Merge branch 'master' into handle-claim-mappings

components/org.wso2.carbon.identity.api.server.dcr/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.218-SNAPSHOT</version>
+        <version>7.0.226-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.dcr</artifactId>
-    <version>7.0.218-SNAPSHOT</version>
+    <version>7.0.226-SNAPSHOT</version>
     <name>WSO2 Carbon -  User DCR Rest API</name>
     <description>WSO2 Carbon - User DCR Rest API</description>
 

components/org.wso2.carbon.identity.api.server.oauth.scope/pom.xml

@@ -23,12 +23,12 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.218-SNAPSHOT</version>
+        <version>7.0.226-SNAPSHOT</version>
         <relativePath>../..</relativePath>
     </parent>
 
     <artifactId>org.wso2.carbon.identity.api.server.oauth.scope</artifactId>
-    <version>7.0.218-SNAPSHOT</version>
+    <version>7.0.226-SNAPSHOT</version>
 
     <name>WSO2 Carbon - Identity OAuth 2.0 Scope Rest APIs</name>
     <description>Rest APIs for OAuth 2.0 Scope Handling</description>

components/org.wso2.carbon.identity.client.attestation.filter/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
-        <version>7.0.218-SNAPSHOT</version>
+        <version>7.0.226-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
@@ -46,11 +46,6 @@
             <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
             <artifactId>org.wso2.carbon.identity.oauth</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-            <scope>provided</scope>
-        </dependency>
         <dependency>
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.base</artifactId>

components/org.wso2.carbon.identity.client.attestation.filter/src/main/java/org/wso2/carbon/identity/client/attestation/filter/ClientAttestationProxy.java

@@ -115,7 +115,7 @@ public void handleMessage(Message message) {
                     // Attestation validation should be performed only if API-based authentication is enabled.
                     if (serviceProvider.isAPIBasedAuthenticationEnabled()) {
                         // Validate the attestation header and obtain client attestation context
-                        clientAttestationContext = ClientAttestationServiceHolder.getInstance()
+                        clientAttestationContext = ClientAttestationServiceHolder
                                 .getClientAttestationService().validateAttestation(attestationHeader,
                                         serviceProvider.getApplicationResourceId(),
                                         IdentityTenantUtil.resolveTenantDomain());
@@ -265,7 +265,7 @@ private ServiceProvider getServiceProvider(String clientId, String tenantDomain)
 
         ServiceProvider serviceProvider;
         try {
-            serviceProvider = ClientAttestationServiceHolder.getInstance().getApplicationManagementService()
+            serviceProvider = ClientAttestationServiceHolder.getApplicationManagementService()
                     .getServiceProviderByClientId(clientId, OAUTH2, tenantDomain);
         } catch (IdentityApplicationManagementClientException e) {
             throw new WebApplicationException(

components/org.wso2.carbon.identity.client.attestation.filter/src/main/java/org/wso2/carbon/identity/client/attestation/filter/ClientAttestationServiceHolder.java

@@ -19,6 +19,7 @@
 
 package org.wso2.carbon.identity.client.attestation.filter;
 
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
 import org.wso2.carbon.identity.client.attestation.mgt.services.ClientAttestationService;
 
@@ -29,62 +30,44 @@
  */
 public class ClientAttestationServiceHolder {
 
-    // Singleton instance
-    private static ClientAttestationServiceHolder instance = new ClientAttestationServiceHolder();
-
     // Service instances
-    private ClientAttestationService clientAttestationService;
-    private ApplicationManagementService applicationManagementService;
-    // Private constructor to enforce Singleton pattern
-    private ClientAttestationServiceHolder() {}
-
-    /**
-     * Returns the singleton instance of the ClientAttestationServiceHolder.
-     *
-     * @return The singleton instance.
-     */
-    public static ClientAttestationServiceHolder getInstance() {
+    private static class ClientAttestationHolder {
 
-        return instance;
+        static final ClientAttestationService SERVICE = (ClientAttestationService)
+                PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                        .getOSGiService(ClientAttestationService.class, null);
     }
 
-    /**
-     * Gets the instance of the Client Attestation Service.
-     *
-     * @return The Client Attestation Service instance.
-     */
-    public ClientAttestationService getClientAttestationService() {
+    private static class ApplicationManagementHolder {
 
-        return ClientAttestationServiceHolder.getInstance().clientAttestationService;
+        static final ApplicationManagementService SERVICE = (ApplicationManagementService)
+                PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                        .getOSGiService(ApplicationManagementService.class, null);
     }
 
     /**
-     * Sets the instance of the Client Attestation Service.
+     * Gets the instance of the Client Attestation Service.
      *
-     * @param clientAttestationService The Client Attestation Service instance to set.
+     * @return The Client Attestation Service instance.
      */
-    public void setClientAttestationService(ClientAttestationService clientAttestationService) {
+    public static ClientAttestationService getClientAttestationService() {
 
-        ClientAttestationServiceHolder.getInstance().clientAttestationService = clientAttestationService;
+        if (ClientAttestationHolder.SERVICE == null) {
+            throw new IllegalStateException("ClientAttestationService is not available from OSGI context.");
+        }
+        return ClientAttestationHolder.SERVICE;
     }
 
