From 178b86de4aba94255b25df49264f3649c0056950 Mon Sep 17 00:00:00 2001 From: Dominik Frantisek Bucik <bucik@ics.muni.cz> Date: Thu, 19 Jan 2023 17:37:14 +0100 Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Introducing=20TOKEN=20EX?= =?UTF-8?q?CHANGE=20grant?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cz/muni/ics/oidc/ToOidcSynchronizer.java | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java index 035eb48..0220cd2 100644 --- a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java +++ b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java @@ -56,6 +56,8 @@ public class ToOidcSynchronizer { public static final String IMPLICIT = "implicit"; public static final String HYBRID = "hybrid"; + public static final String TOKEN_EXCHANGE = "token exchange"; + // grant types public static final String GRANT_AUTHORIZATION_CODE = "authorization_code"; public static final String GRANT_IMPLICIT = "implicit"; @@ -63,6 +65,8 @@ public class ToOidcSynchronizer { public static final String GRANT_HYBRID = "hybrid"; public static final String GRANT_REFRESH_TOKEN = "refresh_token"; + public static final String GRANT_TOKEN_EXCHANGE = "urn:ietf:params:oauth:grant-type:token-exchange"; + // timeouts public static final String ACCESS_TOKEN_TIMEOUT = "access_token"; public static final String ID_TOKEN_TIMEOUT = "id_token"; @@ -393,8 +397,9 @@ public class ToOidcSynchronizer { } private void setGrantAndResponseTypes(MitreidClient c, Map<String, PerunAttributeValue> attrs) { - List<String> grantTypesAttrValue = attrs.get(perunAttrNames.getGrantTypes()).valueAsList().stream() - .map(String::toLowerCase).collect(Collectors.toList()); + List<String> grantTypesAttrValue = + attrs.get(perunAttrNames.getGrantTypes()).valueAsList().stream() + .map(String::toLowerCase).collect(Collectors.toList()); Set<String> grantTypes = new HashSet<>(); Set<String> responseTypes = new HashSet<>(); @@ -402,20 +407,23 @@ public class ToOidcSynchronizer { if (grantTypesAttrValue.contains(AUTHORIZATION_CODE)) { grantTypes.add(GRANT_AUTHORIZATION_CODE); responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_AUTH_CODE)); - log.debug("Added grant '{}' with response types '{}'", GRANT_AUTHORIZATION_CODE, RESPONSE_TYPE_AUTH_CODE); + log.debug("Added grant '{}' with response types '{}'", GRANT_AUTHORIZATION_CODE, + RESPONSE_TYPE_AUTH_CODE); } if (grantTypesAttrValue.contains(IMPLICIT)) { grantTypes.add(GRANT_IMPLICIT); responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_IMPLICIT)); - log.debug("Added grant '{}' with response types '{}'", GRANT_IMPLICIT, RESPONSE_TYPE_IMPLICIT); + log.debug("Added grant '{}' with response types '{}'", GRANT_IMPLICIT, + RESPONSE_TYPE_IMPLICIT); } if (grantTypesAttrValue.contains(HYBRID)) { grantTypes.add(GRANT_HYBRID); grantTypes.add(GRANT_AUTHORIZATION_CODE); responseTypes.addAll(Arrays.asList(RESPONSE_TYPE_HYBRID)); - log.debug("Added grants '{} {}' with response types '{}'", GRANT_HYBRID, GRANT_AUTHORIZATION_CODE, + log.debug("Added grants '{} {}' with response types '{}'", GRANT_HYBRID, + GRANT_AUTHORIZATION_CODE, RESPONSE_TYPE_HYBRID); } @@ -424,6 +432,11 @@ public class ToOidcSynchronizer { log.debug("Added grant '{}'", GRANT_DEVICE); } + if (grantTypesAttrValue.contains(TOKEN_EXCHANGE)) { + grantTypes.add(GRANT_TOKEN_EXCHANGE); + log.debug("Added grant '{}", GRANT_TOKEN_EXCHANGE); + } + c.setGrantTypes(grantTypes); c.setResponseTypes(responseTypes); } -- GitLab