Addresing the review comment of using a seperate object for federated…

… token in oauth

components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/authz/OAuth2AuthzEndpoint.java

@@ -130,6 +130,7 @@
 import org.wso2.carbon.identity.oauth2.dto.OAuth2ClientValidationResponseDTO;
 import org.wso2.carbon.identity.oauth2.internal.OAuth2ServiceComponentHolder;
 import org.wso2.carbon.identity.oauth2.model.AccessTokenExtendedAttributes;
+import org.wso2.carbon.identity.oauth2.model.FederatedTokenDO;
 import org.wso2.carbon.identity.oauth2.model.HttpRequestHeaderHandler;
 import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;
 import org.wso2.carbon.identity.oauth2.responsemode.provider.AuthorizationResponseDTO;
@@ -174,6 +175,7 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Consumer;
+import java.util.stream.Collectors;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -396,7 +398,8 @@ public Response authorize(@Context HttpServletRequest request, @Context HttpServ
      * @param oAuthMessage         The OAuthMessage with the session data cache entry.
      * @param authenticationResult The authentication result of authorization call.
      */
-    private void addFederatedTokensToAuthCache(OAuthMessage oAuthMessage, AuthenticationResult authenticationResult) {
+    private void addFederatedTokensToSessionCache(OAuthMessage oAuthMessage,
+                                                  AuthenticationResult authenticationResult) {
 
         List<FederatedToken> federatedTokens =
                 (List<FederatedToken>) authenticationResult.getProperty(FEDERATED_TOKENS);
@@ -405,15 +408,37 @@ private void addFederatedTokensToAuthCache(OAuthMessage oAuthMessage, Authentica
         if (sessionDataCacheEntry == null || CollectionUtils.isEmpty(federatedTokens)) {
             return;
         }
-        if (CollectionUtils.isEmpty(sessionDataCacheEntry.getFederatedTokens())) {
-            sessionDataCacheEntry.setFederatedTokens(new ArrayList<>());
-        }
-        sessionDataCacheEntry.getFederatedTokens().addAll(federatedTokens);
+        sessionDataCacheEntry.setFederatedTokens(getFederatedTokenDO(federatedTokens));
         if (log.isDebugEnabled()) {
-            log.debug("Added the federated tokens to the authorization grant cache.");
+            log.debug("Added the federated tokens to the session data cache. Session context identifier: " +
+                    sessionDataCacheEntry.getSessionContextIdentifier());
         }
     }
 
+    /**
+     * This method creates a list of FederatedTokenDO objects from the list of FederatedToken objects.
+     *
+     * @param federatedTokens List of FederatedToken objects to be transformed as a list of FederatedTokenDO.
+     * @return List of FederatedTokenDO objects.
+     */
+    private List<FederatedTokenDO> getFederatedTokenDO(List<FederatedToken> federatedTokens) {
+
+        if (CollectionUtils.isEmpty(federatedTokens)) {
+            return null;
+        }
+
+        List<FederatedTokenDO>  federatedTokenDOs = federatedTokens.stream().map(federatedToken -> {
+            FederatedTokenDO federatedTokenDO =
+                    new FederatedTokenDO(federatedToken.getIdp(), federatedToken.getAccessToken());
+            federatedTokenDO.setRefreshToken(federatedToken.getRefreshToken());
+            federatedTokenDO.setScope(federatedToken.getScope());
+            federatedTokenDO.setTokenValidityPeriod(federatedToken.getTokenValidityPeriod());
+            return federatedTokenDO;
+        }).collect(Collectors.toList());
+
+        return federatedTokenDOs;
+    }
+
     private void setCommonAuthIdToRequest(HttpServletRequest request, HttpServletResponse response) {
 
