Handle multi attribute values in User Info Response

[mefarazath]

Product Version : IS 5.9.0 RC2

Scenario: OIDC authorization flow with users role claim as a requested attributes

id_token
{ "at_hash": "7nv58bbnP015IeXKUKZ3xA", "sub": "farasatha@wso2.com", "amr": [ "BasicAuthenticator" ], "iss": "https://localhost:9443/oauth2/token", "groups": [ "Internal/everyone", "dev" ], "given_name": "Farasath", "aud": "4anu0JXj4o_66UIrkwP0Y8ujUDka", "c_hash": "Ylhe_YCmiNDjUvSJQUKc8w", "nbf": 1570087119, "azp": "4anu0JXj4o_66UIrkwP0Y8ujUDka", "exp": 1570090719, "iat": 1570087119, "family_name": "Ahamed", "email": "farasatha@wso2.com" }

user info response
{ "sub": "farasatha@wso2.com", "groups": "Internal/everyone,dev", "given_name": "Farasath", "family_name": "Ahamed", "email": "farasatha@wso2.com" }

If you consider the "groups" claim which is a multi-valued claim. In the id_token it is returned as a JSON array while in the user info response it is returned as a string with values appended using the multi-attribute separator.

The user info response needs to consistent with the id_token value.

Issue:

The code segment [1], returns the claim values used to build the user info JSON. We need to make sure that the claims are in the correct format. ie. handle multi-attribute values.

We do similar formatting in the id token builder [2]

[1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/3cbb54790f5ee85bc9e5b03a5b8c6d345c8bc9b8/components/org.wso2.carbon.identity.oauth.endpoint/src/main/java/org/wso2/carbon/identity/oauth/endpoint/util/ClaimUtil.java#L97

[2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/477483b1fd9b953d8d2a4dee6e2faca0c29c7374/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultOIDCClaimsCallbackHandler.java#L612