From f3c022f0052f19bc5c4eed687eeeb189beafe424 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 13:14:07 +0530 Subject: [PATCH 1/6] fix: pr comment --- .../io/supertokens/webserver/api/oauth/OAuthTokenAPI.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java index 4567e7f61..5c64dd8b4 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java @@ -60,6 +60,9 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I String iss = InputParser.parseStringOrThrowError(input, "iss", false); // input validation JsonObject bodyFromSDK = InputParser.parseJsonObjectOrThrowError(input, "inputBody", false); + JsonObject accessTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "access_token", true); + JsonObject idTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "id_token", true); + // useStaticKeyInput defaults to true, so we check if it has been explicitly set to false Boolean useStaticKeyInput = InputParser.parseBooleanOrThrowError(input, "useStaticSigningKey", true); boolean useDynamicKey = Boolean.FALSE.equals(useStaticKeyInput); @@ -88,9 +91,6 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I AppIdentifier appIdentifier = getAppIdentifier(req); Storage storage = enforcePublicTenantAndGetPublicTenantStorage(req); - JsonObject accessTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "access_token", true); - JsonObject idTokenUpdate = InputParser.parseJsonObjectOrThrowError(input, "id_token", true); - jsonBody = OAuth.transformTokens(super.main, appIdentifier, storage, jsonBody.getAsJsonObject(), iss, accessTokenUpdate, idTokenUpdate, useDynamicKey); } catch (IOException | InvalidConfigException | TenantOrAppNotFoundException | BadPermissionException | StorageQueryException | InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException | JWTCreationException | JWTException | StorageTransactionLogicException | UnsupportedJWTSigningAlgorithmException e) { From 095a27fcdbaf5655065a49ed29e546461d57806c Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 13:21:07 +0530 Subject: [PATCH 2/6] fix: pr comments --- ...ttpRequest.java => HttpRequestForOry.java} | 8 ++++++- src/main/java/io/supertokens/oauth/OAuth.java | 22 +++++++++---------- .../CreateUpdateOrGetOAuthClientAPI.java | 10 ++++----- .../OAuthAcceptAuthConsentRequestAPI.java | 2 +- .../webserver/api/oauth/OAuthAuthAPI.java | 2 +- .../api/oauth/OAuthClientListAPI.java | 2 +- .../oauth/OAuthGetAuthConsentRequestAPI.java | 2 +- .../oauth/OAuthGetAuthLoginRequestAPI.java | 2 +- .../oauth/OAuthGetAuthLogoutRequestAPI.java | 2 +- .../webserver/api/oauth/OAuthProxyHelper.java | 12 +++++----- .../OAuthRejectAuthConsentRequestAPI.java | 2 +- .../oauth/OAuthRejectAuthLoginRequestAPI.java | 2 +- .../OAuthRejectAuthLogoutRequestAPI.java | 2 +- .../api/oauth/OAuthTokenIntrospectAPI.java | 2 +- .../api/oauth/RemoveOAuthClientAPI.java | 2 +- 15 files changed, 40 insertions(+), 34 deletions(-) rename src/main/java/io/supertokens/oauth/{HttpRequest.java => HttpRequestForOry.java} (94%) diff --git a/src/main/java/io/supertokens/oauth/HttpRequest.java b/src/main/java/io/supertokens/oauth/HttpRequestForOry.java similarity index 94% rename from src/main/java/io/supertokens/oauth/HttpRequest.java rename to src/main/java/io/supertokens/oauth/HttpRequestForOry.java index ff3b954d7..62f5945e8 100644 --- a/src/main/java/io/supertokens/oauth/HttpRequest.java +++ b/src/main/java/io/supertokens/oauth/HttpRequestForOry.java @@ -15,7 +15,13 @@ import java.util.Map; import java.util.stream.Collectors; -public class HttpRequest { +public class HttpRequestForOry { + // This is a helper class to make HTTP requests to the hydra server specifically. + // Although this is similar to HttpRequest, this is slightly modified to be able to work with + // form data, headers in request and responses, query params in non-get requests, reading responses in + // case of errors, etc. + // Left the original HttpRequest as is to avoid any issues with existing code. + private static final int CONNECTION_TIMEOUT = 5000; private static final int READ_TIMEOUT = 5000; diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java index 36968478f..7e60dcc70 100644 --- a/src/main/java/io/supertokens/oauth/OAuth.java +++ b/src/main/java/io/supertokens/oauth/OAuth.java @@ -63,7 +63,7 @@ private static void checkForOauthFeature(AppIdentifier appIdentifier, Main main) "feature."); } - public static HttpRequest.Response doOAuthProxyGET(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -90,7 +90,7 @@ public static HttpRequest.Response doOAuthProxyGET(Main main, AppIdentifier appI } String fullUrl = baseURL + path; - HttpRequest.Response response = HttpRequest.doGet(fullUrl, headers, queryParams); + HttpRequestForOry.Response response = HttpRequestForOry.doGet(fullUrl, headers, queryParams); // Response transformations response.jsonResponse = Transformations.transformJsonResponseFromHydra(main, appIdentifier, response.jsonResponse); @@ -106,7 +106,7 @@ public static HttpRequest.Response doOAuthProxyGET(Main main, AppIdentifier appI return response; } - public static HttpRequest.Response doOAuthProxyFormPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map formFields, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyFormPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map formFields, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -133,7 +133,7 @@ public static HttpRequest.Response doOAuthProxyFormPOST(Main main, AppIdentifier } String fullUrl = baseURL + path; - HttpRequest.Response response = HttpRequest.doFormPost(fullUrl, headers, formFields); + HttpRequestForOry.Response response = HttpRequestForOry.doFormPost(fullUrl, headers, formFields); // Response transformations response.jsonResponse = Transformations.transformJsonResponseFromHydra(main, appIdentifier, response.jsonResponse); @@ -148,7 +148,7 @@ public static HttpRequest.Response doOAuthProxyFormPOST(Main main, AppIdentifier return response; } - public static HttpRequest.Response doOAuthProxyJsonPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -175,7 +175,7 @@ public static HttpRequest.Response doOAuthProxyJsonPOST(Main main, AppIdentifier } String fullUrl = baseURL + path; - HttpRequest.Response response = HttpRequest.doJsonPost(fullUrl, headers, jsonInput); + HttpRequestForOry.Response response = HttpRequestForOry.doJsonPost(fullUrl, headers, jsonInput); // Response transformations response.jsonResponse = Transformations.transformJsonResponseFromHydra(main, appIdentifier, response.jsonResponse); @@ -190,7 +190,7 @@ public static HttpRequest.Response doOAuthProxyJsonPOST(Main main, AppIdentifier return response; } - public static HttpRequest.Response doOAuthProxyJsonPUT(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonPUT(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -218,7 +218,7 @@ public static HttpRequest.Response doOAuthProxyJsonPUT(Main main, AppIdentifier } String fullUrl = baseURL + path; - HttpRequest.Response response = HttpRequest.doJsonPut(fullUrl, queryParams, headers, jsonInput); + HttpRequestForOry.Response response = HttpRequestForOry.doJsonPut(fullUrl, queryParams, headers, jsonInput); // Response transformations response.jsonResponse = Transformations.transformJsonResponseFromHydra(main, appIdentifier, response.jsonResponse); @@ -233,7 +233,7 @@ public static HttpRequest.Response doOAuthProxyJsonPUT(Main main, AppIdentifier return response; } - public static HttpRequest.Response doOAuthProxyJsonDELETE(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonDELETE(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -260,7 +260,7 @@ public static HttpRequest.Response doOAuthProxyJsonDELETE(Main main, AppIdentifi } String fullUrl = baseURL + path; - HttpRequest.Response response = HttpRequest.doJsonDelete(fullUrl, headers, jsonInput); + HttpRequestForOry.Response response = HttpRequestForOry.doJsonDelete(fullUrl, headers, jsonInput); // Response transformations response.jsonResponse = Transformations.transformJsonResponseFromHydra(main, appIdentifier, response.jsonResponse); @@ -275,7 +275,7 @@ public static HttpRequest.Response doOAuthProxyJsonDELETE(Main main, AppIdentifi return response; } - private static void checkNonSuccessResponse(HttpRequest.Response response) throws OAuthAPIException, OAuthClientNotFoundException { + private static void checkNonSuccessResponse(HttpRequestForOry.Response response) throws OAuthAPIException, OAuthClientNotFoundException { if (response.statusCode == 404) { throw new OAuthClientNotFoundException(); } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java index d3b9e8d57..108cba0ca 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java @@ -26,7 +26,7 @@ import io.supertokens.Main; import io.supertokens.featureflag.exceptions.FeatureNotEnabledException; import io.supertokens.multitenancy.exception.BadPermissionException; -import io.supertokens.oauth.HttpRequest; +import io.supertokens.oauth.HttpRequestForOry; import io.supertokens.oauth.OAuth; import io.supertokens.oauth.exceptions.OAuthAPIException; import io.supertokens.oauth.exceptions.OAuthClientNotFoundException; @@ -65,7 +65,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO true, // camelToSnakeCaseConversion OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), new HashMap<>(), // getHeadersForProxy - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse return jsonBody.getAsJsonObject(); } ); @@ -93,7 +93,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I true, // camelToSnakeCaseConversion input, // jsonBody new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse String clientId = jsonBody.getAsJsonObject().get("clientId").getAsString(); try { @@ -120,7 +120,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO try { Map queryParams = new HashMap<>(); queryParams.put("clientId", clientId); - HttpRequest.Response response = OAuth.doOAuthProxyGET( + HttpRequestForOry.Response response = OAuth.doOAuthProxyGET( main, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), @@ -151,7 +151,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO new HashMap<>(), // queryParams input, // jsonBody new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse return jsonBody.getAsJsonObject(); } ); diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java index b4e9447ab..2e3f814dc 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java @@ -41,7 +41,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), input, // jsonBody new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java index 944f37600..a8752f6bf 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java @@ -73,7 +73,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I false, // camelToSnakeCaseConversion queryParams, headers, - (statusCode, responseHeaders, rawBody, jsonBody) -> { // handleResponse + (statusCode, responseHeaders, rawBody, jsonBody) -> { // getJsonResponse if (headers == null || !responseHeaders.containsKey("Location")) { throw new IllegalStateException("Invalid response from hydra"); } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java index 96bc6a5d6..d177c7fcf 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java @@ -44,7 +44,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO true, // camelToSnakeCaseConversion new HashMap<>(), // queryParams new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = new JsonObject(); response.addProperty("status", "OK"); diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java index e7432dbe9..4faa5e65f 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java @@ -37,7 +37,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO true, // camelToSnakeCaseConversion OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java index 4d3546720..ca9a4af6a 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java @@ -37,7 +37,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO true, // camelToSnakeCaseConversion OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java index 308c3164f..0b4f9433f 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java @@ -37,7 +37,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO true, // camelToSnakeCaseConversion OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java index 58855afa4..a4acb0593 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java @@ -13,7 +13,7 @@ import io.supertokens.Main; import io.supertokens.featureflag.exceptions.FeatureNotEnabledException; -import io.supertokens.oauth.HttpRequest; +import io.supertokens.oauth.HttpRequestForOry; import io.supertokens.oauth.OAuth; import io.supertokens.oauth.exceptions.OAuthAPIException; import io.supertokens.oauth.exceptions.OAuthClientNotFoundException; @@ -35,7 +35,7 @@ public static void proxyGET(Main main, HttpServletRequest req, HttpServletRespon Map queryParams, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequest.Response response = OAuth.doOAuthProxyGET(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyGET(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -61,7 +61,7 @@ public static void proxyFormPOST(Main main, HttpServletRequest req, HttpServletR Map formFields, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequest.Response response = OAuth.doOAuthProxyFormPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, formFields, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyFormPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, formFields, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -87,7 +87,7 @@ public static void proxyJsonPOST(Main main, HttpServletRequest req, HttpServletR JsonObject jsonInput, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequest.Response response = OAuth.doOAuthProxyJsonPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -114,7 +114,7 @@ public static void proxyJsonPUT(Main main, HttpServletRequest req, HttpServletRe Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequest.Response response = OAuth.doOAuthProxyJsonPUT(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPUT(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -140,7 +140,7 @@ public static void proxyJsonDELETE(Main main, HttpServletRequest req, HttpServle JsonObject jsonInput, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequest.Response response = OAuth.doOAuthProxyJsonDELETE(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonDELETE(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java index c90639573..cc886d09d 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java @@ -41,7 +41,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), input, // getJsonBody new HashMap<>(), // getHeadersForProxy - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java index c6cd0f9e5..ea676b754 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java @@ -42,7 +42,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), input, // jsonBody new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java