fix(config-api) authorization code issue (#11576)

Signed-off-by: pujavs <[email protected]>

Author: pujavs

jans-config-api/docs/jans-config-api-swagger.yaml

@@ -9336,19 +9336,19 @@ components:
           type: string
         selected:
           type: boolean
-        whitePagesCanView:
+        userCanView:
           type: boolean
-        adminCanAccess:
+        userCanEdit:
+          type: boolean
+        adminCanView:
           type: boolean
         adminCanEdit:
           type: boolean
         userCanAccess:
           type: boolean
-        adminCanView:
-          type: boolean
-        userCanView:
+        adminCanAccess:
           type: boolean
-        userCanEdit:
+        whitePagesCanView:
           type: boolean
         baseDn:
           type: string
@@ -10232,6 +10232,8 @@ components:
           type: boolean
         lockMessageConfig:
           $ref: '#/components/schemas/LockMessageConfig'
+        fapi:
+          type: boolean
         allResponseTypesSupported:
           uniqueItems: true
           type: array
@@ -10241,8 +10243,6 @@ components:
             - code
             - token
             - id_token
-        fapi:
-          type: boolean
     AuthenticationFilter:
       required:
       - baseDn
@@ -11995,8 +11995,6 @@ components:
           $ref: '#/components/schemas/TokenAttributes'
         dpop:
           type: string
-        accessToken:
-          type: boolean
         tokenTypeEnum:
           type: string
           enum:
@@ -12006,6 +12004,8 @@ components:
           - REFRESH_TOKEN
           - AUTHORIZATION_CODE
           - TX_TOKEN
+        accessToken:
+          type: boolean
     TokenEntityPagedResult:
       type: object
       properties:

jans-config-api/server/src/main/java/io/jans/configapi/security/service/OpenIdAuthorizationService.java

@@ -128,7 +128,13 @@ private String validateScope(String accessToken, List<String> tokenScopes, Resou
             List<String> resourceScopes = getAllScopeList(resourceScopesByType);
             logger.debug("Validate scope, resourceScopesByType: {}, resourceScopes: {}", resourceScopesByType,
                     resourceScopes);
-
+          
+            //If no scope required
+            if (resourceScopes == null || resourceScopes.isEmpty()) {
+                logger.info(" If no resource scopes required return original accessToken");
+                return AUTHENTICATION_SCHEME + accessToken;
+            }
+            
             // find missing scopes
             List<String> missingScopes = findMissingScopes(resourceScopesByType, tokenScopes);
             logger.info("missingScopes:{}", missingScopes);

jans-config-api/server/src/main/java/io/jans/configapi/util/AuthUtil.java

@@ -359,9 +359,12 @@ public List<String> getAuthSpecificScopeRequired(ResourceInfo resourceInfo) {
     }
 
     public List<String> findMissingElements(List<String> list1, List<String> list2) {
-        if (list1 == null || list1.isEmpty() || list2 == null || list2.isEmpty()) {
+        if (list1 == null || list1.isEmpty()) {
             return Collections.emptyList();
         }
+        if(list2==null || list2.isEmpty()) {
+            return list1;
+        }
         return list1.stream().filter(e -> !list2.contains(e)).collect(Collectors.toList());
     }
 

jans-config-api/server/src/test/java/io/jans/configapi/test/auth/ClientResourceTest.java

@@ -32,6 +32,22 @@ public void getAllClient(final String issuer, final String openidClientsUrl) {
         assertEquals(response.getStatus(), Status.OK.getStatusCode());
 
     }
+    
+    @Parameters({ "test.issuer", "openidClientsUrl" })
+    @Test
+    public void getClientsWithInvalidToken(final String issuer, final String openidClientsUrl) {
+        log.info("getAllClient() - issuer:{}, openidClientsUrl:{}", issuer, openidClientsUrl);
+        String invalidToken = this.getAccessTokenForGivenScope("https://jans.io/oauth/config/attributes.readonly");
+        log.info("getAllClient() - invalidToken:{}, issuer:{}, openidClientsUrl:{}", invalidToken, issuer, openidClientsUrl);
+        Builder request = getResteasyService().getClientBuilder(issuer + openidClientsUrl);
+        request.header(AUTHORIZATION, AUTHORIZATION_TYPE + " " + invalidToken);
+        request.header(CONTENT_TYPE, MediaType.APPLICATION_JSON);
+
+        Response response = request.get();
+        log.info("Response for getClientsWithInvalidToken -  response:{}, response.getStatus():{}", response, response.getStatus());
+        assertEquals(response.getStatus(), Status.UNAUTHORIZED.getStatusCode());
+
+    }
 
     @Parameters({ "test.issuer", "openidClientsUrl", "openid_client_1" })
     @Test

jans-config-api/shared/src/main/java/io/jans/configapi/core/test/BaseTest.java

@@ -72,6 +72,18 @@ public void getAccessToken() {
         log.info("accessToken:{}", accessToken);
     }
 
+    public String getAccessTokenForGivenScope(String scopes) {
+        log.info("getAccessToken - propertiesMap:{}", propertiesMap);
+        String tokenUrl = propertiesMap.get("token.endpoint");
+        String strGrantType = propertiesMap.get("token.grant.type");
+        String clientId = propertiesMap.get("test.client.id");
+        String clientSecret = propertiesMap.get("test.client.secret");
+        GrantType grantType = GrantType.fromString(strGrantType);
+        String token = getToken(tokenUrl, clientId, clientSecret, grantType, scopes);
+        log.info("token:{}", token);
+        return token;
+    }
+    
     protected String getToken(final String tokenUrl, final String clientId, final String clientSecret,
             GrantType grantType, final String scopes) {
         return getTokenService().getToken(tokenUrl, clientId, clientSecret, grantType, scopes);