Feature: Change org_id to String type and Add status in get SSA (#3763)

* feat(jans-auth-server): field org_id is changed to string type, too we added status field in get ssa endpoint

* feat(docs): updated docs for ssa

* feat(jans-auth-server): swagger update for ssa

docs/admin/auth-server/endpoints/ssa.md

@@ -1,15 +1,18 @@
 ---
+"org_id": "test-org-id",
 tags:
+
 - administration
 - auth-server
 - SSA
 - endpoint
+
 ---
 
 # Software Statement Assertion (SSA)
 
-Janssen Server provides SSA endpoint that enables management of SSAs. The SSA is a JSON Web Token (JWT) containing 
-client metadata and some custom attributes. Specification for SSAs has been outlined as part of 
+Janssen Server provides SSA endpoint that enables management of SSAs. The SSA is a JSON Web Token (JWT) containing
+client metadata and some custom attributes. Specification for SSAs has been outlined as part of
 [Dynamic Client Registration Protocol](https://www.rfc-editor.org/rfc/rfc7591#section-2.3).
 
 URL to access revocation endpoint on Janssen Server is listed in the response of Janssen Server's well-known
@@ -27,17 +30,19 @@ https://janssen.server.host/jans-auth/restv1/ssa
 ```
 
 More information about request and response of the revocation endpoint can be found in
-the OpenAPI specification of [jans-auth-server module](https://gluu.org/swagger-ui/?url=https://raw.githubusercontent.com/JanssenProject/jans/vreplace-janssen-version/jans-auth-server/docs/swagger.yaml#/SSA).
+the OpenAPI specification
+of [jans-auth-server module](https://gluu.org/swagger-ui/?url=https://raw.githubusercontent.com/JanssenProject/jans/vreplace-janssen-version/jans-auth-server/docs/swagger.yaml#/SSA).
 
 ## Disabling The Endpoint Using Feature Flag
 
-`/ssa` endpoint can be enabled or disable using [SSA feature flag](../../reference/json/feature-flags/janssenauthserver-feature-flags.md#ssa).
-Use [Janssen Text-based UI(TUI)](../../config-guide/tui.md) or [Janssen command-line interface](../../config-guide/jans-cli/README.md) to perform this task.
+`/ssa` endpoint can be enabled or disable
+using [SSA feature flag](../../reference/json/feature-flags/janssenauthserver-feature-flags.md#ssa).
+Use [Janssen Text-based UI(TUI)](../../config-guide/tui.md)
+or [Janssen command-line interface](../../config-guide/jans-cli/README.md) to perform this task.
 
 When using TUI, navigate via `Auth Server`->`Properties`->`enabledFeatureFlags` to screen below. From here, enable or
 disable `SSA` flag as required.
 
-
 ![](../../../assets/image-tui-enable-components.png)
 
 ## Configuration Properties
@@ -52,7 +57,8 @@ parameters as described below:
     "ssaEndpoint": "{{your-url}}/ssa",
     "ssaCustomAttributes": [
         "myCustomAttr1",
-        "myCustomAttr2"
+        "myCustomAttr2",
+        ...
     ],
     "ssaSigningAlg": "RS512",
     "ssaExpirationInDays": 30
@@ -64,15 +70,14 @@ parameters as described below:
 - `ssaSigningAlg` — Algorithm to sign the JWT that is returned after creating an SSA.
 - `ssaExpirationInDays` — Expiration expressed in days, when an SSA is created and the expiration is not sent.
 
-
 ## SSA Security
 
 To call SSA services, a token of type `client_credentials` must be generated with the following scopes enabled:
 
 - `https://jans.io/auth/ssa.admin` — Allows calling all SSA services.
 - `https://jans.io/auth/ssa.portal` — Allows only call `Get SSA` service.
-- `https://jans.io/auth/ssa.developer` — Allows only call `Get SSA`, but you can only filter ssa that have
-- been created by the same client.
+- `https://jans.io/auth/ssa.developer` — Allows only call `Get SSA`, but you can only filter ssa that have been created
+  by the same client.
 
 ## Create a new SSA
 
@@ -83,14 +88,33 @@ Create `SSA` for the organization with `expiration` (optional).
 | Field          | Detail                                                                                                                   | Optional |
 |----------------|--------------------------------------------------------------------------------------------------------------------------|----------|
 | org_id         | The "org_id" is used for organization identification.                                                                    | false    |
-| description    | Describe ssa                                                                                                             | false    |
+| description    | Describe SSA                                                                                                             | false    |
 | software_id    | The "software_id" is used for software identification.                                                                   | false    |
 | software_roles | List of string values, fixed value `["password", "notify"]`.                                                             | false    |
 | grant_types    | Fixed value Fixed value `["client_credentials"]`.                                                                        | false    |
 | expiration     | Expiration date. `(Default value: calculated based on global SSA settings)`                                              | true     |
 | one_time_use   | Defined whether the SSA will be used only once or can be used multiple times. `(Default value: true)`                    | true     |
 | rotate_ssa     | TODO - Will be used to rotate expiration of the SSA, currently is only saved as part of the SSA. `(Default value: true)` | true     |
 
+**Note:** You can add more `custom attributes` in the request, (you must have previously configured in the SSA global
+configuration).
+It should be clarified that these values are persisted in the database and are not returned in the SSA JWT.
+
+Example:
+
+```
+{
+  "org_id": "your-org-id",
+  "description": "your description"
+  ...
+  
+  org_id: "Your org_id",
+  "myCustomAttr1": "Your value custom attr 1", 
+  "myCustomAttr2": "Your value custom attr 2",
+  ...
+} 
+```
+
 ### Response description
 
 Returned SSA is a JWT, containing the following structure:
@@ -128,7 +152,6 @@ Content-Type: application/json
 Authorization: Bearer {{your-token}}
 
 {
-    "org_id": 1,
     "description": "test",
     "software_id": "gluu-scan-api",
     "software_roles": [
@@ -194,7 +217,8 @@ Get existing active SSA based on `jti` or `org_id`.
         },
         "iss": "ed4d5f74-ce41-4180-aed4-54cffa974630",
         "created_at": 1668608851,
-        "expiration": 1668608852
+        "expiration": 1668608852,
+        "status": "ACTIVE"
     }
 ]
 ```
@@ -211,6 +235,7 @@ Get existing active SSA based on `jti` or `org_id`.
 - `iss` — The "iss" is related to the client that created this SSA.
 - `created_at` — Creation time.
 - `expiration` — Expiration time.
+- `status` — SSA status (`ACTIVE`, `USED`, `EXPIRED` or `REVOKED`).
 
