Add configs related to consent mgt webhook

components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/request/impl/consent/PolicyConsentPostAuthnHandler.java

@@ -43,6 +43,8 @@
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.central.log.mgt.utils.LogConstants;
 import org.wso2.carbon.identity.central.log.mgt.utils.LoggerUtils;
+import org.wso2.carbon.identity.core.context.IdentityContext;
+import org.wso2.carbon.identity.core.context.model.Flow;
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.carbon.utils.DiagnosticLog;
 
@@ -341,14 +343,30 @@ private PostAuthnHandlerFlowStatus handlePostPolicyConsent(HttpServletRequest re
     private void recordPolicyConsent(String subjectId, String tenantDomain, String purposeUuid, String state)
             throws ConsentManagementException {
 
-        PIICategory piiCategory = ConsentReceiptUtils.getDefaultPiiCategory(
-                PURPOSE_GROUP_TYPE_POLICY, getConsentManager());
-        List<PurposePIICategoryBinding> purposeBindings = new ArrayList<>();
-        purposeBindings.add(new PurposePIICategoryBinding(purposeUuid, Collections.singletonList(piiCategory)));
-        ReceiptInput receiptInput = ConsentReceiptUtils.buildReceiptInput("en", subjectId, tenantDomain,
-                null, REJECTED_STATE.equals(state), null, null, RESIDENT_IDP, purposeBindings,
-                getConsentManager());
-        getConsentManager().addConsent(receiptInput);
+        Flow.InitiatingPersona initiatingPersona;
+        Flow existingFlow = IdentityContext.getThreadLocalIdentityContext().getCurrentFlow();
+        if (existingFlow != null) {
+            initiatingPersona = existingFlow.getInitiatingPersona();
+        } else {
+            initiatingPersona = Flow.InitiatingPersona.APPLICATION;
+        }
+        Flow consentFlow = new Flow.Builder()
+                .name(Flow.Name.CONSENT_ADD)
+                .initiatingPersona(initiatingPersona)
+                .build();
+        IdentityContext.getThreadLocalIdentityContext().enterFlow(consentFlow);
+        try {
+            PIICategory piiCategory = ConsentReceiptUtils.getDefaultPiiCategory(
+                    PURPOSE_GROUP_TYPE_POLICY, getConsentManager());
+            List<PurposePIICategoryBinding> purposeBindings = new ArrayList<>();
+            purposeBindings.add(new PurposePIICategoryBinding(purposeUuid, Collections.singletonList(piiCategory)));
+            ReceiptInput receiptInput = ConsentReceiptUtils.buildReceiptInput("en", subjectId, tenantDomain,
+                    null, REJECTED_STATE.equals(state), null, null, RESIDENT_IDP, purposeBindings,
+                    getConsentManager());
+            getConsentManager().addConsent(receiptInput);
+        } finally {
+            IdentityContext.getThreadLocalIdentityContext().exitFlow();
+        }
     }
 
     private void redirectToPolicyConsentPage(HttpServletResponse response, AuthenticationContext context)

components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/context/model/Flow.java

@@ -118,6 +118,20 @@ public class Flow {
         FLOW_DEFINITIONS.put(Name.GROUP_UPDATE,
                 EnumSet.of(InitiatingPersona.ADMIN, InitiatingPersona.APPLICATION));
         // -----------------------------------------------------------------------------------------------
+
+        // -------------------------- Consent management flows -------------------------------------------
+        FLOW_DEFINITIONS.put(Name.CONSENT_ADD,
+                EnumSet.of(InitiatingPersona.ADMIN, InitiatingPersona.APPLICATION, InitiatingPersona.USER));
+        FLOW_DEFINITIONS.put(Name.CONSENT_REVOKE, EnumSet.of(InitiatingPersona.USER));
+        FLOW_DEFINITIONS.put(Name.CONSENT_AUTHORIZE, EnumSet.of(InitiatingPersona.USER));
+        FLOW_DEFINITIONS.put(Name.CONSENT_UPDATE, EnumSet.of(InitiatingPersona.ADMIN));
+
+        FLOW_DEFINITIONS.put(Name.CONSENT_PURPOSE_ADD, EnumSet.of(InitiatingPersona.ADMIN));
+        FLOW_DEFINITIONS.put(Name.CONSENT_PURPOSE_DELETE, EnumSet.of(InitiatingPersona.ADMIN));
+        FLOW_DEFINITIONS.put(Name.CONSENT_PURPOSE_VERSION_ADD, EnumSet.of(InitiatingPersona.ADMIN));
+        FLOW_DEFINITIONS.put(Name.CONSENT_PURPOSE_VERSION_DELETE, EnumSet.of(InitiatingPersona.ADMIN));
+        FLOW_DEFINITIONS.put(Name.CONSENT_PURPOSE_VERSION_LATEST_SET, EnumSet.of(InitiatingPersona.ADMIN));
+        // -----------------------------------------------------------------------------------------------
     }
 
