(syncope) branch master updated: [SYNCOPE-1788] Allow JWKS value for OIDC client applications (#550)

sgarofalo Wed, 15 Nov 2023 07:31:15 -0800

This is an automated email from the ASF dual-hosted git repository.

sgarofalo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git



The following commit(s) were added to refs/heads/master by this push:
     new 38dac05d8b [SYNCOPE-1788] Allow JWKS value for OIDC client 
applications (#550)
38dac05d8b is described below

commit 38dac05d8b1c46e4c1b63f268a35bff15c6b4871
Author: Samuel Garofalo <72073457+samuelg...@users.noreply.github.com>
AuthorDate: Wed Nov 15 16:30:00 2023 +0100

    [SYNCOPE-1788] Allow JWKS value for OIDC client applications (#550)
---
 .../clientapps/ClientAppModalPanelBuilder.java     | 51 ++++++++++++++++++
 .../clientapps/ClientAppDirectoryPanel.properties  |  3 ++
 .../ClientAppDirectoryPanel_fr_CA.properties       |  3 ++
 .../ClientAppDirectoryPanel_it.properties          |  3 ++
 .../ClientAppDirectoryPanel_ja.properties          |  3 ++
 .../ClientAppDirectoryPanel_pt_BR.properties       |  3 ++
 .../ClientAppDirectoryPanel_ru.properties          |  3 ++
 .../syncope/common/lib/to/OIDCRPClientAppTO.java   | 63 +++++++++++++++++-----
 .../lib/types/OIDCClientAuthenticationMethod.java  | 28 ++++++++++
 .../persistence/api/entity/am/OIDCRPClientApp.java | 14 +++++
 .../jpa/entity/am/JPAOIDCRPClientApp.java          | 40 ++++++++++++++
 .../java/data/ClientAppDataBinderImpl.java         |  6 +++
 .../starter/mapping/OIDCRPClientAppTOMapper.java   |  7 +++
 13 files changed, 215 insertions(+), 12 deletions(-)

diff --git 
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
 
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index ef538d73ab..1a4ccf8e9e 100644
--- 
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++ 
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -18,7 +18,10 @@
  */
 package org.apache.syncope.client.console.clientapps;
 
+import jakarta.ws.rs.core.MediaType;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Comparator;
 import java.util.Iterator;
 import java.util.LinkedHashMap;
@@ -37,6 +40,7 @@ import 
org.apache.syncope.client.console.rest.PolicyRestClient;
 import org.apache.syncope.client.console.rest.RealmRestClient;
 import 
org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
 import 
org.apache.syncope.client.console.wicket.markup.html.form.AjaxSearchFieldPanel;
+import 
org.apache.syncope.client.console.wicket.markup.html.form.BinaryFieldPanel;
 import 
org.apache.syncope.client.console.wicket.markup.html.form.MultiFieldPanel;
 import 
org.apache.syncope.client.console.wicket.markup.html.form.PolicyRenderer;
 import org.apache.syncope.client.ui.commons.Constants;
@@ -53,9 +57,11 @@ import 
org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
 import org.apache.syncope.common.lib.OIDCScopeConstants;
 import org.apache.syncope.common.lib.policy.PolicyTO;
 import org.apache.syncope.common.lib.to.ClientAppTO;
+import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
 import org.apache.syncope.common.lib.to.RealmTO;
 import org.apache.syncope.common.lib.types.ClientAppType;
 import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -344,6 +350,51 @@ public class ClientAppModalPanelBuilder<T extends 
ClientAppTO> extends AbstractM
                             "field", "logoutUri", new 
PropertyModel<>(clientAppTO, "logoutUri"), false);
                     logoutUri.addValidator(new UrlValidator());
                     fields.add(logoutUri);
+
+                    BinaryFieldPanel jwks = new BinaryFieldPanel(
+                            "field",
+                            "jwks",
+                            new Model<>() {
+
+                        private static final long serialVersionUID = 
7666049400663637482L;
+
+                        @Override
+                        public String getObject() {
+                            OIDCRPClientAppTO oidcRPCA = (OIDCRPClientAppTO) 
clientAppTO;
+                            return StringUtils.isBlank(oidcRPCA.getJwks())
+                                    ? null
+                                    : Base64.getEncoder().encodeToString(
+                                            
oidcRPCA.getJwks().getBytes(StandardCharsets.UTF_8));
+                        }
+
+                        @Override
+                        public void setObject(final String object) {
+                            OIDCRPClientAppTO oidcRPCA = (OIDCRPClientAppTO) 
clientAppTO;
+                            if (StringUtils.isBlank(object)) {
+                                oidcRPCA.setJwks(null);
+                            } else {
+                                oidcRPCA.setJwks(
+                                        new 
String(Base64.getDecoder().decode(object), StandardCharsets.UTF_8));
+                            }
+                        }
+                    },
+                            MediaType.APPLICATION_JSON,
+                            "client-jwks");
+                    fields.add(jwks);
+
+                    AjaxTextFieldPanel jwksUri = new AjaxTextFieldPanel(
+                            "field", "jwksUri", new 
PropertyModel<>(clientAppTO, "jwksUri"), false);
+                    jwksUri.addValidator(new UrlValidator());
+                    fields.add(jwksUri);
+
+                    AjaxDropDownChoicePanel<OIDCClientAuthenticationMethod> 
tokenEndpointAuthenticationMethod =
+                            new AjaxDropDownChoicePanel<>(
+                                    "field",
+                                    "tokenEndpointAuthenticationMethod",
+                                    new PropertyModel<>(clientAppTO, 
"tokenEndpointAuthenticationMethod"),
+                                    false);
+                    
tokenEndpointAuthenticationMethod.setChoices(List.of(OIDCClientAuthenticationMethod.values()));
+                    fields.add(tokenEndpointAuthenticationMethod);
                     break;
 
