Fix #1642: OIDC: Allow configuration key oauth2_providers

wultra · Aug 6, 2024 · 0b70406 · 0b70406
1 parent 68ca20b
commit 0b70406
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md
@@ -58,12 +58,12 @@ Stores configurations for the applications stored in `pa_application` table.
 
 #### Columns
 
-| Name | Type | Info | Note                                                                                                                                    |
-|------|------|---------|-----------------------------------------------------------------------------------------------------------------------------------------|
-| id | BIGINT(20)  | primary key, autoincrement | Unique application configuration identifier. |
-| application_id | BIGINT(20)  | foreign key: pa\_application.id | Related application ID. |
-| config_key | VARCHAR(255) | index | Configuration key names: `fido2_attestation_fmt_allowed`, `fido2_aaguids_allowed`, or `fido2_root_ca_certs`. |
-| config_values | TEXT | - | Configuration values serialized in JSON format. |
+| Name           | Type         | Info                            | Note                                                                                                                            |
+|----------------|--------------|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------|
+| id             | BIGINT(20)   | primary key, autoincrement      | Unique application configuration identifier.                                                                                    |
+| application_id | BIGINT(20)   | foreign key: pa\_application.id | Related application ID.                                                                                                         |
+| config_key     | VARCHAR(255) | index                           | Configuration key names: `fido2_attestation_fmt_allowed`, `fido2_aaguids_allowed`, `fido2_root_ca_certs`, or `oauth2_providers` |
+| config_values  | TEXT         | -                               | Configuration values serialized in JSON format.                                                                                 |
 <!-- end -->
 
 <!-- begin database table pa_activation -->

diff --git a/docs/WebServices-Methods.md b/docs/WebServices-Methods.md
@@ -393,6 +393,7 @@ Following configuration keys are accepted:
 - `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed
 - `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed
 - `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format
+- `oauth2_providers` - Configuration of OAuth 2.0 providers.
 
 #### Response
 

diff --git a/...ecurity/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java b/...ecurity/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java
@@ -40,6 +40,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 
 import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.*;
 
@@ -52,6 +53,11 @@
 @Slf4j
 public class ApplicationConfigServiceBehavior {
 
+    private static final String CONFIG_KEY_OAUTH2_PROVIDERS = "oauth2_providers";
+
+    private static final Set<String> ALLOWED_CONFIGURATION_KEYS = Set.of(
+            CONFIG_KEY_ALLOWED_ATTESTATION_FMT, CONFIG_KEY_ALLOWED_AAGUIDS, CONFIG_KEY_ROOT_CA_CERTS, CONFIG_KEY_OAUTH2_PROVIDERS);
+
     private final RepositoryCatalogue repositoryCatalogue;
     private final LocalizationProvider localizationProvider;
 
@@ -192,14 +198,12 @@ public Response removeApplicationConfig(final RemoveApplicationConfigRequest req
      */
     private void validateConfigKey(String key) throws GenericServiceException {
         if (key == null) {
-            logger.warn("Missing configuration key in FIDO2 request");
+            logger.warn("Missing configuration key in request");
             // Rollback is not required, error occurs before writing to database
             throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST);
         }
-        if (!CONFIG_KEY_ALLOWED_ATTESTATION_FMT.equals(key)
-                && !CONFIG_KEY_ALLOWED_AAGUIDS.equals(key)
-                && !CONFIG_KEY_ROOT_CA_CERTS.equals(key)) {
-            logger.warn("Unknown configuration key in FIDO2 request: {}", key);
+        if (!ALLOWED_CONFIGURATION_KEYS.contains(key)) {
+            logger.warn("Unknown configuration key in request: {}", key);
             // Rollback is not required, error occurs before writing to database
             throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST);
         }