Fix hybrid flow migration issue #2575
Conversation
|
PR builder started |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2575 +/- ##
============================================
- Coverage 37.78% 37.74% -0.05%
+ Complexity 5321 5298 -23
============================================
Files 584 584
Lines 44529 44416 -113
Branches 6538 6529 -9
============================================
- Hits 16827 16763 -64
+ Misses 25351 25310 -41
+ Partials 2351 2343 -8
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/10983691062
Missing lines are due to dubeg logs, it seems debug log level is not activating have to fix with seperate effort. |
|
PR builder started |
|
PR builder completed |
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/11011711257
|
PR builder started |
|
PR builder completed |
There was a problem hiding this comment.
Approving the pull request based on the successful pr build https://github.com/wso2/product-is/actions/runs/11208280017
| {true, "code token", true, "code token"}, | ||
| {false, "code id_token", false, "code id_token"}, | ||
| }; | ||
| } |
| oauthApp.setHybridFlowEnabled(true); | ||
| oauthApp.setHybridFlowResponseType(configuredHybridResponseTypes.get(0)); | ||
| break; | ||
| default: |
There was a problem hiding this comment.
Here when the user assigned two hybrid flow response types, it will enable all the hybrid flow responses. IMO it's incorrect, we need to improve it.
If this will be reevaluated with a separate effort, +1 to proceed with the current approach.
| mockStatic(OAuthComponentServiceHolder.class)) { | ||
| setupMocksForTest(oAuthServerConfiguration, identityTenantUtil, identityUtil); | ||
| mockUserstore(oAuthComponentServiceHolder); | ||
| try (Connection connection = getConnection(DB_NAME)) { |
| createDeleteQuery(CONSUMER_KEY, "hybridFlowEnabled"); | ||
| final String deleteHybridFlowResponseTypeProperty = | ||
| createDeleteQuery(CONSUMER_KEY, "hybridFlowResponseType"); | ||
|
|
Issue
Issue : wso2/product-is#21140
Proposed fix
Before the fix wso2/product-is#20331, applications don't have hybrid flow enabled properties, hence according to the logic hybrid flow is disabled which causes the Backward Incompatibility.
Now with added new fix, if the property is missing which means the application doesn't have hybridFlowEnabled property(probably an application created before the fix), hence providing the previous behaviour, which is enabling the hybrid flow with all allowed response types.
Debug Log:
Tested Scenarios
Migrated App
New App
Working with Server Configuration for existing apps
We have a sever wide config to enable/disable specific response types. current application configuration logic won't support this server wide config (If some disable a response type in server config, he/she still can configure it via UI). This logic partially fix this issue.
UI
Following is the UI for the migrated app regarding hybrid flow.
UI when the hybrid flow is disabled via server config.
UI when only code id_token is enabled via server config. (code token and code id_token token is disabeld)
