From 178b86de4aba94255b25df49264f3649c0056950 Mon Sep 17 00:00:00 2001
From: Dominik Frantisek Bucik <bucik@ics.muni.cz>
Date: Thu, 19 Jan 2023 17:37:14 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Introducing=20TOKEN=20EX?=
 =?UTF-8?q?CHANGE=20grant?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cz/muni/ics/oidc/ToOidcSynchronizer.java  | 23 +++++++++++++++----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
index 035eb48..0220cd2 100644
--- a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
+++ b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java
@@ -56,6 +56,8 @@ public class ToOidcSynchronizer {
     public static final String IMPLICIT = "implicit";
     public static final String HYBRID = "hybrid";
 
+    public static final String TOKEN_EXCHANGE = "token exchange";
+
     // grant types
     public static final String GRANT_AUTHORIZATION_CODE = "authorization_code";
     public static final String GRANT_IMPLICIT = "implicit";
@@ -63,6 +65,8 @@ public class ToOidcSynchronizer {
     public static final String GRANT_HYBRID = "hybrid";
     public static final String GRANT_REFRESH_TOKEN = "refresh_token";
 
+    public static final String GRANT_TOKEN_EXCHANGE = "urn:ietf:params:oauth:grant-type:token-exchange";
+
     // timeouts
     public static final String ACCESS_TOKEN_TIMEOUT = "access_token";
     public static final String ID_TOKEN_TIMEOUT = "id_token";
@@ -393,8 +397,9 @@ public class ToOidcSynchronizer {
     }
 
     private void setGrantAndResponseTypes(MitreidClient c, Map<String, PerunAttributeValue> attrs) {
-        List<String> grantTypesAttrValue = attrs.get(perunAttrNames.getGrantTypes()).valueAsList().stream()
-            .map(String::toLowerCase).collect(Collectors.toList());
+        List<String> grantTypesAttrValue =
+            attrs.get(perunAttrNames.getGrantTypes()).valueAsList().stream()
+                .map(String::toLowerCase).collect(Collectors.toList());
 
         Set<String> grantTypes = new HashSet<>();
         Set<String> responseTypes = new HashSet<>();
@@ -402,20 +407,23 @@ public class ToOidcSynchronizer {
         if (grantTypesAttrValue.contains(AUTHORIZATION_CODE)) {
             grantTypes.add(GRANT_AUTHORIZATION_CODE);
             responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_AUTH_CODE));
-            log.debug("Added grant '{}' with response types '{}'", GRANT_AUTHORIZATION_CODE, RESPONSE_TYPE_AUTH_CODE);
+            log.debug("Added grant '{}' with response types '{}'", GRANT_AUTHORIZATION_CODE,
+                RESPONSE_TYPE_AUTH_CODE);
         }
 
         if (grantTypesAttrValue.contains(IMPLICIT)) {
             grantTypes.add(GRANT_IMPLICIT);
             responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_IMPLICIT));
-            log.debug("Added grant '{}' with response types '{}'", GRANT_IMPLICIT, RESPONSE_TYPE_IMPLICIT);
+            log.debug("Added grant '{}' with response types '{}'", GRANT_IMPLICIT,
+                RESPONSE_TYPE_IMPLICIT);
         }
 
         if (grantTypesAttrValue.contains(HYBRID)) {
             grantTypes.add(GRANT_HYBRID);
             grantTypes.add(GRANT_AUTHORIZATION_CODE);
             responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_HYBRID));
-            log.debug("Added grants '{} {}' with response types '{}'", GRANT_HYBRID, GRANT_AUTHORIZATION_CODE,
+            log.debug("Added grants '{} {}' with response types '{}'", GRANT_HYBRID,
+                GRANT_AUTHORIZATION_CODE,
                 RESPONSE_TYPE_HYBRID);
         }
 
@@ -424,6 +432,11 @@ public class ToOidcSynchronizer {
             log.debug("Added grant '{}'", GRANT_DEVICE);
         }
 
+        if (grantTypesAttrValue.contains(TOKEN_EXCHANGE)) {
+            grantTypes.add(GRANT_TOKEN_EXCHANGE);
+            log.debug("Added grant '{}", GRANT_TOKEN_EXCHANGE);
+        }
+
         c.setGrantTypes(grantTypes);
         c.setResponseTypes(responseTypes);
     }
-- 
GitLab