From 46aff6882489cb4b8b3e33dd7317659897a43d03 Mon Sep 17 00:00:00 2001 From: thisarawelmilla Date: Tue, 30 Sep 2025 11:59:57 +0530 Subject: [PATCH] Remove consentedToken column exist check --- .../DefaultRefreshTokenGrantProcessor.java | 33 ++-- .../util/ResponseTypeHandlerUtil.java | 15 +- .../oauth2/dao/AccessTokenDAOImpl.java | 154 ++++++------------ .../identity/oauth2/dao/SQLQueries.java | 9 - .../internal/OAuth2ServiceComponent.java | 1 - .../OAuth2ServiceComponentHolder.java | 5 - .../identity/oauth2/token/JWTTokenIssuer.java | 16 +- .../AbstractAuthorizationGrantHandler.java | 14 +- .../AbstractUserInfoResponseBuilder.java | 12 +- .../identity/openidconnect/OIDCClaimUtil.java | 26 ++- .../oauth2/token/JWTTokenIssuerTest.java | 1 - 11 files changed, 102 insertions(+), 184 deletions(-) diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java index 144038132ff..4719b40dbde 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/tokenprocessor/DefaultRefreshTokenGrantProcessor.java @@ -27,7 +27,6 @@ import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; import org.wso2.carbon.identity.oauth2.dao.OAuthTokenPersistenceFactory; import org.wso2.carbon.identity.oauth2.dto.OAuth2AccessTokenReqDTO; -import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.model.AccessTokenDO; import org.wso2.carbon.identity.oauth2.model.RefreshTokenValidationDataDO; import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext; @@ -98,25 +97,23 @@ public AccessTokenDO createAccessTokenBean(OAuthTokenReqMessageContext tokReqMsg accessTokenDO.setIssuedTime(timestamp); accessTokenDO.setTokenBinding(tokReqMsgCtx.getTokenBinding()); - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - String previousGrantType = validationBean.getGrantType(); - // Check if the previous grant type is consent refresh token type or not. - if (!OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(previousGrantType)) { - // If the previous grant type is not a refresh token, then check if it's a consent token or not. - if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(previousGrantType)) { - accessTokenDO.setIsConsentedToken(true); - } - } else { - /* When previousGrantType == refresh_token, we need to check whether the original grant type - is consented or not. */ - AccessTokenDO accessTokenDOFromTokenIdentifier = OAuth2Util.getAccessTokenDOFromTokenIdentifier( - validationBean.getAccessToken(), false); - accessTokenDO.setIsConsentedToken(accessTokenDOFromTokenIdentifier.isConsentedToken()); + String previousGrantType = validationBean.getGrantType(); + // Check if the previous grant type is consent refresh token type or not. + if (!OAuthConstants.GrantTypes.REFRESH_TOKEN.equals(previousGrantType)) { + // If the previous grant type is not a refresh token, then check if it's a consent token or not. + if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(previousGrantType)) { + accessTokenDO.setIsConsentedToken(true); } + } else { + /* When previousGrantType == refresh_token, we need to check whether the original grant type + is consented or not. */ + AccessTokenDO accessTokenDOFromTokenIdentifier = OAuth2Util.getAccessTokenDOFromTokenIdentifier( + validationBean.getAccessToken(), false); + accessTokenDO.setIsConsentedToken(accessTokenDOFromTokenIdentifier.isConsentedToken()); + } - if (accessTokenDO.isConsentedToken()) { - tokReqMsgCtx.setConsentedToken(true); - } + if (accessTokenDO.isConsentedToken()) { + tokReqMsgCtx.setConsentedToken(true); } return accessTokenDO; } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java index 734fce9f559..0da862d1e54 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authz/handlers/util/ResponseTypeHandlerUtil.java @@ -665,16 +665,15 @@ private static AccessTokenDO createNewTokenBean(OAuthAuthzReqMessageContext oaut newTokenBean.setGrantType(grantType); /* If the existing token is available, the consented token flag will be extracted from that. Otherwise, from the current grant. */ - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - if (existingTokenBean != null) { - newTokenBean.setIsConsentedToken(existingTokenBean.isConsentedToken()); - } else { - if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(grantType)) { - newTokenBean.setIsConsentedToken(true); - } + if (existingTokenBean != null) { + newTokenBean.setIsConsentedToken(existingTokenBean.isConsentedToken()); + } else { + if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable(grantType)) { + newTokenBean.setIsConsentedToken(true); } - oauthAuthzMsgCtx.setConsentedToken(newTokenBean.isConsentedToken()); } + oauthAuthzMsgCtx.setConsentedToken(newTokenBean.isConsentedToken()); + newTokenBean.setAccessToken(getNewAccessToken(oauthAuthzMsgCtx, oauthIssuerImpl)); setRefreshTokenDetails(oauthAuthzMsgCtx, oAuthAppBean, existingTokenBean, newTokenBean, oauthIssuerImpl, timestamp); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAOImpl.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAOImpl.java index 0a4d26f8ec5..b41a644c1e4 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAOImpl.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAOImpl.java @@ -182,12 +182,7 @@ private void insertAccessToken(String accessToken, String consumerKey, AccessTok String sql; - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - sql = SQLQueries.INSERT_OAUTH2_ACCESS_TOKEN_WITH_IDP_NAME_WITH_CONSENTED_TOKEN; - } else { - sql = SQLQueries.INSERT_OAUTH2_ACCESS_TOKEN_WITH_IDP_NAME; - } - + sql = SQLQueries.INSERT_OAUTH2_ACCESS_TOKEN_WITH_IDP_NAME_WITH_CONSENTED_TOKEN; sql = OAuth2Util.getTokenPartitionedSqlByUserStore(sql, userDomain); String sqlAddScopes = OAuth2Util.getTokenPartitionedSqlByUserStore(SQLQueries.INSERT_OAUTH2_TOKEN_SCOPE, userDomain); @@ -266,20 +261,12 @@ private void insertAccessToken(String accessToken, String consumerKey, AccessTok } } - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - insertTokenPrepStmt.setString(20, Boolean.toString(accessTokenDO.isConsentedToken())); - insertTokenPrepStmt.setString(21, authenticatedIDP); - // Set tenant ID of the IDP by considering it is same as appTenantID. - insertTokenPrepStmt.setInt(22, appTenantId); - insertTokenPrepStmt.setString(23, getPersistenceProcessor().getProcessedClientId(consumerKey)); - insertTokenPrepStmt.setInt(24, appTenantId); - } else { - insertTokenPrepStmt.setString(20, authenticatedIDP); - // Set tenant ID of the IDP by considering it is same as appTenantID. - insertTokenPrepStmt.setInt(21, appTenantId); - insertTokenPrepStmt.setString(22, getPersistenceProcessor().getProcessedClientId(consumerKey)); - insertTokenPrepStmt.setInt(23, appTenantId); - } + insertTokenPrepStmt.setString(20, Boolean.toString(accessTokenDO.isConsentedToken())); + insertTokenPrepStmt.setString(21, authenticatedIDP); + // Set tenant ID of the IDP by considering it is same as appTenantID. + insertTokenPrepStmt.setInt(22, appTenantId); + insertTokenPrepStmt.setString(23, getPersistenceProcessor().getProcessedClientId(consumerKey)); + insertTokenPrepStmt.setInt(24, appTenantId); insertTokenPrepStmt.executeUpdate(); @@ -560,9 +547,7 @@ public AccessTokenDO getLatestAccessToken(String consumerKey, AuthenticatedUser String subjectIdentifier = resultSet.getString(10); String grantType = resultSet.getString(11); String isConsentedToken = StringUtils.EMPTY; - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - isConsentedToken = resultSet.getString(12); - } + isConsentedToken = resultSet.getString(12); // data loss at dividing the validity period but can be neglected AuthenticatedUser user = OAuth2Util.createAuthenticatedUser(authzUser, userDomain, tenantDomain, authenticatedIDP); @@ -612,50 +597,30 @@ private String getLatestAccessTokenQuerySQL(Connection connection) throws SQLExc String sql; - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - if (connection.getMetaData().getDriverName().contains("MySQL") - || connection.getMetaData().getDriverName().contains(FrameworkConstants.H2) - || connection.getMetaData().getDriverName().contains(FrameworkConstants.MARIA_DB)) { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MYSQL; - } else if (connection.getMetaData().getDatabaseProductName().contains("DB2")) { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_DB2SQL; - } else if (connection.getMetaData().getDriverName().contains("MS SQL")) { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; - } else if (connection.getMetaData().getDriverName().contains("Microsoft")) { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; - } else if (connection.getMetaData().getDriverName().contains("PostgreSQL")) { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_POSTGRESQL; - } else if (connection.getMetaData().getDriverName().contains("Informix")) { - // Driver name = "IBM Informix JDBC Driver for IBM Informix Dynamic Server" - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_INFORMIX; - } else { - sql = SQLQueries. - GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_ORACLE; - } + if (connection.getMetaData().getDriverName().contains("MySQL") + || connection.getMetaData().getDriverName().contains(FrameworkConstants.H2) + || connection.getMetaData().getDriverName().contains(FrameworkConstants.MARIA_DB)) { + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MYSQL; + } else if (connection.getMetaData().getDatabaseProductName().contains("DB2")) { + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_DB2SQL; + } else if (connection.getMetaData().getDriverName().contains("MS SQL")) { + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; + } else if (connection.getMetaData().getDriverName().contains("Microsoft")) { + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; + } else if (connection.getMetaData().getDriverName().contains("PostgreSQL")) { + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_POSTGRESQL; + } else if (connection.getMetaData().getDriverName().contains("Informix")) { + // Driver name = "IBM Informix JDBC Driver for IBM Informix Dynamic Server" + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_INFORMIX; } else { - if (connection.getMetaData().getDriverName().contains("MySQL") - || connection.getMetaData().getDriverName().contains("H2")) { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MYSQL; - } else if (connection.getMetaData().getDatabaseProductName().contains("DB2")) { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_DB2SQL; - } else if (connection.getMetaData().getDriverName().contains("MS SQL")) { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; - } else if (connection.getMetaData().getDriverName().contains("Microsoft")) { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_MSSQL; - } else if (connection.getMetaData().getDriverName().contains("PostgreSQL")) { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_POSTGRESQL; - } else if (connection.getMetaData().getDriverName().contains("Informix")) { - // Driver name = "IBM Informix JDBC Driver for IBM Informix Dynamic Server" - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_INFORMIX; - } else { - sql = SQLQueries.RETRIEVE_LATEST_ACCESS_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_ORACLE; - } + sql = SQLQueries. + GET_LATEST_ACCESS_TOKEN_WITH_CONSENTED_TOKEN_BY_CLIENT_ID_USER_SCOPE_IDP_NAME_ORACLE; } return sql; @@ -964,12 +929,8 @@ public AccessTokenDO getAccessToken(String accessTokenIdentifier, boolean includ if (includeExpired) { sql = SQLQueries.RETRIEVE_ACTIVE_EXPIRED_ACCESS_TOKEN_IDP_NAME; } else { - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - sql = SQLQueries.RETRIEVE_ACTIVE_ACCESS_TOKEN_IDP_NAME_WITH_CONSENTED_TOKEN; - isConsentedColumnDataFetched = true; - } else { - sql = SQLQueries.RETRIEVE_ACTIVE_ACCESS_TOKEN_IDP_NAME; - } + sql = SQLQueries.RETRIEVE_ACTIVE_ACCESS_TOKEN_IDP_NAME_WITH_CONSENTED_TOKEN; + isConsentedColumnDataFetched = true; } @@ -2028,11 +1989,9 @@ public void invalidateAndCreateNewAccessToken(String oldAccessTokenId, String to boolean tokenUpdateSuccessful; Connection connection = IdentityDatabaseUtil.getDBConnection(true); try { - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled() && !accessTokenDO.isConsentedToken()) { - // Check whether the previous token is issued for a consent required grant or not. - boolean isPreviousTokenConsented = isPreviousTokenConsented(connection, oldAccessTokenId); - accessTokenDO.setIsConsentedToken(isPreviousTokenConsented); - } + // Check whether the previous token is issued for a consent required grant or not. + boolean isPreviousTokenConsented = isPreviousTokenConsented(connection, oldAccessTokenId); + accessTokenDO.setIsConsentedToken(isPreviousTokenConsented); // update existing token as inactive updateAccessTokenState(connection, oldAccessTokenId, tokenState, tokenStateId, userStoreDomain, grantType); @@ -3172,32 +3131,25 @@ public Set getAccessTokensByBindingRef(String bindingRef) throws public void updateTokenIsConsented(String tokenId, boolean isConsentedGrant) throws IdentityOAuth2Exception { - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - if (log.isDebugEnabled()) { - log.debug("Updating the token's last issued grant type for token with id: " + tokenId + " to: " + - isConsentedGrant); - } - - String sql = SQLQueries.UPDATE_TOKEN_CONSENTED_TOKEN; - try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { - try (PreparedStatement prepStmt = connection.prepareStatement(sql)) { - prepStmt.setString(1, Boolean.toString(isConsentedGrant)); - prepStmt.setString(2, tokenId); - prepStmt.executeUpdate(); - IdentityDatabaseUtil.commitTransaction(connection); - } catch (SQLException e) { - IdentityDatabaseUtil.rollbackTransaction(connection); // ToDo add the exception here - throw new