WSO2 Carbon Extension- Identity Oauth Extensions Feature

This feature contains extension feature for JWT Grant Type

License

License

Categories

Categories

IDE Development Tools H2 Data Databases OAuth2 Security
GroupId

GroupId

org.wso2.carbon.extension.identity.oauth.addons
ArtifactId

ArtifactId

org.wso2.carbon.extension.identity.oauth2.extension.feature
Last Version

Last Version

1.0.4
Release Date

Release Date

Type

Type

pom
Description

Description

WSO2 Carbon Extension- Identity Oauth Extensions Feature
This feature contains extension feature for JWT Grant Type
Project URL

Project URL

http://wso2.org
Project Organization

Project Organization

WSO2

Download org.wso2.carbon.extension.identity.oauth2.extension.feature

How to add to project

<!-- https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/ -->
<dependency>
    <groupId>org.wso2.carbon.extension.identity.oauth.addons</groupId>
    <artifactId>org.wso2.carbon.extension.identity.oauth2.extension.feature</artifactId>
    <version>1.0.4</version>
    <type>pom</type>
</dependency>
// https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/
implementation 'org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:1.0.4'
// https://jarcasting.com/artifacts/org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature/
implementation ("org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:1.0.4")
'org.wso2.carbon.extension.identity.oauth.addons:org.wso2.carbon.extension.identity.oauth2.extension.feature:pom:1.0.4'
<dependency org="org.wso2.carbon.extension.identity.oauth.addons" name="org.wso2.carbon.extension.identity.oauth2.extension.feature" rev="1.0.4">
  <artifact name="org.wso2.carbon.extension.identity.oauth2.extension.feature" type="pom" />
</dependency>
@Grapes(
@Grab(group='org.wso2.carbon.extension.identity.oauth.addons', module='org.wso2.carbon.extension.identity.oauth2.extension.feature', version='1.0.4')
)
libraryDependencies += "org.wso2.carbon.extension.identity.oauth.addons" % "org.wso2.carbon.extension.identity.oauth2.extension.feature" % "1.0.4"
[org.wso2.carbon.extension.identity.oauth.addons/org.wso2.carbon.extension.identity.oauth2.extension.feature "1.0.4"]

Dependencies

compile (23)

Group / Artifact Type Version
org.wso2.carbon.extension.identity.oauth.addons : org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt jar 1.0.4
org.wso2.carbon.identity.framework : org.wso2.carbon.idp.mgt jar 5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.common jar 5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.user.profile jar 5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.core jar 5.11.16
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.authentication.framework jar 5.11.16
commons-collections : commons-collections jar 3.2.2
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.notification.mgt jar 5.11.16
org.wso2.carbon : org.wso2.carbon.core jar 4.4.7
org.wso2.carbon : org.wso2.carbon.user.core jar 4.4.7
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.application.mgt jar 5.11.16
org.apache.oltu.oauth2 : org.apache.oltu.oauth2.client jar 0.31
org.apache.oltu.oauth2 : org.apache.oltu.oauth2.common jar 1.0.1
org.wso2.carbon : org.wso2.carbon.ui jar 4.4.7
org.json.wso2 » json jar 3.0.0.wso2v1
javax.servlet : jstl jar 1.2
com.nimbusds.wso2 » nimbus-jose-jwt jar 2.26.1.wso2v2
org.wso2.orbit.org.apache.oltu.oauth2 » oltu jar 1.0.0.wso2v3
org.wso2.carbon.identity.inbound.auth.oauth2 : org.wso2.carbon.identity.oauth jar 5.6.29
org.wso2.securevault : org.wso2.securevault jar 1.0.0-wso2v2
org.wso2.orbit.org.owasp.encoder » encoder jar 1.2.0.wso2v1
junit : junit jar 4.12
org.testng : testng jar 6.9.10

provided (1)

Group / Artifact Type Version
javax.servlet : servlet-api jar 3.0-alpha-1

test (7)

Group / Artifact Type Version
org.jacoco : org.jacoco.agent jar 0.7.9
org.powermock : powermock-module-testng jar 1.6.6
org.powermock : powermock-api-mockito jar 1.6.6
javax : javaee-web-api jar 7.0
com.h2database : h2 jar 1.0.60
org.wso2.carbon.identity.framework : org.wso2.carbon.identity.testutil jar 5.11.9
org.wso2.carbon : org.wso2.carbon.tomcat.ext jar 4.4.7

Project Modules

There are no modules declared in this project.

