From 1db3faefb89f4cade09863c3cbdeb8a8ce0fe08d Mon Sep 17 00:00:00 2001
From: Thilina Shashimal Senarath <thilinasenarath97@gmail.com>
Date: Thu, 19 Dec 2024 12:00:00 +0530
Subject: [PATCH] Fix oidc claim mapping in jwt access token attributes

---
 .../JWTAccessTokenOIDCClaimsHandler.java      | 47 +++++++------------
 1 file changed, 17 insertions(+), 30 deletions(-)

diff --git a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java
index 4824d4adc2..dd2ecabfa4 100644
--- a/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java
+++ b/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/JWTAccessTokenOIDCClaimsHandler.java
@@ -264,12 +264,12 @@ private Map<String, Object> getOIDCClaimsFromUserAttributes(Map<ClaimMapping, St
     /**
      * Get oidc claims mapping.
      *
-     * @param federatedUserAttributed User attributes.
+     * @param federatedUserAttributes User attributes.
      * @param requestMsgCtx           Request Context.
      * @return User attributes Map.
      */
     private Map<String, Object> getOIDCClaimsFromFederatedUserAttributes(Map<ClaimMapping,
-            String> federatedUserAttributed, OAuthTokenReqMessageContext requestMsgCtx)
+            String> federatedUserAttributes, OAuthTokenReqMessageContext requestMsgCtx)
             throws IdentityOAuth2Exception {
 
         String spTenantDomain = getServiceProviderTenantDomain(requestMsgCtx);
@@ -283,24 +283,16 @@ private Map<String, Object> getOIDCClaimsFromFederatedUserAttributes(Map<ClaimMa
         }
         // Get user claims in OIDC dialect.
         Map<String, String> userClaimsInOidcDialect = new HashMap<>();
-        if (MapUtils.isNotEmpty(federatedUserAttributed)) {
-            for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttributed.entrySet()) {
+        if (MapUtils.isNotEmpty(federatedUserAttributes)) {
+            for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttributes.entrySet()) {
                 ClaimMapping claimMapping = userAttribute.getKey();
-                String claimValue = userAttribute.getValue();
-                if (oidcToLocalClaimMappings.containsValue(claimMapping.getLocalClaim().getClaimUri())) {
-                    String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
-                    String oidcClaimUri = oidcToLocalClaimMappings.entrySet().stream()
-                            .filter(entry -> entry.getValue().equals(localClaimURI))
-                            .map(Map.Entry::getKey)
-                            .findFirst()
-                            .orElse(null);
-
-                    if (oidcClaimUri != null) {
-                        userClaimsInOidcDialect.put(oidcClaimUri, claimValue.toString());
-                        if (log.isDebugEnabled() &&
-                                IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
-                            log.debug("Mapped claim: key - " + oidcClaimUri + " value - " + claimValue);
-                        }
+                String claimValue = userAttribute.getValue().toString();
+                String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
+                if (oidcToLocalClaimMappings.containsKey(localClaimURI) && StringUtils.isNotBlank(claimValue)) {
+                    userClaimsInOidcDialect.put(localClaimURI, claimValue);
+                    if (log.isDebugEnabled() &&
+                            IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
+                        log.debug("Mapped claim: key - " + localClaimURI + " value - " + claimValue);
                     }
                 }
             }
@@ -638,17 +630,12 @@ private static Map<String, Object> getUserClaimsInOIDCDialectFromFederatedUserAt
             for (Map.Entry<ClaimMapping, String> userAttribute : federatedUserAttr.entrySet()) {
                 ClaimMapping claimMapping = userAttribute.getKey();
                 String claimValue = userAttribute.getValue();
-                if (oidcToLocalClaimMappings.containsValue(claimMapping.getLocalClaim().getClaimUri())) {
-                    String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
-                    String oidcClaimUri = oidcToLocalClaimMappings.entrySet().stream()
-                            .filter(entry -> entry.getValue().equals(localClaimURI))
-                            .map(Map.Entry::getKey).findFirst().orElse(null);
-                    if (oidcClaimUri != null && StringUtils.isNotBlank(claimValue)) {
-                        userClaimsInOidcDialect.put(oidcClaimUri, claimValue);
-                        if (log.isDebugEnabled() &&
-                                IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
-                            log.debug("Mapped claim: key - " + oidcClaimUri + " value - " + claimValue);
-                        }
+                String localClaimURI = claimMapping.getLocalClaim().getClaimUri();
+                if (oidcToLocalClaimMappings.containsKey(localClaimURI) && StringUtils.isNotBlank(claimValue)) {
+                    userClaimsInOidcDialect.put(localClaimURI, claimValue);
+                    if (log.isDebugEnabled() &&
+                            IdentityUtil.isTokenLoggable(IdentityConstants.IdentityTokens.USER_CLAIMS)) {
+                        log.debug("Mapped claim: key - " + localClaimURI + " value - " + claimValue);
                     }
                 }
             }