Skip to content

Commit

Permalink
fix consent page for mandatory attributes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Thumimku
Thumimku committed Jan 22, 2025
1 parent e827d11 commit fe8d49f
Showing 1 changed file with 20 additions and 14 deletions.
34 changes: 20 additions & 14 deletions ...oint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -916,7 +916,7 @@ during post consent handling to get the original ConsentClaimsData object (Assum
value.setRequestedClaims(removeConsentRequestedNullUserAttributes(value.getRequestedClaims(),
loggedInUser.getUserAttributes(), spTenantDomain));
List<ClaimMetaData> requestedOidcClaimsList =
getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain);
getRequestedOidcClaimsList(value, oauth2Params, spTenantDomain, false);
value.setRequestedClaims(requestedOidcClaimsList);
}

Expand Down Expand Up @@ -3333,15 +3333,17 @@ private String handlePreConsent(OAuth2Parameters oauth2Params, AuthenticatedUser
removeConsentRequestedNullUserAttributes(claimsForApproval.getRequestedClaims(),
user.getUserAttributes(), spTenantDomain));
List<ClaimMetaData> requestedOidcClaimsList =
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain);
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain, false);
if (CollectionUtils.isNotEmpty(requestedOidcClaimsList)) {
requestClaimsQueryParam = REQUESTED_CLAIMS + "=" +
buildConsentClaimString(requestedOidcClaimsList);
}

if (CollectionUtils.isNotEmpty(claimsForApproval.getMandatoryClaims())) {
List<ClaimMetaData> mandatoryOidcClaims =
getRequestedOidcClaimsList(claimsForApproval, oauth2Params, spTenantDomain, true);
if (CollectionUtils.isNotEmpty(mandatoryOidcClaims)) {
mandatoryClaimsQueryParam = MANDATORY_CLAIMS + "=" +
buildConsentClaimString(claimsForApproval.getMandatoryClaims());
buildConsentClaimString(mandatoryOidcClaims);
}
additionalQueryParam = buildQueryParamString(requestClaimsQueryParam, mandatoryClaimsQueryParam);
}
Expand Down Expand Up @@ -3424,17 +3426,19 @@ private List<ClaimMetaData> removeConsentRequestedNullUserAttributes(List<ClaimM
}

/**
* Filter requested claims based on OIDC claims and return the claims which includes in OIDC.
* Filter requested or mandatory claims based on OIDC claims and return the claims included in OIDC.
*
* @param claimsForApproval Consent required claims.
* @param oauth2Params OAuth parameters.
* @param spTenantDomain Tenant domain.
* @return Requested OIDC claim list.
* @param isMandatory If true, filter mandatory claims; otherwise, filter requested claims.
* @return Filtered OIDC claim list.
* @throws RequestObjectException If an error occurred while getting essential claims for the session data key.
* @throws ClaimMetadataException If an error occurred while getting claim mappings.
*/
private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsForApproval,
OAuth2Parameters oauth2Params, String spTenantDomain)
OAuth2Parameters oauth2Params, String spTenantDomain,
boolean isMandatory)
throws RequestObjectException, ClaimMetadataException {

List<ClaimMetaData> requestedOidcClaimsList = new ArrayList<>();
Expand All @@ -3447,15 +3451,14 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF

List<String> essentialRequestedClaims = new ArrayList<>();

if (oauth2Params.isRequestObjectFlow()) {
if (!isMandatory && oauth2Params.isRequestObjectFlow()) {
// Get the requested claims came through request object.
List<RequestedClaim> requestedClaimsOfIdToken = EndpointUtil.getRequestObjectService()
.getRequestedClaimsForSessionDataKey(oauth2Params.getSessionDataKey(), false);

List<RequestedClaim> requestedClaimsOfUserInfo = EndpointUtil.getRequestObjectService()
.getRequestedClaimsForSessionDataKey(oauth2Params.getSessionDataKey(), true);


// Get the list of id token's essential claims.
for (RequestedClaim requestedClaim : requestedClaimsOfIdToken) {
if (requestedClaim.isEssential()) {
Expand All @@ -3473,7 +3476,7 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF

// Add user info's essential claims requested using claims parameter. Claims for id_token are skipped
// since claims parameter does not support id_token yet.
if (oauth2Params.getEssentialClaims() != null) {
if (!isMandatory && oauth2Params.getEssentialClaims() != null) {
essentialRequestedClaims.addAll(OAuth2Util.getEssentialClaims(oauth2Params.getEssentialClaims(),
USERINFO));
}
Expand Down Expand Up @@ -3506,10 +3509,13 @@ private List<ClaimMetaData> getRequestedOidcClaimsList(ConsentClaimsData claimsF
}
}

/* Check whether the local claim of oidc claims contains the requested claims or essential claims of
request object contains the requested claims, If it contains add it as requested claim.
*/
for (ClaimMetaData claimMetaData : claimsForApproval.getRequestedClaims()) {
// Determine the source claims list based on whether it is mandatory or requested.
List<ClaimMetaData> approvalPendingClaims = isMandatory
? claimsForApproval.getMandatoryClaims()
: claimsForApproval.getRequestedClaims();

// Filter claims based on OIDC mappings.
for (ClaimMetaData claimMetaData : approvalPendingClaims) {
if (localClaimsOfOidcClaims.contains(claimMetaData.getClaimUri()) ||
localClaimsOfEssentialClaims.contains(claimMetaData.getClaimUri())) {
requestedOidcClaimsList.add(claimMetaData);
Expand Down

0 comments on commit fe8d49f

Please sign in to comment.