From c2dc934d0459c143760d8ac0b22e852b98b88118 Mon Sep 17 00:00:00 2001 From: dhaura Date: Wed, 13 Dec 2023 15:12:02 +0530 Subject: [PATCH 1/3] Add Functionality Enable or Disable ID Token Issuer Validation --- .../resources/deployment.config.json.j2 | 5 ++- apps/console/package.json | 2 +- .../utils/authenticate-utils.ts | 2 ++ apps/console/src/init/app-utils.ts | 3 +- .../resources/deployment.config.json.j2 | 5 ++- apps/myaccount/package.json | 2 +- apps/myaccount/src/init/app-utils.ts | 3 +- apps/myaccount/src/utils/authenticate-util.ts | 2 ++ pnpm-lock.yaml | 35 ++++++++++++++----- 9 files changed, 45 insertions(+), 14 deletions(-) diff --git a/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 b/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 index 6a673172d57..1c066dfd8d3 100644 --- a/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 +++ b/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 @@ -1726,5 +1726,8 @@ "theme": { "name": "{{ console.theme }}" } - } + }{{ "," if console.validate_id_token_issuer is defined }} + {% if console.validate_id_token_issuer is defined %} + "validateIDTokenIssuer": {{ console.validate_id_token_issuer }} + {% endif %} } diff --git a/apps/console/package.json b/apps/console/package.json index a4cde43f8cd..34fca990442 100644 --- a/apps/console/package.json +++ b/apps/console/package.json @@ -37,7 +37,7 @@ "typecheck": "pnpm run compile" }, "dependencies": { - "@asgardeo/auth-react": "^1.1.24", + "@asgardeo/auth-react": "^3.1.1", "@emotion/react": "^11.11.0", "@emotion/styled": "^11.11.0", "@microsoft/applicationinsights-core-js": "^3.0.0", diff --git a/apps/console/src/features/authentication/utils/authenticate-utils.ts b/apps/console/src/features/authentication/utils/authenticate-utils.ts index 30e10818f3b..df2c07c17c1 100644 --- a/apps/console/src/features/authentication/utils/authenticate-utils.ts +++ b/apps/console/src/features/authentication/utils/authenticate-utils.ts @@ -60,6 +60,7 @@ export class AuthenticateUtils { authorizationEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.authorizeEndpointURL, checkSessionIframe: window["AppUtils"]?.getConfig()?.idpConfigs?.oidcSessionIFrameEndpointURL, endSessionEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.logoutEndpointURL, + issuer: window["AppUtils"]?.getConfig().idpConfigs?.issuer, jwksUri: window["AppUtils"]?.getConfig()?.idpConfigs?.jwksEndpointURL, revocationEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.tokenRevocationEndpointURL, tokenEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.tokenEndpointURL @@ -73,6 +74,7 @@ export class AuthenticateUtils { signInRedirectURL: window["AppUtils"]?.getConfig()?.loginCallbackURL, signOutRedirectURL: window["AppUtils"]?.getConfig()?.loginCallbackURL, storage: AuthenticateUtils.resolveStorage() as Storage.WebWorker, + validateIDTokenIssuer: window["AppUtils"].getConfig().validateIDTokenIssuer, ...window["AppUtils"]?.getConfig().idpConfigs }; }; diff --git a/apps/console/src/init/app-utils.ts b/apps/console/src/init/app-utils.ts index b877c515d03..aff94c96018 100644 --- a/apps/console/src/init/app-utils.ts +++ b/apps/console/src/init/app-utils.ts @@ -317,7 +317,8 @@ export const AppUtils: any = (function() { tenantPath: this.getTenantPath(), tenantPathWithoutSuperTenant: this.getTenantPath(true), tenantPrefix: this.getTenantPrefix(), - ui: _config.ui + ui: _config.ui, + validateIDTokenIssuer: _config.validateIDTokenIssuer ?? true }; }, diff --git a/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 b/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 index ac72f0ea502..19a16e04067 100644 --- a/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 +++ b/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 @@ -389,5 +389,8 @@ "theme": { "name": "{{ myaccount.theme }}" } - } + }{{ "," if myaccount.validate_id_token_issuer is defined }} + {% if