wso2 · gershom96 · Sep 7, 2022 · Sep 7, 2022 · Sep 8, 2022 · Sep 8, 2022
diff --git a/...g/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java b/...g/wso2/carbon/identity/api/server/application/management/v1/AccessTokenConfiguration.java
@@ -1,25 +1,29 @@
 /*
-* Copyright (c) 2020, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
+ * Copyright (c) 2022, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 
 package org.wso2.carbon.identity.api.server.application.management.v1;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonCreator;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
+import java.util.ArrayList;
+import java.util.List;
 import javax.validation.constraints.*;
 
 
@@ -31,6 +35,8 @@
 public class AccessTokenConfiguration  {
 
     private String type;
+    private List<String> audience = null;
+
     private Long userAccessTokenExpiryInSeconds;
     private Long applicationAccessTokenExpiryInSeconds;
     private String bindingType = "None";
@@ -57,6 +63,32 @@ public void setType(String type) {
 
     /**
     **/
+    public AccessTokenConfiguration audience(List<String> audience) {
+
+        this.audience = audience;
+        return this;
+    }
+
+    @ApiModelProperty(example = "[\"http://idp.xyz.com\",\"http://idp.abc.com\"]", value = "")
+    @JsonProperty("audience")
+    @Valid
+    public List<String> getAudience() {
+        return audience;
+    }
+    public void setAudience(List<String> audience) {
+        this.audience = audience;
+    }
+
+    public AccessTokenConfiguration addAudienceItem(String audienceItem) {
+        if (this.audience == null) {
+            this.audience = new ArrayList<>();
+        }
+        this.audience.add(audienceItem);
+        return this;
+    }
+
+        /**
+    **/
     public AccessTokenConfiguration userAccessTokenExpiryInSeconds(Long userAccessTokenExpiryInSeconds) {
 
         this.userAccessTokenExpiryInSeconds = userAccessTokenExpiryInSeconds;
@@ -100,7 +132,7 @@ public AccessTokenConfiguration bindingType(String bindingType) {
         return this;
     }
 
-    @ApiModelProperty(example = "[\"sso-session\",\"cookie\"]", value = "OAuth2 access token and refresh token can be bound to an external attribute during the token generation so that it can be optionally validated during the API invocation.")
+    @ApiModelProperty(example = "cookie", value = "OAuth2 access token and refresh token can be bound to an external attribute during the token generation so that it can be optionally validated during the API invocation.")
     @JsonProperty("bindingType")
     @Valid
     public String getBindingType() {
@@ -161,6 +193,7 @@ public boolean equals(java.lang.Object o) {
         }
         AccessTokenConfiguration accessTokenConfiguration = (AccessTokenConfiguration) o;
         return Objects.equals(this.type, accessTokenConfiguration.type) &&
+            Objects.equals(this.audience, accessTokenConfiguration.audience) &&
             Objects.equals(this.userAccessTokenExpiryInSeconds, accessTokenConfiguration.userAccessTokenExpiryInSeconds) &&
             Objects.equals(this.applicationAccessTokenExpiryInSeconds, accessTokenConfiguration.applicationAccessTokenExpiryInSeconds) &&
             Objects.equals(this.bindingType, accessTokenConfiguration.bindingType) &&
@@ -170,7 +203,7 @@ public boolean equals(java.lang.Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(type, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding);
+        return Objects.hash(type, audience, userAccessTokenExpiryInSeconds, applicationAccessTokenExpiryInSeconds, bindingType, revokeTokensWhenIDPSessionTerminated, validateTokenBinding);
     }
 
     @Override
@@ -180,6 +213,7 @@ public String toString() {
         sb.append("class AccessTokenConfiguration {\n");
 
         sb.append("    type: ").append(toIndentedString(type)).append("\n");
+        sb.append("    audience: ").append(toIndentedString(audience)).append("\n");
         sb.append("    userAccessTokenExpiryInSeconds: ").append(toIndentedString(userAccessTokenExpiryInSeconds)).append("\n");
         sb.append("    applicationAccessTokenExpiryInSeconds: ").append(toIndentedString(applicationAccessTokenExpiryInSeconds)).append("\n");
         sb.append("    bindingType: ").append(toIndentedString(bindingType)).append("\n");

diff --git a/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java b/...n/management/v1/core/functions/application/inbound/oauth2/ApiModelToOAuthConsumerApp.java
@@ -88,7 +88,7 @@ private void updateIdTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO, IdTo
 