index a43309e62..dca66535f 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java @@ -41,7 +41,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO OAuthProxyHelper.defaultGetQueryParamsFromRequest(req), input, // jsonBody new HashMap<>(), // headers - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("status", "OK"); return response; diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java index 607e5780f..101f56e09 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java @@ -71,7 +71,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I false, // camelToSnakeCaseConversion formFields, new HashMap<>(), // getHeaders - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("iss", iss); diff --git a/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java index 2a58a4427..1063c667f 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java @@ -60,7 +60,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I true, // camelToSnakeCaseConversion new JsonObject(), // getJsonBody new HashMap<>(), // getHeadersForProxy - (statusCode, headers, rawBody, jsonBody) -> { // handleResponse + (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse try { OAuth.removeClientId(main, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), clientId); } catch (StorageQueryException | TenantOrAppNotFoundException | BadPermissionException e) { From da96bc4e4139f38ce297344207ff610e01c79361 Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 14:00:40 +0530 Subject: [PATCH 3/6] fix: owner and pagination --- .../CreateUpdateOrGetOAuthClientAPI.java | 11 +++++- .../api/oauth/OAuthClientListAPI.java | 37 +++++++++++++++++-- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java index 108cba0ca..11156c392 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java @@ -31,8 +31,10 @@ import io.supertokens.oauth.exceptions.OAuthAPIException; import io.supertokens.oauth.exceptions.OAuthClientNotFoundException; import io.supertokens.pluginInterface.RECIPE_ID; +import io.supertokens.pluginInterface.Storage; import io.supertokens.pluginInterface.exceptions.InvalidConfigException; import io.supertokens.pluginInterface.exceptions.StorageQueryException; +import io.supertokens.pluginInterface.multitenancy.AppIdentifier; import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException; import io.supertokens.pluginInterface.oauth.exceptions.OAuth2ClientAlreadyExistsForAppException; import io.supertokens.webserver.InputParser; @@ -84,10 +86,15 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I input.addProperty("subjectType", "public"); try { + AppIdentifier appIdentifier = getAppIdentifier(req); + Storage storage = enforcePublicTenantAndGetPublicTenantStorage(req); + + input.addProperty("owner", appIdentifier.getAppId()); + OAuthProxyHelper.proxyJsonPOST( main, req, resp, - getAppIdentifier(req), - enforcePublicTenantAndGetPublicTenantStorage(req), + appIdentifier, + storage, "/admin/clients", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java index d177c7fcf..a79ff9e92 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java @@ -4,6 +4,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; import com.google.gson.JsonArray; @@ -14,7 +15,9 @@ import io.supertokens.multitenancy.exception.BadPermissionException; import io.supertokens.oauth.OAuth; import io.supertokens.pluginInterface.RECIPE_ID; +import io.supertokens.pluginInterface.Storage; import io.supertokens.pluginInterface.exceptions.StorageQueryException; +import io.supertokens.pluginInterface.multitenancy.AppIdentifier; import io.supertokens.pluginInterface.multitenancy.exceptions.TenantOrAppNotFoundException; import io.supertokens.webserver.WebserverAPI; import jakarta.servlet.ServletException; @@ -35,14 +38,19 @@ public String getPath() { @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException { try { + AppIdentifier appIdentifier = getAppIdentifier(req); + Storage storage = enforcePublicTenantAndGetPublicTenantStorage(req); + Map queryParams = OAuthProxyHelper.defaultGetQueryParamsFromRequest(req); + queryParams.put("owner", appIdentifier.getAppId()); + OAuthProxyHelper.proxyGET( main, req, resp, - getAppIdentifier(req), - enforcePublicTenantAndGetPublicTenantStorage(req), + appIdentifier, + storage, "/admin/clients", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion - new HashMap<>(), // queryParams + queryParams, new HashMap<>(), // headers (statusCode, headers, rawBody, jsonBody) -> { // getJsonResponse JsonObject response = new JsonObject(); @@ -67,6 +75,29 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO } response.add("clients", clients); + + // pagination + List linkHeader = headers.get("Link"); + if (linkHeader != null && !linkHeader.isEmpty()) { + for (String nextLink : linkHeader.get(0).split(",")) { + if (!nextLink.contains("rel=\"next\"")) { + continue; + } + + String pageToken = null; + if (nextLink.contains("page_token=")) { + int startIndex = nextLink.indexOf("page_token=") + "page_token=".length(); + int endIndex = nextLink.indexOf('>', startIndex); + if (endIndex != -1) { + pageToken = nextLink.substring(startIndex, endIndex); + } + } + if (pageToken != null) { + response.addProperty("nextPaginationToken", pageToken); + } + } + } + return response; } ); From 160dce50a244139c0a1c581c09932aaab22b2b7c Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 14:04:47 +0530 Subject: [PATCH 4/6] fix: pr comment --- src/main/java/io/supertokens/oauth/OAuth.java | 1 - src/main/java/io/supertokens/oauth/Transformations.java | 4 ---- 2 files changed, 5 deletions(-) diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java index 7e60dcc70..ba5d61120 100644 --- a/src/main/java/io/supertokens/oauth/OAuth.java +++ b/src/main/java/io/supertokens/oauth/OAuth.java @@ -79,7 +79,6 @@ public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifie } // Request transformations - queryParams = Transformations.transformQueryParamsForHydra(queryParams); headers = Transformations.transformRequestHeadersForHydra(headers); String baseURL; diff --git a/src/main/java/io/supertokens/oauth/Transformations.java b/src/main/java/io/supertokens/oauth/Transformations.java index 77b5940c4..45df22a7a 100644 --- a/src/main/java/io/supertokens/oauth/Transformations.java +++ b/src/main/java/io/supertokens/oauth/Transformations.java @@ -22,10 +22,6 @@ public class Transformations { - public static Map transformQueryParamsForHydra(Map queryParams) { - return queryParams; - } - public static Map transformRequestHeadersForHydra(Map requestHeaders) { if (requestHeaders == null) { return requestHeaders; From bd0a91871b2e009547bf5c15646f50636925ad9a Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 14:19:42 +0530 Subject: [PATCH 5/6] fix: client id check --- src/main/java/io/supertokens/oauth/OAuth.java | 35 ++++++++----------- .../CreateUpdateOrGetOAuthClientAPI.java | 4 +++ .../OAuthAcceptAuthConsentRequestAPI.java | 1 + .../oauth/OAuthAcceptAuthLoginRequestAPI.java | 1 + .../OAuthAcceptAuthLogoutRequestAPI.java | 1 + .../webserver/api/oauth/OAuthAuthAPI.java | 1 + .../api/oauth/OAuthClientListAPI.java | 1 + .../oauth/OAuthGetAuthConsentRequestAPI.java | 1 + .../oauth/OAuthGetAuthLoginRequestAPI.java | 1 + .../oauth/OAuthGetAuthLogoutRequestAPI.java | 1 + .../webserver/api/oauth/OAuthProxyHelper.java | 20 +++++------ .../OAuthRejectAuthConsentRequestAPI.java | 1 + .../oauth/OAuthRejectAuthLoginRequestAPI.java | 1 + .../OAuthRejectAuthLogoutRequestAPI.java | 1 + .../webserver/api/oauth/OAuthTokenAPI.java | 1 + .../api/oauth/OAuthTokenIntrospectAPI.java | 1 + .../api/oauth/RemoveOAuthClientAPI.java | 1 + 17 files changed, 43 insertions(+), 30 deletions(-) diff --git a/src/main/java/io/supertokens/oauth/OAuth.java b/src/main/java/io/supertokens/oauth/OAuth.java index ba5d61120..ba323cca2 100644 --- a/src/main/java/io/supertokens/oauth/OAuth.java +++ b/src/main/java/io/supertokens/oauth/OAuth.java @@ -63,7 +63,7 @@ private static void checkForOauthFeature(AppIdentifier appIdentifier, Main main) "feature."); } - public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifier appIdentifier, Storage storage, String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -71,9 +71,8 @@ public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifie queryParams = convertCamelToSnakeCase(queryParams); } - if (queryParams != null && queryParams.containsKey("client_id")) { - String clientId = queryParams.get("client_id"); - if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientId)) { + if (clientIdToCheck != null) { + if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientIdToCheck)) { throw new OAuthClientNotFoundException(); } } @@ -105,7 +104,7 @@ public static HttpRequestForOry.Response doOAuthProxyGET(Main main, AppIdentifie return response; } - public static HttpRequestForOry.Response doOAuthProxyFormPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map formFields, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyFormPOST(Main main, AppIdentifier appIdentifier, Storage storage, String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map formFields, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -113,9 +112,8 @@ public static HttpRequestForOry.Response doOAuthProxyFormPOST(Main main, AppIden formFields = OAuth.convertCamelToSnakeCase(formFields); } - if (formFields.containsKey("client_id")) { - String clientId = formFields.get("client_id"); - if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientId)) { + if (clientIdToCheck != null) { + if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientIdToCheck)) { throw new OAuthClientNotFoundException(); } } @@ -147,7 +145,7 @@ public static HttpRequestForOry.Response doOAuthProxyFormPOST(Main main, AppIden return response; } - public static HttpRequestForOry.Response doOAuthProxyJsonPOST(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonPOST(Main main, AppIdentifier