Identity OAuth Addons

This repository contains implementations for oauth extentions.

01. Private Key JWT Client Authentication

Pre-requisites:

  • Maven 3.x
  • Java 1.7 or above

Tested Platform:

  • Linux
  • WSO2 IS 5.5.0
  • Java 1.7

Do the following:

Deploying and Configuring JWT client-handler artifacts:

  1. Execute "mvn clean install" to build the project.

  2. Place component/client-handler/org.wso2.carbon.identity.oauth2.grant.jwttarget/ org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt--SNAPSHOT.jar in the <IS_HOME>/repository/component/dropins directory.

  3. To register the JWT grant type, configure the <IS_HOME>/repository/conf/identity/identity.xml file by adding a new entry under the element. Add a unique identifier between as seen in the code block below.

     <EventListener type="org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
                                name="org.wso2.carbon.identity.oauth2.token.handler.clientauth.jwt.PrivateKeyJWTClientAuthenticator"
                                orderId="899" enable="true">
         <Property name="preventTokenReuse">true</Property>
         <Property name="RejectBeforeInMinutes">100</Property>
         <Property name="TokenEndPointAlias">sample url</Property>
     </EventListener>
    
  4. Add Cache-configuration entry in <IS_HOME>/repository/conf/identity/identity.xml as below

     <CacheConfig>
        <CacheManager name="IdentityApplicationManagementCacheManager">
           ...
           <Cache name="PrivateKeyJWT" enable="true" timeout="10" capacity="5000" isDistributed="false"/>
        </CacheManager>
    </CacheConfig>
    
  5. Restart Server

  6. Add service provider

    • Select Add under Service Providers menu in the Main menu.
    • Fill in the Service Provider Name and provide a brief Description of the service provider.
    • Import the public key of the private_key_jwt issuer.
    • Expand the OAuth/OpenID Connect Configuration and click Configure.
    • Enter a callback url for example http://localhost:8080/playground2/oauth2client and click Add.
    • The OAuth Client Key and OAuth Client Secret will now be visible.
  7. The cURL command below can be used to retrieve access token and refresh token using a JWT. curl -v POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d 'client_id=<clientid>&grant_type=authorization_code&code=$CODE&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer&client_assertion=<private_key_jwt>&redirect_uri=http://localhost:8080/playground2/oauth2client" https://localhost:9443/oauth2/token

  8. Refer https://docs.wso2.com/display/IS550/Private+Key+JWT+Client+Authentication+for+OIDC for more details

02. Privileged User Authenticator

This authenticator is used to authenticate a privileged user and allow the permission to revoke accesstokens on behalf of an application.

Deploying and Configuring artifacts

  1. Execute "mvn clean install" to build the project.

  2. Place component/org.wso2.carbon.identity.oauth2.clientauth.privilegeduser/target/ org.wso2.carbon.identity.oauth2.clientauth.privilegeduser--SNAPSHOT.jar in the <IS_HOME>/repository/component/dropins directory. 3.The cURL command below can be used to revoke an accesstoken.

curl -k -v -d "username=<username>&password=<password>&token=<token>&token_type_hint
=<token_type>&client_id=<client-id>"  -H "Content-Type: application/x-www-form-urlencoded" https
://localhost
:9443/oauth2/revoke

Sample Request:

curl -k -v -d "[email protected]&password=admin&token=9f716139-4493-3635-abec-7498c2e6cba8&token_type_hint
=access_token&client_id=9e8S8L1lkippHTPIwhfXSl6IWGUa"  -H "Content-Type: application/x-www-form-urlencoded" https://localhost:9443/oauth2/revoke

Deployment.toml Config

Add the following config in the deployment.toml file to enable this authenticator.

[[event_listener]]
id = "privileged_user_authenticator"
type = "org.wso2.carbon.identity.core.handler.AbstractIdentityHandler"
name = "org.wso2.carbon.identity.oauth2.clientauth.privilegeduser.PrivilegedUserAuthenticator"
order = "200"

User Permission

  • The privileged user should have the following permission to revoke the access token /permission/admin/manage /application/revoke
  • Create the above permission
  • Assign that permission to the privileged user
org.wso2.carbon.extension.identity.oauth.addons

WSO2 Extensions

Versions

Version
1.0.4
1.0.3
1.0.2
1.0.0