This is an automated email from the ASF dual-hosted git repository.
sgarofalo pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new a9ea9fe5bb [SYNCOPE-1784] Allow custom scopes for OIDC client
applications (#535)
a9ea9fe5bb is described below
commit a9ea9fe5bb13d6a3d3e757e7667275c96a4fb7b6
Author: Samuel Garofalo <[email protected]>
AuthorDate: Wed Oct 25 15:47:26 2023 +0200
[SYNCOPE-1784] Allow custom scopes for OIDC client applications (#535)
* [SYNCOPE-1784] Allow custom scopes for OIDC client applications
---
.../clientapps/ClientAppModalPanelBuilder.java | 24 ++++++++++++++---
.../OIDCScope.java => OIDCScopeConstants.java} | 28 +++++++++++++++-----
.../syncope/common/lib/to/OIDCRPClientAppTO.java | 5 ++--
.../persistence/api/entity/am/OIDCRPClientApp.java | 3 +--
.../jpa/entity/am/JPAOIDCRPClientApp.java | 9 +++----
.../console/wizards/OIDCProviderWizardBuilder.java | 5 ++--
.../org/apache/syncope/fit/sra/OIDCSRAITCase.java | 8 +++---
.../org/apache/syncope/fit/ui/OIDCC4UIITCase.java | 12 ++++-----
.../wa/bootstrap/WAPropertySourceLocator.java | 10 ++++----
.../starter/mapping/OIDCRPClientAppTOMapper.java | 30 ++++++++++------------
10 files changed, 77 insertions(+), 57 deletions(-)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index 22b1ae7749..ef538d73ab 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -50,6 +50,7 @@ import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
import org.apache.syncope.client.ui.commons.panels.WizardModalPanel;
import org.apache.syncope.client.ui.commons.wizards.AbstractModalPanelBuilder;
import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.policy.PolicyTO;
import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.RealmTO;
@@ -57,7 +58,6 @@ import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.common.lib.types.PolicyType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
@@ -319,10 +319,26 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
new PropertyModel<>(clientAppTO,
"supportedResponseTypes"),
new
ListModel<>(List.of(OIDCResponseType.values()))));
- fields.add(new
AjaxPalettePanel.Builder<OIDCScope>().setName("scopes").build(
+ AutoCompleteSettings scopesSettings = new
AutoCompleteSettings();
+ scopesSettings.setShowCompleteListOnFocusGain(true);
+ scopesSettings.setShowListOnEmptyInput(true);
+ AjaxSearchFieldPanel scopes = new AjaxSearchFieldPanel(
+ "panel", "scopes", new
PropertyModel<>(clientAppTO, "scopes"), scopesSettings) {
+
+ private static final long serialVersionUID =
7160878678968866138L;
+
+ @Override
+ protected Iterator<String> getChoices(final String
input) {
+ List<String> choices = new
ArrayList<>(OIDCScopeConstants.ALL_STANDARD_SCOPES);
+ choices.add(OIDCScopeConstants.SYNCOPE);
+ return choices.iterator();
+ }
+ };
+ fields.add(new MultiFieldPanel.Builder<String>(
+ new PropertyModel<>(clientAppTO, "scopes")).build(
"field",
- new PropertyModel<>(clientAppTO, "scopes"),
- new ListModel<>(List.of(OIDCScope.values()))));
+ "scopes",
+ scopes));
AjaxTextFieldPanel logoutUri = new AjaxTextFieldPanel(
"field", "logoutUri", new
PropertyModel<>(clientAppTO, "logoutUri"), false);
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCScope.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCScopeConstants.java
similarity index 56%
rename from
common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCScope.java
rename to
common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCScopeConstants.java
index 57e6b58d73..29c3e39d11 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCScope.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCScopeConstants.java
@@ -16,13 +16,27 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.syncope.common.lib.types;
+package org.apache.syncope.common.lib;
-public enum OIDCScope {
- openid,
- profile,
- email,
- address,
- phone
+import java.util.List;
+public final class OIDCScopeConstants {
+
+ public static final String OPEN_ID = "openid";
+
+ public static final String PROFILE = "profile";
+
+ public static final String EMAIL = "email";
+
+ public static final String ADDRESS = "address";
+
+ public static final String PHONE = "phone";
+
