Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set parent user's user store domain in shared token revoke flow #2664

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Set parent user's user store domain in shared token revoke flow #2664

wants to merge 2 commits into from

Conversation

HasiniSama
Copy link
Contributor

@HasiniSama HasiniSama commented Jan 7, 2025
edited
Loading

Proposed changes in this pull request

Purpose

When revoking an access token in a shared user flow, the authorized user's User Store Domain is set to the shared user's domain. Therefore, when retrieving the clientIDs from here, it will only retrieve the clientIDs associated with the shared user's User Store Domain.

However, when creating access tokens for shared users the User Store Domain of the parent user is used here and here. Hence these tokens are not getting revoked.

Approach

Hence the access token revoke logic for shared user flow has to be improved to handle the user's domain correctly which will eventually detect all the clientIDs issued.

This is an alternative approach to the fix wso2-extensions/identity-oauth2-grant-organization-switch#38. In which we amend the user store domain when the token is issued. Which would lead to user store mismatch between the token and the actual user. Here, we change the logic in the token revoke method.

SujanSanjula96
SujanSanjula96 previously approved these changes Jan 7, 2025
View reviewed changes
@sadilchamishka sadilchamishka mentioned this pull request Jan 7, 2025
Closed
@codecov Codecov
Copy link

codecov bot commented Jan 7, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 18 lines in your changes missing coverage. Please review.

Project coverage is 56.32%. Comparing base (4a0382c) to head (c0fda82).
Report is 8 commits behind head on master.

Files with missing lines Patch % Lines
...java/org/wso2/carbon/identity/oauth/OAuthUtil.java 0.00% 18 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##             master    #2664      +/-   ##
============================================
+ Coverage     55.52%   56.32%   +0.80%     
- Complexity     8249     8285      +36     
============================================
  Files           632      632              
  Lines         48572    47001    -1571     
  Branches       8933     8783     -150     
============================================
- Hits          26970    26475     -495     
+ Misses        17732    16741     -991     
+ Partials       3870     3785      -85
Flag Coverage Δ
unit 38.93% <0.00%> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

AnuradhaSK
AnuradhaSK previously approved these changes Jan 7, 2025
View reviewed changes
@HasiniSama HasiniSama dismissed stale reviews from AnuradhaSK and SujanSanjula96 via c534d4f January 9, 2025 11:17
@HasiniSama HasiniSama force-pushed the fix-user-store-domain-issue branch from 87b1244 to c534d4f Compare January 9, 2025 11:17
@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/12688880386

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/12688880386
Status: failure

@jenkins-is-staging
Copy link

PR builder started
Link: https://github.com/wso2/product-is/actions/runs/12703591457

@jenkins-is-staging
Copy link

PR builder completed
Link: https://github.com/wso2/product-is/actions/runs/12703591457
Status: failure

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sadilchamishka sadilchamishka sadilchamishka left review comments

@SujanSanjula96 SujanSanjula96 SujanSanjula96 left review comments

@AnuradhaSK AnuradhaSK AnuradhaSK left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@HasiniSama @jenkins-is-staging @AnuradhaSK @sadilchamishka @SujanSanjula96