From eda4d7ccd4f131da15aa226085d9a5e64be0e615 Mon Sep 17 00:00:00 2001 From: Rostunov Sergey Date: Mon, 26 Dec 2022 19:14:11 +0300 Subject: [PATCH 1/4] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20authorize?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/TochkaApi/Client.php | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/src/TochkaApi/Client.php b/src/TochkaApi/Client.php index aa189a6..abb23c6 100644 --- a/src/TochkaApi/Client.php +++ b/src/TochkaApi/Client.php @@ -176,18 +176,16 @@ public function getTokenUrl() { return static::HOST . "/connect/token"; } - - /** - * @param string $jwt - * @return string - */ - public function generateAuthorizeUrl($jwt) + + public function generateAuthorizeUrlByParams(string $consentId, ?string $state = null): string { $data = [ "client_id" => $this->getClientId(), - "redirect_uri" => $this->getRedirectUri(), - "request" => $jwt, "response_type" => "code", + "state" => $state ?: uniqid(), + "redirect_uri" => $this->getRedirectUri(), + 'scope' => $this->getScopes(), + 'consent_id' => $consentId, ]; return static::HOST . "/connect/authorize?" . http_build_query($data); @@ -245,7 +243,7 @@ protected function setClientSecret($client_secret) * @return string * @throws TochkaApiClientException */ - public function authorize() + public function authorize(?string $state = null) { $data = [ "client_id" => $this->getClientId(), @@ -261,9 +259,7 @@ public function authorize() throw new TochkaApiClientException($e->getMessage()); } - $jwt = TochkaPermissionsJWT::generateJWT($response["Data"]["consentId"], static::HOST, $this->getClientId(), $this->getRedirectUri(), $this->getScopes()); - - return $this->generateAuthorizeUrl($jwt); + return $this->generateAuthorizeUrlByParams($response["Data"]["consentId"], $state); } /** @@ -364,4 +360,4 @@ public function __call($name, $arguments) return $model; } -} \ No newline at end of file +} From 63453047a818fb0a3ce09a566749ebb44dc00fb3 Mon Sep 17 00:00:00 2001 From: Rostunov Sergey Date: Mon, 26 Dec 2022 19:14:51 +0300 Subject: [PATCH 2/4] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20authorize?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Utilities/TochkaPermissionsJWT.php | 55 ------------------- 1 file changed, 55 deletions(-) delete mode 100644 src/TochkaApi/Utilities/TochkaPermissionsJWT.php diff --git a/src/TochkaApi/Utilities/TochkaPermissionsJWT.php b/src/TochkaApi/Utilities/TochkaPermissionsJWT.php deleted file mode 100644 index cd932c5..0000000 --- a/src/TochkaApi/Utilities/TochkaPermissionsJWT.php +++ /dev/null @@ -1,55 +0,0 @@ - 'JWT', 'alg' => 'none']); - - $payload = json_encode([ - "iss" => "tochka", - "aud" => $host, - "response_type" => "code", - "client_id" => $clientId, - "redirect_uri" => $redirectUri, - "scope" => $scopes, - "max_age" => "86400", - "claims" => [ - "userinfo" => [ - "openbanking_intent_id" => [ - "value" => $consentId, - "essential" => true - ] - ], - "id_token" => [ - "openbanking_intent_id" => [ - "value" => $consentId, - "essential" => true - ], - "acr" => [ - "values" => [ - "urn:rubanking:sca", - "urn:rubanking:ca" - ], - "essential" => true - ] - ] - ] - ]); - - $base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($header)); - $base64UrlPayload = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($payload)); - - $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, '', true); - - $base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($signature)); - - return $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature; - } -} \ No newline at end of file From 315f6d6eb2c560d64bcbf002ef5839b9df07c35f Mon Sep 17 00:00:00 2001 From: Rostunov Sergey Date: Mon, 26 Dec 2022 19:15:22 +0300 Subject: [PATCH 3/4] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20authorize?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/ClientTest.php | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/tests/ClientTest.php b/tests/ClientTest.php index e8a8b9a..84ad521 100644 --- a/tests/ClientTest.php +++ b/tests/ClientTest.php @@ -7,7 +7,6 @@ use TochkaApi\Auth\BearerAuth; use TochkaApi\Client; use TochkaApi\HttpAdapters\CurlHttpClient; -use TochkaApi\Utilities\TochkaPermissionsJWT; class ClientTest extends TestCase { @@ -41,14 +40,6 @@ public function testClient() $client->token("test"); } - public function testJWT() - { - $jwt = TochkaPermissionsJWT::generateJWT("test", "https://example.com", "test", "https://example.com", ""); - - $this->assertNotEmpty($jwt); - $this->assertContains(".", $jwt); - } - public function testAccessTokenClass() { $token = new AccessToken("test", 7200, "test"); @@ -68,4 +59,4 @@ public function testBearerAuthClass() $this->assertArrayHasKey("Authorization", $bearerAuth->getHeaders()); } -} \ No newline at end of file +} From 120ae877a969e34a7708111a4652a312c0e4d853 Mon Sep 17 00:00:00 2001 From: Rostunov Sergey Date: Wed, 11 Jan 2023 12:09:13 +0300 Subject: [PATCH 4/4] =?UTF-8?q?=D0=98=D1=81=D0=BF=D1=80=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20authorize?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/TochkaApi/Client.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/TochkaApi/Client.php b/src/TochkaApi/Client.php index abb23c6..0489589 100644 --- a/src/TochkaApi/Client.php +++ b/src/TochkaApi/Client.php @@ -7,8 +7,6 @@ use TochkaApi\Exceptions\TochkaApiClientException; use TochkaApi\HttpAdapters\HttpClientInterface; use TochkaApi\Models\BaseModel; -use TochkaApi\Utilities\TochkaPermissionsJWT; - /** * @method \TochkaApi\Models\Balance balance($id = null)