Skip to content

Commit

Permalink
Merge pull request #2301 from UdeshAthukorala/external-host
Browse files Browse the repository at this point in the history 
Resolve console & myaccount callback urls based on a toml config
  • Loading branch information
@UdeshAthukorala
UdeshAthukorala authored Jan 1, 2024
2 parents 24b8915 + d132be0 commit f025ac7
Show file tree
Hide file tree
Showing 5 changed files with 127 additions and 1 deletion.
5 changes: 5 additions & 0 deletions components/org.wso2.carbon.identity.oauth.dcr/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,11 @@
<artifactId>jackson-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.sun.xml.parsers</groupId>
<artifactId>jaxp-ri</artifactId>
Expand Down
66 changes: 66 additions & 0 deletions ...2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/dao/OAuthAppDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,8 @@
import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_REVOCATION_WITH_IDP_SESSION_TERMINATION;
import static org.wso2.carbon.identity.oauth.common.OAuthConstants.OIDCConfigProperties.TOKEN_TYPE;
import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.OPENID_CONNECT_AUDIENCE;
import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.getConsoleCallbackFromServerConfig;
import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.getMyAccountCallbackFromServerConfig;

/**
* JDBC Based data access layer for OAuth Consumer Applications.
Expand Down Expand Up @@ -332,6 +334,18 @@ public OAuthAppDO[] getOAuthConsumerAppsOfUser(String username, int tenantId) th
oauthApp.setCallbackUrl(
ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(rSet.getString(5)));
}
if (ApplicationMgtUtil.isConsole(oauthApp.getApplicationName())) {
String consoleCallbackUrl = getConsoleCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(consoleCallbackUrl)) {
oauthApp.setCallbackUrl(consoleCallbackUrl);
}
}
if (ApplicationMgtUtil.isMyAccount(oauthApp.getApplicationName())) {
String myAccountCallbackUrl = getMyAccountCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(myAccountCallbackUrl)) {
oauthApp.setCallbackUrl(myAccountCallbackUrl);
}
}

oauthApp.setGrantTypes(rSet.getString(6));
oauthApp.setId(rSet.getInt(7));
Expand Down Expand Up @@ -440,6 +454,19 @@ public OAuthAppDO getAppInformation(String consumerKey, int tenantId) throws
oauthApp.setCallbackUrl(
ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(rSet.getString(5)));
}
String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);
if (ApplicationMgtUtil.isConsole(oauthApp.getApplicationName())) {
String consoleCallbackUrl = getConsoleCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(consoleCallbackUrl)) {
oauthApp.setCallbackUrl(consoleCallbackUrl);
}
}
if (ApplicationMgtUtil.isMyAccount(oauthApp.getApplicationName())) {
String myAccountCallbackUrl = getMyAccountCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(myAccountCallbackUrl)) {
oauthApp.setCallbackUrl(myAccountCallbackUrl);
}
}

authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(rSet.getInt(6)));
authenticatedUser.setUserStoreDomain(rSet.getString(7));
Expand Down Expand Up @@ -528,6 +555,19 @@ public OAuthAppDO getAppInformation(String consumerKey, AccessTokenDO accessToke
oauthApp.setCallbackUrl(
ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(rSet.getString(CALLBACK_URL)));
}
String tenantDomain = IdentityTenantUtil.getTenantDomain(rSet.getInt(TENANT_ID));
if (ApplicationMgtUtil.isConsole(oauthApp.getApplicationName())) {
String consoleCallbackUrl = getConsoleCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(consoleCallbackUrl)) {
oauthApp.setCallbackUrl(consoleCallbackUrl);
}
}
if (ApplicationMgtUtil.isMyAccount(oauthApp.getApplicationName())) {
String myAccountCallbackUrl = getMyAccountCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(myAccountCallbackUrl)) {
oauthApp.setCallbackUrl(myAccountCallbackUrl);
}
}

authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(rSet.getInt(TENANT_ID)));
authenticatedUser.setUserStoreDomain(rSet.getString(USER_DOMAIN));
Expand Down Expand Up @@ -602,6 +642,19 @@ public OAuthAppDO[] getAppsForConsumerKey(String consumerKey)
oauthApp.setCallbackUrl(
ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(rSet.getString(CALLBACK_URL)));
}
String tenantDomain = IdentityTenantUtil.getTenantDomain(rSet.getInt(TENANT_ID));
if (ApplicationMgtUtil.isConsole(oauthApp.getApplicationName())) {
String consoleCallbackUrl = getConsoleCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(consoleCallbackUrl)) {
oauthApp.setCallbackUrl(consoleCallbackUrl);
}
}
if (ApplicationMgtUtil.isMyAccount(oauthApp.getApplicationName())) {
String myAccountCallbackUrl = getMyAccountCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(myAccountCallbackUrl)) {
oauthApp.setCallbackUrl(myAccountCallbackUrl);
}
}

