JanssenProject · yuriyz · Dec 27, 2024 · Dec 30, 2024 · Dec 31, 2024
@@ -86,6 +86,7 @@ public class RegisterRequest extends BaseRequest {
     private List<String> spontaneousScopeScriptDns;
     private List<String> updateTokenScriptDns;
     private List<String> postAuthnScriptDns;
+    private List<String> tokenExchangeScriptDns;
     private List<String> consentGatheringScriptDns;
     private List<String> introspectionScriptDns;
     private List<String> rptClaimsScriptDns;
@@ -198,6 +199,7 @@ public RegisterRequest() {
         this.spontaneousScopeScriptDns = new ArrayList<>();
         this.updateTokenScriptDns = new ArrayList<>();
         this.postAuthnScriptDns = new ArrayList<>();
+        this.tokenExchangeScriptDns = new ArrayList<>();
         this.consentGatheringScriptDns = new ArrayList<>();
         this.introspectionScriptDns = new ArrayList<>();
         this.rptClaimsScriptDns = new ArrayList<>();
@@ -1701,6 +1703,26 @@ public void setPostAuthnScriptDns(List<String> postAuthnScriptDns) {
         this.postAuthnScriptDns = postAuthnScriptDns;
     }
 
+    /**
+     * Gets token exchange script dns
+     *
+     * @return token exchange script dns
+     */
+    public List<String> getTokenExchangeScriptDns() {
+        return tokenExchangeScriptDns;
+    }
+
+    /**
+     * Sets token exchange script dns
+     *
+     * @param tokenExchangeScriptDns token exchange script dns
+     * @return register request object
+     */
+    public RegisterRequest setTokenExchangeScriptDns(List<String> tokenExchangeScriptDns) {
+        this.tokenExchangeScriptDns = tokenExchangeScriptDns;
+        return this;
+    }
+
     /**
      * Gets consent gathering script dns
      *
@@ -1854,6 +1876,7 @@ public static RegisterRequest fromJson(JSONObject requestObject) throws JSONExce
         result.setSpontaneousScopeScriptDns(extractListByKey(requestObject, SPONTANEOUS_SCOPE_SCRIPT_DNS.toString()));
         result.setUpdateTokenScriptDns(extractListByKey(requestObject, UPDATE_TOKEN_SCRIPT_DNS.toString()));
         result.setPostAuthnScriptDns(extractListByKey(requestObject, POST_AUTHN_SCRIPT_DNS.toString()));
+        result.setTokenExchangeScriptDns(extractListByKey(requestObject, TOKEN_EXCHANGE_SCRIPT_DNS.toString()));
         result.setConsentGatheringScriptDns(extractListByKey(requestObject, CONSENT_GATHERING_SCRIPT_DNS.toString()));
         result.setIntrospectionScriptDns(extractListByKey(requestObject, INTROSPECTION_SCRIPT_DNS.toString()));
         result.setRptClaimsScriptDns(extractListByKey(requestObject, RPT_CLAIMS_SCRIPT_DNS.toString()));
@@ -2174,6 +2197,7 @@ public void getParameters(BiFunction<String, Object, Void> function) {
         applyArray(function, SPONTANEOUS_SCOPE_SCRIPT_DNS, spontaneousScopeScriptDns);
         applyArray(function, UPDATE_TOKEN_SCRIPT_DNS, updateTokenScriptDns);
         applyArray(function, POST_AUTHN_SCRIPT_DNS, postAuthnScriptDns);
+        applyArray(function, TOKEN_EXCHANGE_SCRIPT_DNS, tokenExchangeScriptDns);
         applyArray(function, CONSENT_GATHERING_SCRIPT_DNS, consentGatheringScriptDns);
         applyArray(function, INTROSPECTION_SCRIPT_DNS, introspectionScriptDns);
         applyArray(function, RPT_CLAIMS_SCRIPT_DNS, rptClaimsScriptDns);

@@ -393,6 +393,11 @@ public enum RegisterRequestParam {
      */
     POST_AUTHN_SCRIPT_DNS("post_authn_script_dns"),
 
+    /**
+     * list of token exchange script dns
+     */
+    TOKEN_EXCHANGE_SCRIPT_DNS("token_exchange_script_dns"),
+
     /**
      * list of consent gathering script dns
      */

@@ -62,6 +62,9 @@ public class ClientAttributes implements Serializable {
     @JsonProperty("postAuthnScripts")
     private List<String> postAuthnScripts;
 
+    @JsonProperty("tokenExchangeScripts")
+    private List<String> tokenExchangeScripts;
+
     @JsonProperty("consentGatheringScripts")
     private List<String> consentGatheringScripts;
 
@@ -348,6 +351,16 @@ public void setPostAuthnScripts(List<String> postAuthnScripts) {
         this.postAuthnScripts = postAuthnScripts;
     }
 
+    public List<String> getTokenExchangeScripts() {
+        if (tokenExchangeScripts == null) tokenExchangeScripts = Lists.newArrayList();
+        return tokenExchangeScripts;
+    }
+
+    public ClientAttributes setTokenExchangeScripts(List<String> tokenExchangeScripts) {
+        this.tokenExchangeScripts = tokenExchangeScripts;
+        return this;
+    }
+
     public List<String> getConsentGatheringScripts() {
         if (consentGatheringScripts == null) consentGatheringScripts = Lists.newArrayList();
         return consentGatheringScripts;
@@ -539,6 +552,7 @@ public String toString() {
                 ", backchannelLogoutSessionRequired=" + backchannelLogoutSessionRequired +
                 ", additionalAudience=" + additionalAudience +
                 ", postAuthnScripts=" + postAuthnScripts +
+                ", tokenExchangeScripts=" + tokenExchangeScripts +
                 ", consentGatheringScripts=" + consentGatheringScripts +
                 ", introspectionScripts=" + introspectionScripts +
                 ", rptClaimsScripts=" + rptClaimsScripts +