     /**
      * Gets the instance of the Application Management Service.
      *
      * @return The Application Management Service instance.
      */
-    public ApplicationManagementService getApplicationManagementService() {
-
-        return ClientAttestationServiceHolder.getInstance().applicationManagementService;
-    }
-
-    /**
-     * Sets the instance of the Application Management Service.
-     *
-     * @param applicationManagementService The Application Management Service instance to set.
-     */
-    public void setApplicationManagementService(ApplicationManagementService applicationManagementService) {
+    public static ApplicationManagementService getApplicationManagementService() {
 
-        ClientAttestationServiceHolder.getInstance().applicationManagementService = applicationManagementService;
+        if (ApplicationManagementHolder.SERVICE == null) {
+            throw new IllegalStateException("ApplicationManagementService is not available from OSGI context.");
+        }
+        return ApplicationManagementHolder.SERVICE;
     }
 }

components/org.wso2.carbon.identity.discovery/pom.xml

@@ -21,7 +21,7 @@
         <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
         <artifactId>identity-inbound-auth-oauth</artifactId>
         <relativePath>../../pom.xml</relativePath>
-        <version>7.0.218-SNAPSHOT</version>
+        <version>7.0.226-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -52,6 +52,10 @@
             <groupId>org.wso2.carbon.identity.framework</groupId>
             <artifactId>org.wso2.carbon.identity.claim.metadata.mgt</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.inbound.auth.oauth2</groupId>
+            <artifactId>org.wso2.carbon.identity.oauth.rar</artifactId>
+        </dependency>
         <!--Test Dependencies-->
         <dependency>
             <groupId>org.testng</groupId>

components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/DiscoveryConstants.java

@@ -377,4 +377,11 @@ public class DiscoveryConstants {
      * Authorization Server.
      */
     public static final String MTLS_ENDPOINT_ALIASES = "mtls_endpoint_aliases";
+
+    /**
+     * authorization_details_types_supported.
+     * <p>OPTIONAL. JSON array containing the authorization details types the AS supports.</p>
+     * @see <a href='https://datatracker.ietf.org/doc/html/rfc9396.txt#name-metadata'>rfc9396</a>
+     */
+    public static final String AUTHORIZATION_DETAILS_TYPES_SUPPORTED = "authorization_details_types_supported";
 }

components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/OIDProviderConfigResponse.java

@@ -85,6 +85,7 @@ public class OIDProviderConfigResponse {
     private Boolean tlsClientCertificateBoundAccessTokens;
     private String mtlsTokenEndpoint;
     private String mtlsPushedAuthorizationRequestEndpoint;
+    private String[] authorizationDetailsTypesSupported;
 
     private static final String MUTUAL_TLS_ALIASES_ENABLED = "OAuth.MutualTLSAliases.Enabled";
 
@@ -530,6 +531,16 @@ public void setMtlsPushedAuthorizationRequestEndpoint(String mtlsPushedAuthoriza
         this.mtlsPushedAuthorizationRequestEndpoint = mtlsPushedAuthorizationRequestEndpoint;
     }
 
+    public String[] getAuthorizationDetailsTypesSupported() {
+
+        return this.authorizationDetailsTypesSupported;
+    }
+
+    public void setAuthorizationDetailsTypesSupported(String[] authorizationDetailsTypesSupported) {
+
+        this.authorizationDetailsTypesSupported = authorizationDetailsTypesSupported;
+    }
+
     public Map<String, Object> getConfigMap() {
         Map<String, Object> configMap = new HashMap<String, Object>();
         configMap.put(DiscoveryConstants.ISSUER.toLowerCase(), this.issuer);
@@ -604,6 +615,8 @@ public Map<String, Object> getConfigMap() {
                     this.mtlsPushedAuthorizationRequestEndpoint);
             configMap.put(DiscoveryConstants.MTLS_ENDPOINT_ALIASES, mtlsAliases);
         }
+        configMap.put(DiscoveryConstants.AUTHORIZATION_DETAILS_TYPES_SUPPORTED,
+                this.authorizationDetailsTypesSupported);
         return configMap;
     }
 }

components/org.wso2.carbon.identity.discovery/src/main/java/org/wso2/carbon/identity/discovery/builders/ProviderConfigBuilder.java

@@ -32,6 +32,7 @@
 import org.wso2.carbon.identity.oauth.config.OAuthServerConfiguration;
 import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
 import org.wso2.carbon.identity.oauth2.OAuth2Constants;
+import org.wso2.carbon.identity.oauth2.rar.core.AuthorizationDetailsProcessorFactory;
 import org.wso2.carbon.identity.oauth2.util.OAuth2Util;
 
 import java.net.URISyntaxException;
@@ -152,6 +153,13 @@ public OIDProviderConfigResponse buildOIDProviderConfig(OIDProviderRequest reque
                 .contains(OAuth2Constants.TokenBinderType.CERTIFICATE_BASED_TOKEN_BINDER));
         providerConfig.setMtlsTokenEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSTokenEPUrl());
         providerConfig.setMtlsPushedAuthorizationRequestEndpoint(OAuth2Util.OAuthURL.getOAuth2MTLSParEPUrl());
+
+        final Set<String> authorizationDetailTypes = AuthorizationDetailsProcessorFactory.getInstance()
+                .getSupportedAuthorizationDetailTypes();
+        if (authorizationDetailTypes != null && !authorizationDetailTypes.isEmpty()) {
+            providerConfig
+                    .setAuthorizationDetailsTypesSupported(authorizationDetailTypes.stream().toArray(String[]::new));
+        }
         return providerConfig;
     }
 }