(airavata-custos) branch master updated: updated the oidc endpoint to align with the standard protocol

[lahirujayathilake]

This is an automated email from the ASF dual-hosted git repository.

lahirujayathilake pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git


The following commit(s) were added to refs/heads/master by this push:
     new 30d87d30e updated the oidc endpoint to align with the standard protocol
30d87d30e is described below

commit 30d87d30ec7a352fd984db67fac43b9db098982a
Author: lahiruj <lahirujayathil...@gmail.com>
AuthorDate: Fri Oct 18 09:07:52 2024 -0400

    updated the oidc endpoint to align with the standard protocol
---
 .../api/identity/IdentityManagementController.java    | 19 ++++++++++++++-----
 .../client/keycloak/auth/KeycloakAuthClient.java      |  2 +-
 .../custos/service/identity/IdentityService.java      |  2 +-
 .../service/management/IdentityManagementService.java | 13 -------------
 4 files changed, 16 insertions(+), 20 deletions(-)

diff --git 
a/api/src/main/java/org/apache/custos/api/identity/IdentityManagementController.java
 
b/api/src/main/java/org/apache/custos/api/identity/IdentityManagementController.java
index c246eef04..487401d39 100644
--- 
a/api/src/main/java/org/apache/custos/api/identity/IdentityManagementController.java
+++ 
b/api/src/main/java/org/apache/custos/api/identity/IdentityManagementController.java
@@ -46,6 +46,7 @@ import 
org.apache.custos.service.credential.store.CredentialManager;
 import org.apache.custos.service.management.IdentityManagementService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
 import io.swagger.v3.oas.annotations.media.ArraySchema;
 import io.swagger.v3.oas.annotations.media.Content;
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -59,6 +60,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
@@ -498,21 +500,28 @@ public class IdentityManagementController {
         }
     }
 
-    @GetMapping("/.well-known/openid-configuration")
+    @GetMapping("/tenant/{tenantId}/.well-known/openid-configuration")
     @Operation(
             summary = "Get OIDC Configuration",
+            parameters = {
+                    @Parameter(
+                            name = "tenantId",
+                            in = ParameterIn.PATH,
+                            required = true,
+                            schema = @Schema(type = "integer", format = 
"int64")
+                    ),
+            },
             description = "Retrieves the OpenID Connect (OIDC) configuration 
using the provided GetOIDCConfiguration request. " +
                     "Returns an OIDCConfiguration object.",
             responses = {
                     @ApiResponse(responseCode = "200", description = 
"Successful operation", content = @Content(schema = @Schema(implementation = 
OIDCConfiguration.class))),
-                    @ApiResponse(responseCode = "401", description = 
"Unauthorized Request", content = @Content()),
-                    @ApiResponse(responseCode = "404", description = "When the 
associated Tenant or Credentials cannot be found", content = @Content()),
+                    @ApiResponse(responseCode = "404", description = "When the 
associated Tenant cannot be found", content = @Content()),
                     @ApiResponse(responseCode = "500", description = "Internal 
Server Error", content = @Content())
             }
     )
-    public ResponseEntity<OIDCConfiguration> 
getOIDCConfiguration(@RequestParam(value = "client_id") String clientId) {
+    public ResponseEntity<OIDCConfiguration> 
getOIDCConfiguration(@PathVariable("tenantId") long tenantId) {
         GetOIDCConfiguration request = GetOIDCConfiguration.newBuilder()
-                .setClientId(clientId)
+                .setTenantId(tenantId)
                 .build();
         OIDCConfiguration response = 
identityManagementService.getOIDCConfiguration(request);
         return ResponseEntity.ok(response);
diff --git 
a/services/src/main/java/org/apache/custos/service/federated/client/keycloak/auth/KeycloakAuthClient.java
 
b/services/src/main/java/org/apache/custos/service/federated/client/keycloak/auth/KeycloakAuthClient.java
index b38bc2240..6aee9a3c2 100644
--- 
a/services/src/main/java/org/apache/custos/service/federated/client/keycloak/auth/KeycloakAuthClient.java
+++ 
b/services/src/main/java/org/apache/custos/service/federated/client/keycloak/auth/KeycloakAuthClient.java
@@ -274,7 +274,7 @@ public class KeycloakAuthClient {
         return openIdConnectConfig.getString("introspection_endpoint");
     }
 
-    public JSONObject getOIDCConfiguration(String tenantId, String clientId) 
throws Exception {
+    public JSONObject getOIDCConfiguration(String tenantId) throws Exception {
         String openIdConnectUrl = getOpenIDConfigurationUrl(tenantId);
         return new JSONObject(getFromUrl(openIdConnectUrl, null));
     }
diff --git 
a/services/src/main/java/org/apache/custos/service/identity/IdentityService.java
 
b/services/src/main/java/org/apache/custos/service/identity/IdentityService.java
index e181dd0df..e0b13402f 100644
--- 
a/services/src/main/java/org/apache/custos/service/identity/IdentityService.java
+++ 
b/services/src/main/java/org/apache/custos/service/identity/IdentityService.java
@@ -292,7 +292,7 @@ public class IdentityService {
         try {
             LOGGER.debug("Request for fetch OIDC configuration " + 
request.getTenantId());
 
-            JSONObject object = 
keycloakAuthClient.getOIDCConfiguration(String.valueOf(request.getTenantId()), 
request.getClientId());
+            JSONObject object = 
keycloakAuthClient.getOIDCConfiguration(String.valueOf(request.getTenantId()));
 
             return OIDCConfiguration.newBuilder()
                     .setIssuer("https://"; + request.getTenantId() + 
".usecustos.org")
diff --git 
a/services/src/main/java/org/apache/custos/service/management/IdentityManagementService.java
 
b/services/src/main/java/org/apache/custos/service/management/IdentityManagementService.java
index 723171ab1..30ae13be6 100644
--- 
a/services/src/main/java/org/apache/custos/service/management/IdentityManagementService.java
+++ 
b/services/src/main/java/org/apache/custos/service/management/IdentityManagementService.java
@@ -307,19 +307,6 @@ public class IdentityManagementService {
     public OIDCConfiguration getOIDCConfiguration(GetOIDCConfiguration 
request) {
         try {
             LOGGER.debug("Request received  to fetch OIDC configuration " + 
request.getTenantId());
-
-            String clientId = request.getClientId();
-            GetCredentialRequest req = 
GetCredentialRequest.newBuilder().setId(clientId).build();
-            CredentialMetadata metadata = 
credentialStoreService.getCustosCredentialFromClientId(req);
-
-            GetCredentialRequest iamCredentialRequest = 
GetCredentialRequest.newBuilder()
-                    .setType(Type.IAM)
-                    .setOwnerId(metadata.getOwnerId())
-                    .setId(request.getClientId()).build();
-
-            CredentialMetadata iamCredential = 
credentialStoreService.getCredential(iamCredentialRequest);
-            request = 
request.toBuilder().setTenantId(metadata.getOwnerId()).setClientId(iamCredential.getId()).build();
-
             return identityService.getOIDCConfiguration(request);
 
         } catch (Exception ex) {