myaccount.validate_id_token_issuer is defined %} + "validateIDTokenIssuer": {{ myaccount.validate_id_token_issuer }} + {% endif %} } diff --git a/apps/myaccount/package.json b/apps/myaccount/package.json index 7c3c2f07527..8014a3bfa58 100644 --- a/apps/myaccount/package.json +++ b/apps/myaccount/package.json @@ -34,7 +34,7 @@ "typecheck": "pnpm run compile" }, "dependencies": { - "@asgardeo/auth-react": "^1.1.24", + "@asgardeo/auth-react": "^3.1.1", "@babel/polyfill": "^7.0.0", "@microsoft/applicationinsights-core-js": "^3.0.0", "@microsoft/applicationinsights-react-js": "^3.4.2", diff --git a/apps/myaccount/src/init/app-utils.ts b/apps/myaccount/src/init/app-utils.ts index 7b5c1b96e17..f3d109ec598 100644 --- a/apps/myaccount/src/init/app-utils.ts +++ b/apps/myaccount/src/init/app-utils.ts @@ -222,7 +222,8 @@ export const AppUtils: AppUtilsInterface = (function() { tenant: (this.isSuperTenant()) ? this.getSuperTenant() : this.getTenantName(), tenantPath: this.getTenantPath(), tenantPrefix: this.getTenantPrefix(), - ui: _config.ui + ui: _config.ui, + validateIDTokenIssuer: _config.validateIDTokenIssuer ?? true }; }, diff --git a/apps/myaccount/src/utils/authenticate-util.ts b/apps/myaccount/src/utils/authenticate-util.ts index 447fcac1526..6ab3a8ae7dd 100644 --- a/apps/myaccount/src/utils/authenticate-util.ts +++ b/apps/myaccount/src/utils/authenticate-util.ts @@ -126,6 +126,7 @@ export const getAuthInitializeConfig = (): AuthReactConfig => { authorizationEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.authorizeEndpointURL, checkSessionIframe: window["AppUtils"]?.getConfig().idpConfigs?.oidcSessionIFrameEndpointURL, endSessionEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.logoutEndpointURL, + issuer: window["AppUtils"]?.getConfig().idpConfigs?.issuer, jwksUri: window["AppUtils"]?.getConfig().idpConfigs?.jwksEndpointURL, revocationEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.tokenRevocationEndpointURL, tokenEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.tokenEndpointURL @@ -138,6 +139,7 @@ export const getAuthInitializeConfig = (): AuthReactConfig => { signInRedirectURL: window["AppUtils"]?.getConfig().loginCallbackURL, signOutRedirectURL: window["AppUtils"]?.getConfig().loginCallbackURL, storage: resolveStorage() as Storage.WebWorker, + validateIDTokenIssuer: window["AppUtils"].getConfig().validateIDTokenIssuer, ...window["AppUtils"]?.getConfig().idpConfigs }; }; diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 8ad04dfec0d..26abb15c9d1 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -476,8 +476,8 @@ importers: apps/console: dependencies: '@asgardeo/auth-react': - specifier: ^1.1.24 - version: 1.1.24(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0) + specifier: ^3.1.1 + version: 3.1.1(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0) '@emotion/react': specifier: ^11.11.0 version: 11.11.0(@types/react@18.0.18)(react@18.2.0) @@ -825,8 +825,8 @@ importers: apps/myaccount: dependencies: '@asgardeo/auth-react': - specifier: ^1.1.24 - version: 1.1.24(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0) + specifier: ^3.1.1 + version: 3.1.1(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0) '@babel/polyfill': specifier: ^7.0.0 version: 7.12.1 @@ -2144,6 +2144,10 @@ packages: resolution: {integrity: sha512-ciMLhrm/M//CvyMpCvaoA82S3tKvB529L+MwKKBbRZFe+d0HRPuDfruDhclWl7i07XO1+AVp9Dy1MdUDkhzR4Q==} dev: false + /@asgardeo/auth-js@4.1.2: + resolution: {integrity: sha512-CYpKxQMFtxBUcp7NntlA+OoQ4BGXWLjJPYTJdMJAcU1K9GGdxGq6CvHfHGSmJ2l1qDksa8ZkCHnG/IwlDKaUqA==} + dev: false + /@asgardeo/auth-react@1.1.23(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@5.3.4)(react@18.2.0): resolution: {integrity: sha512-YzRgySd8wyfH9sRan7o8yZWpACAnSGO6kqlU+uBAtHN7kzEUDCIT3+fXGp99EVKeI8xbmu/wbhXicxS6o3jFcA==} peerDependencies: @@ -2178,15 +2182,15 @@ packages: - debug dev: false - /@asgardeo/auth-react@1.1.24(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0): - resolution: {integrity: sha512-vkQbaSAKiKflw0wTlFnbC/dKfK6UKR4IRrUm4IEydIZJAajwuikzHaqe+yHVKqFURIVq1ZCbmElrZgt9HNeiew==} + /@asgardeo/auth-react@3.1.1(@babel/runtime-corejs3@7.18.9)(react-dom@18.2.0)(react-router-dom@4.3.1)(react@18.2.0): + resolution: {integrity: sha512-JGpLaoarnBaaqBVpN8VepB2V58bonN04bCBEn3ZhYwvp5ys5xzg+L6ZlqpCtPFhaUU0rwtte7FmiCVkRaCnppA==} peerDependencies: '@babel/runtime-corejs3': ^7.11.2 react: '>=16.8' react-dom: '>=16.8' - react-router-dom: ^5.2.0 + react-router-dom: ^6.3.0 dependencies: - '@asgardeo/auth-spa': 0.4.14 + '@asgardeo/auth-spa': 2.1.1 '@babel/runtime-corejs3': 7.18.9 react: 18.2.0 react-dom: 18.2.0(react@18.2.0) @@ -2225,6 +2229,21 @@ packages: - debug dev: false + /@asgardeo/auth-spa@2.1.1: + resolution: {integrity: sha512-24tRnOutAChqchTEGuEYQgCcDFeGqVzEtnztYRHFuX6VJ3mh6NZ/MfUm0gq5wb8oWwTNTGAhzSCcSnXZENLzgw==} + dependencies: + '@asgardeo/auth-js': 4.1.2 + await-semaphore: 0.1.3 + axios: 0.26.1 + base64url: 3.0.1 + buffer: 6.0.3 + fast-sha256: 1.3.0 + jose: 4.9.2 + randombytes: 2.1.0 + transitivePeerDependencies: + - debug + dev: false + /@babel/cli@7.18.10(@babel/core@7.18.13): resolution: {integrity: sha512-dLvWH+ZDFAkd2jPBSghrsFBuXrREvFwjpDycXbmUoeochqKYe4zNSLEJYErpLg8dvxvZYe79/MkN461XCwpnGw==} engines: {node: '>=6.9.0'} From b3b5a88a90bac33a6072cd2a9afb603f2a652708 Mon Sep 17 00:00:00 2001 From: dhaura Date: Wed, 13 Dec 2023 15:33:35 +0530 Subject: [PATCH 2/3] Add changset --- .changeset/chilled-jokes-arrive.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .changeset/chilled-jokes-arrive.md diff --git a/.changeset/chilled-jokes-arrive.md b/.changeset/chilled-jokes-arrive.md new file mode 100644 index 00000000000..b503a83658b --- /dev/null +++ b/.changeset/chilled-jokes-arrive.md @@ -0,0 +1,6 @@ +--- +"@wso2is/myaccount": patch +"@wso2is/console": patch +--- + +Add Functionality Enable or Disable ID Token Issuer Validation in My Account and Console From 4e0f4328aad4466579342d39c0d658788c7a6b1b Mon Sep 17 00:00:00 2001 From: dhaura Date: Mon, 18 Dec 2023 12:14:17 +0530 Subject: [PATCH 3/3] Add validateIDTokenIssuer into idpConfigs --- .../resources/deployment.config.json.j2 | 5 +---- .../src/features/authentication/utils/authenticate-utils.ts | 4 ++-- apps/console/src/init/app-utils.ts | 3 +-- .../resources/deployment.config.json.j2 | 5 +---- apps/myaccount/src/init/app-utils.ts | 3 +-- apps/myaccount/src/utils/authenticate-util.ts | 4 ++-- 6 files changed, 8 insertions(+), 16 deletions(-) diff --git a/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 b/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 index 1c066dfd8d3..6a673172d57 100644 --- a/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 +++ b/apps/console/java/org.wso2.identity.apps.console.server.feature/resources/deployment.config.json.j2 @@ -1726,8 +1726,5 @@ "theme": { "name": "{{ console.theme }}" } - }{{ "," if console.validate_id_token_issuer is defined }} - {% if console.validate_id_token_issuer is defined %} - "validateIDTokenIssuer": {{ console.validate_id_token_issuer }} - {% endif %} + } } diff --git a/apps/console/src/features/authentication/utils/authenticate-utils.ts b/apps/console/src/features/authentication/utils/authenticate-utils.ts index df2c07c17c1..77e646af150 100644 --- a/apps/console/src/features/authentication/utils/authenticate-utils.ts +++ b/apps/console/src/features/authentication/utils/authenticate-utils.ts @@ -60,7 +60,7 @@ export class AuthenticateUtils { authorizationEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.authorizeEndpointURL, checkSessionIframe: window["AppUtils"]?.getConfig()?.idpConfigs?.oidcSessionIFrameEndpointURL, endSessionEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.logoutEndpointURL, - issuer: window["AppUtils"]?.getConfig().idpConfigs?.issuer, + issuer: window["AppUtils"]?.getConfig()?.idpConfigs?.issuer, jwksUri: window["AppUtils"]?.getConfig()?.idpConfigs?.jwksEndpointURL, revocationEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.tokenRevocationEndpointURL, tokenEndpoint: window["AppUtils"]?.getConfig()?.idpConfigs?.tokenEndpointURL @@ -74,7 +74,7 @@ export class AuthenticateUtils { signInRedirectURL: window["AppUtils"]?.getConfig()?.loginCallbackURL, signOutRedirectURL: window["AppUtils"]?.getConfig()?.loginCallbackURL, storage: AuthenticateUtils.resolveStorage() as Storage.WebWorker, - validateIDTokenIssuer: window["AppUtils"].getConfig().validateIDTokenIssuer, + validateIDTokenIssuer: window["AppUtils"]?.getConfig()?.idpConfigs?.validateIDTokenIssuer, ...window["AppUtils"]?.getConfig().idpConfigs }; }; diff --git a/apps/console/src/init/app-utils.ts b/apps/console/src/init/app-utils.ts index aff94c96018..b877c515d03 100644 --- a/apps/console/src/init/app-utils.ts +++ b/apps/console/src/init/app-utils.ts @@ -317,8 +317,7 @@ export const AppUtils: any = (function() { tenantPath: this.getTenantPath(), tenantPathWithoutSuperTenant: this.getTenantPath(true), tenantPrefix: this.getTenantPrefix(), - ui: _config.ui, - validateIDTokenIssuer: _config.validateIDTokenIssuer ?? true + ui: _config.ui }; }, diff --git a/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 b/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 index 19a16e04067..ac72f0ea502 100644 --- a/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 +++ b/apps/myaccount/java/org.wso2.identity.apps.myaccount.server.feature/resources/deployment.config.json.j2 @@ -389,8 +389,5 @@ "theme": { "name": "{{ myaccount.theme }}" } - }{{ "," if myaccount.validate_id_token_issuer is defined }} - {% if myaccount.validate_id_token_issuer is defined %} - "validateIDTokenIssuer": {{ myaccount.validate_id_token_issuer }} - {% endif %} + } } diff --git a/apps/myaccount/src/init/app-utils.ts b/apps/myaccount/src/init/app-utils.ts index f3d109ec598..7b5c1b96e17 100644 --- a/apps/myaccount/src/init/app-utils.ts +++ b/apps/myaccount/src/init/app-utils.ts @@ -222,8 +222,7 @@ export const AppUtils: AppUtilsInterface = (function() { tenant: (this.isSuperTenant()) ? this.getSuperTenant() : this.getTenantName(), tenantPath: this.getTenantPath(), tenantPrefix: this.getTenantPrefix(), - ui: _config.ui, - validateIDTokenIssuer: _config.validateIDTokenIssuer ?? true + ui: _config.ui }; }, diff --git a/apps/myaccount/src/utils/authenticate-util.ts b/apps/myaccount/src/utils/authenticate-util.ts index 6ab3a8ae7dd..f341ac7f0aa 100644 --- a/apps/myaccount/src/utils/authenticate-util.ts +++ b/apps/myaccount/src/utils/authenticate-util.ts @@ -126,7 +126,7 @@ export const getAuthInitializeConfig = (): AuthReactConfig => { authorizationEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.authorizeEndpointURL, checkSessionIframe: window["AppUtils"]?.getConfig().idpConfigs?.oidcSessionIFrameEndpointURL, endSessionEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.logoutEndpointURL, - issuer: window["AppUtils"]?.getConfig().idpConfigs?.issuer, + issuer: window["AppUtils"]?.getConfig()?.idpConfigs?.issuer, jwksUri: window["AppUtils"]?.getConfig().idpConfigs?.jwksEndpointURL, revocationEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.tokenRevocationEndpointURL, tokenEndpoint: window["AppUtils"]?.getConfig().idpConfigs?.tokenEndpointURL @@ -139,7 +139,7 @@ export const getAuthInitializeConfig = (): AuthReactConfig => { signInRedirectURL: window["AppUtils"]?.getConfig().loginCallbackURL, signOutRedirectURL: window["AppUtils"]?.getConfig().loginCallbackURL, storage: resolveStorage() as Storage.WebWorker, - validateIDTokenIssuer: window["AppUtils"].getConfig().validateIDTokenIssuer, + validateIDTokenIssuer: window["AppUtils"]?.getConfig()?.idpConfigs?.validateIDTokenIssuer, ...window["AppUtils"]?.getConfig().idpConfigs }; };