[SYNCOPE-1865] Add missing conf parameters for OIDC client apps

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java

@@ -61,10 +61,14 @@
 import org.apache.syncope.common.lib.to.RealmTO;
 import org.apache.syncope.common.lib.types.ClientAppType;
 import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
 import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
 import org.apache.syncope.common.lib.types.PolicyType;
 import org.apache.syncope.common.lib.types.SAML2SPNameId;
 import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
@@ -295,8 +299,61 @@ protected void onUpdate(final AjaxRequestTarget target) {
                     clientSecret.setChoices(List.of(RandomStringUtils.secure().nextNumeric(15)));
                     fields.add(clientSecret.setRequired(true));
 
+                    AjaxTextFieldPanel idTokenIssuer = new AjaxTextFieldPanel(
+                            "field", "idTokenIssuer", new PropertyModel<>(clientAppTO, "idTokenIssuer"), false);
+                    fields.add(idTokenIssuer);
+
+                    AjaxCheckBoxPanel signIdToken = new AjaxCheckBoxPanel(
+                            "field", "signIdToken", new PropertyModel<>(clientAppTO, "signIdToken"));
+                    fields.add(signIdToken);
+                    AjaxDropDownChoicePanel<OIDCTokenSigningAlg> idTokenSigningAlg = new AjaxDropDownChoicePanel<>(
+                            "field", "idTokenSigningAlg", new PropertyModel<>(clientAppTO, "idTokenSigningAlg"), false);
+                    idTokenSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+                    fields.add(idTokenSigningAlg.addRequiredLabel());
+
                     fields.add(new AjaxCheckBoxPanel(
-                            "field", "signIdToken", new PropertyModel<>(clientAppTO, "signIdToken")));
+                            "field", "encryptIdToken", new PropertyModel<>(clientAppTO, "encryptIdToken")));
+                    AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg> idTokenEncryptionAlg =
+                            new AjaxDropDownChoicePanel<>(
+                                    "field",
+                                    "idTokenEncryptionAlg",
+                                    new PropertyModel<>(clientAppTO, "idTokenEncryptionAlg"),
+                                    false);
+                    idTokenEncryptionAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+                    fields.add(idTokenEncryptionAlg.addRequiredLabel());
+                    AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding> idTokenEncryptionEncoding =
+                            new AjaxDropDownChoicePanel<>(
+                                    "field",
+                                    "idTokenEncryptionEncoding",
+                                    new PropertyModel<>(clientAppTO, "idTokenEncryptionEncoding"),
+                                    false);
+                    idTokenEncryptionEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+                    fields.add(idTokenEncryptionEncoding);
+
+                    AjaxDropDownChoicePanel<OIDCTokenSigningAlg> userInfoSigningAlg = new AjaxDropDownChoicePanel<>(
+                            "field",
+                            "userInfoSigningAlg",
+                            new PropertyModel<>(clientAppTO, "userInfoSigningAlg"),
+                            false);
+                    userInfoSigningAlg.setChoices(List.of(OIDCTokenSigningAlg.values()));
+                    fields.add(userInfoSigningAlg);
+                    AjaxDropDownChoicePanel<OIDCTokenEncryptionAlg> userInfoEncryptedResponseAlg =
+                            new AjaxDropDownChoicePanel<>(
+                                    "field",
+                                    "userInfoEncryptedResponseAlg",
+                                    new PropertyModel<>(clientAppTO, "userInfoEncryptedResponseAlg"),
+                                    false);
+                    userInfoEncryptedResponseAlg.setChoices(List.of(OIDCTokenEncryptionAlg.values()));
+                    fields.add(userInfoEncryptedResponseAlg);
+                    AjaxDropDownChoicePanel<OIDCTokenEncryptionEncoding> userInfoEncryptedResponseEncoding =
+                            new AjaxDropDownChoicePanel<>(
+                                    "field",
+                                    "userInfoEncryptedResponseEncoding",
+                                    new PropertyModel<>(clientAppTO, "userInfoEncryptedResponseEncoding"),
+                                    false);
+                    userInfoEncryptedResponseEncoding.setChoices(List.of(OIDCTokenEncryptionEncoding.values()));
+                    fields.add(userInfoEncryptedResponseEncoding);
+
                     fields.add(new AjaxCheckBoxPanel(
                             "field", "jwtAccessToken", new PropertyModel<>(clientAppTO, "jwtAccessToken")));
                     fields.add(new AjaxCheckBoxPanel(
@@ -307,8 +364,12 @@ protected void onUpdate(final AjaxRequestTarget target) {
                     AjaxDropDownChoicePanel<OIDCSubjectType> subjectType = new AjaxDropDownChoicePanel<>(
                             "field", "subjectType", new PropertyModel<>(clientAppTO, "subjectType"), false);
                     subjectType.setChoices(List.of(OIDCSubjectType.values()));
-                    subjectType.addRequiredLabel().setEnabled(true);
-                    fields.add(subjectType);
+                    fields.add(subjectType.addRequiredLabel().setEnabled(true));
+
+                    AjaxDropDownChoicePanel<OIDCApplicationType> applicationType = new AjaxDropDownChoicePanel<>(
+                            "field", "applicationType", new PropertyModel<>(clientAppTO, "applicationType"), false);
+                    applicationType.setChoices(List.of(OIDCApplicationType.values()));
+                    fields.add(applicationType.addRequiredLabel().setEnabled(true));
 
