From 258864b03b2ace3f15f267693733775c933fa043 Mon Sep 17 00:00:00 2001 From: YuriyZ Date: Fri, 28 Oct 2022 18:21:59 +0300 Subject: [PATCH] feat(jans-linux-setup): added token exchange grant type Native SSO https://github.com/JanssenProject/jans/issues/2518 https://github.com/JanssenProject/jans/issues/2767 --- .../config-guide/jans-cli/cli-jans-authorization-server.md | 4 +++- .../jans-cli/im/im-jans-authorization-server.md | 2 ++ jans-auth-server/server/conf/jans-config.json | 3 ++- .../openbanking/templates/jans-auth/jans-auth-config.json | 3 ++- jans-linux-setup/jans_setup/setup_app/test_data_loader.py | 4 ++-- .../jans_setup/templates/jans-auth/jans-auth-config.json | 6 ++++-- .../jans_setup/templates/test/docs/oxauth-config-update.md | 3 ++- 7 files changed, 17 insertions(+), 8 deletions(-) diff --git a/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md b/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md index bff7874b9b6..a0f9db443b7 100644 --- a/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md +++ b/docs/admin/config-guide/jans-cli/cli-jans-authorization-server.md @@ -98,7 +98,8 @@ Getting access token for scope https://jans.io/oauth/jans-auth-server/config/pro "urn:ietf:params:oauth:grant-type:device_code", "client_credentials", "urn:ietf:params:oauth:grant-type:uma-ticket", - "implicit" + "implicit", + "urn:ietf:params:oauth:grant-type:token-exchange" ], "subjectTypesSupported": [ "public", @@ -368,6 +369,7 @@ Getting access token for scope https://jans.io/oauth/jans-auth-server/config/pro "urn:ietf:params:oauth:grant-type:device_code", "client_credentials", "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange", "implicit" ], "cssLocation": null, diff --git a/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md b/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md index 9c3b2320d08..23c64641c37 100644 --- a/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md +++ b/docs/admin/config-guide/jans-cli/im/im-jans-authorization-server.md @@ -71,6 +71,7 @@ Select 1 to get all the details about Jans authorization server configuration. I "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange", "implicit", "authorization_code" ], @@ -341,6 +342,7 @@ Select 1 to get all the details about Jans authorization server configuration. I "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange", "implicit", "authorization_code" ], diff --git a/jans-auth-server/server/conf/jans-config.json b/jans-auth-server/server/conf/jans-config.json index 6ea121ba2b8..8a4b64b9ca7 100644 --- a/jans-auth-server/server/conf/jans-config.json +++ b/jans-auth-server/server/conf/jans-config.json @@ -58,7 +58,8 @@ "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", - "urn:ietf:params:oauth:grant-type:device_code" + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange" ], "subjectTypesSupported":[ "public", diff --git a/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json index 452a31d375c..a5836dcdf87 100644 --- a/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json +++ b/jans-linux-setup/jans_setup/openbanking/templates/jans-auth/jans-auth-config.json @@ -74,7 +74,8 @@ "client_credentials", "authorization_code", "refresh_token", - "urn:ietf:params:oauth:grant-type:device_code" + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange" ], "allowIdTokenWithoutImplicitGrantType": true, "subjectTypesSupported":[ diff --git a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py index 95f68a49797..22125b423c2 100644 --- a/jans-linux-setup/jans_setup/setup_app/test_data_loader.py +++ b/jans-linux-setup/jans_setup/setup_app/test_data_loader.py @@ -235,7 +235,7 @@ def load_test_data(self): 'dynamicRegistrationCustomAttributes': [ "jansTrustedClnt", "myCustomAttr1", "myCustomAttr2", "jansInclClaimsInIdTkn" ], 'dynamicRegistrationExpirationTime': 86400, 'grantTypesAndResponseTypesAutofixEnabled': True, - 'dynamicGrantTypeDefault': [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code" ], + 'dynamicGrantTypeDefault': [ "authorization_code", "implicit", "password", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:device_code", "urn:ietf:params:oauth:grant-type:token-exchange" ], 'legacyIdTokenClaims': True, 'authenticationFiltersEnabled': True, 'clientAuthenticationFiltersEnabled': True, @@ -252,7 +252,7 @@ def load_test_data(self): 'userInfoSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], 'consentGatheringScriptBackwardCompatibility': False, 'claimsParameterSupported': True, - 'grantTypesSupported': [ 'urn:openid:params:grant-type:ciba', 'authorization_code', 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:ietf:params:oauth:grant-type:device_code', 'client_credentials', 'implicit', 'refresh_token', 'password' ], + 'grantTypesSupported': [ 'urn:openid:params:grant-type:ciba', 'authorization_code', 'urn:ietf:params:oauth:grant-type:uma-ticket', 'urn:ietf:params:oauth:grant-type:device_code', 'client_credentials', 'implicit', 'refresh_token', 'password', 'urn:ietf:params:oauth:grant-type:token-exchange' ], 'idTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], 'accessTokenSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], 'requestObjectSigningAlgValuesSupported': [ 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512' ], diff --git a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json index 29021c37a34..5801fafbd60 100644 --- a/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json +++ b/jans-linux-setup/jans_setup/templates/jans-auth/jans-auth-config.json @@ -62,7 +62,8 @@ "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:device_code" + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange" ], "subjectTypesSupported":[ "public", @@ -278,7 +279,8 @@ "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket", - "urn:ietf:params:oauth:grant-type:device_code" + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:token-exchange" ], "claimsParameterSupported":false, "requestParameterSupported":true, diff --git a/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md b/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md index 03ebb7b7280..92feb4139e9 100644 --- a/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md +++ b/jans-linux-setup/jans_setup/templates/test/docs/oxauth-config-update.md @@ -25,7 +25,8 @@ III. These changes should be applied to oxAuth config. "password", "client_credentials", "refresh_token", - "urn:ietf:params:oauth:grant-type:uma-ticket" + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:token-exchange" ], 5. "legacyIdTokenClaims":true