     /**
@@ -182,7 +196,19 @@ public enum Name {
 
         // ---------User Group management flows--------------
         USER_GROUP_UPDATE,
-        GROUP_UPDATE
+        GROUP_UPDATE,
+        // --------------------------------------------------
+
+        // ---------Consent management flows-----------------
+        CONSENT_ADD,
+        CONSENT_REVOKE,
+        CONSENT_AUTHORIZE,
+        CONSENT_UPDATE,
+        CONSENT_PURPOSE_ADD,
+        CONSENT_PURPOSE_DELETE,
+        CONSENT_PURPOSE_VERSION_ADD,
+        CONSENT_PURPOSE_VERSION_DELETE,
+        CONSENT_PURPOSE_VERSION_LATEST_SET
         // --------------------------------------------------
     }
 

components/webhook-mgt/org.wso2.carbon.identity.webhook.metadata/src/main/java/org/wso2/carbon/identity/webhook/metadata/internal/dao/impl/FileBasedEventProfileMetadataDAOImpl.java

@@ -24,8 +24,10 @@
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.webhook.metadata.api.exception.WebhookMetadataException;
 import org.wso2.carbon.identity.webhook.metadata.api.exception.WebhookMetadataServerException;
+import org.wso2.carbon.identity.webhook.metadata.api.model.Channel;
 import org.wso2.carbon.identity.webhook.metadata.api.model.EventProfile;
 import org.wso2.carbon.identity.webhook.metadata.internal.dao.EventProfileMetadataDAO;
 import org.wso2.carbon.identity.webhook.metadata.internal.util.WebhookMetadataExceptionHandler;
@@ -37,8 +39,11 @@
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -54,8 +59,8 @@ public class FileBasedEventProfileMetadataDAOImpl implements EventProfileMetadat
 
     private static final Log log = LogFactory.getLog(FileBasedEventProfileMetadataDAOImpl.class);
     private static final FileBasedEventProfileMetadataDAOImpl INSTANCE = new FileBasedEventProfileMetadataDAOImpl();
+    private static final String DISABLED_CHANNELS_PROPERTY = "Webhooks.EventProfiles.DisabledChannels.ChannelUri";
 
-    // Cache of loaded event profiles
     private final Map<String, EventProfile> profileCache = new HashMap<>();
     private boolean isInitialized = false;
 
@@ -100,6 +105,8 @@ private void loadEventProfiles() throws WebhookMetadataException {
         try {
             Path eventProfilesPath = WebhookMetadataUtil.getEventProfilesDirectory();
 
+            Set<String> disabledChannels = new HashSet<>(IdentityUtil.getPropertyAsList(DISABLED_CHANNELS_PROPERTY));
+
             // Clear existing cache
             profileCache.clear();
 
@@ -128,6 +135,14 @@ private void loadEventProfiles() throws WebhookMetadataException {
                         log.debug("Profile name not found in JSON, using filename: " + fileName);
                     }
 
+                    if (!disabledChannels.isEmpty() && profile.getChannels() != null) {
+                        List<Channel> filteredChannels = profile.getChannels().stream()
+                                .filter(Objects::nonNull)
+                                .filter(channel -> !disabledChannels.contains(channel.getUri()))
+                                .toList();
+                        profile = new EventProfile(profile.getProfile(), profile.getUri(), filteredChannels);
+                    }
+
                     profileCache.put(profile.getProfile(), profile);
                     log.debug("Loaded event profile: " + profile.getProfile());
                 }

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/identity.xml.j2

@@ -2568,6 +2568,15 @@
         <Registration>
             <SkipSignupConfirmationIfAccountLockDisabled>{{webhooks.registration.skip_signup_confirmation_if_account_lock_disabled}}</SkipSignupConfirmationIfAccountLockDisabled>
         </Registration>
+        {% if webhooks.event_profiles.disabled_channels is defined %}
+        <EventProfiles>
+            <DisabledChannels>
+                {% for channel in webhooks.event_profiles.disabled_channels %}
+                <ChannelUri>{{channel}}</ChannelUri>
+                {% endfor %}
+            </DisabledChannels>
+        </EventProfiles>
+        {% endif %}
     </Webhooks>
 
