[SYNCOPE-1955] OIDC custom scope management

client/am/console/src/main/java/org/apache/syncope/client/console/AMConsoleContext.java

@@ -30,7 +30,7 @@
 import org.apache.syncope.client.console.rest.AuthModuleRestClient;
 import org.apache.syncope.client.console.rest.AuthProfileRestClient;
 import org.apache.syncope.client.console.rest.ClientAppRestClient;
-import org.apache.syncope.client.console.rest.OIDCJWKSRestClient;
+import org.apache.syncope.client.console.rest.OIDCOpEntityRestClient;
 import org.apache.syncope.client.console.rest.PasswordManagementRestClient;
 import org.apache.syncope.client.console.rest.PolicyRestClient;
 import org.apache.syncope.client.console.rest.SAML2IdPEntityRestClient;
@@ -96,8 +96,8 @@ public ClientAppRestClient clientAppRestClient() {
 
     @ConditionalOnMissingBean
     @Bean
-    public OIDCJWKSRestClient oidcJWKSRestClient() {
-        return new OIDCJWKSRestClient();
+    public OIDCOpEntityRestClient oidcOpEntityRestClient() {
+        return new OIDCOpEntityRestClient();
     }
 
     @ConditionalOnMissingBean

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/CASSPDirectoryPanel.java

@@ -45,6 +45,7 @@ public CASSPDirectoryPanel(final String id, final ClientAppRestClient restClient
                 policyRestClient,
                 clientAppRestClient,
                 realmRestClient,
+                oidcOpEntityRestClient,
                 pageRef),
                 true);
         MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, AMEntitlement.CLIENTAPP_CREATE);

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.java

@@ -35,6 +35,7 @@
 import org.apache.syncope.client.console.panels.ModalDirectoryPanel;
 import org.apache.syncope.client.console.rest.AuditRestClient;
 import org.apache.syncope.client.console.rest.ClientAppRestClient;
+import org.apache.syncope.client.console.rest.OIDCOpEntityRestClient;
 import org.apache.syncope.client.console.rest.PolicyRestClient;
 import org.apache.syncope.client.console.rest.RealmRestClient;
 import org.apache.syncope.client.console.wicket.extensions.markup.html.repeater.data.table.KeyPropertyColumn;
@@ -80,6 +81,9 @@ public abstract class ClientAppDirectoryPanel<T extends ClientAppTO>
     @SpringBean
     protected AuditRestClient auditRestClient;
 
+    @SpringBean
+    protected OIDCOpEntityRestClient oidcOpEntityRestClient;
+
     protected final ClientAppType type;
 
     protected final BaseModal<T> propertiesModal;

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java

@@ -37,6 +37,7 @@
 import org.apache.syncope.client.console.commons.RealmsUtils;
 import org.apache.syncope.client.console.panels.AbstractModalPanel;
 import org.apache.syncope.client.console.rest.ClientAppRestClient;
+import org.apache.syncope.client.console.rest.OIDCOpEntityRestClient;
 import org.apache.syncope.client.console.rest.PolicyRestClient;
 import org.apache.syncope.client.console.rest.RealmRestClient;
 import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
@@ -55,7 +56,7 @@
 import org.apache.syncope.client.ui.commons.panels.WizardModalPanel;
 import org.apache.syncope.client.ui.commons.wizards.AbstractModalPanelBuilder;
 import org.apache.syncope.client.ui.commons.wizards.AjaxWizard;
-import org.apache.syncope.common.lib.OIDCScopeConstants;
+import org.apache.syncope.common.lib.OIDCStandardScope;
 import org.apache.syncope.common.lib.policy.PolicyTO;
 import org.apache.syncope.common.lib.to.ClientAppTO;
 import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
@@ -147,13 +148,16 @@ protected Map<String, String> load() {
 
     protected final RealmRestClient realmRestClient;
 
