From da5191db32a551cabfdb086bb3572d13dad396bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Thu, 18 Jan 2024 10:58:48 +0100 Subject: [PATCH] Making the issuer configurable. So far, the issuer was generated using `'https://' . $_SERVER['HTTP_HOST']`. While this value is fine most of the time, it can cause trouble in: - development environments (where the protocol is `http://`) - long-lived PHP environments (like Swoole, ReactPHP...) where `$_SERVER['HTTP_HOST']` might not exist I'm trying here to make the issuer configurable. --- src/IdTokenResponse.php | 7 +++++-- src/Laravel/PassportServiceProvider.php | 1 + tests/Factories/IdTokenResponseFactory.php | 10 +++++++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php index ceb7f85..4f7a15a 100644 --- a/src/IdTokenResponse.php +++ b/src/IdTokenResponse.php @@ -21,15 +21,18 @@ class IdTokenResponse extends BearerTokenResponse protected ClaimExtractor $claimExtractor; private Configuration $config; + private ?string $issuer; public function __construct( IdentityRepositoryInterface $identityRepository, ClaimExtractor $claimExtractor, - Configuration $config + Configuration $config, + string $issuer = null, ) { $this->identityRepository = $identityRepository; $this->claimExtractor = $claimExtractor; $this->config = $config; + $this->issuer = $issuer; } protected function getBuilder( @@ -41,7 +44,7 @@ protected function getBuilder( return $this->config ->builder() ->permittedFor($accessToken->getClient()->getIdentifier()) - ->issuedBy('https://' . $_SERVER['HTTP_HOST']) + ->issuedBy($this->issuer ?? 'https://' . $_SERVER['HTTP_HOST']) ->issuedAt($dateTimeImmutableObject) ->expiresAt($dateTimeImmutableObject->add(new DateInterval('PT1H'))) ->relatedTo($userEntity->getIdentifier()); diff --git a/src/Laravel/PassportServiceProvider.php b/src/Laravel/PassportServiceProvider.php index b36ae36..f3c3db6 100644 --- a/src/Laravel/PassportServiceProvider.php +++ b/src/Laravel/PassportServiceProvider.php @@ -55,6 +55,7 @@ public function makeAuthorizationServer(): AuthorizationServer app(config('openid.signer')), InMemory::file($cryptKey->getKeyPath()), ), + app('request')->getSchemeAndHttpHost(), ); return new AuthorizationServer( diff --git a/tests/Factories/IdTokenResponseFactory.php b/tests/Factories/IdTokenResponseFactory.php index 106ad70..ce1b06e 100644 --- a/tests/Factories/IdTokenResponseFactory.php +++ b/tests/Factories/IdTokenResponseFactory.php @@ -16,26 +16,30 @@ private function build( IdentityRepositoryInterface $identityRepository, ClaimExtractor $claimExtractor, ?Configuration $config = null, + ?string $issuer = null, ): BearerTokenResponse { return new IdTokenResponse( $identityRepository, $claimExtractor, $config ?? ConfigutationFactory::default(), + $issuer, ); } public static function default( IdentityRepositoryInterface $identityRepository, ClaimExtractor $claimExtractor, + ?string $issuer = null, ): BearerTokenResponse { - return (new static())->build($identityRepository, $claimExtractor); + return (new static())->build($identityRepository, $claimExtractor, null, $issuer); } public static function withConfig( IdentityRepositoryInterface $identityRepository, ClaimExtractor $claimExtractor, - Configuration $config + Configuration $config, + ?string $issuer = null, ): BearerTokenResponse { - return (new static())->build($identityRepository, $claimExtractor, $config); + return (new static())->build($identityRepository, $claimExtractor, $config, $issuer); } }