feat(admin-ui): the algorithm to secure the JWT for a particular intr…

…ospection response #1409

Signed-off-by: Jeet Viramgama <jviramgama5@gmail.com>

admin-ui/app/locales/en/translation.json

@@ -76,6 +76,9 @@
   "fields": {
     "access_token_signing_alg": "JWS alg for signing",
     "default_permission_in_token": "Default permission in token",
+    "introspection_signed_response_alg": "Introspection Signed Response Alg",
+    "introspection_encrypted_response_alg": "Introspection Encrypted Response Alg",
+    "introspection_encrypted_response_enc": "Introspection Encrypted Response Enc",
     "tag": "Tag",
     "activate": "Activate",
     "use_search_limit": "Load Source Data withLimited Search",
@@ -619,6 +622,7 @@
   "titles": {
     "acrs": "ACRs",
     "active_users": "Actives Users && Access Token Stats",
+    "introspection_object": "Introspection Object",
     "acrs_logging": "ACRs && Logging",
     "algorithmic_keys": "Algorithmic Keys",
     "application_settings": "Application Settings",

admin-ui/app/locales/fr/translation.json

@@ -120,6 +120,9 @@
   "fields": {
     "tag": "Étiqueter",
     "issuer": "Émetteur",
+    "introspection_signed_response_alg": "Algorithme de signature de réponse d'inspection",
+    "introspection_encrypted_response_alg": "Algorithme de chiffrement de réponse d'inspection",
+    "introspection_encrypted_response_enc": "Algorithme de chiffrement de réponse d'inspection",
     "default_permission_in_token": "Permission par défaut dans le jeton",
     "base_endpoint": "Point d'Accès de Base",
     "use_search_limit": "Charger les données sources avec une recherche limitée",
@@ -542,6 +545,7 @@
   "titles": {
     "acrs": "ACR",
     "algorithmic_keys": "Clés algorithmiques",
+    "introspection_object": "Objet d'inspection",
     "all_attributes": "Tous les attributs",
     "all_custom_scripts": "Tous les scripts personnalisés",
     "all_oidc_clients": "Tous les clients OIDC",

admin-ui/app/locales/pt/translation.json

@@ -119,6 +119,9 @@
   "fields": {
     "tag": "Marcação",
     "default_permission_in_token": "Permissão padrão no token",
+    "introspection_signed_response_alg": "Algoritmo de assinatura da resposta de introspeção",
+    "introspection_encrypted_response_alg": "Algoritmo de criptografia da resposta de introspeção",
+    "introspection_encrypted_response_enc": "Algoritmo de criptografia da resposta de introspeção",
     "issuer": "Emissor",
     "base_endpoint": "Endpoint Base",
     "clean_service_interval": "Intervalo de Limpeza do Serviço",
@@ -540,6 +543,7 @@
   "titles": {
     "acrs": "ACRs",
     "algorithmic_keys": "Chaves Algorítmicas",
+    "introspection_object": "Objeto de introspecção",
     "all_attributes": "Todos os Atributos",
     "all_custom_scripts": "Todos os scripts personalizados",
     "all_oidc_clients": "Todos os clientes OIDC",

admin-ui/plugins/auth-server/components/Clients/ClientEncryptionSigningPanel.js

@@ -249,6 +249,48 @@ function ClientEncryptionSigningPanel({ formik, oidcConfiguration, viewOnly }) {
           />
         </Col>
       </FormGroup>
+      <h2>{t(`titles.introspection_object`)}</h2>
+      <FormGroup row>
+        <Col sm={6}>
+          <GluuSelectRow
+            label="fields.introspection_signed_response_alg"
+            formik={formik}
+            value={formik.values.introspectionSignedResponseAlg}
+            values={idTokenSignedResponseAlg}
+            lsize={6}
+            rsize={6}
+            name="introspectionSignedResponseAlg"
+            doc_category={DOC_CATEGORY}
+            disabled={viewOnly}
+          />
+        </Col>
+        <Col sm={6}>
+          <GluuSelectRow
+            label="fields.introspection_encrypted_response_alg"
+            formik={formik}
+            value={formik.values.introspectionEncryptedResponseAlg}
+            values={idTokenEncryptedResponseAlg}
+            lsize={6}
+            rsize={6}
+            name="introspectionEncryptedResponseAlg"
+            doc_category={DOC_CATEGORY}
+            disabled={viewOnly}
+          />
+        </Col>
+        <Col sm={6}>
+          <GluuSelectRow
+            label="fields.introspection_encrypted_response_enc"
+            formik={formik}
+            value={formik.values.introspectionEncryptedResponseEnc}
+            values={idTokenEncryptedResponseEnc}
+            lsize={6}
+            rsize={6}
+            name="introspectionEncryptedResponseEnc"
+            doc_category={DOC_CATEGORY}
+            disabled={viewOnly}
+          />
+        </Col>
+      </FormGroup>
     </Container>
   )
 }

admin-ui/plugins/auth-server/components/Clients/ClientWizardForm.js

@@ -117,6 +117,9 @@ function ClientWizardForm({
     oxAuthClaims: client_data.oxAuthClaims,
     attributes: client_data.attributes,
     tlsClientAuthSubjectDn: client_data.attributes.tlsClientAuthSubjectDn,
+    introspectionSignedResponseAlg: client_data.attributes.introspectionSignedResponseAlg,
+    introspectionEncryptedResponseAlg: client_data.attributes.introspectionEncryptedResponseAlg,
+    introspectionEncryptedResponseEnc: client_data.attributes.introspectionEncryptedResponseEnc,
     frontChannelLogoutSessionRequired: client_data.frontChannelLogoutSessionRequired,
     runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims:
       client_data.attributes
@@ -344,6 +347,12 @@ function ClientWizardForm({
             values['action_message'] = commitMessage
             values[ATTRIBUTE].tlsClientAuthSubjectDn =
               values.tlsClientAuthSubjectDn
+            values[ATTRIBUTE].introspectionSignedResponseAlg =
+              values.introspectionSignedResponseAlg
+            values[ATTRIBUTE].introspectionEncryptedResponseAlg =
+              values.introspectionEncryptedResponseAlg
+            values[ATTRIBUTE].introspectionEncryptedResponseEnc =
+              values.introspectionEncryptedResponseEnc
             values[
               ATTRIBUTE
             ].runIntrospectionScriptBeforeAccessTokenAsJwtCreationAndIncludeClaims =