+    protected final OIDCOpEntityRestClient oidcOpEntityRestClient;
+
     public ClientAppModalPanelBuilder(
             final ClientAppType type,
             final T defaultItem,
             final BaseModal<T> modal,
             final PolicyRestClient policyRestClient,
             final ClientAppRestClient clientAppRestClient,
             final RealmRestClient realmRestClient,
+            final OIDCOpEntityRestClient oidcOpEntityRestClient,
             final PageReference pageRef) {
 
         super(defaultItem, pageRef);
@@ -162,6 +166,7 @@ public ClientAppModalPanelBuilder(
         this.policyRestClient = policyRestClient;
         this.clientAppRestClient = clientAppRestClient;
         this.realmRestClient = realmRestClient;
+        this.oidcOpEntityRestClient = oidcOpEntityRestClient;
     }
 
     @Override
@@ -378,7 +383,7 @@ protected void onUpdate(final AjaxRequestTarget target) {
                     applicationType.setChoices(List.of(OIDCApplicationType.values()));
                     fields.add(applicationType.addRequiredLabel().setEnabled(true));
 
-                    AjaxTextFieldPanel redirectUri = new AjaxTextFieldPanel("panel", "redirectUris", new Model<>());
+                    AjaxTextFieldPanel redirectUri = new AjaxTextFieldPanel("panel", "redirectUris", Model.of());
                     fields.add(new MultiFieldPanel.Builder<String>(
                             new PropertyModel<>(clientAppTO, "redirectUris")).build(
                             "field",
@@ -395,21 +400,12 @@ protected void onUpdate(final AjaxRequestTarget target) {
                             new PropertyModel<>(clientAppTO, "supportedResponseTypes"),
                             new ListModel<>(List.of(OIDCResponseType.values()))));
 
-                    AutoCompleteSettings scopesSettings = new AutoCompleteSettings();
-                    scopesSettings.setShowCompleteListOnFocusGain(true);
-                    scopesSettings.setShowListOnEmptyInput(true);
-                    AjaxSearchFieldPanel scopes = new AjaxSearchFieldPanel(
-                            "panel", "scopes", new PropertyModel<>(clientAppTO, "scopes"), scopesSettings) {
-
-                        private static final long serialVersionUID = 7160878678968866138L;
-
-                        @Override
-                        protected Iterator<String> getChoices(final String input) {
-                            List<String> choices = new ArrayList<>(OIDCScopeConstants.ALL_STANDARD_SCOPES);
-                            choices.add(OIDCScopeConstants.SYNCOPE);
-                            return choices.iterator();
-                        }
-                    };
+                    AjaxTextFieldPanel scopes = new AjaxTextFieldPanel("panel", "scopes", Model.of());
+                    scopes.setChoices(Stream.concat(Stream.of(OIDCStandardScope.values()).map(OIDCStandardScope::name),
+                            Optional.ofNullable(oidcOpEntityRestClient.get().get()).
+                                    map(oidcOpEntity -> oidcOpEntity.getCustomScopes().keySet().stream()).
+                                    orElseGet(() -> Stream.empty())).
+                            distinct().sorted().toList());
                     fields.add(new MultiFieldPanel.Builder<String>(
                             new PropertyModel<>(clientAppTO, "scopes")).build(
                             "field",
@@ -553,7 +549,7 @@ public String getObject() {
                             "field", "nameIdQualifier", new PropertyModel<>(clientAppTO, "nameIdQualifier"), false));
 
                     AjaxTextFieldPanel assertionAudience = new AjaxTextFieldPanel(
-                            "panel", "assertionAudience", new Model<>());
+                            "panel", "assertionAudience", Model.of());
                     assertionAudience.addValidator(new UrlValidator());
                     fields.add(new MultiFieldPanel.Builder<String>(
                             new PropertyModel<>(clientAppTO, "assertionAudiences")).build(

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/OIDCRPDirectoryPanel.java

@@ -48,6 +48,7 @@ public OIDCRPDirectoryPanel(final String id, final ClientAppRestClient restClien
                 policyRestClient,
                 clientAppRestClient,
                 realmRestClient,
+                oidcOpEntityRestClient,
                 pageRef),
                 true);
         MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, AMEntitlement.CLIENTAPP_CREATE);

client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/SAML2SPDirectoryPanel.java