appIdentifier, Storage storage, String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -155,9 +153,8 @@ public static HttpRequestForOry.Response doOAuthProxyJsonPOST(Main main, AppIden jsonInput = convertCamelToSnakeCase(jsonInput); } - if (jsonInput.has("client_id")) { - String clientId = jsonInput.get("client_id").getAsString(); - if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientId)) { + if (clientIdToCheck != null) { + if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientIdToCheck)) { throw new OAuthClientNotFoundException(); } } @@ -189,7 +186,7 @@ public static HttpRequestForOry.Response doOAuthProxyJsonPOST(Main main, AppIden return response; } - public static HttpRequestForOry.Response doOAuthProxyJsonPUT(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonPUT(Main main, AppIdentifier appIdentifier, Storage storage, String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -198,9 +195,8 @@ public static HttpRequestForOry.Response doOAuthProxyJsonPUT(Main main, AppIdent jsonInput = convertCamelToSnakeCase(jsonInput); } - if (jsonInput.has("client_id")) { - String clientId = jsonInput.get("client_id").getAsString(); - if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientId)) { + if (clientIdToCheck != null) { + if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientIdToCheck)) { throw new OAuthClientNotFoundException(); } } @@ -232,7 +228,7 @@ public static HttpRequestForOry.Response doOAuthProxyJsonPUT(Main main, AppIdent return response; } - public static HttpRequestForOry.Response doOAuthProxyJsonDELETE(Main main, AppIdentifier appIdentifier, Storage storage, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { + public static HttpRequestForOry.Response doOAuthProxyJsonDELETE(Main main, AppIdentifier appIdentifier, Storage storage, String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers) throws StorageQueryException, OAuthClientNotFoundException, TenantOrAppNotFoundException, FeatureNotEnabledException, InvalidConfigException, IOException, OAuthAPIException { checkForOauthFeature(appIdentifier, main); OAuthStorage oauthStorage = StorageUtils.getOAuthStorage(storage); @@ -240,9 +236,8 @@ public static HttpRequestForOry.Response doOAuthProxyJsonDELETE(Main main, AppId jsonInput = OAuth.convertCamelToSnakeCase(jsonInput); } - if (jsonInput.has("client_id")) { - String clientId = jsonInput.get("client_id").getAsString(); - if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientId)) { + if (clientIdToCheck != null) { + if (!oauthStorage.doesClientIdExistForThisApp(appIdentifier, clientIdToCheck)) { throw new OAuthClientNotFoundException(); } } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java index 11156c392..3e314fa75 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/CreateUpdateOrGetOAuthClientAPI.java @@ -62,6 +62,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + clientId, // clientIdToCheck "/admin/clients/" + clientId, // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion @@ -95,6 +96,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I main, req, resp, appIdentifier, storage, + null, // clientIdToCheck "/admin/clients", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion @@ -131,6 +133,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + clientId, "/admin/clients/" + clientId, true, true, queryParams, null); @@ -152,6 +155,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + clientId, // clientIdToCheck "/admin/clients/" + clientId, true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java index 2e3f814dc..252af8542 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthConsentRequestAPI.java @@ -35,6 +35,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/consent/accept", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLoginRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLoginRequestAPI.java index 6ba1797ae..ea73b7bf4 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLoginRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLoginRequestAPI.java @@ -35,6 +35,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/login/accept", true, true, diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLogoutRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLogoutRequestAPI.java index 0f520184d..c321b50bf 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLogoutRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAcceptAuthLogoutRequestAPI.java @@ -35,6 +35,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/logout/accept", true, true, diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java index a8752f6bf..0662d0405 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthAuthAPI.java @@ -68,6 +68,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + queryParams.get("client_id"), // clientIdToCheck "/oauth2/auth", // proxyPath false, // proxyToAdmin false, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java index a79ff9e92..71086161a 