adding config for bearerToken

walmartlabs · Oct 6, 2023 · b7825a1 · b7825a1
1 parent 943a8a9
commit b7825a1
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 1 deletion.
diff --git a/server/dist/src/main/resources/concord-server.conf b/server/dist/src/main/resources/concord-server.conf
@@ -533,6 +533,17 @@ concord-server {
         pfed {
             enabled = false
             priority = 0
+
+            bearerToken {
+                # enable bearer tokens
+                enableBearerTokens = true
+
+                # allow all clientIds
+                allowAllClientIds = false
+
+                # list of allowed pingfed clientids for bearer tokens
+                allowedClientIds = ["clientId1", "clientId2"]
+            }
         }
         authEndpointUrl = "http://auth.example.com/authorize"
         tokenEndpointUrl = "http://auth.example.com/token"
@@ -549,7 +560,7 @@ concord-server {
 
         # enable to validate token signature
         tokenSignatureValidation = false
-        
+
         # JSON as a string
         #tokenEncryptionKey = "{}"
 

diff --git a/...ed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoConfiguration.java b/...ed-sso/src/main/java/com/walmartlabs/concord/server/plugins/pfedsso/SsoConfiguration.java
@@ -26,6 +26,10 @@
 import javax.inject.Inject;
 import java.io.Serializable;
 import java.time.Duration;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 public class SsoConfiguration implements Serializable {
 
@@ -63,6 +67,14 @@ public class SsoConfiguration implements Serializable {
     @Config("sso.clientSecret")
     private String clientSecret;
 
+    @Inject
+    @Config("sso.pfed.bearerToken.enableBearerTokens")
+    private boolean enableBearerTokens;
+
+    @Inject
+    @Config("sso.pfed.bearerToken.allowAllClientIds")
+    private boolean allowAllClientIds;
+
     @Inject
     @Nullable
     @Config("sso.tokenSigningKey")
@@ -103,6 +115,10 @@ public class SsoConfiguration implements Serializable {
     @Config("sso.autoCreateUsers")
     private boolean autoCreateUsers;
 
+    @Inject
+    @Config("sso.pfed.bearerToken.allowedClientIds")
+    private Set<String> allowedClientIds;
+
     public boolean isAutoCreateUsers() {
         return autoCreateUsers;
     }
@@ -135,6 +151,14 @@ public String getClientSecret() {
         return clientSecret;
     }
 
+    public boolean getEnableBearerTokens() {
+        return enableBearerTokens;
+    }
+
+    public boolean getAllowAllClientIds() {
+        return allowAllClientIds;
+    }
+
     public String getTokenEncryptionKey() {
         return tokenEncryptionKey;
     }
@@ -170,4 +194,9 @@ public boolean isTokenSignatureValidation() {
     public String getUserInfoEndpointUrl() {
         return userInfoEndpointUrl;
     }
+
+    public Set<String> getAllowedClientIds() {
+        return allowedClientIds;
+    }
+
 }