+ public static final String SYNCOPE = "syncope";
+
+ public static final List<String> ALL_STANDARD_SCOPES = List.of(OPEN_ID,
PROFILE, EMAIL, ADDRESS, PHONE);
+
+ private OIDCScopeConstants() {
+ // private constructor for static utility class
+ }
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
index 7e0019494a..97e68ae3f6 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -28,7 +28,6 @@ import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
@Schema(allOf = { ClientAppTO.class })
@@ -52,7 +51,7 @@ public class OIDCRPClientAppTO extends ClientAppTO {
private final List<OIDCResponseType> supportedResponseTypes = new
ArrayList<>();
- private final List<OIDCScope> scopes = new ArrayList<>();
+ private final List<String> scopes = new ArrayList<>();
private String logoutUri;
@@ -135,7 +134,7 @@ public class OIDCRPClientAppTO extends ClientAppTO {
@JacksonXmlElementWrapper(localName = "scopes")
@JacksonXmlProperty(localName = "scope")
- public List<OIDCScope> getScopes() {
+ public List<String> getScopes() {
return scopes;
}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
index 357a7d0d59..4ae40a24ba 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -21,7 +21,6 @@ package org.apache.syncope.core.persistence.api.entity.am;
import java.util.Set;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
public interface OIDCRPClientApp extends ClientApp {
@@ -40,7 +39,7 @@ public interface OIDCRPClientApp extends ClientApp {
Set<OIDCResponseType> getSupportedResponseTypes();
- Set<OIDCScope> getScopes();
+ Set<String> getScopes();
boolean isSignIdToken();
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
index ebc97578f5..7fca26c315 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -35,7 +35,6 @@ import javax.persistence.Table;
import javax.persistence.Transient;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.core.persistence.api.entity.am.OIDCRPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -59,8 +58,8 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
new TypeReference<Set<OIDCResponseType>>() {
};
- protected static final TypeReference<Set<OIDCScope>> SCOPE_TYPEREF =
- new TypeReference<Set<OIDCScope>>() {
+ protected static final TypeReference<Set<String>> SCOPE_TYPEREF =
+ new TypeReference<Set<String>>() {
};
@Column(unique = true, nullable = false)
@@ -99,7 +98,7 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
private String scopes;
@Transient
- private Set<OIDCScope> scopesSet = new HashSet<>();
+ private Set<String> scopesSet = new HashSet<>();
private String logoutUri;
@@ -179,7 +178,7 @@ public class JPAOIDCRPClientApp extends AbstractClientApp
implements OIDCRPClien
}
@Override
- public Set<OIDCScope> getScopes() {
+ public Set<String> getScopes() {
return scopesSet;
}
diff --git
a/ext/oidcc4ui/client-console/src/main/java/org/apache/syncope/client/console/wizards/OIDCProviderWizardBuilder.java
b/ext/oidcc4ui/client-console/src/main/java/org/apache/syncope/client/console/wizards/OIDCProviderWizardBuilder.java
index 57d38a0fb1..5487680e3a 100644
---
a/ext/oidcc4ui/client-console/src/main/java/org/apache/syncope/client/console/wizards/OIDCProviderWizardBuilder.java
+++
b/ext/oidcc4ui/client-console/src/main/java/org/apache/syncope/client/console/wizards/OIDCProviderWizardBuilder.java
@@ -23,7 +23,6 @@ import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.Future;
import java.util.stream.Collectors;
-import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.client.console.SyncopeConsoleSession;
@@ -41,10 +40,10 @@ import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxCheckBoxPanel;
import org.apache.syncope.client.ui.commons.markup.html.form.AjaxPalettePanel;
import
org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
import org.apache.syncope.client.ui.commons.wizards.AjaxWizardBuilder;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.to.ImplementationTO;
import org.apache.syncope.common.lib.to.OIDCC4UIProviderTO;
import org.apache.syncope.common.lib.types.OIDCClientImplementationType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.wicket.PageReference;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.extensions.wizard.WizardModel;
