wso2 / carbon-auth Goto Github PK

License: Apache License 2.0

Java 99.54% TSQL 0.46%

carbon-auth's Introduction

Carbon Auth

Branch	Build Status(Jenkins)	Build Status(TravisCI)
master

Carbon Auth is a common authentication platform for Carbon 5 based products.

Carbon Auth contains several components such as:

OAuth2 Client Registration
OAuth2 Token Endpoint
OAuth2 Token Introspection
OAuth2 Scope Registration
SCIM
User Info
User Stores

How to build from the source

Prerequisites

Java 8 or above
Apache Maven 3.x.x

Steps

Install above prerequisites if they have not been already installed
Get a clone from this repository
Run one of the following maven commands from carbon-auth directory
- To build with the tests
```
 mvn clean install 
```
- To build without running any unit/integration test
```
 mvn clean install -Dmaven.test.skip=true
```

How to Contribute

Please report issues at Carbon Auth Github Issues
Send your bug fixes pull requests to the master branch

Contact us

WSO2 Carbon developers can be contacted via the mailing lists:

Carbon Developers List : [email protected]
Carbon Architecture List : [email protected]

carbon-auth's People

Contributors

Stargazers

Watchers

carbon-auth's Issues

Use seperate namespaces for oauth and user management related configs

Currently, it has one config which tends to be growing.

wso2.carbon.auth:
    # User Store Configurations
  userStoreConfiguration:
    connectorType: JDBC
    hashAlgo: SHA256
    iterationCount: 4096
    jdbcProperties:
      dataSource: WSO2_UM_DB
    keyLength: 256
    ldapProperties:
      ldap.ConnectionName: cn=admin,dc=example,dc=org
      ldap.GroupEntryObjectClass: groupOfNames
      ldap.UserNameSearchFilter: (&amp;(objectClass=person)(uid=?))
      ldap.ConnectionURL: ldap://localhost:389
      ldap.InitialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
      ldap.connectorClass: org.wso2.carbon.auth.user.store.connector.ldap.LDAPUserStoreConnector
      ldap.GroupSearchBase: ou=Groups,dc=example,dc=org
      ldap.ConnectionPassword: admin
      ldap.UserNameAttribute: uid
      ldap.GroupSearchFilter: (&amp;(objectClass=groupOfNames)(cn=?))
      ldap.UserEntryObjectClass: identityPerson
      ldap.GroupAttribute: cn
      ldap.SecurityAuthentication: simple
      ldap.UserNameListFilter: (objectClass=person)
      ldap.GroupListFilter: (objectClass=groupOfNames)
      ldap.UserSearchBase: ou=Users,dc=example,dc=org
    readOnly: false
    superUser: admin
    superUserPass: admin
    # Key Management Configurations
  keyManagerConfigs:
      # Access token default validity period
    defaultTokenValidityPeriod: 3600

Password generating/validating properties need to be configurable

password hash Algorithm, iteration count, key length need to be configurable instead of hard coding.

Key Manager/OAuth2.0 - Introspection

@SerializedName property does not work properly

public class RegistrationRequestDTO {
@SerializedName("redirect_uris")
private List redirectUris = new ArrayList();
}

With this { "redirect_uris" : "aaaa" } should properly be mapped to the java object but it does not work.

We need to double check and fix.

Key Manager/SCIM - SCIM User Related Functions

Component - Key Manager/SCIM

SCIM User Related Functions

Key Manager/DCR - DCR

Component - Key Manager/DCR

Dynamic Client Registration

Key Manager/DCR - DCRM

Key Manager/DCR

DCR Management

Making user attributes configurable

They are hardcoded in DB script. No way of adding new attributes.

Create Database Specific sql scripts

Description:
Need to create Database Specific SQL scripts

Key Manager/UserStore - LDAP User Store Connector

Component - Key Manager/UserStore

LDAP User Store Connector

Key Manager/OAuth2.0 - Password Grant

JDBC userstore query need to be load based on the driver class name

ATM DB type need to be passed to identify the queries to be loaded. This shuld be identify using driver class name instead of additional DB type

Key Manager/OAuth2.0 - Revoke

Key Manager/OAuth2.0 - Authorization Code

Key Manager/OAuth2.0 - OpenID Connect

Key Manager/OAuth2.0 - Refresh

Key Manager/OAuth2.0 - Implicit

Key Manager/SCIM - SCIM Role Related Functions

Component - Key Manager/SCIM

SCIM Role Related Functions

Key Manager/OAuth2.0 - Client Credentials

Key Manager/SCIM - SCIM Extensions

Component - Key Manager/SCIM

SCIM Extensions

update jacoco version to fix coverage issue

Implement right to be forgotten for Key Manager

as a part of #wso2/carbon-apimgt#5055

Key Manager/Scope - Scope Registration Endpoint

Refresh Token Grant not populating user

Description:

Refresh Token Grant not populating user

Steps to reproduce:

1.Generate token from password grant
2. Generate token from Refresh token generated from above.
3. Introspect token generated from [2].

Adding Travis support for carbon-auth

We need to add Travis support for carbon-auth.

Key Manager JWT Grant

Default token expiry time have set to 60 seconds

this need to be increase to 3600s or so

Remove checkstyle <skip> tags

Key Manager/UserStore - JDBC User Store Connector

Component - Key Manager/UserStore

JDBC User Store Connector

Key Manager/OAuth2.0 - Userinfo

Implement userinfo API to get user's information for given token.

Sample impl - https://docs.wso2.com/display/IS540/Basic+Client+Profile+with+Playground

Application info response, redirects urls are not return as array

redirects urls are represents as regex in the application info response. It need to be valid json array.

Default user is hard coded and need to be configurable

default user admin:admin is hard coded and need to be added to configurations file

Some components imports of ServiceReferenceHolder classes from different components which should be in internal packages

eg:

Fix places where "admin" is hardcoded

https://github.com/wso2/carbon-auth/pull/66/files#diff-fc562d8c0d31888a273b4bcab5171bf2R66

Wrong property for object property mappings in REST API DTOs

Ex:

public class UpdateRequestDTO {
@JsonProperty("redirect_uris")
private List redirectUris = new ArrayList();

@JsonProperty("client_name")
private String clientName = null;

@JsonProperty("grant_types")
private List grantTypes = new ArrayList();

}

msf4j is using GSON for Object <-> JSON mapping. We need to use com.google.gson.annotations.SerializedName instead of com.fasterxml.jackson.annotation.JsonProperty

Need to fix this and regenerate the code properly

When pack is start user not found exception is thorwn

At startup it check the default user is exist. When do so, it throw an exception.
It need to be handler in side since it is known exception.

Fix serialization/deserialiation issues in token and introspection APIs

Use @SerializedName instead of @JsonProperty
Remove manual serialization/deserialiation using gson

wso2 / carbon-auth Goto Github PK

carbon-auth's Introduction

Carbon Auth

Carbon Auth contains several components such as:

How to build from the source

Prerequisites

Steps

How to Contribute

Contact us

carbon-auth's People

Contributors

Stargazers

Watchers

Forkers

carbon-auth's Issues

Recommend Projects

Recommend Topics

Recommend Org