                     AjaxTextFieldPanel redirectUri = new AjaxTextFieldPanel("panel", "redirectUris", new Model<>());
                     fields.add(new MultiFieldPanel.Builder<String>(

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties

@@ -71,3 +71,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
 generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties

@@ -71,3 +71,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
 generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties

@@ -71,3 +71,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Metodo di autenticazione dell'endpoint token
 generateRefreshToken=Genera Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=Algoritmo di firma IdToken
+encryptIdToken=Cifra IdToken
+idTokenEncryptionAlg=Algoritmo di cifratura IdToken
+idTokenEncryptionEncoding=Codifica di cifratura IdToken
+applicationType=Tipo applicazione
+userInfoSigningAlg=Algoritmo di firma UserInfo
+userInfoEncryptedResponseAlg=Algoritmo di cifratura risposta UserInfo
+userInfoEncryptedResponseEncoding=Codifica di cifratura risposta UserInfo

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties

@@ -71,3 +71,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
 generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties

@@ -71,3 +71,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
 generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding

client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties

@@ -72,3 +72,12 @@ jwks=JWKS
 jwksUri=JWKS URI
 tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
 generateRefreshToken=Generate Refresh Token
+idTokenIssuer=IdToken issuer
+idTokenSigningAlg=IdToken signing algorithm
+encryptIdToken=Encrypt IdToken
+idTokenEncryptionAlg=IdToken encryption algorithm
+idTokenEncryptionEncoding=IdToken encryption encoding
+applicationType=Application Type
+userInfoSigningAlg=UserInfo Signing Algorithm
+userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
+userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding

common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java

@@ -26,10 +26,14 @@
 import java.util.List;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.OIDCApplicationType;
 import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
+import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
+import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
 
 @Schema(allOf = { ClientAppTO.class })
 public class OIDCRPClientAppTO extends ClientAppTO {
@@ -40,15 +44,33 @@ public class OIDCRPClientAppTO extends ClientAppTO {
 
     private String clientSecret;
 
-    private boolean signIdToken;
+    private String idTokenIssuer;
+
+    private boolean signIdToken = true;
+
+    private OIDCTokenSigningAlg idTokenSigningAlg = OIDCTokenSigningAlg.none;
+
+    private boolean encryptIdToken;
+
+    private OIDCTokenEncryptionAlg idTokenEncryptionAlg = OIDCTokenEncryptionAlg.none;
+
+    private OIDCTokenEncryptionEncoding idTokenEncryptionEncoding;
+
+    private OIDCTokenSigningAlg userInfoSigningAlg = OIDCTokenSigningAlg.none;
+
+    private OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg;
+
+    private OIDCTokenEncryptionEncoding userInfoEncryptedResponseEncoding;
 
     private boolean jwtAccessToken;
 
     private boolean bypassApprovalPrompt = true;
 
     private boolean generateRefreshToken = true;
 
-    private OIDCSubjectType subjectType;
+    private OIDCSubjectType subjectType = OIDCSubjectType.PUBLIC;
+
+    private OIDCApplicationType applicationType = OIDCApplicationType.WEB;
 
     private final List<String> redirectUris = new ArrayList<>();
 
@@ -110,6 +132,14 @@ public List<OIDCResponseType> getSupportedResponseTypes() {
         return supportedResponseTypes;
     }
 
+    public String getIdTokenIssuer() {
+        return idTokenIssuer;
+    }
+
+    public void setIdTokenIssuer(final String idTokenIssuer) {
+        this.idTokenIssuer = idTokenIssuer;
+    }
+
     public boolean isSignIdToken() {
         return signIdToken;
     }
@@ -118,6 +148,62 @@ public void setSignIdToken(final boolean signIdToken) {
         this.signIdToken = signIdToken;
     }
 