@@ -256,6 +256,9 @@ public void updateClientFromRequestObject(Client client, RegisterRequest request
         if (requestObject.getPostAuthnScriptDns() != null) {
             client.getAttributes().setPostAuthnScripts(requestObject.getPostAuthnScriptDns());
         }
+        if (requestObject.getTokenExchangeScriptDns() != null) {
+            client.getAttributes().setTokenExchangeScripts(requestObject.getTokenExchangeScriptDns());
+        }
         if (requestObject.getConsentGatheringScriptDns() != null) {
             client.getAttributes().setConsentGatheringScripts(requestObject.getConsentGatheringScriptDns());
         }

@@ -67,7 +67,9 @@
 import io.jans.model.custom.script.type.spontaneous.SpontaneousScopeType;
 import io.jans.model.custom.script.type.ssa.DummyModifySsaResponseType;
 import io.jans.model.custom.script.type.ssa.ModifySsaResponseType;
+import io.jans.model.custom.script.type.token.DummyTokenExchangeType;
 import io.jans.model.custom.script.type.token.DummyUpdateTokenType;
+import io.jans.model.custom.script.type.token.TokenExchangeType;
 import io.jans.model.custom.script.type.token.UpdateTokenType;
 import io.jans.model.custom.script.type.uma.*;
 import io.jans.model.custom.script.type.user.CacheRefreshType;
@@ -106,6 +108,7 @@ public enum CustomScriptType implements AttributeEnum {
             new DummyAccessEvaluationType()),
     ACCESS_EVALUATION_DISCOVERY("access_evaluation_discovery", "Access Evaluation Discovery", AccessEvaluationDiscoveryType.class, CustomScript.class, "AccessEvaluationDiscovery",
             new DummyAccessEvaluationDiscoveryType()),
+    TOKEN_EXCHANGE("token_exchange", "Token Exchange", TokenExchangeType.class, CustomScript.class, "TokenExchange", new DummyTokenExchangeType()),
     CONSENT_GATHERING("consent_gathering", "Consent Gathering", ConsentGatheringType.class, CustomScript.class, "ConsentGathering",
             new DummyConsentGatheringType()),
     DYNAMIC_SCOPE("dynamic_scope", "Dynamic Scopes", DynamicScopeType.class, CustomScript.class, "DynamicScope",

@@ -0,0 +1,42 @@
+package io.jans.model.custom.script.type.token;
+
+import io.jans.model.SimpleCustomProperty;
+import io.jans.model.custom.script.model.CustomScript;
+
+import java.util.Map;
+
+/**
+ * @author Yuriy Z
+ */
+public class DummyTokenExchangeType implements TokenExchangeType {
+
+    @Override
+    public boolean modifyResponse(Object responseAsJsonObject, Object context) {
+        return false;
+    }
+
+    @Override
+    public ScriptTokenExchangeControl validate(Object context) {
+        return ScriptTokenExchangeControl.fail();
+    }
+
+    @Override
+    public boolean init(Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public boolean init(CustomScript customScript, Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public boolean destroy(Map<String, SimpleCustomProperty> configurationAttributes) {
+        return true;
+    }
+
+    @Override
+    public int getApiVersion() {
+        return 1;
+    }
+}
@@ -0,0 +1,61 @@
+package io.jans.model.custom.script.type.token;
+
+import io.jans.model.user.SimpleUser;
+
+/**
+ * @author Yuriy Z
+ */
+public class ScriptTokenExchangeControl {
+
+    private boolean ok;
+
+    private boolean skipBuiltinValidation;
+
+    // user which will be associated with this token exchange grant
+    // must point to io.jans.as.common.model.common.User - internal restriction
+    private SimpleUser user;
+
+    public ScriptTokenExchangeControl(boolean ok) {
+        this.ok = ok;
+    }
+
+    public static ScriptTokenExchangeControl fail() {
+        return new ScriptTokenExchangeControl(false);
+    }
+
+    public boolean isOk() {
+        return ok;
+    }
+
+    public ScriptTokenExchangeControl setOk(boolean ok) {
+        this.ok = ok;
+        return this;
+    }
+
+    public boolean isSkipBuiltinValidation() {
+        return skipBuiltinValidation;
+    }
+
+    public ScriptTokenExchangeControl setSkipBuiltinValidation(boolean skipBuiltinValidation) {
+        this.skipBuiltinValidation = skipBuiltinValidation;
+        return this;
+    }
+
+    public SimpleUser getUser() {
+        return user;
+    }
+
+    public ScriptTokenExchangeControl setUser(SimpleUser user) {
+        this.user = user;
+        return this;
+    }
+
+    @Override
+    public String toString() {
+        return "ScriptTokenExchangeControl{" +
+                "ok=" + ok +
+                ", skipBuiltinValidation=" + skipBuiltinValidation +
+                ", user=" + user +
+                '}';
+    }
+}
@@ -0,0 +1,13 @@
+package io.jans.model.custom.script.type.token;
+
+import io.jans.model.custom.script.type.BaseExternalType;
+
+/**
+ * @author Yuriy Z
+ */
+public interface TokenExchangeType extends BaseExternalType {
+
+    ScriptTokenExchangeControl validate(Object context);
+
+    boolean modifyResponse(Object responseAsJsonObject, Object context);
+}