@@ -46,6 +46,7 @@ public SAML2SPDirectoryPanel(final String id, final ClientAppRestClient restClie
                 policyRestClient,
                 clientAppRestClient,
                 realmRestClient,
+                oidcOpEntityRestClient,
                 pageRef),
                 true);
         MetaDataRoleAuthorizationStrategy.authorize(addAjaxLink, RENDER, AMEntitlement.CLIENTAPP_CREATE);

client/am/console/src/main/java/org/apache/syncope/client/console/commons/AMConstants.java

@@ -52,6 +52,8 @@ public final class AMConstants {
     public static final String PREF_AUTHPROFILE_WEBAUTHNDEVICECREDENTIALS_PAGINATOR_ROWS =
             "authprofile.webAuthnDeviceCredentials.paginator.rows";
 
+    public static final String PREF_OIDC_CUSTOMSCOPES_PAGINATOR_ROWS = "oidc.customScopes.paginator.rows";
+
     private AMConstants() {
         // private constructor for static utility class
     }

client/am/console/src/main/java/org/apache/syncope/client/console/panels/OIDCJWKSGenerationPanel.java → client/am/console/src/main/java/org/apache/syncope/client/console/panels/JWKSGenerationPanel.java

@@ -20,7 +20,7 @@
 
 import java.util.List;
 import org.apache.syncope.client.console.SyncopeConsoleSession;
-import org.apache.syncope.client.console.rest.OIDCJWKSRestClient;
+import org.apache.syncope.client.console.rest.OIDCOpEntityRestClient;
 import org.apache.syncope.client.console.rest.WAConfigRestClient;
 import org.apache.syncope.client.console.wicket.ajax.form.IndicatorAjaxEventBehavior;
 import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal;
@@ -30,31 +30,31 @@
 import org.apache.syncope.client.ui.commons.markup.html.form.AjaxTextFieldPanel;
 import org.apache.syncope.client.ui.commons.pages.BaseWebPage;
 import org.apache.syncope.common.lib.SyncopeClientException;
-import org.apache.syncope.common.lib.to.OIDCJWKSTO;
+import org.apache.syncope.common.lib.to.OIDCOpEntityTO;
 import org.apache.wicket.PageReference;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.model.Model;
 
-public class OIDCJWKSGenerationPanel extends AbstractModalPanel<OIDCJWKSTO> {
+public class JWKSGenerationPanel extends AbstractModalPanel<OIDCOpEntityTO> {
 
     private static final long serialVersionUID = -3372006007594607067L;
 
-    protected final OIDCJWKSRestClient oidcJWKSRestClient;
+    protected final OIDCOpEntityRestClient oidcOpEntityRestClient;
 
     protected final Model<String> jwksKeyIdM;
 
     protected final Model<String> jwksTypeM;
 
     protected final Model<Integer> jwksKeySizeM;
 
-    public OIDCJWKSGenerationPanel(
-            final OIDCJWKSRestClient oidcJWKSRestClient,
+    public JWKSGenerationPanel(
+            final OIDCOpEntityRestClient oidcOpEntityRestClient,
             final WAConfigRestClient waConfigRestClient,
-            final BaseModal<OIDCJWKSTO> modal,
+            final BaseModal<OIDCOpEntityTO> modal,
             final PageReference pageRef) {
 
         super(modal, pageRef);
-        this.oidcJWKSRestClient = oidcJWKSRestClient;
+        this.oidcOpEntityRestClient = oidcOpEntityRestClient;
 
         jwksKeyIdM = Model.of("syncope");
         try {
@@ -104,7 +104,7 @@ protected void onEvent(final AjaxRequestTarget target) {
     @Override
     public void onSubmit(final AjaxRequestTarget target) {
         try {
-            oidcJWKSRestClient.generate(jwksKeyIdM.getObject(), jwksTypeM.getObject(), jwksKeySizeM.getObject());
+            oidcOpEntityRestClient.generate(jwksKeyIdM.getObject(), jwksTypeM.getObject(), jwksKeySizeM.getObject());
 
             SyncopeConsoleSession.get().success(getString(Constants.OPERATION_SUCCEEDED));
             modal.close(target);