@@ -270,7 +269,7 @@ public class OIDCProviderWizardBuilder extends
AjaxWizardBuilder<OIDCC4UIProvide
});
AjaxTextFieldPanel value = new AjaxTextFieldPanel("panel",
"scopes", new Model<>());
-
value.setChoices(Stream.of(OIDCScope.values()).map(OIDCScope::name).collect(Collectors.toList()));
+ value.setChoices(OIDCScopeConstants.ALL_STANDARD_SCOPES);
content.add(new MultiFieldPanel.Builder<String>(
new PropertyModel<>(opTO, "scopes")).build("scopes",
"scopes", value));
}
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
index 12fdbb7717..b379c1ef55 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java
@@ -61,11 +61,11 @@ import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.OIDCGrantType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.common.rest.api.RESTHeaders;
import org.apache.syncope.common.rest.api.service.wa.WAConfigService;
@@ -132,9 +132,9 @@ public class OIDCSRAITCase extends AbstractSRAITCase {
clientApp.setLogoutUri(SRA_ADDRESS + "/logout");
clientApp.setAuthPolicy(getAuthPolicy().getKey());
clientApp.setAttrReleasePolicy(getAttrReleasePolicy().getKey());
- clientApp.getScopes().add(OIDCScope.openid);
- clientApp.getScopes().add(OIDCScope.profile);
- clientApp.getScopes().add(OIDCScope.email);
+ clientApp.getScopes().add(OIDCScopeConstants.OPEN_ID);
+ clientApp.getScopes().add(OIDCScopeConstants.PROFILE);
+ clientApp.getScopes().add(OIDCScopeConstants.EMAIL);
clientApp.getSupportedGrantTypes().add(OIDCGrantType.password);
clientApp.getSupportedGrantTypes().add(OIDCGrantType.authorization_code);
diff --git
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDCC4UIITCase.java
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDCC4UIITCase.java
index 9abaeedccc..831703254f 100644
---
a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDCC4UIITCase.java
+++
b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDCC4UIITCase.java
@@ -28,8 +28,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.Set;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.http.Consts;
@@ -47,13 +45,13 @@ import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.syncope.client.ui.commons.panels.OIDCC4UIConstants;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.to.Item;
import org.apache.syncope.common.lib.to.OIDCC4UIProviderTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.common.rest.api.RESTHeaders;
import org.apache.syncope.common.rest.api.service.wa.WAConfigService;
@@ -97,9 +95,9 @@ public class OIDCC4UIITCase extends AbstractUIITCase {
Set.of(OIDCResponseType.CODE, OIDCResponseType.ID_TOKEN_TOKEN,
OIDCResponseType.TOKEN));
clientApp.setAuthPolicy(getAuthPolicy().getKey());
clientApp.setAttrReleasePolicy(getAttrReleasePolicy().getKey());
- clientApp.getScopes().add(OIDCScope.openid);
- clientApp.getScopes().add(OIDCScope.profile);
- clientApp.getScopes().add(OIDCScope.email);
+ clientApp.getScopes().add(OIDCScopeConstants.OPEN_ID);
+ clientApp.getScopes().add(OIDCScopeConstants.PROFILE);
+ clientApp.getScopes().add(OIDCScopeConstants.EMAIL);
CLIENT_APP_SERVICE.update(ClientAppType.OIDCRP, clientApp);
WA_CONFIG_SERVICE.pushToWA(WAConfigService.PushSubject.clientApps,
List.of());
@@ -142,7 +140,7 @@ public class OIDCC4UIITCase extends AbstractUIITCase {
cas.setUserinfoEndpoint(cas.getIssuer() + "/profile");
cas.setEndSessionEndpoint(cas.getIssuer() + "/logout");
-
cas.getScopes().addAll(Stream.of(OIDCScope.values()).map(OIDCScope::name).collect(Collectors.toList()));
+ cas.getScopes().addAll(OIDCScopeConstants.ALL_STANDARD_SCOPES);
cas.getScopes().add("syncope");
cas.setCreateUnmatching(createUnmatching);
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.java
index 96e372a8a9..c24434312b 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WAPropertySourceLocator.java
@@ -30,8 +30,8 @@ import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.rest.api.service.AttrRepoService;
import org.apache.syncope.common.rest.api.service.AuthModuleService;
import org.apache.syncope.common.rest.api.service.wa.WAClientAppService;
@@ -156,16 +156,16 @@ public class WAPropertySourceLocator implements
PropertySourceLocator {
map(p ->
p.getAllowedAttributes().stream().collect(Collectors.toSet())).
