Skip to content

Commit 10a6a86

Browse files
ylebreylebre
committed
WIP:
add dpop handling
1 parent eaa3f9e commit 10a6a86

1 file changed

Lines changed: 12 additions & 6 deletions

File tree

src/TokenGenerator.php

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public function generateRegistrationAccessToken($clientId, $privateKey) {
4040
return $token->__toString();
4141
}
4242

43-
public function generateIdToken($accessToken, $clientId, $subject, $nonce, $privateKey) {
43+
public function generateIdToken($accessToken, $clientId, $subject, $nonce, $privateKey, $dpopKey=null) {
4444
$issuer = $this->config->getServer()->get(OidcMeta::ISSUER);
4545

4646
$jwks = $this->getJwks();
@@ -63,7 +63,8 @@ public function generateIdToken($accessToken, $clientId, $subject, $nonce, $priv
6363
->set("at_hash", $tokenHash) //FIXME: at_hash should only be added if the response_type is a token
6464
->set("c_hash", $tokenHash) // FIXME: c_hash should only be added if the response_type is a code
6565
->set("cnf", array(
66-
"jwk" => $jwks['keys'][0]
66+
"jkt" => $dpopKey,
67+
// "jwk" => $jwks['keys'][0]
6768
))
6869
->withHeader('kid', $jwks['keys'][0]['kid'])
6970
->sign($signer, $keychain->getPrivateKey($privateKey))
@@ -93,7 +94,7 @@ public function respondToRegistration($registration, $privateKey) {
9394
return array_merge($registrationBase, $registration);
9495
}
9596

96-
public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $privateKey) {
97+
public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $privateKey, $dpopKey=null) {
9798
if ($response->hasHeader("Location")) {
9899
$value = $response->getHeaderLine("Location");
99100

@@ -103,7 +104,8 @@ public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $pr
103104
$clientId,
104105
$subject,
105106
$nonce,
106-
$privateKey
107+
$privateKey,
108+
$dpopKey
107109
);
108110
$value = preg_replace("/#access_token=(.*?)&/", "#access_token=\$1&id_token=$idToken&", $value);
109111
$response = $response->withHeader("Location", $value);
@@ -113,7 +115,8 @@ public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $pr
113115
$clientId,
114116
$subject,
115117
$nonce,
116-
$privateKey
118+
$privateKey,
119+
$dpopKey
117120
);
118121
$value = preg_replace("/code=(.*?)&/", "code=\$1&id_token=$idToken&", $value);
119122
$response = $response->withHeader("Location", $value);
@@ -129,8 +132,11 @@ public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $pr
129132
$clientId,
130133
$subject,
131134
$nonce,
132-
$privateKey
135+
$privateKey,
136+
$dpopKey
133137
);
138+
139+
$body['access_token'] = $body['id_token'];
134140
return new JsonResponse($body);
135141
}
136142
} catch (\Exception $e) {

0 commit comments

Comments
 (0)