Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide support for organization bound tokens for B2B applications #2187

Merged
merged 7 commits into from
Oct 17, 2023
Merged

Provide support for organization bound tokens for B2B applications #2187

merged 7 commits into from
Oct 17, 2023

Conversation

sadilchamishka
Copy link
Contributor

@sadilchamishka sadilchamishka commented Oct 10, 2023
edited
Loading

Proposed changes in this pull request

Add AUTHORIZED_ORGANIZATION new column to the IDN_OAUTH2_ACCESS_TOKEN table in order to support organization bound tokens to accomplish B2B IAM use cases.

Related Issues.

When should this PR be merged

Depends on

@sadilchamishka sadilchamishka force-pushed the add-authorized-organization-oauth2-token-table branch 5 times, most recently from d8a771d to e3dc8b2 Compare October 15, 2023 09:09
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6523518249

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6523518249
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6530875012

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6530875012
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/6536452532

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/6536452532
Status: success

jenkins-is-staging
jenkins-is-staging approved these changes Oct 16, 2023
View reviewed changes
Copy link

@jenkins-is-staging jenkins-is-staging left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/6536452532

sadilchamishka
sadilchamishka commented Oct 17, 2023
View reviewed changes
...h/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java
Comment on lines +534 to +550
String fullQualifiedUsername = authenticatedUser.toFullQualifiedUsername();
String userTenantDomain = authenticatedUser.getTenantDomain();
String userResidentTenantDomain = userTenantDomain;
if (StringUtils.isNotEmpty(authenticatedUser.getUserResidentOrganization())) {
userResidentTenantDomain = OAuthComponentServiceHolder.getInstance().getOrganizationManager()
.resolveTenantDomain(authenticatedUser.getUserResidentOrganization());
}
/* For B2B users, the resident organization is available to find the tenant where the user's identity is
managed. Hence, the correct tenant domain should be used to fetch user claims. */
if (!StringUtils.equals(userTenantDomain, userResidentTenantDomain)) {
AbstractUserStoreManager userStoreManager =
(AbstractUserStoreManager) OAuthComponentServiceHolder.getInstance().getRealmService()
.getTenantUserRealm(IdentityTenantUtil.getTenantId(userResidentTenantDomain))
.getUserStoreManager();
userTenantDomain = userResidentTenantDomain;
fullQualifiedUsername = userStoreManager.getUser(authenticatedUser.getUserId(), null)
.getFullQualifiedUsername();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to check this code is executed for B2B organization login users as they are treated as federated users.
For B2C users with switched to different org won't need this as the user's and app tenant domain remain same.

@sadilchamishka sadilchamishka force-pushed the add-authorized-organization-oauth2-token-table branch from 7386f21 to 377c45e Compare October 17, 2023 11:31
@sadilchamishka sadilchamishka force-pushed the add-authorized-organization-oauth2-token-table branch from 377c45e to 43bb4e5 Compare October 17, 2023 11:34
@sadilchamishka sadilchamishka merged commit 7799515 into wso2-extensions:master Oct 17, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnuradhaSK AnuradhaSK AnuradhaSK left review comments

@jenkins-is-staging jenkins-is-staging jenkins-is-staging approved these changes

@thanujalk thanujalk thanujalk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sadilchamishka @jenkins-is-staging @thanujalk @AnuradhaSK