From 9d3877bdeee7340ce51592d0f03c8ea69a683a35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mili=C4=87?= Date: Wed, 8 Mar 2023 09:19:23 +0100 Subject: [PATCH] feature/Hydra ORA: It is no longer possible to set an OAuth2 Client ID as a user --- .../code/snippet/ConsumerRegistration.scala | 51 +++++++++++-------- .../src/main/scala/code/util/HydraUtil.scala | 3 +- 2 files changed, 33 insertions(+), 21 deletions(-) diff --git a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala index 961a8ab0e..391de43d0 100644 --- a/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala +++ b/obp-api/src/main/scala/code/snippet/ConsumerRegistration.scala @@ -27,7 +27,6 @@ TESOBE (http://www.tesobe.com/) package code.snippet import java.util - import code.api.{Constant, DirectLogin} import code.api.util.{APIUtil, ErrorMessages, X509} import code.consumer.Consumers @@ -42,6 +41,7 @@ import net.liftweb.util.Helpers._ import net.liftweb.util.{CssSel, FieldError, Helpers} import org.apache.commons.lang3.StringUtils import org.codehaus.jackson.map.ObjectMapper +import sh.ory.hydra.model.OAuth2Client import scala.collection.immutable.{List, ListMap} import scala.jdk.CollectionConverters.seqAsJavaListConverter @@ -127,19 +127,17 @@ class ConsumerRegistration extends MdcLoggable { "#register-consumer-success" #> "" } - def showResults(consumer : Consumer) = { - val urlOAuthEndpoint = Constant.HostName + "/oauth/initiate" - val urlDirectLoginEndpoint = Constant.HostName + "/my/logins/direct" + def createHydraClient(consumer: Consumer): Option[OAuth2Client] = { val jwksUri = jwksUriVar.is val jwks = jwksVar.is - val jwsAlg = signingAlgVar.is - var jwkPrivateKey: String = s"Please change this value to ${if(StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key" + + var jwkPrivateKey: String = s"Please change this value to ${if (StringUtils.isNotBlank(jwksUri)) "jwks_uri" else "jwks"} corresponding private key" // In case we use Hydra ORY as Identity Provider we create corresponding client at Hydra side a well - if(HydraUtil.integrateWithHydra) { + if (HydraUtil.integrateWithHydra) { HydraUtil.createHydraClient(consumer, oAuth2Client => { val signingAlg = signingAlgVar.is - if(oidcCheckboxVar.is == false) { + if (oidcCheckboxVar.is == false) { // TODO Set token_endpoint_auth_method in accordance to the Consumer.AppType value // Consumer.AppType = Confidential => client_secret_post // Consumer.AppType = Public => private_key_jwt @@ -148,8 +146,8 @@ class ConsumerRegistration extends MdcLoggable { } else { oAuth2Client.setTokenEndpointAuthMethod(HydraUtil.clientSecretPost) } - - + + oAuth2Client.setTokenEndpointAuthSigningAlg(signingAlg) oAuth2Client.setRequestObjectSigningAlg(signingAlg) @@ -157,25 +155,34 @@ class ConsumerRegistration extends MdcLoggable { new ObjectMapper().readValue(jwksJson, classOf[util.Map[String, _]]) val requestUri = requestUriVar.is - if(StringUtils.isAllBlank(jwksUri, jwks)) { - val(privateKey, publicKey) = HydraUtil.createJwk(signingAlg) + if (StringUtils.isAllBlank(jwksUri, jwks)) { + val (privateKey, publicKey) = HydraUtil.createJwk(signingAlg) jwkPrivateKey = privateKey val jwksJson = s"""{"keys": [$publicKey]}""" val jwksMap = toJson(jwksJson) oAuth2Client.setJwks(jwksMap) - } else if(StringUtils.isNotBlank(jwks)){ + } else if (StringUtils.isNotBlank(jwks)) { val jwksMap = toJson(jwks) oAuth2Client.setJwks(jwksMap) - } else if(StringUtils.isNotBlank(jwksUri)){ + } else if (StringUtils.isNotBlank(jwksUri)) { oAuth2Client.setJwksUri(jwksUri) } - if(StringUtils.isNotBlank(requestUri)) { + if (StringUtils.isNotBlank(requestUri)) { oAuth2Client.setRequestUris(List(requestUri).asJava) } oAuth2Client }) + } else { + None } + } + + def showResults(consumer : Consumer) = { + val urlOAuthEndpoint = Constant.HostName + "/oauth/initiate" + val urlDirectLoginEndpoint = Constant.HostName + "/my/logins/direct" + val jwsAlg = signingAlgVar.is + val (jwkPrivateKey, _) = HydraUtil.createJwk(signingAlgVar.is) val registerConsumerSuccessMessageWebpage = getWebUiPropsValue( "webui_register_consumer_success_message_webpage", "Thanks for registering your consumer with the Open Bank Project API! Here is your developer information. Please save it in a secure location.") @@ -241,12 +248,16 @@ class ConsumerRegistration extends MdcLoggable { } } - def showRegistrationResults(result : Consumer) = { + def showRegistrationResults(consumer : Consumer) = { + // Create client at Hydra ORA side and update our consumer with a new Client ID + val updatedConsumer = createHydraClient(consumer).flatMap { c => + Consumers.consumers.vend + .updateConsumer(consumer.id.get,Some(c.getClientId),None,None,None,None,None,None,None,None) + }.getOrElse(consumer) - notifyRegistrationOccurred(result) - sendEmailToDeveloper(result) - - showResults(result) + notifyRegistrationOccurred(updatedConsumer) + sendEmailToDeveloper(updatedConsumer) + showResults(updatedConsumer) } def showErrors(errors : List[FieldError]) = { diff --git a/obp-api/src/main/scala/code/util/HydraUtil.scala b/obp-api/src/main/scala/code/util/HydraUtil.scala index b3d20fb2f..7a32bc04c 100644 --- a/obp-api/src/main/scala/code/util/HydraUtil.scala +++ b/obp-api/src/main/scala/code/util/HydraUtil.scala @@ -77,7 +77,8 @@ object HydraUtil extends MdcLoggable{ return None } val oAuth2Client = new OAuth2Client() - oAuth2Client.setClientId(consumer.key.get) + // Hydra ORA: It is no longer possible to set an OAuth2 Client ID as a user. The system will generate a unique ID for you. + // oAuth2Client.setClientId(consumer.key.get) oAuth2Client.setClientSecret(consumer.secret.get) oAuth2Client.setClientName(consumer.name.get)