ES-218 (#296)

* [BUGFIX]
[ES-218]
Fixed inconsistency with consent action capture shared for authorize scopes in the workflow

* Added documentation

.github/workflows/push_trigger.yml

@@ -10,7 +10,7 @@ on:
       - 1.*
       - develop
       - main
-      - bugfix-ES-177
+      - bugfix-ES-218
 
 jobs:
   call-workflow-codeql-analysis:

consent-service-impl/src/main/java/io/mosip/esignet/entity/ConsentDetail.java

@@ -38,6 +38,12 @@ public class ConsentDetail {
     @Column(name = "claims")
     private String claims;
 
+    /*
+    It stores the requested authorization scopes from the relying party in a json string
+    {
+        "scope" : "boolean" (essential or optional)
+    }
+     */
     @NotNull
     @Column(name = "authorization_scopes")
     private String authorizationScopes;

db_scripts/mosip_esignet/ddl/esignet-consent.sql

@@ -37,7 +37,7 @@ COMMENT ON COLUMN consent_detail.id IS 'UUID : Unique id associated with each co
 COMMENT ON COLUMN consent_detail.client_id IS 'Client_id: associated with relying party';
 COMMENT ON COLUMN consent_detail.psu_token IS 'PSU token associated with user consent';
 COMMENT ON COLUMN consent_detail.claims IS 'Json of requested and user accepted claims';
-COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of user accepted authorization scope';
+COMMENT ON COLUMN consent_detail.authorization_scopes IS 'Json string of requested authorization scope';
 COMMENT ON COLUMN consent_detail.cr_dtimes IS 'Consent creation date';
 COMMENT ON COLUMN consent_detail.expire_dtimes IS 'Expiration date';
 COMMENT ON COLUMN consent_detail.signature IS 'Signature of consent object ';

db_scripts/mosip_esignet/ddl/esignet-consent_history.sql

@@ -35,7 +35,7 @@ COMMENT ON COLUMN consent_history.id IS 'UUID : Unique id associated with each c
 COMMENT ON COLUMN consent_history.client_id IS 'Client_id: associated with relying party';
 COMMENT ON COLUMN consent_history.psu_token IS 'PSU token associated with user consent';
 COMMENT ON COLUMN consent_history.claims IS 'Json of requested and user accepted claims';
-COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of user accepted authorization scope';
+COMMENT ON COLUMN consent_history.authorization_scopes IS 'Json string of requested authorization scope';
 COMMENT ON COLUMN consent_history.cr_dtimes IS 'Consent creation date';
 COMMENT ON COLUMN consent_history.expire_dtimes IS 'Expiration date';
 COMMENT ON COLUMN consent_history.signature IS 'Signature of consent object ';

oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java

@@ -89,9 +89,10 @@ public void updateUserConsent(OIDCTransaction transaction, boolean linked, Strin
             userConsent.setClaims(normalizedClaims);
             userConsent.setSignature(signature);
             List<String> permittedScopes = transaction.getPermittedScopes();
-            List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
-            Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
-                    .collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
+            List<String> requestedAuthorizeScopes = transaction.getRequestedAuthorizeScopes();
+            // defaulting the essential boolean flag as false
+            Map<String, Boolean> authorizeScopes = requestedAuthorizeScopes != null ? requestedAuthorizeScopes.stream()
+                    .collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
             userConsent.setAuthorizationScopes(authorizeScopes);
             userConsent.setAcceptedClaims(acceptedClaims);
             userConsent.setPermittedScopes(permittedScopes);
@@ -176,10 +177,10 @@ private static ClaimDetail sortClaimDetail(ClaimDetail claimDetail){
     private ConsentAction evaluateConsentAction(OIDCTransaction transaction, ConsentDetail consentDetail, boolean linked) {
         String hash;
         try {
-            List<String> permittedScopes = transaction.getPermittedScopes();
             List<String> authorizeScope = transaction.getRequestedAuthorizeScopes();
-            Map<String, Boolean> authorizeScopes = permittedScopes != null ? permittedScopes.stream()
-                    .collect(Collectors.toMap(Function.identity(), authorizeScope::contains)) : Collections.emptyMap();
+            // defaulting the essential boolean flag as false
+            Map<String, Boolean> authorizeScopes = authorizeScope != null ? authorizeScope.stream()
+                    .collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap();
             Claims normalizedClaims = new Claims();
             normalizedClaims.setUserinfo(normalizeClaims(transaction.getRequestedClaims().getUserinfo()));
             normalizedClaims.setId_token(normalizeClaims(transaction.getRequestedClaims().getId_token()));

oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java

@@ -170,7 +170,7 @@ public void processConsent_withValidConsentAndConsentActionAsNoCapture_thenPass(
         ConsentDetail consentDetail = new ConsentDetail();
         consentDetail.setClientId("123");
         consentDetail.setSignature("signature");
-        consentDetail.setAuthorizationScopes(Map.of("openid",true,"profile",true));
+        consentDetail.setAuthorizationScopes(Map.of("openid",false,"profile",false));
         consentDetail.setClaims(claims);
         Claims normalizedClaims = new Claims();
         normalizedClaims.setUserinfo(consentHelperService.normalizeClaims(claims.getUserinfo()));