diff --git a/README.md b/README.md index 81e3a0b..d984cec 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,14 @@ $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // OpenID Connect Response Type -$responseType = new IdTokenResponse(new IdentityRepository(), new ClaimExtractor()); +$responseType = new IdTokenResponse( + new IdentityRepository(), + new ClaimExtractor(), + \Lcobucci\JWT\Configuration::forSymmetricSigner( + new \Lcobucci\JWT\Signer\Hmac\Sha256(), + \Lcobucci\JWT\Signer\Key\InMemory::plainText('testing'), + ), +); // Setup the authorization server $server = new \League\OAuth2\Server\AuthorizationServer( diff --git a/composer.json b/composer.json index 687a575..e30895d 100644 --- a/composer.json +++ b/composer.json @@ -10,7 +10,7 @@ ], "require": { "league/oauth2-server": "^5.1|^6.0|^7.0|^8.0", - "lcobucci/jwt": "^3.3" + "lcobucci/jwt": "^3.4 || ^4.0" }, "require-dev": { "phpunit/phpunit": "^5.0", diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php index 9d0dea9..852168e 100644 --- a/src/IdTokenResponse.php +++ b/src/IdTokenResponse.php @@ -5,15 +5,14 @@ */ namespace OpenIDConnectServer; +use \DateTimeImmutable; use OpenIDConnectServer\Repositories\IdentityProviderInterface; use OpenIDConnectServer\Entities\ClaimSetInterface; use League\OAuth2\Server\Entities\UserEntityInterface; use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; -use Lcobucci\JWT\Signer\Key; -use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Builder; +use Lcobucci\JWT\Configuration; class IdTokenResponse extends BearerTokenResponse { @@ -27,22 +26,34 @@ class IdTokenResponse extends BearerTokenResponse */ protected $claimExtractor; + /** + * @var Configuration + */ + private $config; + public function __construct( IdentityProviderInterface $identityProvider, - ClaimExtractor $claimExtractor + ClaimExtractor $claimExtractor, + Configuration $config ) { $this->identityProvider = $identityProvider; $this->claimExtractor = $claimExtractor; + $this->config = $config; } protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity) { + $dateTimeImmutableObject = new DateTimeImmutable(); + // Add required id_token claims - $builder = (new Builder()) + $builder = $this->config + ->builder() ->permittedFor($accessToken->getClient()->getIdentifier()) ->issuedBy('https://' . $_SERVER['HTTP_HOST']) - ->issuedAt(time()) - ->expiresAt($accessToken->getExpiryDateTime()->getTimestamp()) + ->issuedAt($dateTimeImmutableObject) + ->expiresAt($dateTimeImmutableObject->setTimestamp( + $accessToken->getExpiryDateTime()->getTimestamp(), + )) ->relatedTo($userEntity->getIdentifier()); return $builder; @@ -77,11 +88,10 @@ protected function getExtraParams(AccessTokenEntityInterface $accessToken) $builder = $builder->withClaim($claimName, $claimValue); } - $token = $builder - ->getToken(new Sha256(), new Key($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase())); + $token = $builder->getToken($this->config->signer(), $this->config->signingKey()); return [ - 'id_token' => (string) $token + 'id_token' => $token->toString() ]; }