 ### Example:
 
@@ -266,7 +291,8 @@ Connection: Keep-Alive
     },
     "iss": "ed4d5f74-ce41-4180-aed4-54cffa974630",
     "created_at": 1668608851,
-    "expiration": 1668608852
+    "expiration": 1668608852,
+    "status": "ACTIVE"
   }
 ]
 ```
@@ -430,10 +456,12 @@ The SSA entity contains the following fields:
 - `creatorType` type enum `CreatorType` — Contains the following CreatorType values (`NONE`, `CLIENT`, `USER`, `AUTO`).
 - `ttl` type `Integer` — SSA lifetime in milliseconds.
 - `atributes` type class `SsaAtributes`
-  - `oneTimeUse` type `Boolean` — Whether the SSA will be single use.
-  - `rotateSsa` type `Boolean` — TODO - Will be used to rotate expiration of the SSA, currently is only saved as part of the SSA.
-  - `clientDn` type `String` — Client's DN.
-  - `customAttributes` type `Map<String, String>` — Contain additional fields, previously configured in the SSA global configuration.
-  - `softwareId` type `String` — Is used for software identification.
-  - `softwareRoles` type `List<String>` — List of string values, fixed value `["password", "notify"]`.
-  - `grantTypes` type `List<String>` — Fixed value `["client_credentials"]`.
+    - `oneTimeUse` type `Boolean` — Whether the SSA will be single use.
+    - `rotateSsa` type `Boolean` — TODO - Will be used to rotate expiration of the SSA, currently is only saved as part
+      of the SSA.
+    - `clientDn` type `String` — Client's DN.
+    - `customAttributes` type `Map<String, String>` — Contain additional fields, previously configured in the SSA global
+      configuration.
+    - `softwareId` type `String` — Is used for software identification.
+    - `softwareRoles` type `List<String>` — List of string values, fixed value `["password", "notify"]`.
+    - `grantTypes` type `List<String>` — Fixed value `["client_credentials"]`.

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/create/SsaCreateClient.java

@@ -30,7 +30,7 @@ public String getHttpMethod() {
         return HttpMethod.POST;
     }
 
-    public SsaCreateResponse execSsaCreate(String accessToken, Long orgId, Long expirationDate, String description,
+    public SsaCreateResponse execSsaCreate(String accessToken, String orgId, Long expirationDate, String description,
                                            String softwareId, List<String> softwareRoles, List<String> grantTypes,
                                            Boolean oneTimeUse, Boolean rotateSsa) {
         SsaCreateRequest ssaCreateRequest = new SsaCreateRequest();

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/create/SsaCreateRequest.java

@@ -29,7 +29,7 @@ public class SsaCreateRequest extends BaseRequest {
     private static final Logger log = Logger.getLogger(SsaCreateRequest.class);
 
     @JsonProperty(value = "org_id")
-    private Long orgId;
+    private String orgId;
 
     private Long expiration;
 
@@ -59,11 +59,11 @@ public SsaCreateRequest() {
         this.softwareRoles = new ArrayList<>();
     }
 
-    public Long getOrgId() {
+    public String getOrgId() {
         return orgId;
     }
 
-    public void setOrgId(Long orgId) {
+    public void setOrgId(String orgId) {
         this.orgId = orgId;
     }
 
@@ -138,7 +138,7 @@ public static SsaCreateRequest fromJson(String json) throws JSONException {
     public static SsaCreateRequest fromJson(JSONObject requestObject) throws JSONException {
         final SsaCreateRequest result = new SsaCreateRequest();
         JsonApplier.getInstance().apply(requestObject, result);
-        result.setOrgId(requestObject.getLong(ORG_ID.getName()));
+        result.setOrgId(requestObject.getString(ORG_ID.getName()));
         result.setExpiration(longOrNull(requestObject, EXPIRATION.getName()));
