fix(oxauth): backported introspectionRestrictBasicAuthnToOwnTokens to…

… 4.5.3.sp1
GluuFederation · Aug 7, 2024 · 38b840c · 38b840c
1 parent e400195
commit 38b840c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/Model/src/main/java/org/gluu/oxauth/model/configuration/AppConfiguration.java b/Model/src/main/java/org/gluu/oxauth/model/configuration/AppConfiguration.java
@@ -195,6 +195,7 @@ public class AppConfiguration implements Configuration {
 
     private Boolean introspectionAccessTokenMustHaveUmaProtectionScope = false;
     private Boolean introspectionSkipAuthorization;
+    private Boolean introspectionRestrictBasicAuthnToOwnTokens = false;
 
     private Boolean endSessionWithAccessToken;
     private String cookieDomain;
@@ -584,6 +585,15 @@ public void setIntrospectionSkipAuthorization(Boolean introspectionSkipAuthoriza
         this.introspectionSkipAuthorization = introspectionSkipAuthorization;
     }
 
+    public Boolean getIntrospectionRestrictBasicAuthnToOwnTokens() {
+        if (introspectionRestrictBasicAuthnToOwnTokens == null) introspectionRestrictBasicAuthnToOwnTokens = false;
+        return introspectionRestrictBasicAuthnToOwnTokens;
+    }
+
+    public void setIntrospectionRestrictBasicAuthnToOwnTokens(Boolean introspectionRestrictBasicAuthnToOwnTokens) {
+        this.introspectionRestrictBasicAuthnToOwnTokens = introspectionRestrictBasicAuthnToOwnTokens;
+    }
+
     public Boolean getUmaRptAsJwt() {
         return umaRptAsJwt;
     }

diff --git a/Server/src/main/java/org/gluu/oxauth/introspection/ws/rs/IntrospectionWebService.java b/Server/src/main/java/org/gluu/oxauth/introspection/ws/rs/IntrospectionWebService.java
@@ -231,6 +231,10 @@ private String createResponseAsJwt(JSONObject response, AuthorizationGrant grant
             }
         }
 
+        if (log.isTraceEnabled()) {
+            log.trace("Response before signing: {}", jwt.getClaims().toJsonString());
+        }
+
         return jwtSigner.sign().toString();
     }
 
@@ -288,7 +292,7 @@ private Pair<AuthorizationGrant, Boolean> getAuthorizationGrant(String authoriza
                 String password = URLDecoder.decode(token.substring(delim + 1), Util.UTF8_STRING_ENCODING);
                 if (clientService.authenticate(clientId, password)) {
                     grant = authorizationGrantList.getAuthorizationGrantByAccessToken(accessToken);
-                    if (grant != null && !grant.getClientId().equals(clientId)) {
+                    if (isTrue(appConfiguration.getIntrospectionRestrictBasicAuthnToOwnTokens()) && grant != null && !grant.getClientId().equals(clientId)) {
                         log.trace("Failed to match grant object clientId and client id provided during authentication.");
                         return EMPTY;
                     }