                 case SAML2SP:
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
index 8a90e272bd..49116e51d8 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
@@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider for ${name}
 ticketExpirationPolicy=Ticket Expiration Policy
 auditHistory.title=Configuration history
 logoutType=Logout Type
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
index afb22b5b51..13b5ea6270 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
@@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider for ${name}
 ticketExpirationPolicy=Ticket Expiration Policy
 auditHistory.title=Historique de configuration
 logoutType=Logout Type
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
index 0ca1bf1e08..8b3cebc799 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
@@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider per ${name}
 ticketExpirationPolicy=Politica Ticket Expiration
 auditHistory.title=Storico delle configurazioni
 logoutType=Tipo Logout
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Metodo di autenticazione dell'endpoint token
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
index 824c6a4abe..aa63ddba37 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
@@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider for ${name}
 ticketExpirationPolicy=Ticket Expiration Policy
 auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
 logoutType=Logout Type
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
index cf375f5886..aa4455ca36 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
@@ -67,3 +67,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider for ${name}
 ticketExpirationPolicy=Ticket Expiration Policy
 auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
 logoutType=Logout Type
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
diff --git 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
index ffed062b7e..5d93238893 100644
--- 
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
+++ 
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
@@ -68,3 +68,6 @@ usernameAttributeProviderConf.title=Username Attribute 
Provider for ${name}
 ticketExpirationPolicy=Ticket Expiration Policy
 auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f 
\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
 logoutType=Logout Type
+jwks=JWKS
+jwksUri=JWKS URI
+tokenEndpointAuthenticationMethod=Token Endpoint Authentication Method
diff --git 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
index 97e68ae3f6..88ebf1e2d0 100644
--- 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
+++ 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/OIDCRPClientAppTO.java
@@ -26,6 +26,7 @@ import java.util.ArrayList;
 import java.util.List;
 import org.apache.commons.lang3.builder.EqualsBuilder;
 import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -53,10 +54,17 @@ public class OIDCRPClientAppTO extends ClientAppTO {
 
     private final List<String> scopes = new ArrayList<>();
 
-    private String logoutUri;
-
     private boolean bypassApprovalPrompt = true;
 
+    private String jwks;
+
+    private String jwksUri;
+
+    private OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod =
+            OIDCClientAuthenticationMethod.client_secret_basic;
+
+    private String logoutUri;
+
     @JacksonXmlProperty(localName = "_class", isAttribute = true)
     @JsonProperty("_class")
     @Schema(name = "_class", requiredMode = Schema.RequiredMode.REQUIRED,
@@ -116,14 +124,6 @@ public class OIDCRPClientAppTO extends ClientAppTO {
         this.subjectType = subjectType;
     }
 
-    public String getLogoutUri() {
-        return logoutUri;
-    }
-
-    public void setLogoutUri(final String logoutUri) {
-        this.logoutUri = logoutUri;
-    }
-
     public boolean isJwtAccessToken() {
         return jwtAccessToken;
     }
@@ -146,6 +146,39 @@ public class OIDCRPClientAppTO extends ClientAppTO {
         this.bypassApprovalPrompt = bypassApprovalPrompt;
     }
 
