From 55cd32dc45f2da6414e191a72a12785c7817bace Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Mon, 20 Feb 2023 18:50:51 +0330 Subject: [PATCH 1/7] allow configuring the JWT builder when generating a token --- src/Entities/Traits/AccessTokenTrait.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index 81b634397..a45408cc3 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -13,6 +13,7 @@ use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Rsa\Sha256; +use Lcobucci\JWT\Builder; use Lcobucci\JWT\Token; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\ClientEntityInterface; @@ -50,6 +51,16 @@ public function initJwtConfiguration() ); } + /** + * Configure the JWT builder instance. + * + * @return Builder + */ + protected function withBuilder(Builder $builder) + { + return $builder; + } + /** * Generate a JWT from the access token * @@ -59,14 +70,16 @@ private function convertToJWT() { $this->initJwtConfiguration(); - return $this->jwtConfiguration->builder() + $builder = $this->jwtConfiguration->builder() ->permittedFor($this->getClient()->getIdentifier()) ->identifiedBy($this->getIdentifier()) ->issuedAt(new DateTimeImmutable()) ->canOnlyBeUsedAfter(new DateTimeImmutable()) ->expiresAt($this->getExpiryDateTime()) ->relatedTo((string) $this->getUserIdentifier()) - ->withClaim('scopes', $this->getScopes()) + ->withClaim('scopes', $this->getScopes()); + + return $this->withBuilder($builder) ->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey()); } From d03456c69d2201d2808ecaf7340a265333857f66 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Mon, 20 Feb 2023 18:57:37 +0330 Subject: [PATCH 2/7] fix style --- src/Entities/Traits/AccessTokenTrait.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index a45408cc3..a5aedbfa3 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -10,10 +10,10 @@ namespace League\OAuth2\Server\Entities\Traits; use DateTimeImmutable; +use Lcobucci\JWT\Builder; use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Builder; use Lcobucci\JWT\Token; use League\OAuth2\Server\CryptKey; use League\OAuth2\Server\Entities\ClientEntityInterface; From 950080bf4a11ccb1a3ff20e8091fdd15429387f8 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Thu, 3 Aug 2023 13:35:39 +0330 Subject: [PATCH 3/7] allow configuring the bearer token validator request --- .../BearerTokenValidator.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index 5da9ba8c6..7b1cecb63 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -14,6 +14,7 @@ use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Rsa\Sha256; +use Lcobucci\JWT\Token\Plain; use Lcobucci\JWT\Validation\Constraint\LooseValidAt; use Lcobucci\JWT\Validation\Constraint\SignedWith; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -89,6 +90,19 @@ private function initJwtConfiguration() ); } + /** + * Configure the request instance. + * + * @param ServerRequestInterface $request + * @param Plain $token + * + * @return ServerRequestInterface + */ + protected function withRequest(ServerRequestInterface $request, Plain $token): ServerRequestInterface + { + return $request; + } + /** * {@inheritdoc} */ @@ -124,11 +138,11 @@ public function validateAuthorization(ServerRequestInterface $request) } // Return the request with additional attributes - return $request + return $this->withRequest($request ->withAttribute('oauth_access_token_id', $claims->get('jti')) ->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud'))) ->withAttribute('oauth_user_id', $claims->get('sub')) - ->withAttribute('oauth_scopes', $claims->get('scopes')); + ->withAttribute('oauth_scopes', $claims->get('scopes')), $token); } /** From 6b82aa7afd19063a812ef7c90af29b58997d5798 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Fri, 29 Mar 2024 14:17:27 +0330 Subject: [PATCH 4/7] fix styling --- src/AuthorizationValidators/BearerTokenValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index ddac17c9f..dd64f774e 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -88,7 +88,7 @@ private function initJwtConfiguration(): void * Configure the request instance. * * @param ServerRequestInterface $request - * @param Plain $token + * @param Plain $token * * @return ServerRequestInterface */ From 3357c223f8948a355c4671ec1621db3fcbeff621 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Fri, 29 Mar 2024 14:26:56 +0330 Subject: [PATCH 5/7] make types strict and remove doc types --- src/AuthorizationValidators/BearerTokenValidator.php | 5 ----- src/Entities/Traits/AccessTokenTrait.php | 4 +--- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index dd64f774e..f84e80c3a 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -86,11 +86,6 @@ private function initJwtConfiguration(): void /** * Configure the request instance. - * - * @param ServerRequestInterface $request - * @param Plain $token - * - * @return ServerRequestInterface */ protected function withRequest(ServerRequestInterface $request, Plain $token): ServerRequestInterface { diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index f7c2c6fd1..f8f7109c3 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -57,10 +57,8 @@ public function initJwtConfiguration(): void /** * Configure the JWT builder instance. - * - * @return Builder */ - protected function withBuilder(Builder $builder) + protected function withBuilder(Builder $builder): Builder { return $builder; } From 5b14253bf23d624897e6565e869b9d052e3eca4b Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Sat, 30 Mar 2024 22:06:01 +0330 Subject: [PATCH 6/7] formatting --- src/Entities/Traits/AccessTokenTrait.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index f8f7109c3..febd59bf0 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -70,16 +70,14 @@ private function convertToJWT(): Token { $this->initJwtConfiguration(); - $builder = $this->jwtConfiguration->builder() + return $this->withBuilder($this->jwtConfiguration->builder() ->permittedFor($this->getClient()->getIdentifier()) ->identifiedBy($this->getIdentifier()) ->issuedAt(new DateTimeImmutable()) ->canOnlyBeUsedAfter(new DateTimeImmutable()) ->expiresAt($this->getExpiryDateTime()) ->relatedTo($this->getSubjectIdentifier()) - ->withClaim('scopes', $this->getScopes()); - - return $this->withBuilder($builder) + ->withClaim('scopes', $this->getScopes())) ->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey()); } From 92fb400965e5ec4a5b548b072cecf750a6122646 Mon Sep 17 00:00:00 2001 From: Hafez Divandari Date: Wed, 23 Oct 2024 19:53:43 +0330 Subject: [PATCH 7/7] better naming --- src/AuthorizationValidators/BearerTokenValidator.php | 7 +++---- src/Entities/Traits/AccessTokenTrait.php | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index f84e80c3a..a28b9e729 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -19,7 +19,6 @@ use Lcobucci\JWT\Exception; use Lcobucci\JWT\Signer\Key\InMemory; use Lcobucci\JWT\Signer\Rsa\Sha256; -use Lcobucci\JWT\Token\Plain; use Lcobucci\JWT\UnencryptedToken; use Lcobucci\JWT\Validation\Constraint\LooseValidAt; use Lcobucci\JWT\Validation\Constraint\SignedWith; @@ -85,9 +84,9 @@ private function initJwtConfiguration(): void } /** - * Configure the request instance. + * Configure the validated authorization request instance. */ - protected function withRequest(ServerRequestInterface $request, Plain $token): ServerRequestInterface + protected function withValidatedRequest(ServerRequestInterface $request, UnencryptedToken $token): ServerRequestInterface { return $request; } @@ -135,7 +134,7 @@ public function validateAuthorization(ServerRequestInterface $request): ServerRe } // Return the request with additional attributes - return $this->withRequest($request + return $this->withValidatedRequest($request ->withAttribute('oauth_access_token_id', $claims->get('jti')) ->withAttribute('oauth_client_id', $claims->get('aud')[0]) ->withAttribute('oauth_user_id', $claims->get('sub')) diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php index febd59bf0..6dab9b33e 100644 --- a/src/Entities/Traits/AccessTokenTrait.php +++ b/src/Entities/Traits/AccessTokenTrait.php @@ -58,7 +58,7 @@ public function initJwtConfiguration(): void /** * Configure the JWT builder instance. */ - protected function withBuilder(Builder $builder): Builder + protected function withJwtBuilder(Builder $builder): Builder { return $builder; } @@ -70,7 +70,7 @@ private function convertToJWT(): Token { $this->initJwtConfiguration(); - return $this->withBuilder($this->jwtConfiguration->builder() + return $this->withJwtBuilder($this->jwtConfiguration->builder() ->permittedFor($this->getClient()->getIdentifier()) ->identifiedBy($this->getIdentifier()) ->issuedAt(new DateTimeImmutable())