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthClientListAPI.java @@ -47,6 +47,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, appIdentifier, storage, + null, // clientIdToCheck "/admin/clients", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java index 4faa5e65f..216073ed6 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthConsentRequestAPI.java @@ -32,6 +32,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/consent", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java index ca9a4af6a..d432e951d 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLoginRequestAPI.java @@ -32,6 +32,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/login", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java index 0b4f9433f..a6e168825 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthGetAuthLogoutRequestAPI.java @@ -32,6 +32,7 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/logout", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java index a4acb0593..e71dedb53 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthProxyHelper.java @@ -31,11 +31,11 @@ public class OAuthProxyHelper { private static final long serialVersionUID = -8734479943734920904L; public static void proxyGET(Main main, HttpServletRequest req, HttpServletResponse resp, AppIdentifier appIdentifier, Storage storage, - String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, + String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequestForOry.Response response = OAuth.doOAuthProxyGET(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyGET(main, appIdentifier, storage, clientIdToCheck, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -57,11 +57,11 @@ public static void proxyGET(Main main, HttpServletRequest req, HttpServletRespon } public static void proxyFormPOST(Main main, HttpServletRequest req, HttpServletResponse resp, AppIdentifier appIdentifier, Storage storage, - String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, + String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map formFields, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequestForOry.Response response = OAuth.doOAuthProxyFormPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, formFields, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyFormPOST(main, appIdentifier, storage, clientIdToCheck, path, proxyToAdmin, camelToSnakeCaseConversion, formFields, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -83,11 +83,11 @@ public static void proxyFormPOST(Main main, HttpServletRequest req, HttpServletR } public static void proxyJsonPOST(Main main, HttpServletRequest req, HttpServletResponse resp, AppIdentifier appIdentifier, Storage storage, - String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, + String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPOST(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPOST(main, appIdentifier, storage, clientIdToCheck, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -109,12 +109,12 @@ public static void proxyJsonPOST(Main main, HttpServletRequest req, HttpServletR } public static void proxyJsonPUT(Main main, HttpServletRequest req, HttpServletResponse resp, AppIdentifier appIdentifier, Storage storage, - String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, + String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, Map queryParams, JsonObject jsonInput, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPUT(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonPUT(main, appIdentifier, storage, clientIdToCheck, path, proxyToAdmin, camelToSnakeCaseConversion, queryParams, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, @@ -136,11 +136,11 @@ public static void proxyJsonPUT(Main main, HttpServletRequest req, HttpServletRe } public static void proxyJsonDELETE(Main main, HttpServletRequest req, HttpServletResponse resp, AppIdentifier appIdentifier, Storage storage, - String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, + String clientIdToCheck, String path, boolean proxyToAdmin, boolean camelToSnakeCaseConversion, JsonObject jsonInput, Map headers, GetJsonResponse getJsonResponse) throws IOException, ServletException { try { - HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonDELETE(main, appIdentifier, storage, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); + HttpRequestForOry.Response response = OAuth.doOAuthProxyJsonDELETE(main, appIdentifier, storage, clientIdToCheck, path, proxyToAdmin, camelToSnakeCaseConversion, jsonInput, headers); JsonObject jsonResponse = getJsonResponse.apply( response.statusCode, diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java index cc886d09d..0fffe2c53 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthConsentRequestAPI.java @@ -35,6 +35,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/consent/reject", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java index ea676b754..490bb1827 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLoginRequestAPI.java @@ -36,6 +36,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/login/reject", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java index dca66535f..8dacafc16 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthRejectAuthLogoutRequestAPI.java @@ -35,6 +35,7 @@ protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IO main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/auth/requests/logout/reject", // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java index 5c64dd8b4..8660cddde 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenAPI.java @@ -77,6 +77,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + formFields.get("client_id"), // clientIdToCheck "/oauth2/token", // proxyPath false, // proxyToAdmin false, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java index 101f56e09..6a1a1946d 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java @@ -66,6 +66,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + null, // clientIdToCheck "/admin/oauth2/introspect", // pathProxy true, // proxyToAdmin false, // camelToSnakeCaseConversion diff --git a/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java index 1063c667f..a31fb16f4 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/RemoveOAuthClientAPI.java @@ -55,6 +55,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I main, req, resp, getAppIdentifier(req), enforcePublicTenantAndGetPublicTenantStorage(req), + clientId, // clientIdToCheck "/admin/clients/" + clientId, // proxyPath true, // proxyToAdmin true, // camelToSnakeCaseConversion From b791bf4c6bc6b6ecbf84f8e0c9fd41d3382b2d2f Mon Sep 17 00:00:00 2001 From: Sattvik Chakravarthy Date: Wed, 18 Sep 2024 15:07:35 +0530 Subject: [PATCH 6/6] fix: ext related --- .../java/io/supertokens/oauth/OAuthToken.java | 5 +++++ .../io/supertokens/oauth/Transformations.java | 18 ++++++++++++++++++ .../api/oauth/OAuthTokenIntrospectAPI.java | 9 ++------- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/main/java/io/supertokens/oauth/OAuthToken.java b/src/main/java/io/supertokens/oauth/OAuthToken.java index d2433a1a3..e04143c71 100644 --- a/src/main/java/io/supertokens/oauth/OAuthToken.java +++ b/src/main/java/io/supertokens/oauth/OAuthToken.java @@ -102,6 +102,11 @@ public static String reSignToken(AppIdentifier appIdentifier, Main main, String payload.addProperty("iss", iss); payload.addProperty("stt", tokenType.getValue()); + if (tokenType == TokenType.ACCESS_TOKEN) { + // we need to move rsub, tId and sessionHandle from ext to root + Transformations.transformExt(payload); + } + if (payloadUpdate != null) { for (Map.Entry entry : payloadUpdate.entrySet()) { if (!NON_OVERRIDABLE_TOKEN_PROPS.contains(entry.getKey())) { diff --git a/src/main/java/io/supertokens/oauth/Transformations.java b/src/main/java/io/supertokens/oauth/Transformations.java index 45df22a7a..589a553cf 100644 --- a/src/main/java/io/supertokens/oauth/Transformations.java +++ b/src/main/java/io/supertokens/oauth/Transformations.java @@ -8,6 +8,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -21,6 +22,7 @@ import io.supertokens.utils.Utils; public class Transformations { + private static Set EXT_PROPS = Set.of("rsub", "tId", "sessionHandle"); public static Map transformRequestHeadersForHydra(Map requestHeaders) { if (requestHeaders == null) { @@ -204,4 +206,20 @@ public static JsonObject transformJsonForHydra(JsonObject jsonInput) { } return transformedJsonInput; } + + public static void transformExt(JsonObject payload) { + if (payload.has("ext")) { + JsonObject ext = payload.get("ext").getAsJsonObject(); + for (String prop : EXT_PROPS) { + if (ext.has(prop)) { + payload.addProperty(prop, ext.get(prop).getAsString()); + ext.remove(prop); + } + } + + if (ext.entrySet().size() == 0) { + payload.remove("ext"); + } + } + } } diff --git a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java index 6a1a1946d..b24ca17cf 100644 --- a/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java +++ b/src/main/java/io/supertokens/webserver/api/oauth/OAuthTokenIntrospectAPI.java @@ -21,6 +21,7 @@ import io.supertokens.jwt.exceptions.UnsupportedJWTSigningAlgorithmException; import io.supertokens.multitenancy.exception.BadPermissionException; import io.supertokens.oauth.OAuth; +import io.supertokens.oauth.Transformations; import io.supertokens.pluginInterface.RECIPE_ID; import io.supertokens.pluginInterface.Storage; import io.supertokens.pluginInterface.exceptions.StorageQueryException; @@ -76,13 +77,7 @@ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws I JsonObject response = jsonBody.getAsJsonObject(); response.addProperty("iss", iss); - if (response.has("ext")) { - JsonObject ext = response.get("ext").getAsJsonObject(); - for (Map.Entry entry : ext.entrySet()) { - response.add(entry.getKey(), entry.getValue()); - } - response.remove("ext"); - } + Transformations.transformExt(response); response.addProperty("status", "OK"); return response;