+    public String getJwks() {
+        return jwks;
+    }
+
+    public void setJwks(final String jwks) {
+        this.jwks = jwks;
+    }
+
+    public String getJwksUri() {
+        return jwksUri;
+    }
+
+    public void setJwksUri(final String jwksUri) {
+        this.jwksUri = jwksUri;
+    }
+
+    public OIDCClientAuthenticationMethod 
getTokenEndpointAuthenticationMethod() {
+        return tokenEndpointAuthenticationMethod;
+    }
+
+    public void setTokenEndpointAuthenticationMethod(
+            final OIDCClientAuthenticationMethod 
tokenEndpointAuthenticationMethod) {
+        this.tokenEndpointAuthenticationMethod = 
tokenEndpointAuthenticationMethod;
+    }
+
+    public String getLogoutUri() {
+        return logoutUri;
+    }
+
+    public void setLogoutUri(final String logoutUri) {
+        this.logoutUri = logoutUri;
+    }
+
     @Override
     public boolean equals(final Object obj) {
         if (obj == null) {
@@ -167,10 +200,13 @@ public class OIDCRPClientAppTO extends ClientAppTO {
                 .append(this.redirectUris, rhs.redirectUris)
                 .append(this.supportedGrantTypes, rhs.supportedGrantTypes)
                 .append(this.supportedResponseTypes, 
rhs.supportedResponseTypes)
-                .append(this.logoutUri, rhs.logoutUri)
                 .append(this.jwtAccessToken, rhs.jwtAccessToken)
                 .append(this.scopes, rhs.scopes)
                 .append(this.bypassApprovalPrompt, rhs.bypassApprovalPrompt)
+                .append(this.jwks, rhs.jwks)
+                .append(this.jwksUri, rhs.jwksUri)
+                .append(this.tokenEndpointAuthenticationMethod, 
rhs.tokenEndpointAuthenticationMethod)
+                .append(this.logoutUri, rhs.logoutUri)
                 .isEquals();
     }
 
@@ -185,10 +221,13 @@ public class OIDCRPClientAppTO extends ClientAppTO {
                 .append(redirectUris)
                 .append(supportedGrantTypes)
                 .append(supportedResponseTypes)
-                .append(logoutUri)
                 .append(jwtAccessToken)
                 .append(scopes)
                 .append(bypassApprovalPrompt)
+                .append(jwks)
+                .append(jwksUri)
+                .append(tokenEndpointAuthenticationMethod)
+                .append(logoutUri)
                 .toHashCode();
     }
 }
diff --git 
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCClientAuthenticationMethod.java
 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCClientAuthenticationMethod.java
new file mode 100644
index 0000000000..c7165200b9
--- /dev/null
+++ 
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCClientAuthenticationMethod.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum OIDCClientAuthenticationMethod {
+    client_secret_basic,
+    client_secret_post,
+    client_secret_jwt,
+    private_key_jwt,
+    tls_client_auth;
+
+}
diff --git 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
index 4ae40a24ba..504bfd6d34 100644
--- 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
+++ 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/OIDCRPClientApp.java
@@ -19,6 +19,7 @@
 package org.apache.syncope.core.persistence.api.entity.am;
 
 import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -57,7 +58,20 @@ public interface OIDCRPClientApp extends ClientApp {
 
     void setSubjectType(OIDCSubjectType subjectType);
 
+    String getJwks();
+
+    void setJwks(String jwks);
+
+    String getJwksUri();
+
+    void setJwksUri(String jwksUri);
+
+    OIDCClientAuthenticationMethod getTokenEndpointAuthenticationMethod();
+
+    void setTokenEndpointAuthenticationMethod(OIDCClientAuthenticationMethod 
tokenEndpointAuthenticationMethod);
+
     String getLogoutUri();
 
     void setLogoutUri(String logoutUri);
+
 }
diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
index 3a6b716e11..40a818c14c 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPAOIDCRPClientApp.java
@@ -33,6 +33,7 @@ import jakarta.persistence.Table;
 import jakarta.persistence.Transient;
 import java.util.HashSet;
 import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
 import org.apache.syncope.common.lib.types.OIDCGrantType;
 import org.apache.syncope.common.lib.types.OIDCResponseType;
 import org.apache.syncope.common.lib.types.OIDCSubjectType;
@@ -100,6 +101,13 @@ public class JPAOIDCRPClientApp extends AbstractClientApp 
implements OIDCRPClien
     @Transient
     private Set<String> scopesSet = new HashSet<>();
 