         result.setDescription(requestObject.optString(DESCRIPTION.getName()));
         result.setSoftwareId(requestObject.optString(SOFTWARE_ID.getName()));

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/get/SsaGetClient.java

@@ -26,7 +26,7 @@ public String getHttpMethod() {
         return HttpMethod.GET;
     }
 
-    public SsaGetResponse execSsaGet(String accessToken, String jti, Long orgId) {
+    public SsaGetResponse execSsaGet(String accessToken, String jti, String orgId) {
         SsaGetRequest ssaGetRequest = new SsaGetRequest();
         ssaGetRequest.setAccessToken(accessToken);
         ssaGetRequest.setJti(jti);

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/get/SsaGetRequest.java

@@ -18,7 +18,7 @@ public class SsaGetRequest extends BaseRequest {
 
     private String jti;
 
-    private Long orgId;
+    private String orgId;
 
     public SsaGetRequest() {
         setContentType(MediaType.APPLICATION_JSON);
@@ -42,19 +42,19 @@ public void setJti(String jti) {
         this.jti = jti;
     }
 
-    public Long getOrgId() {
+    public String getOrgId() {
         return orgId;
     }
 
-    public void setOrgId(Long orgId) {
+    public void setOrgId(String orgId) {
         this.orgId = orgId;
     }
 
     @Override
     public String getQueryString() {
         QueryBuilder builder = QueryBuilder.instance();
         builder.append(SsaRequestParam.JTI.getName(), jti);
-        builder.append(SsaRequestParam.ORG_ID.getName(), orgId != null ? orgId.toString() : "");
+        builder.append(SsaRequestParam.ORG_ID.getName(), orgId);
         return builder.toString();
     }
 }

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/revoke/SsaRevokeClient.java

@@ -26,7 +26,7 @@ public String getHttpMethod() {
         return HttpMethod.DELETE;
     }
 
-    public SsaRevokeResponse execSsaRevoke(String accessToken, String jti, Long orgId) {
+    public SsaRevokeResponse execSsaRevoke(String accessToken, String jti, String orgId) {
         SsaRevokeRequest req = new SsaRevokeRequest();
         req.setAccessToken(accessToken);
         req.setJti(jti);

jans-auth-server/client/src/main/java/io/jans/as/client/ssa/revoke/SsaRevokeRequest.java

@@ -18,7 +18,7 @@ public class SsaRevokeRequest extends BaseRequest {
 
     private String jti;
 
-    private Long orgId;
+    private String orgId;
 
     public SsaRevokeRequest() {
         setContentType(MediaType.APPLICATION_JSON);
@@ -42,19 +42,19 @@ public void setJti(String jti) {
         this.jti = jti;
     }
 
-    public Long getOrgId() {
+    public String getOrgId() {
         return orgId;
     }
 
-    public void setOrgId(Long orgId) {
+    public void setOrgId(String orgId) {
         this.orgId = orgId;
     }
 
     @Override
     public String getQueryString() {
         QueryBuilder builder = QueryBuilder.instance();
         builder.append(SsaRequestParam.JTI.getName(), jti);
-        builder.append(SsaRequestParam.ORG_ID.getName(), orgId != null ? orgId.toString() : "");
+        builder.append(SsaRequestParam.ORG_ID.getName(), orgId);
         return builder.toString();
     }
 }

jans-auth-server/client/src/test/java/io/jans/as/client/BaseTest.java

@@ -1247,8 +1247,8 @@ public TokenResponse tokenClientCredentialsGrant(String scope, String clientId,
         return tokenResponse;
     }
 
-    public SsaCreateResponse createSsaWithDefaultValues(String accessToken, Long orgId, Long expiration, Boolean oneTimeUse) {
-        Long orgIdAux = orgId != null ? orgId : 1000L;
+    public SsaCreateResponse createSsaWithDefaultValues(String accessToken, String orgId, Long expiration, Boolean oneTimeUse) {
