From 8d23d83736548aff33f120c7d5cabc7cec7123c3 Mon Sep 17 00:00:00 2001 From: Ron van der Heijden Date: Fri, 15 Jan 2021 14:56:41 +0100 Subject: [PATCH 1/4] Upgraded lcobucci/jwt from v3 to v4 --- src/IdTokenResponse.php | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php index 9d0dea9..9d560ad 100644 --- a/src/IdTokenResponse.php +++ b/src/IdTokenResponse.php @@ -5,6 +5,7 @@ */ namespace OpenIDConnectServer; +use \DateTimeImmutable; use OpenIDConnectServer\Repositories\IdentityProviderInterface; use OpenIDConnectServer\Entities\ClaimSetInterface; use League\OAuth2\Server\Entities\UserEntityInterface; @@ -13,7 +14,7 @@ use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Builder; +use Lcobucci\JWT\Configuration; class IdTokenResponse extends BearerTokenResponse { @@ -27,22 +28,34 @@ class IdTokenResponse extends BearerTokenResponse */ protected $claimExtractor; + /** + * @var Configuration + */ + private Configuration $config; + public function __construct( IdentityProviderInterface $identityProvider, - ClaimExtractor $claimExtractor + ClaimExtractor $claimExtractor, + Configuration $config ) { $this->identityProvider = $identityProvider; $this->claimExtractor = $claimExtractor; + $this->config = $config; } protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity) { + $dateTimeImmutableObject = new DateTimeImmutable(); + // Add required id_token claims - $builder = (new Builder()) + $builder = $this->config + ->builder() ->permittedFor($accessToken->getClient()->getIdentifier()) ->issuedBy('https://' . $_SERVER['HTTP_HOST']) - ->issuedAt(time()) - ->expiresAt($accessToken->getExpiryDateTime()->getTimestamp()) + ->issuedAt($dateTimeImmutableObject) + ->expiresAt($dateTimeImmutableObject->setTimestamp( + $accessToken->getExpiryDateTime()->getTimestamp(), + )) ->relatedTo($userEntity->getIdentifier()); return $builder; From 5a60c76f1888f79544d6177e07f0ea959b66d72a Mon Sep 17 00:00:00 2001 From: Ron van der Heijden Date: Fri, 15 Jan 2021 15:09:22 +0100 Subject: [PATCH 2/4] Updated readme --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 81e3a0b..d984cec 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,14 @@ $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // OpenID Connect Response Type -$responseType = new IdTokenResponse(new IdentityRepository(), new ClaimExtractor()); +$responseType = new IdTokenResponse( + new IdentityRepository(), + new ClaimExtractor(), + \Lcobucci\JWT\Configuration::forSymmetricSigner( + new \Lcobucci\JWT\Signer\Hmac\Sha256(), + \Lcobucci\JWT\Signer\Key\InMemory::plainText('testing'), + ), +); // Setup the authorization server $server = new \League\OAuth2\Server\AuthorizationServer( From 3a1f5daee088e2b0a3c5ab758074afd04009fa6a Mon Sep 17 00:00:00 2001 From: Ron van der Heijden Date: Wed, 24 Feb 2021 09:36:25 +0100 Subject: [PATCH 3/4] Minor improvements --- composer.json | 2 +- src/IdTokenResponse.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/composer.json b/composer.json index 687a575..e30895d 100644 --- a/composer.json +++ b/composer.json @@ -10,7 +10,7 @@ ], "require": { "league/oauth2-server": "^5.1|^6.0|^7.0|^8.0", - "lcobucci/jwt": "^3.3" + "lcobucci/jwt": "^3.4 || ^4.0" }, "require-dev": { "phpunit/phpunit": "^5.0", diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php index 9d560ad..e74b53a 100644 --- a/src/IdTokenResponse.php +++ b/src/IdTokenResponse.php @@ -31,7 +31,7 @@ class IdTokenResponse extends BearerTokenResponse /** * @var Configuration */ - private Configuration $config; + private $config; public function __construct( IdentityProviderInterface $identityProvider, From 4ad02a393cc75df2c318605bb62615ce32580679 Mon Sep 17 00:00:00 2001 From: Ron van der Heijden Date: Wed, 24 Feb 2021 10:34:20 +0100 Subject: [PATCH 4/4] id_token fixes --- src/IdTokenResponse.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php index e74b53a..852168e 100644 --- a/src/IdTokenResponse.php +++ b/src/IdTokenResponse.php @@ -12,8 +12,6 @@ use League\OAuth2\Server\Entities\AccessTokenEntityInterface; use League\OAuth2\Server\Entities\ScopeEntityInterface; use League\OAuth2\Server\ResponseTypes\BearerTokenResponse; -use Lcobucci\JWT\Signer\Key; -use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Configuration; class IdTokenResponse extends BearerTokenResponse @@ -90,11 +88,10 @@ protected function getExtraParams(AccessTokenEntityInterface $accessToken) $builder = $builder->withClaim($claimName, $claimValue); } - $token = $builder - ->getToken(new Sha256(), new Key($this->privateKey->getKeyPath(), $this->privateKey->getPassPhrase())); + $token = $builder->getToken($this->config->signer(), $this->config->signingKey()); return [ - 'id_token' => (string) $token + 'id_token' => $token->toString() ]; }