Skip to content

handle token request cases for authorization_code and refresh_token differently #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Potherca merged 26 commits into from
Jun 27, 2025
Merged

handle token request cases for authorization_code and refresh_token differently #207

Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
b5274fa
handle token request cases for authorization_code and refresh_token d…
ylebre Jun 23, 2025
f8fb8fa
Get client_id from either GET or POST
ylebre Jun 25, 2025
9dbf457
Change PHP Codesniffer style so `break` and `case` need to be indente…
Potherca Jun 26, 2025
e6906c6
rename decrypt call
ylebre Jun 26, 2025
e93cac6
remove client_secret
ylebre Jun 26, 2025
80ee0f9
straight from GET or POST
ylebre Jun 26, 2025
487936c
remove elseif nag
ylebre Jun 26, 2025
490efe9
fix indentation
ylebre Jun 26, 2025
ae6bd93
remove switch case property that is not working as intended
ylebre Jun 26, 2025
28384b5
exclude PSR2.ControlStructures.ControlStructureSpacing.SpacingAfterOp…
ylebre Jun 26, 2025
3ad37fa
attempt to get the test suites to pass again
ylebre Jun 26, 2025
8088220
first bits, try to register a user backend
ylebre Jun 27, 2025
becb437
move register step to constructor, it needs to be called before boot
ylebre Jun 27, 2025
a9fdac7
implement all functions to get something to run
ylebre Jun 27, 2025
e6568ff
only register for the token endpoint
ylebre Jun 27, 2025
c045b4d
token endpoint now uses the clientauth thing, so we can safely return…
ylebre Jun 27, 2025
e93980a
remove error_log and add HUGE warning sign
ylebre Jun 27, 2025
6988778
add warning
ylebre Jun 27, 2025
4d96b15
remove error_log
ylebre Jun 27, 2025
16f8048
whitespace
ylebre Jun 27, 2025
a48d395
Merge pull request #212 from pdsinterop/feature/user-backend
ylebre Jun 27, 2025
db83408
Merge branch 'main' into fix/refreshToken
ylebre Jun 27, 2025
0c3c148
whitespace
ylebre Jun 27, 2025
bd6e408
remove refresh-token check that is no longer needed
ylebre Jun 27, 2025
8c7278e
create trash directory on init
ylebre Jun 27, 2025
4c64f33
Revert "remove refresh-token check that is no longer needed"
ylebre Jun 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 29 additions & 12 deletions solid/lib/Controller/ServerController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,25 @@ public function session() {
*/
public function token() {
$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
$code = $request->getParsedBody()['code'];
$grantType = $request->getParsedBody()['grant_type'];
switch ($grantType) {
case "authorization_code":
$code = $request->getParsedBody()['code'];
// FIXME: not sure if decoding this here is the way to go.
// FIXME: because this is a public page, the nonce from the session is not available here.
$codeInfo = $this->tokenGenerator->getCodeInfo($code);
$userId = $codeInfo['user_id'];
break;
case "refresh_token":
$refreshToken = $request->getParsedBody()['refresh_token'];
$tokenInfo = $this->tokenGenerator->getRefreshTokenInfo($refreshToken);
$userId = $tokenInfo['user_id'];
break;
default:
$userId = false;
break;
Comment thread
Potherca marked this conversation as resolved.
}

$clientId = $request->getParsedBody()['client_id'];

$httpDpop = $request->getServerParams()['HTTP_DPOP'];
Expand All @@ -306,17 +324,16 @@ public function token() {
$server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
$response = $server->respondToAccessTokenRequest($request);

// FIXME: not sure if decoding this here is the way to go.
// FIXME: because this is a public page, the nonce from the session is not available here.
$codeInfo = $this->tokenGenerator->getCodeInfo($code);
$response = $this->tokenGenerator->addIdTokenToResponse(
$response,
$clientId,
$codeInfo['user_id'],
($_SESSION['nonce'] ?? ''),
$this->config->getPrivateKey(),
$httpDpop
);
if ($userId) {
$response = $this->tokenGenerator->addIdTokenToResponse(
$response,
$clientId,
$userId,
($_SESSION['nonce'] ?? ''),
$this->config->getPrivateKey(),
$httpDpop
);
}

return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*');
}
Expand Down
Loading