+        String orgIdAux = orgId != null ? orgId : "org-id-test";
         String descriptionAux = "test description";
         String softwareIdAux = "gluu-scan-api";
         Long expirationAux;
@@ -1265,7 +1265,7 @@ public SsaCreateResponse createSsaWithDefaultValues(String accessToken, Long org
                 grantTypesAux, oneTimeUse, Boolean.TRUE);
     }
 
-    public SsaCreateResponse createSsa(String accessToken, Long orgId, Long expiration, String description,
+    public SsaCreateResponse createSsa(String accessToken, String orgId, Long expiration, String description,
                                        String softwareId, List<String> softwareRoles, List<String> grantTypes,
                                        Boolean oneTimeUse, Boolean rotateSsa) {
         SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);

jans-auth-server/client/src/test/java/io/jans/as/client/client/assertbuilders/SsaCreateAssertBuilder.java

@@ -38,7 +38,7 @@ public void check() {
             assertNotNull(jwt, "The jwt is null");
             JwtClaims jwtClaims = jwt.getClaims();
             assertNotNull(jwtClaims.getClaim(ORG_ID.getName()), "The org_id in jwt is null");
-            assertEquals(jwtClaims.getClaimAsLong(ORG_ID.getName()), request.getOrgId());
+            assertEquals(jwtClaims.getClaim(ORG_ID.getName()), request.getOrgId());
             assertNotNull(jwtClaims.getClaim(SOFTWARE_ID.getName()), "The software_id in jwt is null");
             assertEquals(jwtClaims.getClaimAsString(SOFTWARE_ID.getName()), request.getSoftwareId());
             assertNotNull(jwtClaims.getClaim(SOFTWARE_ROLES.getName()), "The software_roles in jwt is null");

jans-auth-server/client/src/test/java/io/jans/as/client/client/assertbuilders/SsaGetAssertBuilder.java

@@ -53,6 +53,7 @@ public void check() {
                     assertTrue(ssaWrapper.has(CREATED_AT.getName()));
                     assertTrue(ssaWrapper.has(EXPIRATION.getName()));
                     assertTrue(ssaWrapper.has(ISSUER.getName()));
+                    assertTrue(ssaWrapper.has(STATUS.getName()));
 
                     JSONObject ssaJson = ssaWrapper.getJSONObject(SSA.getName());
                     assertNotNull(ssaJson);

jans-auth-server/client/src/test/java/io/jans/as/client/ssa/SsaCreateTest.java

@@ -42,7 +42,7 @@ public void createSsaValid(final String redirectUris, final String sectorIdentif
 
         // Ssa create
         SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        Long orgId = 1L;
+        String orgId = "org-id-test";
         Calendar calendar = GregorianCalendar.getInstance(TimeZone.getTimeZone("UTC"));
         calendar.add(Calendar.HOUR, 24);
         Long expirationDate = DateUtil.dateToUnixEpoch(calendar.getTime());
@@ -75,7 +75,7 @@ public void createSsaInvalidWithoutScopeAdmin(final String redirectUris, final S
 
         // Ssa create
         SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        Long orgId = 1L;
+        String orgId = "org-id-test";
         Calendar calendar = GregorianCalendar.getInstance(TimeZone.getTimeZone("UTC"));
         calendar.add(Calendar.HOUR, 24);
         Long expirationDate = DateUtil.dateToUnixEpoch(calendar.getTime());
@@ -109,7 +109,7 @@ public void createSsaValidWithoutExpiration(final String redirectUris, final Str
 
         // Ssa create
         SsaCreateClient ssaCreateClient = new SsaCreateClient(ssaEndpoint);
-        Long orgId = 1L;
+        String orgId = "org-id-test";
         String description = "test description";
         String softwareId = "gluu-scan-api";
         List<String> softwareRoles = Collections.singletonList("password");