ifPresent(claims::addAll);
}
- if (rp.getScopes().contains(OIDCScope.profile)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PROFILE)) {
claims.removeAll(OidcProfileScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.address)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.ADDRESS)) {
claims.removeAll(OidcAddressScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.email)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.EMAIL)) {
claims.removeAll(OidcEmailScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.phone)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PHONE)) {
claims.removeAll(OidcPhoneScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 3f8a4970d0..7f923b4e6b 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -23,11 +23,11 @@ import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
+import org.apache.syncope.common.lib.OIDCScopeConstants;
import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
-import org.apache.syncope.common.lib.types.OIDCScope;
import org.apache.syncope.common.lib.wa.WAClientApp;
import org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy;
import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy;
@@ -51,8 +51,6 @@ import
org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
public class OIDCRPClientAppTOMapper extends AbstractClientAppMapper {
- private static final String CUSTOM_SCOPE = "syncope";
-
@Override
public boolean supports(final ClientAppTO clientApp) {
return OIDCRPClientAppTO.class.equals(clientApp.getClass());
@@ -92,9 +90,7 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
Optional.ofNullable(rp.getSubjectType()).ifPresent(st ->
service.setSubjectType(st.name()));
service.setLogoutUrl(rp.getLogoutUri());
- service.setScopes(rp.getScopes().stream().
- map(OIDCScope::name).
- collect(Collectors.toSet()));
+ service.setScopes(new HashSet<>(rp.getScopes()));
ChainingAttributeReleasePolicy chain;
if (attributeReleasePolicy instanceof ChainingAttributeReleasePolicy) {
@@ -104,19 +100,19 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
Optional.ofNullable(attributeReleasePolicy).ifPresent(chain::addPolicies);
}
- if (rp.getScopes().contains(OIDCScope.openid)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.OPEN_ID)) {
chain.addPolicies(new OidcOpenIdScopeAttributeReleasePolicy());
}
- if (rp.getScopes().contains(OIDCScope.profile)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PROFILE)) {
chain.addPolicies(new OidcProfileScopeAttributeReleasePolicy());
}
- if (rp.getScopes().contains(OIDCScope.address)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.ADDRESS)) {
chain.addPolicies(new OidcAddressScopeAttributeReleasePolicy());
}
- if (rp.getScopes().contains(OIDCScope.email)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.EMAIL)) {
chain.addPolicies(new OidcEmailScopeAttributeReleasePolicy());
}
- if (rp.getScopes().contains(OIDCScope.phone)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PHONE)) {
chain.addPolicies(new OidcPhoneScopeAttributeReleasePolicy());
}
@@ -135,24 +131,24 @@ public class OIDCRPClientAppTOMapper extends
AbstractClientAppMapper {
map(p ->
p.getAllowedAttributes().stream().collect(Collectors.toSet())).
ifPresent(customClaims::addAll);
}
- if (rp.getScopes().contains(OIDCScope.profile)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PROFILE)) {
customClaims.removeAll(OidcProfileScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.address)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.ADDRESS)) {
customClaims.removeAll(OidcAddressScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.email)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.EMAIL)) {
customClaims.removeAll(OidcEmailScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
- if (rp.getScopes().contains(OIDCScope.phone)) {
+ if (rp.getScopes().contains(OIDCScopeConstants.PHONE)) {
customClaims.removeAll(OidcPhoneScopeAttributeReleasePolicy.ALLOWED_CLAIMS);
}
if (!customClaims.isEmpty()) {
- service.getScopes().add(CUSTOM_SCOPE);
+ service.getScopes().add(OIDCScopeConstants.SYNCOPE);
chain.addPolicies(new OidcCustomScopeAttributeReleasePolicy(
- CUSTOM_SCOPE,
customClaims.stream().collect(Collectors.toList())));
+ OIDCScopeConstants.SYNCOPE,
customClaims.stream().collect(Collectors.toList())));
}
setPolicies(service, authPolicy, mfaPolicy, accessStrategy, chain,
