest.getScope());
+		} else {
+			scopes.addAll(subjectToken.getScope());
+			scopes.retainAll(clientDetails.getScope());
 		}
 		boolean upScopingHappened = false;
 		if (!scopes.isEmpty()) {
@@ -247,12 +250,6 @@ public class OAuthTokenExchangeGranter extends BaseTokenExchangeGranter {
 		return true;
 	}
 
-	@Override
-	public boolean supportsByParams(Map<String, String> parameters) {
-		boolean supports = super.supportsByParams(parameters);
-		return supports && parameters.containsKey(SCOPE);
-	}
-
 	private OAuth2RefreshTokenEntity createRefreshToken(ClientDetailsEntity client, AuthenticationHolderEntity authHolder) {
 		OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity();
 		JWTClaimsSet.Builder refreshClaims = new JWTClaimsSet.Builder();

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>cz.muni.ics</groupId>
 	<artifactId>perun-oidc-parent</artifactId>
-	<version>17.0.5</version>
+	<version>17.1.0</version>
 	<packaging>pom</packaging>
 
 	<modules>

renovate.json

-{
-  "enabled": false
-}