     <LocalAuthenticators>

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.default.json

@@ -2322,6 +2322,7 @@
 
   "webhooks.maximum_webhooks_per_tenant": "10",
   "webhooks.registration.skip_signup_confirmation_if_account_lock_disabled": true,
+  "webhooks.event_profiles.disabled_channels": [],
 
   "oauth.authorize_all_scopes": false,
   "oauth.authorize_internal_scopes": false,

features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/org.wso2.carbon.identity.core.server.feature.infer.json

@@ -442,6 +442,15 @@
       "enhanced_organization_authentication.enabled_by_default_for_new_apps" : false,
       "saas.enable_app_creation": true,
       "saas.enable_cross_tenant_operations": false
+    },
+    "IS_7.3.0": {
+      "consent_mgt.enable_v2_api": false,
+      "identity_mgt.events.schemes.ConsentEventHook.properties.enable": false,
+      "identity_mgt.events.schemes.ConsentPurposeEventHook.properties.enable": false,
+      "webhooks.event_profiles.disabled_channels": [
+        "https://schemas.identity.wso2.org/events/consent-purpose",
+        "https://schemas.identity.wso2.org/events/consent"
+      ]
     }
   }
 }

features/identity-event/org.wso2.carbon.identity.event.server.feature/resources/identity-event.properties

@@ -202,3 +202,10 @@ authorizedScopesCacheInvalidationHandler.subscription.3=POST_DELETE_SCOPE
 authorizedScopesCacheInvalidationHandler.subscription.4=POST_PUT_API_RESOURCE_SCOPES
 authorizedScopesCacheInvalidationHandler.subscription.5=POST_UPDATE_API_RESOURCE
 authorizedScopesCacheInvalidationHandler.enable=true
+module.name.72=ConsentEventHook
+ConsentEventHook.enable=true
+ConsentEventHook.subscription.1=POST_ADD_RECEIPT
+ConsentEventHook.subscription.2=POST_AUTHORIZE_CONSENT
+module.name.73=ConsentPurposeEventHook
+ConsentPurposeEventHook.enable=true
+ConsentPurposeEventHook.subscription.1=POST_ADD_PURPOSE_VERSION

features/identity-event/org.wso2.carbon.identity.event.server.feature/resources/org.wso2.carbon.identity.event.server.feature.default.json

@@ -474,5 +474,16 @@
     "POST_DELETE_SCOPE",
     "POST_PUT_API_RESOURCE_SCOPES",
     "POST_UPDATE_API_RESOURCE"
+  ],
+  "identity_mgt.events.schemes.ConsentEventHook.module_index": "72",
+  "identity_mgt.events.schemes.ConsentEventHook.properties.enable": true,
+  "identity_mgt.events.schemes.ConsentEventHook.subscriptions": [
+    "POST_ADD_RECEIPT",
+    "POST_AUTHORIZE_CONSENT"
+  ],
+  "identity_mgt.events.schemes.ConsentPurposeEventHook.module_index": "73",
+  "identity_mgt.events.schemes.ConsentPurposeEventHook.properties.enable": true,
+  "identity_mgt.events.schemes.ConsentPurposeEventHook.subscriptions": [
+    "POST_ADD_PURPOSE_VERSION"
   ]
 }

features/webhook-mgt/org.wso2.carbon.identity.webhook.management.server.feature/resources/identity/eventprofiles/wso2-event-profile.json

@@ -128,6 +128,30 @@
           "eventUri": "https://schemas.identity.wso2.org/events/credential/event-type/credentialUpdated"
         }
       ]
+    },
+    {
+      "name": "Consent purpose",
+      "description": "Consent purpose version added",
+      "uri": "https://schemas.identity.wso2.org/events/consent-purpose",
+      "events": [
+        {
+          "eventName": "Purpose version added",
+          "eventDescription": "Notify if a new version is added to a consent purpose",
+          "eventUri": "https://schemas.identity.wso2.org/events/consent-purpose/event-type/purposeVersionAdded"
+        }
+      ]
+    },
+    {
+      "name": "Consents",
+      "description": "Consent accepted, rejected, or revoked",
+      "uri": "https://schemas.identity.wso2.org/events/consent",
+      "events": [
+        {
+          "eventName": "Consent added",
+          "eventDescription": "Notify if a user consent is accepted, rejected, or revoked",
+          "eventUri": "https://schemas.identity.wso2.org/events/consent/event-type/consentAdded"
+        }
+      ]
     }
   ]
 }