diff --git a/docs/script-catalog/authorization_challenge/AgamaChallenge.java b/docs/script-catalog/authorization_challenge/AgamaChallenge.java index fce798a574f..dd1ea4e5cd8 100644 --- a/docs/script-catalog/authorization_challenge/AgamaChallenge.java +++ b/docs/script-catalog/authorization_challenge/AgamaChallenge.java @@ -178,6 +178,9 @@ public boolean authorize(Object scriptContext) { deviceSessionObjectAttrs.put("scope", servletRequest.getParameter("scope")); deviceSessionService.persist(deviceSessionObject); + + authRequest.setAuthorizationChallengeSessionObject(deviceSessionObject); + authRequest.setAuthorizationChallengeSession(deviceSessionObject.getId()); } else { sessionId = deviceSessionObject.getId(); diff --git a/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java b/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java index 1a7c02fb809..d5c7b83fbcd 100644 --- a/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java +++ b/docs/script-catalog/authorization_challenge/AuthorizationChallenge.java @@ -130,6 +130,8 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter boolean newSave = authorizationChallengeSessionObject == null; if (newSave) { authorizationChallengeSessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession(); + context.getAuthzRequest().setAuthorizationChallengeSessionObject(authorizationChallengeSessionObject); + context.getAuthzRequest().setAuthorizationChallengeSession(authorizationChallengeSessionObject.getId()); } final String dpop = context.getHttpRequest().getHeader(DpopService.DPOP); diff --git a/docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java b/docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java index e64290519f6..2f1024cd408 100644 --- a/docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java +++ b/docs/script-catalog/authorization_challenge/multi_step/AuthorizationChallenge.java @@ -130,6 +130,8 @@ private AuthorizationChallengeSession prepareAuthorizationChallengeSession(Exter boolean newSave = sessionObject == null; if (newSave) { sessionObject = authorizationChallengeSessionService.newAuthorizationChallengeSession(); + context.getAuthzRequest().setAuthorizationChallengeSessionObject(authorizationChallengeSessionObject); + context.getAuthzRequest().setAuthorizationChallengeSession(authorizationChallengeSessionObject.getId()); } String username = context.getHttpRequest().getParameter(USERNAME_PARAMETER); diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java index 5d71f5aa3dd..13fceec9000 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthorizationChallengeService.java @@ -114,8 +114,7 @@ public Response requestAuthorization(AuthzRequest authzRequest) { public void prepareAuthzRequest(AuthzRequest authzRequest) { authzRequest.setScope(ServerUtil.urlDecode(authzRequest.getScope())); - externalAuthorizationChallengeService.externalPrepareAuthzRequest(authzRequest); - + log.trace("prepareAuthzRequest - authorization challenge session {}", authzRequest.getAuthorizationChallengeSession()); if (StringUtils.isNotBlank(authzRequest.getAuthorizationChallengeSession())) { final AuthorizationChallengeSession session = authorizationChallengeSessionService.getAuthorizationChallengeSession(authzRequest.getAuthorizationChallengeSession()); @@ -123,11 +122,13 @@ public void prepareAuthzRequest(AuthzRequest authzRequest) { authzRequest.setAuthorizationChallengeSessionObject(session); if (session != null) { + log.trace("prepareAuthzRequest - sessionAttributes {}, id {}", session.getAttributes().getAttributes(), session.getId()); final Map attributes = session.getAttributes().getAttributes(); final String clientId = attributes.get("client_id"); if (StringUtils.isNotBlank(clientId) && StringUtils.isBlank(authzRequest.getClientId())) { authzRequest.setClientId(clientId); + log.trace("prepareAuthzRequest - Set client_id {} from session", clientId); } String acrValues = session.getAttributes().getAcrValues(); @@ -136,9 +137,20 @@ public void prepareAuthzRequest(AuthzRequest authzRequest) { } if (StringUtils.isNotBlank(acrValues) && StringUtils.isBlank(authzRequest.getAcrValues())) { authzRequest.setAcrValues(acrValues); + log.trace("prepareAuthzRequest - Set acr_values {} from session", acrValues); + } + + final String scope = attributes.get("scope"); + if (StringUtils.isNotBlank(scope) && StringUtils.isBlank(authzRequest.getScope())) { + authzRequest.setScope(scope); + log.trace("prepareAuthzRequest - Set scope {} from session", scope); } + } else { + log.debug("Unable to find authorization challenge session by id {}", authzRequest.getAuthorizationChallengeSession()); } } + + externalAuthorizationChallengeService.externalPrepareAuthzRequest(authzRequest); } public Response authorize(AuthzRequest authzRequest) throws IOException, TokenBindingParseException { diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java index 07edb4b60a7..a50b7f81bba 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/authorize/ws/rs/AuthzRequest.java @@ -109,6 +109,10 @@ public