authenticatedUser.setTenantDomain(IdentityTenantUtil.getTenantDomain(rSet.getInt(TENANT_ID)));
authenticatedUser.setUserStoreDomain(rSet.getString(USER_DOMAIN));
Expand Down Expand Up @@ -686,6 +739,19 @@ public OAuthAppDO getAppInformationByAppName(String appName) throws
oauthApp.setCallbackUrl(
ApplicationMgtUtil.resolveOriginUrlFromPlaceholders(rSet.getString(6)));
}
String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantID);
if (ApplicationMgtUtil.isConsole(oauthApp.getApplicationName())) {
String consoleCallbackUrl = getConsoleCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(consoleCallbackUrl)) {
oauthApp.setCallbackUrl(consoleCallbackUrl);
}
}
if (ApplicationMgtUtil.isMyAccount(oauthApp.getApplicationName())) {
String myAccountCallbackUrl = getMyAccountCallbackFromServerConfig(tenantDomain);
if (StringUtils.isNotBlank(myAccountCallbackUrl)) {
oauthApp.setCallbackUrl(myAccountCallbackUrl);
}
}

oauthApp.setGrantTypes(rSet.getString(7));
oauthApp.setId(rSet.getInt(8));
Expand Down
3 changes: 3 additions & 0 deletions ....carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/OAuth2Constants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ public static class TokenBinderType {
public static final String OAUTH_TOKEN_PERSISTENCE_ENABLE = "OAuth.TokenPersistence.Enable";
public static final String OAUTH_CODE_PERSISTENCE_ENABLE = "OAuth.EnableAuthCodePersistence";
public static final String OAUTH_ENABLE_REVOKE_TOKEN_HEADERS = "OAuth.EnableRevokeTokenHeadersInResponse";
public static final String CONSOLE_CALLBACK_URL_FROM_SERVER_CONFIGS = "Console.CallbackURL";
public static final String MY_ACCOUNT_CALLBACK_URL_FROM_SERVER_CONFIGS = "MyAccount.CallbackURL";
public static final String TENANT_DOMAIN_PLACEHOLDER = "{TENANT_DOMAIN}";

public static final int MAX_ALLOWED_LENGTH = 256;

Expand Down
52 changes: 52 additions & 0 deletions ....carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5159,4 +5159,56 @@ public static boolean isApiBasedAuthSupportedGrant(HttpServletRequest request) {
return StringUtils.equals(OAuthConstants.CODE,
request.getParameter(OAuthConstants.OAuth20Params.RESPONSE_TYPE));
}

/**
* Resolve Console application callback url for a specific tenant based on the callback url configured in toml.
*
* @param tenantDomain Tenant domain.
* @return Console callback url.
*/
public static String getConsoleCallbackFromServerConfig(String tenantDomain) {

String callbackUrl = IdentityUtil.getProperty(OAuth2Constants.CONSOLE_CALLBACK_URL_FROM_SERVER_CONFIGS);
if (StringUtils.isNotBlank(callbackUrl)) {
// If callback is a regex pattern, return it as it is.
if (callbackUrl.startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
return callbackUrl;
}

if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
callbackUrl = "regexp=(" + callbackUrl.replace(OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, tenantDomain)
+ "|" + callbackUrl.replace("/t/" + OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, "") + ")";
} else {
callbackUrl = callbackUrl.replace(OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, tenantDomain);
}
return callbackUrl;
}
return null;
}

/**
* Resolve MyAccount application callback url for a specific tenant based on the callback url configured in toml.
*
* @param tenantDomain Tenant domain.
* @return MyAccount callback url.
*/
public static String getMyAccountCallbackFromServerConfig(String tenantDomain) {

String callbackUrl = IdentityUtil.getProperty(OAuth2Constants.MY_ACCOUNT_CALLBACK_URL_FROM_SERVER_CONFIGS);
if (StringUtils.isNotBlank(callbackUrl)) {
// If callback is a regex pattern, return it as it is.
if (callbackUrl.startsWith(OAuthConstants.CALLBACK_URL_REGEXP_PREFIX)) {
return callbackUrl;
}

if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
callbackUrl = "regexp=(" + callbackUrl.replace(OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, tenantDomain)
+ "|" + callbackUrl.replace("/t/" + OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, "") + ")";
} else {
callbackUrl = callbackUrl.replace(OAuth2Constants.TENANT_DOMAIN_PLACEHOLDER, tenantDomain);
}
return callbackUrl;
}
return null;
}
}
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -890,7 +890,7 @@
<carbon.kernel.registry.imp.pkg.version.range>[1.0.1, 2.0.0)</carbon.kernel.registry.imp.pkg.version.range>

<!-- Carbon Identity Framework version -->
<carbon.identity.framework.version>5.25.520</carbon.identity.framework.version>
<carbon.identity.framework.version>5.25.640</carbon.identity.framework.version>
<carbon.identity.framework.imp.pkg.version.range>[5.25.234, 7.0.0)
</carbon.identity.framework.imp.pkg.version.range>

Expand Down

0 comments on commit f025ac7

Please sign in to comment.