         // Issue https://github.com/wso2/product-is/issues/11065 needs to addressed.
@@ -1359,8 +1384,8 @@ private void addToAuthenticationResultDetailsToOAuthMessage(OAuthMessage oAuthMe
         oAuthMessage.getSessionDataCacheEntry().setAuthenticatedIdPs(authnResult.getAuthenticatedIdPs());
         oAuthMessage.getSessionDataCacheEntry().setSessionContextIdentifier((String)
                 authnResult.getProperty(FrameworkConstants.AnalyticsAttributes.SESSION_ID));
-        // Adding federated tokens come with the authorize authentication result.
-        addFederatedTokensToAuthCache(oAuthMessage, authnResult);
+        // Adding federated tokens come with the authentication result of the authorization call.
+        addFederatedTokensToSessionCache(oAuthMessage, authnResult);
     }
 
     private void updateAuthTimeInSessionDataCacheEntry(OAuthMessage oAuthMessage) {
@@ -2052,6 +2077,7 @@ private void addUserAttributesToOAuthMessage(OAuthMessage oAuthMessage, String c
         boolean isRequestObjectFlow = sessionDataCacheEntry.getoAuth2Parameters().isRequestObjectFlow();
         authorizationGrantCacheEntry.setRequestObjectFlow(isRequestObjectFlow);
         authorizationGrantCacheEntry.setFederatedTokens(sessionDataCacheEntry.getFederatedTokens());
+        sessionDataCacheEntry.setFederatedTokens(null);
         oAuthMessage.setAuthorizationGrantCacheEntry(authorizationGrantCacheEntry);
     }
 

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/cache/AuthorizationGrantCacheEntry.java

@@ -18,9 +18,9 @@
 
 package org.wso2.carbon.identity.oauth.cache;
 
-import org.wso2.carbon.identity.application.authentication.framework.model.FederatedToken;
 import org.wso2.carbon.identity.application.common.model.ClaimMapping;
 import org.wso2.carbon.identity.oauth2.model.AccessTokenExtendedAttributes;
+import org.wso2.carbon.identity.oauth2.model.FederatedTokenDO;
 import org.wso2.carbon.identity.openidconnect.model.RequestObject;
 
 import java.util.ArrayList;
@@ -82,7 +82,7 @@ public class AuthorizationGrantCacheEntry extends CacheEntry {
     private AccessTokenExtendedAttributes accessTokenExtendedAttributes;
     private boolean isApiBasedAuthRequest;
 
-    private List<FederatedToken> federatedTokens;
+    private List<FederatedTokenDO> federatedTokens;
 
     public String getSubjectClaim() {
         return subjectClaim;
@@ -196,12 +196,12 @@ public void setPkceCodeChallengeMethod(String pkceCodeChallengeMethod) {
         this.pkceCodeChallengeMethod = pkceCodeChallengeMethod;
     }
 
-    public List<FederatedToken> getFederatedTokens() {
+    public List<FederatedTokenDO> getFederatedTokens() {
 
         return federatedTokens;
     }
 
-    public void setFederatedTokens(List<FederatedToken> federatedTokens) {
+    public void setFederatedTokens(List<FederatedTokenDO> federatedTokens) {
 
         this.federatedTokens = federatedTokens;
     }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth/cache/SessionDataCacheEntry.java

@@ -19,8 +19,8 @@
 package org.wso2.carbon.identity.oauth.cache;
 
 import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
-import org.wso2.carbon.identity.application.authentication.framework.model.FederatedToken;
 import org.wso2.carbon.identity.oauth2.authz.OAuthAuthzReqMessageContext;
+import org.wso2.carbon.identity.oauth2.model.FederatedTokenDO;
 import org.wso2.carbon.identity.oauth2.model.OAuth2Parameters;
 
 import java.io.Serializable;
@@ -52,7 +52,7 @@ public class SessionDataCacheEntry extends CacheEntry {
     private ConcurrentMap<String, String[]> paramMap = new ConcurrentHashMap<String, String[]>();
 
     private Map<String, Serializable> endpointParams = new HashMap<>();
-    private List<FederatedToken> federatedTokens;
+    private List<FederatedTokenDO> federatedTokens;
 
     public OAuthAuthzReqMessageContext getAuthzReqMsgCtx() {
         return authzReqMsgCtx;
@@ -163,13 +163,12 @@ public void setRemoveOnConsume(boolean removeOnConsume) {
         this.removeOnConsume = removeOnConsume;
     }
 
