From 9c83a931db9c1806ece1ef95466798ea5603fb8e Mon Sep 17 00:00:00 2001
From: lashinie <lashinisharikaj@gmail.com>
Date: Wed, 12 Jun 2024 12:32:12 +0530
Subject: [PATCH] Code refactoring to improve readability

---
 .../identity/oauth2/token/JWTTokenIssuer.java | 23 +++++++++++++------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java
index 40235d0f7cc..1f62fe5df5b 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/JWTTokenIssuer.java
@@ -107,6 +107,9 @@ public class JWTTokenIssuer extends OauthTokenIssuerImpl {
     private static final String MAY_ACT = "may_act";
     private static final String SUB = "sub";
 
+    private static final boolean renewWithoutRevokingExistingEnabled = Boolean.parseBoolean(IdentityUtil.
+            getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG));
+
     public JWTTokenIssuer() throws IdentityOAuth2Exception {
 
         if (log.isDebugEnabled()) {
@@ -628,8 +631,14 @@ protected JWTClaimsSet createJWTClaimSet(OAuthAuthzReqMessageContext authAuthzRe
                 }
             }
         }
+
+        // When renew JWT without revoking existing token is enabled, setting the binding type to request.
+        if (renewWithoutRevokingExistingEnabled) {
+            setRequestBindingType(tokenReqMessageContext);
+        }
+
         // Include token binding.
-        jwtClaimsSet = handleTokenBinding(jwtClaimsSetBuilder, tokenReqMessageContext);
+        jwtClaimsSet = getJwtClaimSetWithBinding(jwtClaimsSetBuilder, tokenReqMessageContext);
 
         if (tokenReqMessageContext != null && tokenReqMessageContext.getProperty(CNF) != null) {
             jwtClaimsSet = handleCnf(jwtClaimsSetBuilder, tokenReqMessageContext);
@@ -883,8 +892,7 @@ private boolean isUserAccessTokenType(String grantType, OAuthTokenReqMessageCont
         return grantHandler.isOfTypeApplicationUser(tokReqMsgCtx);
     }
 
-    private JWTClaimsSet handleTokenBinding(JWTClaimsSet.Builder jwtClaimsSetBuilder,
-                                            OAuthTokenReqMessageContext tokReqMsgCtx) {
+    private void setRequestBindingType(OAuthTokenReqMessageContext tokReqMsgCtx) {
 
         /**
          * If OAuth.JWT.RenewTokenWithoutRevokingExisting is enabled from configurations, and current token
@@ -906,10 +914,7 @@ private JWTClaimsSet handleTokenBinding(JWTClaimsSet.Builder jwtClaimsSetBuilder
          *     enable = true
          *     allowed_grant_types = ["client_credentials","password", ...]
          */
-        boolean renewWithoutRevokingExistingEnabled = Boolean.parseBoolean(IdentityUtil.
-                getProperty(RENEW_TOKEN_WITHOUT_REVOKING_EXISTING_ENABLE_CONFIG));
-
-        if (renewWithoutRevokingExistingEnabled && tokReqMsgCtx != null && tokReqMsgCtx.getTokenBinding() == null) {
+        if (tokReqMsgCtx != null && tokReqMsgCtx.getTokenBinding() == null) {
             if (OAuth2ServiceComponentHolder.getJwtRenewWithoutRevokeAllowedGrantTypes()
                     .contains(tokReqMsgCtx.getOauth2AccessTokenReqDTO().getGrantType())) {
                 String tokenBindingValue = UUID.randomUUID().toString();
@@ -918,6 +923,10 @@ private JWTClaimsSet handleTokenBinding(JWTClaimsSet.Builder jwtClaimsSetBuilder
                                 tokenBindingValue));
             }
         }
+    }
+
+    private JWTClaimsSet getJwtClaimSetWithBinding(JWTClaimsSet.Builder jwtClaimsSetBuilder,
+                                                   OAuthTokenReqMessageContext tokReqMsgCtx) {
 
         if (tokReqMsgCtx != null && tokReqMsgCtx.getTokenBinding() != null) {
             // Include token binding into the jwt token.