IdentityOAuth2Exception("Error while updating the access token.", e); - } + if (log.isDebugEnabled()) { + log.debug("Updating the token's last issued grant type for token with id: " + tokenId + " to: " + + isConsentedGrant); + } + + String sql = SQLQueries.UPDATE_TOKEN_CONSENTED_TOKEN; + try (Connection connection = IdentityDatabaseUtil.getDBConnection(true)) { + try (PreparedStatement prepStmt = connection.prepareStatement(sql)) { + prepStmt.setString(1, Boolean.toString(isConsentedGrant)); + prepStmt.setString(2, tokenId); + prepStmt.executeUpdate(); + IdentityDatabaseUtil.commitTransaction(connection); } catch (SQLException e) { - throw new IdentityOAuth2Exception("Error while updating Access Token with ID: " + tokenId + - " to last issued grant type : ", e); - } - } else { - if (log.isDebugEnabled()) { - log.debug("CONSENTED_TOKEN column is not available. Since not updating the token with id: " - + tokenId + " to: " + isConsentedGrant); + IdentityDatabaseUtil.rollbackTransaction(connection); // ToDo add the exception here + throw new IdentityOAuth2Exception("Error while updating the access token.", e); } + } catch (SQLException e) { + throw new IdentityOAuth2Exception("Error while updating Access Token with ID: " + tokenId + + " to last issued grant type : ", e); } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java index 421833cb154..c994fdef74d 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/SQLQueries.java @@ -904,15 +904,6 @@ public class SQLQueries { + " TOKEN_BINDING_REF, AUTHORIZED_ORGANIZATION, CONSENTED_TOKEN) SELECT ?,?,ID,?,?,?,?,?,?,?,?,?,?,?,?,?," + "?,?,?,?,? FROM IDN_OAUTH_CONSUMER_APPS WHERE CONSUMER_KEY=? AND TENANT_ID = ?"; - public static final String INSERT_OAUTH2_ACCESS_TOKEN_WITH_IDP_NAME = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN " + - "(ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, TENANT_ID, USER_DOMAIN, TIME_CREATED, " + - "REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, REFRESH_TOKEN_VALIDITY_PERIOD, TOKEN_SCOPE_HASH, " + - "TOKEN_STATE, USER_TYPE, TOKEN_ID, GRANT_TYPE, SUBJECT_IDENTIFIER, ACCESS_TOKEN_HASH, REFRESH_TOKEN_HASH," + - "IDP_ID, TOKEN_BINDING_REF, AUTHORIZED_ORGANIZATION) SELECT ?,?,IDN_OAUTH_CONSUMER_APPS.ID,?,?,?,?,?,?,?," + - "?,?,?,?,?,?,?,?,IDP.ID,?,? " - + "FROM IDN_OAUTH_CONSUMER_APPS, IDP WHERE IDP.NAME=? AND IDP.TENANT_ID=? AND CONSUMER_KEY=? AND " + - "IDN_OAUTH_CONSUMER_APPS.TENANT_ID=?"; - public static final String INSERT_OAUTH2_ACCESS_TOKEN_WITH_IDP_NAME_WITH_CONSENTED_TOKEN = "INSERT INTO IDN_OAUTH2_ACCESS_TOKEN (ACCESS_TOKEN, REFRESH_TOKEN, CONSUMER_KEY_ID, AUTHZ_USER, " + "TENANT_ID, USER_DOMAIN, TIME_CREATED, REFRESH_TOKEN_TIME_CREATED, VALIDITY_PERIOD, " + diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponent.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponent.java index 013ccd1aa78..ff856294b9f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponent.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponent.java @@ -470,7 +470,6 @@ protected void activate(ComponentContext context) { } boolean isConsentedTokenColumnAvailable = checkConsentedTokenColumnAvailable(); - OAuth2ServiceComponentHolder.setConsentedTokenColumnEnabled(isConsentedTokenColumnAvailable); if (log.isDebugEnabled()) { if (isConsentedTokenColumnAvailable) { log.debug("CONSENTED_TOKEN column is available in IDN_OAUTH2_ACCESS_TOKEN table. Hence setting " + diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponentHolder.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponentHolder.java index 5f08d98a363..661413ad254 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponentHolder.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/internal/OAuth2ServiceComponentHolder.java @@ -206,11 +206,6 @@ public static boolean isConsentedTokenColumnEnabled() { return consentedTokenColumnEnabled; } - public static void setConsentedTokenColumnEnabled(boolean consentedTokenColumnEnabled) { - - OAuth2ServiceComponentHolder.consentedTokenColumnEnabled = consentedTokenColumnEnabled; - } - public static RegistryService getRegistryService() { return registryService; diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java index 2f6282de21a..166fa7bd8d1 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java @@ -1135,16 +1135,14 @@ protected void setClaimsForNonPersistence(JWTClaimsSet.Builder jwtClaimsSetBuild throw new IdentityOAuth2Exception("User id not found for user: " + authenticatedUser.getLoggableMaskedUserId(), e); } - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - boolean