Skip to content

Commit

Permalink
Merge pull request #1 from ronvanderheijden/steverhoades#30-fix-jwt-b…
Browse files Browse the repository at this point in the history
…uilder

steverhoades#30 fix jwt builder
  • Loading branch information
ronvanderheijden authored Feb 25, 2021
2 parents b38b082 + 4ad02a3 commit 4473465
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 12 deletions.
9 changes: 8 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,14 @@ $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';

// OpenID Connect Response Type
$responseType = new IdTokenResponse(new IdentityRepository(), new ClaimExtractor());
$responseType = new IdTokenResponse(
new IdentityRepository(),
new ClaimExtractor(),
\Lcobucci\JWT\Configuration::forSymmetricSigner(
new \Lcobucci\JWT\Signer\Hmac\Sha256(),
\Lcobucci\JWT\Signer\Key\InMemory::plainText('testing'),
),
);

// Setup the authorization server
$server = new \League\OAuth2\Server\AuthorizationServer(
Expand Down
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
],
"require": {
"league/oauth2-server": "^5.1|^6.0|^7.0|^8.0",
"lcobucci/jwt": "^3.3"
"lcobucci/jwt": "^3.4 || ^4.0"
},
"require-dev": {
"phpunit/phpunit": "^5.0",
Expand Down
30 changes: 20 additions & 10 deletions src/IdTokenResponse.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,14 @@
*/
namespace OpenIDConnectServer;

use \DateTimeImmutable;
use OpenIDConnectServer\Repositories\IdentityProviderInterface;
use OpenIDConnectServer\Entities\ClaimSetInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Configuration;

class IdTokenResponse extends BearerTokenResponse
{
Expand All @@ -27,22 +26,34 @@ class IdTokenResponse extends BearerTokenResponse
*/
protected $claimExtractor;

/**
* @var Configuration
*/
private $config;

public function __construct(
IdentityProviderInterface $identityProvider,
ClaimExtractor $claimExtractor
ClaimExtractor $claimExtractor,
Configuration $config
) {
$this->identityProvider = $identityProvider;
$this->claimExtractor = $claimExtractor;
$this->config = $config;
}

protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity)
{
$dateTimeImmutableObject = new DateTimeImmutable();

// Add required id_token claims
$builder = (new Builder())
$builder = $this->config
->builder()
->permittedFor($accessToken->getClient()->getIdentifier())
->issuedBy('https://' . $_SERVER['HTTP_HOST'])
->issuedAt(time())
->expiresAt($accessToken->getExpiryDateTime()->getTimestamp())
->issuedAt($dateTimeImmutableObject)
->expiresAt($dateTimeImmutableObject->setTimestamp(
$accessToken->getExpiryDateTime()->getTimestamp(),
))
->relatedTo($userEntity->getIdentifier());

return $builder;
Expand Down Expand Up @@ -77,11 +88,10 @@ protected function getExtraParams(AccessTokenEntityInterface $accessToken)
$builder = $builder->withClaim($claimName, $claimValue);
}

$token = $builder
->getToken(new Sha256(), new Key($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase()));
$token = $builder->getToken($this->config->signer(), $this->config->signingKey());

return [
'id_token' => (string) $token
'id_token' => $token->toString()
];
}

Expand Down

0 comments on commit 4473465

Please sign in to comment.