Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow configuring the JWT builder when generating a token #1328

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
12 changes: 10 additions & 2 deletions src/AuthorizationValidators/BearerTokenValidator.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,14 @@ private function initJwtConfiguration(): void
);
}

/**
* Configure the validated authorization request instance.
*/
protected function withValidatedRequest(ServerRequestInterface $request, UnencryptedToken $token): ServerRequestInterface
{
return $request;
}

/**
* {@inheritdoc}
*/
Expand Down Expand Up @@ -126,10 +134,10 @@ public function validateAuthorization(ServerRequestInterface $request): ServerRe
}

// Return the request with additional attributes
return $request
return $this->withValidatedRequest($request
->withAttribute('oauth_access_token_id', $claims->get('jti'))
->withAttribute('oauth_client_id', $claims->get('aud')[0])
->withAttribute('oauth_user_id', $claims->get('sub'))
->withAttribute('oauth_scopes', $claims->get('scopes'));
->withAttribute('oauth_scopes', $claims->get('scopes')), $token);
}
}
13 changes: 11 additions & 2 deletions src/Entities/Traits/AccessTokenTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
namespace League\OAuth2\Server\Entities\Traits;

use DateTimeImmutable;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
Expand Down Expand Up @@ -54,21 +55,29 @@ public function initJwtConfiguration(): void
);
}

/**
* Configure the JWT builder instance.
*/
protected function withJwtBuilder(Builder $builder): Builder
{
return $builder;
}

/**
* Generate a JWT from the access token
*/
private function convertToJWT(): Token
{
$this->initJwtConfiguration();

return $this->jwtConfiguration->builder()
return $this->withJwtBuilder($this->jwtConfiguration->builder()
->permittedFor($this->getClient()->getIdentifier())
->identifiedBy($this->getIdentifier())
->issuedAt(new DateTimeImmutable())
->canOnlyBeUsedAfter(new DateTimeImmutable())
->expiresAt($this->getExpiryDateTime())
->relatedTo($this->getSubjectIdentifier())
->withClaim('scopes', $this->getScopes())
->withClaim('scopes', $this->getScopes()))
->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey());
}

Expand Down