+    @Lob
+    private String jwks;
+
+    private String jwksUri;
+
+    private OIDCClientAuthenticationMethod tokenEndpointAuthenticationMethod;
+
     private String logoutUri;
 
     @Override
@@ -182,6 +190,38 @@ public class JPAOIDCRPClientApp extends AbstractClientApp 
implements OIDCRPClien
         return scopesSet;
     }
 
+    @Override
+    public String getJwks() {
+        return jwks;
+    }
+
+    @Override
+    public void setJwks(final String jwks) {
+        this.jwks = jwks;
+    }
+
+    @Override
+    public String getJwksUri() {
+        return jwksUri;
+    }
+
+    @Override
+    public void setJwksUri(final String jwksUri) {
+        this.jwksUri = jwksUri;
+    }
+
+    @Override
+    public OIDCClientAuthenticationMethod 
getTokenEndpointAuthenticationMethod() {
+        return tokenEndpointAuthenticationMethod;
+    }
+
+    @Override
+    public void setTokenEndpointAuthenticationMethod(
+            final OIDCClientAuthenticationMethod 
tokenEndpointAuthenticationMethod) {
+
+        this.tokenEndpointAuthenticationMethod = 
tokenEndpointAuthenticationMethod;
+    }
+
     @Override
     public String getLogoutUri() {
         return logoutUri;
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index 390ab3b964..7bebba11b6 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -237,6 +237,9 @@ public class ClientAppDataBinderImpl implements 
ClientAppDataBinder {
         clientApp.getScopes().clear();
         clientApp.getScopes().addAll(clientAppTO.getScopes());
         clientApp.setLogoutUri(clientAppTO.getLogoutUri());
+        clientApp.setJwks(clientAppTO.getJwks());
+        clientApp.setJwksUri(clientAppTO.getJwksUri());
+        
clientApp.setTokenEndpointAuthenticationMethod(clientAppTO.getTokenEndpointAuthenticationMethod());
     }
 
     protected OIDCRPClientAppTO getOIDCClientAppTO(final OIDCRPClientApp 
clientApp) {
@@ -254,6 +257,9 @@ public class ClientAppDataBinderImpl implements 
ClientAppDataBinder {
         clientAppTO.setLogoutUri(clientApp.getLogoutUri());
         clientAppTO.setJwtAccessToken(clientApp.isJwtAccessToken());
         
clientAppTO.setBypassApprovalPrompt(clientApp.isBypassApprovalPrompt());
+        clientAppTO.setJwks(clientApp.getJwks());
+        clientAppTO.setJwksUri(clientApp.getJwksUri());
+        
clientAppTO.setTokenEndpointAuthenticationMethod(clientApp.getTokenEndpointAuthenticationMethod());
 
         return clientAppTO;
     }
diff --git 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index 11f0a92d87..fddaf0ca74 100644
--- 
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++ 
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -23,6 +23,7 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.syncope.common.lib.OIDCScopeConstants;
 import org.apache.syncope.common.lib.to.ClientAppTO;
 import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
@@ -81,12 +82,18 @@ public class OIDCRPClientAppTOMapper extends 
AbstractClientAppMapper {
         }
         service.setJwtAccessToken(rp.isJwtAccessToken());
         service.setBypassApprovalPrompt(rp.isBypassApprovalPrompt());
+        if (StringUtils.isNotBlank(rp.getJwksUri())) {
+            service.setJwks(rp.getJwksUri());
+        } else {
+            service.setJwks(rp.getJwks());
+        }
         service.setSupportedGrantTypes(rp.getSupportedGrantTypes().stream().
                 map(OIDCGrantType::name).collect(Collectors.toSet()));
         
service.setSupportedResponseTypes(rp.getSupportedResponseTypes().stream().
                 
map(OIDCResponseType::getExternalForm).collect(Collectors.toSet()));
         Optional.ofNullable(rp.getSubjectType()).ifPresent(st -> 
service.setSubjectType(st.name()));
         service.setLogoutUrl(rp.getLogoutUri());
+        
service.setTokenEndpointAuthenticationMethod(rp.getTokenEndpointAuthenticationMethod().name());
 
         service.setScopes(new HashSet<>(rp.getScopes()));

(syncope) branch master updated: [SYNCOPE-1788] Allow JWKS value for OIDC client applications (#550)

Reply via email to