+    public boolean isEncryptIdToken() {
+        return encryptIdToken;
+    }
+
+    public void setEncryptIdToken(final boolean encryptIdToken) {
+        this.encryptIdToken = encryptIdToken;
+    }
+
+    public OIDCTokenSigningAlg getIdTokenSigningAlg() {
+        return idTokenSigningAlg;
+    }
+
+    public void setIdTokenSigningAlg(final OIDCTokenSigningAlg idTokenSigningAlg) {
+        this.idTokenSigningAlg = idTokenSigningAlg;
+    }
+
+    public OIDCTokenEncryptionAlg getIdTokenEncryptionAlg() {
+        return idTokenEncryptionAlg;
+    }
+
+    public void setIdTokenEncryptionAlg(final OIDCTokenEncryptionAlg idTokenEncryptionAlg) {
+        this.idTokenEncryptionAlg = idTokenEncryptionAlg;
+    }
+
+    public OIDCTokenEncryptionEncoding getIdTokenEncryptionEncoding() {
+        return idTokenEncryptionEncoding;
+    }
+
+    public void setIdTokenEncryptionEncoding(final OIDCTokenEncryptionEncoding idTokenEncryptionEncoding) {
+        this.idTokenEncryptionEncoding = idTokenEncryptionEncoding;
+    }
+
+    public OIDCTokenSigningAlg getUserInfoSigningAlg() {
+        return userInfoSigningAlg;
+    }
+
+    public void setUserInfoSigningAlg(final OIDCTokenSigningAlg userInfoSigningAlg) {
+        this.userInfoSigningAlg = userInfoSigningAlg;
+    }
+
+    public OIDCTokenEncryptionAlg getUserInfoEncryptedResponseAlg() {
+        return userInfoEncryptedResponseAlg;
+    }
+
+    public void setUserInfoEncryptedResponseAlg(final OIDCTokenEncryptionAlg userInfoEncryptedResponseAlg) {
+        this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
+    }
+
+    public OIDCTokenEncryptionEncoding getUserInfoEncryptedResponseEncoding() {
+        return userInfoEncryptedResponseEncoding;
+    }
+
+    public void setUserInfoEncryptedResponseEncoding(final OIDCTokenEncryptionEncoding encoding) {
+        this.userInfoEncryptedResponseEncoding = encoding;
+    }
+
     public OIDCSubjectType getSubjectType() {
         return subjectType;
     }
@@ -126,6 +212,14 @@ public void setSubjectType(final OIDCSubjectType subjectType) {
         this.subjectType = subjectType;
     }
 
+    public OIDCApplicationType getApplicationType() {
+        return applicationType;
+    }
+
+    public void setApplicationType(final OIDCApplicationType applicationType) {
+        this.applicationType = applicationType;
+    }
+
     public boolean isJwtAccessToken() {
         return jwtAccessToken;
     }
@@ -205,11 +299,20 @@ public boolean equals(final Object obj) {
                 .appendSuper(super.equals(obj))
                 .append(this.clientId, rhs.clientId)
                 .append(this.clientSecret, rhs.clientSecret)
+                .append(this.idTokenIssuer, rhs.idTokenIssuer)
                 .append(this.signIdToken, rhs.signIdToken)
+                .append(this.idTokenSigningAlg, rhs.idTokenSigningAlg)
+                .append(this.encryptIdToken, rhs.encryptIdToken)
+                .append(this.idTokenEncryptionAlg, rhs.idTokenEncryptionAlg)
+                .append(this.idTokenEncryptionEncoding, rhs.idTokenEncryptionEncoding)
+                .append(this.userInfoSigningAlg, rhs.userInfoSigningAlg)
+                .append(this.userInfoEncryptedResponseAlg, rhs.userInfoEncryptedResponseAlg)
+                .append(this.userInfoEncryptedResponseEncoding, rhs.userInfoEncryptedResponseEncoding)
                 .append(this.jwtAccessToken, rhs.jwtAccessToken)
                 .append(this.bypassApprovalPrompt, rhs.bypassApprovalPrompt)
                 .append(this.generateRefreshToken, rhs.generateRefreshToken)
                 .append(this.subjectType, rhs.subjectType)
+                .append(this.applicationType, rhs.applicationType)
                 .append(this.redirectUris, rhs.redirectUris)
                 .append(this.supportedGrantTypes, rhs.supportedGrantTypes)
                 .append(this.supportedResponseTypes, rhs.supportedResponseTypes)
@@ -227,11 +330,20 @@ public int hashCode() {
                 .appendSuper(super.hashCode())
                 .append(clientId)
                 .append(clientSecret)
+                .append(idTokenIssuer)
                 .append(signIdToken)
+                .append(idTokenSigningAlg)
+                .append(encryptIdToken)
+                .append(idTokenEncryptionAlg)
+                .append(idTokenEncryptionEncoding)
+                .append(userInfoSigningAlg)
+                .append(userInfoEncryptedResponseAlg)
+                .append(userInfoEncryptedResponseEncoding)
                 .append(jwtAccessToken)
                 .append(bypassApprovalPrompt)
                 .append(generateRefreshToken)
                 .append(subjectType)
+                .append(applicationType)
                 .append(redirectUris)
                 .append(supportedGrantTypes)
                 .append(supportedResponseTypes)

common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCApplicationType.java

@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum OIDCApplicationType {
+    WEB("web"),
+    NATIVE("native");
+
+    private final String externalForm;
+
+    OIDCApplicationType(final String external) {
+        this.externalForm = external;
+    }
+
+    public String getExternalForm() {
+        return externalForm;
+    }
+}