Merge pull request #63 from authlete/connectid-txn-claim-always

Add support for mandatory txn claim in Australian ConnectID

Author: jogu

src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionEndpoint.java

@@ -17,7 +17,10 @@
 package com.authlete.jaxrs.server.api;
 
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import javax.ws.rs.Consumes;
@@ -44,6 +47,22 @@
 @Path("/api/authorization/decision")
 public class AuthorizationDecisionEndpoint extends BaseAuthorizationDecisionEndpoint
 {
+    private static void addTxnToClaimNames(Params params) {
+        // txn claim is always required by ConnectID Australia
+        // https://cdn.connectid.com.au/specifications/digitalid-identity-assurance-profile-06.html
+        String[] claimNames = params.getClaimNames();
+        if (claimNames == null) {
+            // if no claims were requested it can't be a connectid au request
+            return;
+        }
+        // txn will now be returned for any requests that request oidc claims - as our AS is multipurpose there's no
+        // real good way to identify the ecosystem variant being tested and returning an random uuid is harmless
+        ArrayList<String> claimNamesArray = new ArrayList<>(Arrays.asList(claimNames));
+        claimNamesArray.add("txn");
+
+        params.setClaimNames(claimNamesArray.toArray(new String[0]));
+    }
+
     /**
      * Process a request from the form in the authorization page.
      *
@@ -83,6 +102,8 @@ public Response post(
         User user     = ProcessingUtil.getUser(session, parameters);
         Date authTime = (Date)    session.getAttribute("authTime");
 
+        addTxnToClaimNames(params);
+
         // Claims requested to be embedded in the ID token.
         String idTokenClaims = (params != null) ? params.getIdTokenClaims() : null;
 

src/main/java/com/authlete/jaxrs/server/api/AuthorizationDecisionHandlerSpiImpl.java

@@ -20,6 +20,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.ws.rs.WebApplicationException;
@@ -276,6 +277,12 @@ private Object getCustomClaim(String claimName, String languageTag)
             return getOpenBankingIntentIdFromIdTokenClaims(claimName);
         }
 
+        if ("txn".equals(claimName)) {
+            // txn claim as used in ConnectID Australia:
+            // https://cdn.connectid.com.au/specifications/digitalid-identity-assurance-profile-06.html
+            return UUID.randomUUID();
+        }
+
         // If the name indicates that the claim is a transformed claim.
         // See "OpenID Connect Advanced Syntax for Claims (ASC) 1.0"
         // for details about transformed claims.