         if (idToken != null) {
             setIfNotNull(idToken.getExpiryInSeconds(), consumerAppDTO::setIdTokenExpiryTime);
-            consumerAppDTO.setAudiences(Optional.ofNullable(idToken.getAudience())
+            consumerAppDTO.setIdTokenAudiences(Optional.ofNullable(idToken.getAudience())
                     .map(audiences -> audiences.toArray(new String[0]))
                     .orElse(new String[0])
             );
@@ -131,6 +131,10 @@ private void updateAccessTokenConfiguration(OAuthConsumerAppDTO consumerAppDTO,
         if (accessToken != null) {
             consumerAppDTO.setTokenType(accessToken.getType());
             consumerAppDTO.setUserAccessTokenExpiryTime(accessToken.getUserAccessTokenExpiryInSeconds());
+            consumerAppDTO.setAccessTokenAudiences(Optional.ofNullable(accessToken.getAudience())
+                    .map(audiences -> audiences.toArray(new String[0]))
+                    .orElse(new String[0])
+            );
             consumerAppDTO.setApplicationAccessTokenExpiryTime(accessToken.getApplicationAccessTokenExpiryInSeconds());
             consumerAppDTO.setTokenBindingType(accessToken.getBindingType());
             if (accessToken.getRevokeTokensWhenIDPSessionTerminated() != null) {

diff --git a/...n/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java b/...n/management/v1/core/functions/application/inbound/oauth2/OAuthConsumerAppToApiModel.java
@@ -85,7 +85,8 @@ private AccessTokenConfiguration buildTokenConfiguration(OAuthConsumerAppDTO oAu
                 .bindingType(oAuthConsumerAppDTO.getTokenBindingType())
                 .revokeTokensWhenIDPSessionTerminated(oAuthConsumerAppDTO
                         .isTokenRevocationWithIDPSessionTerminationEnabled())
-                .validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled());
+                .validateTokenBinding(oAuthConsumerAppDTO.isTokenBindingValidationEnabled())
+                .audience(getAccessTokenAudiences(oAuthConsumerAppDTO));
     }
 
     private RefreshTokenConfiguration buildRefreshTokenConfiguration(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
@@ -99,10 +100,14 @@ private IdTokenConfiguration buildIdTokenConfiguration(OAuthConsumerAppDTO oAuth
 
         return new IdTokenConfiguration()
                 .expiryInSeconds(oAuthConsumerAppDTO.getIdTokenExpiryTime())
-                .audience(getAudiences(oAuthConsumerAppDTO))
+                .audience(getIdTokenAudiences(oAuthConsumerAppDTO))
                 .encryption(buildIdTokenEncryptionConfiguration(oAuthConsumerAppDTO));
     }
 
+    /**
+     * @deprecated use {@link #getIdTokenAudiences()} instead.
+     */
+    @Deprecated
     private List<String> getAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
 
         if (oAuthConsumerAppDTO.getAudiences() == null) {
@@ -112,6 +117,23 @@ private List<String> getAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
         }
     }
 
+    private List<String> getIdTokenAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
+
+        if (oAuthConsumerAppDTO.getIdTokenAudiences() == null) {
+            return Collections.emptyList();
+        } else {
+            return Arrays.asList(oAuthConsumerAppDTO.getIdTokenAudiences());
+        }
+    }
+
+    private List<String> getAccessTokenAudiences(OAuthConsumerAppDTO oAuthConsumerAppDTO) {
+
+        if (oAuthConsumerAppDTO.getAccessTokenAudiences() == null) {
+            return Collections.emptyList();
+        } else {
+            return Arrays.asList(oAuthConsumerAppDTO.getAccessTokenAudiences());
+        }
+    }
     private IdTokenEncryptionConfiguration buildIdTokenEncryptionConfiguration(OAuthConsumerAppDTO appDTO) {
 
         return new IdTokenEncryptionConfiguration()

diff --git a/...carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml b/...carbon.identity.api.server.application.management.v1/src/main/resources/applications.yaml
@@ -2909,6 +2909,13 @@ components:
         type:
           type: string
           example: JWT
+        audience:
+          type: array
+          example:
+            - 'http://idp.xyz.com'
+            - 'http://idp.abc.com'
+          items:
+            type: string
         userAccessTokenExpiryInSeconds:
           type: integer
           format: int64

diff --git a/pom.xml b/pom.xml
@@ -528,7 +528,7 @@
         <identity.workflow.impl.bps.version>5.2.0</identity.workflow.impl.bps.version>
         <maven.checkstyleplugin.excludes>**/gen/**/*</maven.checkstyleplugin.excludes>
         <identity.event.handler.version>1.4.4</identity.event.handler.version>
-        <identity.inbound.oauth2.version>6.8.0</identity.inbound.oauth2.version>
+        <identity.inbound.oauth2.version>6.8.6-SNAPSHOT</identity.inbound.oauth2.version>
         <identity.inbound.saml2.version>5.8.44</identity.inbound.saml2.version>
         <commons.beanutils.version>1.9.4</commons.beanutils.version>
         <mavan.findbugsplugin.exclude.file>findbugs-exclude-filter.xml</mavan.findbugsplugin.exclude.file>