-    public List<FederatedToken> getFederatedTokens() {
+    public List<FederatedTokenDO> getFederatedTokens() {
 
         return federatedTokens;
     }
 
-    public void setFederatedTokens(
-            List<FederatedToken> federatedTokens) {
+    public void setFederatedTokens(List<FederatedTokenDO> federatedTokens) {
 
         this.federatedTokens = federatedTokens;
     }

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/model/FederatedTokenDO.java

@@ -0,0 +1,87 @@
+/*
+ *
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). All Rights Reserved.
+ *
+ * This software is the property of WSO2 LLC. and its suppliers, if any.
+ * Dissemination of any information or reproduction of any material contained
+ * herein in any form is strictly forbidden, unless permitted by WSO2 expressly.
+ * You may not alter or remove any copyright or other notice from copies of this content.
+ *
+ */
+
+package org.wso2.carbon.identity.oauth2.model;
+
+import java.io.Serializable;
+
+/**
+ * This class is model class of a federated token.
+ * A federated token is an external token obtained via an OIDC federated authenticator
+ * after a successful authentication.
+ */
+public class FederatedTokenDO implements Serializable {
+
+    private static final long serialVersionUID = 2717725650850067925L;
+    private String idp;
+    private String tokenValidityPeriod;
+    private String scope;
+    private String accessToken;
+    private String refreshToken;
+
+    // Constructor
+    public FederatedTokenDO(String idp, String accessToken) {
+
+        this.idp = idp;
+        this.accessToken = accessToken;
+    }
+
+    // Getters and setters
+    public String getIdp() {
+
+        return idp;
+    }
+
+    public void setIdp(String idp) {
+
+        this.idp = idp;
+    }
+
+    public String getTokenValidityPeriod() {
+
+        return tokenValidityPeriod;
+    }
+
+    public void setTokenValidityPeriod(String tokenValidityPeriod) {
+
+        this.tokenValidityPeriod = tokenValidityPeriod;
+    }
+
+    public String getScope() {
+
+        return scope;
+    }
+
+    public void setScope(String scope) {
+
+        this.scope = scope;
+    }
+
+    public String getAccessToken() {
+
+        return accessToken;
+    }
+
+    public void setAccessToken(String accessToken) {
+
+        this.accessToken = accessToken;
+    }
+
+    public String getRefreshToken() {
+
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+
+        this.refreshToken = refreshToken;
+    }
+}

components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/token/handlers/response/FederatedTokenResponseHandler.java

@@ -16,10 +16,10 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultAuthenticationRequestHandler;
-import org.wso2.carbon.identity.application.authentication.framework.model.FederatedToken;
 import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache;
 import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheEntry;
 import org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCacheKey;
+import org.wso2.carbon.identity.oauth2.model.FederatedTokenDO;
 import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
 
 import java.util.HashMap;
@@ -55,11 +55,11 @@ public Map<String, Object> getAdditionalTokenResponseAttributes(OAuthTokenReqMes
             return null;
         }
 
-        List<FederatedToken> federatedTokens = cacheEntry.getFederatedTokens();
+        List<FederatedTokenDO> federatedTokens = cacheEntry.getFederatedTokens();
         if (CollectionUtils.isEmpty(federatedTokens)) {
             return null;
         }
-        // Removing the federated token from the auth grant cache entry since it is no longer required.
+        // Removing the federated token from the session cache entry since it is no longer required.
         cacheEntry.setFederatedTokens(null);
         // Add federated tokens to the token response if available.
         Map<String, Object> additionalAttributes = new HashMap<>();