Skip to content

Commit 7664e6a

Browse files
ylebreylebre
committed
update jwks calls
1 parent 33c629f commit 7664e6a

3 files changed

Lines changed: 29 additions & 31 deletions

File tree

src/Config/Keys.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
namespace Pdsinterop\Solid\Auth\Config;
44

55
use Defuse\Crypto\Key as CryptoKey;
6-
use Lcobucci\JWT\Signer\Key;
6+
use Lcobucci\JWT\Signer\Key\InMemory as Key;
77
use League\OAuth2\Server\CryptKey;
88

99
class Keys

src/TokenGenerator.php

Lines changed: 23 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
use Laminas\Diactoros\Response\JsonResponse as JsonResponse;
88
use League\OAuth2\Server\CryptTrait;
99

10+
use DateTimeImmutable;
1011
use Lcobucci\JWT\Configuration;
1112
use Lcobucci\JWT\Signer\Key\InMemory;
1213
use Lcobucci\JWT\Signer\Rsa\Sha256;
@@ -45,33 +46,30 @@ public function generateRegistrationAccessToken($clientId, $privateKey) {
4546
public function generateIdToken($accessToken, $clientId, $subject, $nonce, $privateKey, $dpopKey=null) {
4647
$issuer = $this->config->getServer()->get(OidcMeta::ISSUER);
4748

48-
$jwks = $this->getJwks();
49+
$jwks = $this->getJwks();
4950
$tokenHash = $this->generateTokenHash($accessToken);
5051

51-
// Create JWT
52-
$signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
53-
$keychain = new \Lcobucci\JWT\Signer\Keychain();
54-
$builder = new \Lcobucci\JWT\Builder();
55-
$token = $builder
56-
->setIssuer($issuer)
57-
->permittedFor($clientId)
58-
->setIssuedAt(time())
59-
->setNotBefore(time() - 1)
60-
->setExpiration(time() + 14*24*60*60)
61-
->set("azp", $clientId)
62-
->set("sub", $subject)
63-
->set("jti", $this->generateJti())
64-
->set("nonce", $nonce)
65-
->set("at_hash", $tokenHash) //FIXME: at_hash should only be added if the response_type is a token
66-
->set("c_hash", $tokenHash) // FIXME: c_hash should only be added if the response_type is a code
67-
->set("cnf", array(
68-
"jkt" => $dpopKey,
69-
// "jwk" => $jwks['keys'][0]
70-
))
71-
->withHeader('kid', $jwks['keys'][0]['kid'])
72-
->sign($signer, $keychain->getPrivateKey($privateKey))
73-
->getToken();
74-
return $token->__toString();
52+
// Create JWT
53+
$jwtConfig = Configuration::forSymmetricSigner(new Sha256(), InMemory::plainText($privateKey));
54+
$token = $jwtConfig->builder()
55+
->issuedBy($issuer)
56+
->permittedFor($clientId)
57+
->issuedAt(new DateTimeImmutable(time()))
58+
->canOnlyBeUsedAfter(new DateTimeImmutable(time() - 1))
59+
->expiresAt(new DateTimeImmutable(time() + 14*24*60*60))
60+
->withClaim("azp", $clientId)
61+
->relatedTo($subject)
62+
->withClaim("jti", $this->generateJti())
63+
->withClaim("nonce", $nonce)
64+
->withClaim("at_hash", $tokenHash) //FIXME: at_hash should only be added if the response_type is a token
65+
->withClaim("c_hash", $tokenHash) // FIXME: c_hash should only be added if the response_type is a code
66+
->withClaim("cnf", array(
67+
"jkt" => $dpopKey,
68+
// "jwk" => $jwks['keys'][0]
69+
))
70+
->withHeader('kid', $jwks['keys'][0]['kid'])
71+
->getToken($jwtConfig->signer(), $jwtConfig->signingKey());
72+
return $token->toString();
7573
}
7674

7775
public function respondToRegistration($registration, $privateKey) {

src/Utils/Jwks.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,20 +3,20 @@
33
namespace Pdsinterop\Solid\Auth\Utils;
44

55
use JsonSerializable;
6-
use Lcobucci\JWT\Signer\Key;
6+
use Lcobucci\JWT\Signer\Key\InMemory;
77
use Pdsinterop\Solid\Auth\Enum\Jwk\Parameter as JwkParameter;
88
use Pdsinterop\Solid\Auth\Enum\Rsa\Parameter as RsaParameter;
99

1010
class Jwks implements JsonSerializable
1111
{
1212
////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
1313

14-
/** @var Key */
14+
/** @var InMemory */
1515
private $publicKey;
1616

1717
//////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
1818

19-
final public function __construct(Key $publicKey)
19+
final public function __construct(InMemory $publicKey)
2020
{
2121
$this->publicKey = $publicKey;
2222
}
@@ -64,8 +64,8 @@ private function create() : array
6464

6565
$publicKeys = [$this->publicKey];
6666

67-
array_walk($publicKeys, function (Key $publicKey) use (&$jwks) {
68-
$certificate = $publicKey->getContent();
67+
array_walk($publicKeys, function (InMemory $publicKey) use (&$jwks) {
68+
$certificate = $publicKey->contents();
6969

7070
$key = openssl_pkey_get_public($certificate);
7171
$keyInfo = openssl_pkey_get_details($key);

0 commit comments

Comments
 (0)