Remove sub org app check from authz and token handlers

wso2-extensions · Dec 1, 2024 · 095707b · 095707b
1 parent e308fa5
commit 095707b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 29 deletions.
diff --git a/...ain/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java b/...ain/java/org/wso2/carbon/identity/auth/service/handler/impl/OAuth2AccessTokenHandler.java
@@ -32,7 +32,6 @@
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.application.common.model.ProvisioningServiceProviderType;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
-import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
 import org.wso2.carbon.identity.application.common.model.ThreadLocalProvisioningServiceProvider;
 import org.wso2.carbon.identity.application.common.model.User;
 import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
@@ -58,7 +57,6 @@
 import org.wso2.carbon.identity.oauth2.validators.RefreshTokenValidator;
 
 import java.text.ParseException;
-import java.util.Arrays;
 import java.util.Map;
 import java.util.Optional;
 
@@ -175,23 +173,8 @@ protected AuthenticationResult doAuthenticate(MessageContext messageContext) {
                 ServiceProvider serviceProvider = null;
                 String serviceProviderName = null;
                 String serviceProviderUUID = null;
-                boolean isSubOrgApp = false;
                 try {
-                    if (authorizedUser != null) {
-                        ServiceProviderProperty[] serviceProviderProperties = OAuth2Util.getServiceProvider(
-                                oAuth2IntrospectionResponseDTO.getClientId(), authorizedUser.getTenantDomain()).
-                                getSpProperties();
-                        if (serviceProviderProperties != null && Arrays.stream(serviceProviderProperties)
-                                .anyMatch(property -> "isSubOrgApp".equals(property.getName())
-                                        && Boolean.parseBoolean(property.getValue()))) {
-                            isSubOrgApp = true;
-                            authenticationContext.addParameter("isSubOrgApp", true);
-                            serviceProvider = OAuth2Util.getServiceProvider(oAuth2IntrospectionResponseDTO.getClientId(),
-                                    authorizedUser.getTenantDomain());
-                        }
-                    } else {
-                        serviceProvider = OAuth2Util.getServiceProvider(oAuth2IntrospectionResponseDTO.getClientId());
-                    }
+                    serviceProvider = OAuth2Util.getServiceProvider(oAuth2IntrospectionResponseDTO.getClientId());
                     if (serviceProvider != null) {
                         serviceProviderName = serviceProvider.getApplicationName();
                         serviceProviderUUID = serviceProvider.getApplicationResourceId();
@@ -210,12 +193,8 @@ protected AuthenticationResult doAuthenticate(MessageContext messageContext) {
 
                 String serviceProviderTenantDomain = null;
                 try {
-                    if (serviceProvider != null && isSubOrgApp) {
-                        serviceProviderTenantDomain = serviceProvider.getTenantDomain();
-                    } else {
-                        serviceProviderTenantDomain = OAuth2Util.getTenantDomainOfOauthApp(
-                                oAuth2IntrospectionResponseDTO.getClientId());
-                    }
+                    serviceProviderTenantDomain =
+                            OAuth2Util.getTenantDomainOfOauthApp(oAuth2IntrospectionResponseDTO.getClientId());
                 } catch (InvalidOAuthClientException | IdentityOAuth2Exception e) {
                     if (log.isDebugEnabled()) {
                         log.debug("Error occurred while getting the OAuth App tenantDomain by Consumer key: "

diff --git a/...ty.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/AuthorizationValve.java b/...ty.authz.valve/src/main/java/org/wso2/carbon/identity/authz/valve/AuthorizationValve.java
@@ -235,11 +235,7 @@ private AuthorizationResult authorizeInOrganizationLevel(Request request, Respon
     private boolean isRequestValidForTenant(AuthenticationContext authenticationContext,
                                             AuthorizationContext authorizationContext, Request request) {
 
-        boolean isSubOrgApp = false;
-        if (authenticationContext.getParameter("isSubOrgApp") != null) {
-            isSubOrgApp = Boolean.parseBoolean(authenticationContext.getParameter("isSubOrgApp").toString());
-        }
-        return (Utils.isUserBelongsToRequestedTenant(authenticationContext, request) || isSubOrgApp ||
+        return (Utils.isUserBelongsToRequestedTenant(authenticationContext, request) ||
                 (authorizationContext.isCrossTenantAllowed()) &&
                         Utils.isTenantBelongsToAllowedCrossTenant(authenticationContext, authorizationContext));
     }