AuthorizationChallengeSession getAuthorizationChallengeSessionObject() { return authorizationChallengeSessionObject; } + public Map getAuthorizationChallengeSessionAttributesSafely() { + return authorizationChallengeSessionObject != null ? authorizationChallengeSessionObject.getAttributes().getAttributes() : new HashMap<>(); + } + public void setAuthorizationChallengeSessionObject(AuthorizationChallengeSession authorizationChallengeSessionObject) { this.authorizationChallengeSessionObject = authorizationChallengeSessionObject; } diff --git a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java index afe6ecb1505..8a54ae92c16 100644 --- a/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java +++ b/jans-auth-server/server/src/main/java/io/jans/as/server/service/external/ExternalAuthorizationChallengeService.java @@ -1,5 +1,6 @@ package io.jans.as.server.service.external; +import io.jans.as.common.model.session.AuthorizationChallengeSession; import io.jans.as.model.authorize.AuthorizeErrorResponseType; import io.jans.as.model.configuration.AppConfiguration; import io.jans.as.model.error.ErrorResponseFactory; @@ -9,11 +10,13 @@ import io.jans.model.custom.script.CustomScriptType; import io.jans.model.custom.script.conf.CustomScriptConfiguration; import io.jans.model.custom.script.type.authzchallenge.AuthorizationChallengeType; +import io.jans.orm.PersistenceEntryManager; import io.jans.service.custom.script.ExternalScriptService; import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.Response; +import org.apache.commons.lang3.ArrayUtils; import java.util.HashMap; import java.util.List; @@ -33,6 +36,9 @@ public class ExternalAuthorizationChallengeService extends ExternalScriptService @Inject private transient ErrorResponseFactory errorResponseFactory; + @Inject + private transient PersistenceEntryManager persistenceEntryManager; + public ExternalAuthorizationChallengeService() { super(CustomScriptType.AUTHORIZATION_CHALLENGE); } @@ -95,6 +101,7 @@ public boolean externalAuthorize(ExecutionContext executionContext) { AuthorizationChallengeType authorizationChallengeType = (AuthorizationChallengeType) script.getExternalType(); final ExternalScriptContext scriptContext = new ExternalScriptContext(executionContext); result = authorizationChallengeType.authorize(scriptContext); + saveRequestParametersInSession(scriptContext); scriptContext.throwWebApplicationExceptionIfSet(); } catch (WebApplicationException e) { @@ -116,6 +123,35 @@ public boolean externalAuthorize(ExecutionContext executionContext) { return result; } + private void saveRequestParametersInSession(ExternalScriptContext scriptContext) { + final AuthzRequest authzRequest = scriptContext.getAuthzRequest(); + final AuthorizationChallengeSession session = authzRequest.getAuthorizationChallengeSessionObject(); + if (session == null) { + log.trace("Authorization challenge session is not found."); + return; + } + + final Map attributes = session.getAttributes().getAttributes(); + final Map parameterMap = scriptContext.getHttpRequest().getParameterMap(); + if (parameterMap == null || parameterMap.isEmpty()) { + return; + } + + for (Map.Entry entry : parameterMap.entrySet()) { + if (!attributes.containsKey(entry.getKey()) && ArrayUtils.isNotEmpty(entry.getValue())) { + final String value = entry.getValue()[0]; + attributes.put(entry.getKey(), value); + log.trace("Put in session request parameter: {}, value: {}", entry.getKey(), value); + } + } + + try { + persistenceEntryManager.merge(session); + } catch (Exception e) { + log.error("Failed to save authorization challenge session: " + session.getId(), e); + } + } + public CustomScriptConfiguration identifyScript(List acrValues) { log.trace("Identifying script, acr_values: {}", acrValues); @@ -148,8 +184,8 @@ public void externalPrepareAuthzRequest(AuthzRequest authzRequest) { .build()); } - log.trace("Executing python 'prepareAuthzRequest' method, script name: {}, clientId: {}, scope: {}, authorizationChallengeSession: {}", - script.getName(), authzRequest.getClientId(), authzRequest.getScope(), authzRequest.getAuthorizationChallengeSession()); + log.trace("Executing python 'prepareAuthzRequest' method, script name: {}, clientId: {}, scope: {}, authorizationChallengeSession: {}, sessionAttributes: {}", + script.getName(), authzRequest.getClientId(), authzRequest.getScope(), authzRequest.getAuthorizationChallengeSessionAttributesSafely()); ExecutionContext executionContext = ExecutionContext.of(authzRequest); executionContext.setScript(script); @@ -174,6 +210,6 @@ public void externalPrepareAuthzRequest(AuthzRequest authzRequest) { .build()); } - log.trace("Finished 'prepareAuthzRequest' method, script name: {}, clientId: {}", script.getName(), executionContext.getAuthzRequest().getClientId()); + log.trace("Finished 'prepareAuthzRequest' method, script name: {}, clientId: {}, sessionAttributes: {}", script.getName(), executionContext.getAuthzRequest().getClientId(), authzRequest.getAuthorizationChallengeSessionAttributesSafely()); } }