isConsented; - if (tokenReqMessageContext != null) { - isConsented = tokenReqMessageContext.isConsentedToken(); - } else { - isConsented = authAuthzReqMessageContext.isConsentedToken(); - } - // when no persistence of tokens, there is no existing token to check the consented value for. - jwtClaimsSetBuilder.claim(OAuth2Constants.IS_CONSENTED, isConsented); + boolean isConsented; + if (tokenReqMessageContext != null) { + isConsented = tokenReqMessageContext.isConsentedToken(); + } else { + isConsented = authAuthzReqMessageContext.isConsentedToken(); } + // when no persistence of tokens, there is no existing token to check the consented value for. + jwtClaimsSetBuilder.claim(OAuth2Constants.IS_CONSENTED, isConsented); jwtClaimsSetBuilder.claim(OAuth2Constants.IS_FEDERATED, authenticatedUser.isFederatedUser()); } } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java index e699f2df0fe..55853ec8463 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/grant/AbstractAuthorizationGrantHandler.java @@ -644,14 +644,12 @@ private void updateMessageContextToCreateNewToken(OAuthTokenReqMessageContext to /* If the existing token is available, the consented token flag will be extracted from that. Otherwise, from the current grant. */ - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - if (existingTokenBean != null) { - tokReqMsgCtx.setConsentedToken(existingTokenBean.isConsentedToken()); - } else { - if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable( - tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) { - tokReqMsgCtx.setConsentedToken(true); - } + if (existingTokenBean != null) { + tokReqMsgCtx.setConsentedToken(existingTokenBean.isConsentedToken()); + } else { + if (OIDCClaimUtil.isConsentBasedClaimFilteringApplicable( + tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) { + tokReqMsgCtx.setConsentedToken(true); } } OAuthAppDO oAuthAppBean = getoAuthApp(consumerKey); diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/AbstractUserInfoResponseBuilder.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/AbstractUserInfoResponseBuilder.java index a3726e75e98..ad5c5e7e6c6 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/AbstractUserInfoResponseBuilder.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/AbstractUserInfoResponseBuilder.java @@ -274,17 +274,13 @@ protected Map getUserClaimsFilteredByConsent(OAuth2TokenValidati AccessTokenDO accessTokenDO = OAuth2ServiceComponentHolder.getInstance().getTokenProvider() .getVerifiedAccessToken(accessToken, false); grantType = getGrantType(accessTokenDO); - if (OAuth2ServiceComponentHolder.isConsentedTokenColumnEnabled()) { - // Get the Access Token details from the database/cache to check if the token is consented or not. - boolean isConsentedToken = accessTokenDO.isConsentedToken(); - return OIDCClaimUtil.filterUserClaimsBasedOnConsent(userClaims, user, clientId, tenantDomain, grantType, - getServiceProvider(tenantDomain, clientId), isConsentedToken); - } + // Get the Access Token details from the database/cache to check if the token is consented or not. + boolean isConsentedToken = accessTokenDO.isConsentedToken(); + return OIDCClaimUtil.filterUserClaimsBasedOnConsent(userClaims, user, clientId, tenantDomain, grantType, + getServiceProvider(tenantDomain, clientId), isConsentedToken); } catch (IdentityOAuth2Exception e) { throw new UserInfoEndpointException("An error occurred while fetching the access token details.", e); } - return OIDCClaimUtil.filterUserClaimsBasedOnConsent(userClaims, user, clientId, tenantDomain, grantType, - getServiceProvider(tenantDomain, clientId)); } diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OIDCClaimUtil.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OIDCClaimUtil.java index 181b3a11c75..3cba2c4e24f 100644 --- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OIDCClaimUtil.java +++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/OIDCClaimUtil.java @@ -45,7 +45,6 @@ import org.wso2.carbon.identity.oauth.dao.OAuthAppDO; import org.wso2.carbon.identity.oauth.internal.OAuthComponentServiceHolder; import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception; -import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder; import org.wso2.carbon.identity.oauth2.util.OAuth2Util; import org.wso2.carbon.identity.openidconnect.internal.OpenIDConnectServiceComponentHolder; import org.wso2.carbon.identity.organization.management.organization.user.sharing.util.OrganizationSharedUserUtil; @@ -288,23 +287,18 @@ public static Map filterUserClaimsBasedOnConsent(Map