Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabled client_secret_basic authentication on requestClientCredentialsToken() #348

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Enabled client_secret_basic authentication on requestClientCredentialsToken() #348

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
cb6cec4
Enabled client_secret_basic authentication on requestClientCredentia…
Magentron Nov 28, 2022
8ef1281
updated composer.json added replace, updated README.md added notifica…
Magentron Nov 28, 2022
90b959b
Merge commit '102a5bba6c446beceb87d6f57dd337a0d34d12ec' into features…
Magentron Dec 30, 2022
5b3bd9a
Merge branch 'master' into features/allow-client_secret_basic-on-requ…
Magentron Apr 3, 2023
5e83bc4
Merge commit 'e46f108adf9be166f232edfe1e5315e6fcf168e5' from jumbojet…
Magentron Apr 3, 2023
41301c6
Merge branch 'upstream/master'
Magentron May 22, 2024
c9ee737
Merge branch 'master' into features/allow-client_secret_basic-on-requ…
Magentron May 22, 2024
9b64e0d
Merge branch 'upstream/master'
Magentron Nov 7, 2024
48d38b3
Merge branch 'master' into features/allow-client_secret_basic-on-requ…
Magentron Nov 7, 2024
3327b14
Remove references to Magentron fork
Magentron Nov 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
- Check subject when verifying JWT #406
- Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed #373
* Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347

## [1.0.0] - 2023-12-13

Expand Down
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
NB: This is a fork from [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP) to allow client basic authentication on obtaining the access token.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert this change.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted


PHP OpenID Connect Basic Client
========================
A simple library that allows an application to authenticate a user through the basic OpenID Connect flow.
Expand All @@ -14,7 +16,7 @@ A special thanks goes to Justin Richer and Amanda Anganes for their help and sup
## Install ##
1. Install library using composer
```
composer require jumbojett/openid-connect-php
composer require magentron/openid-connect-php
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert this change.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted

```

2. Include composer autoloader
Expand Down
7 changes: 5 additions & 2 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jumbojett/openid-connect-php",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert this change.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted

"description": "Bare-bones OpenID Connect client",
"name": "magentron/openid-connect-php",
"description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
"license": "Apache-2.0",
"require": {
"php": ">=7.0",
Expand All @@ -13,6 +13,9 @@
"roave/security-advisories": "dev-latest",
"yoast/phpunit-polyfills": "^2.0"
},
"replace": {
"jumbojett/openid-connect-php": "<=0.9.10"
},
"archive" : {
"exclude" : [
".*"
Expand Down
33 changes: 22 additions & 11 deletions src/OpenIDConnectClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -803,12 +803,12 @@ public function requestClientCredentialsToken() {
$grant_type = 'client_credentials';

$post_data = [
'grant_type' => $grant_type,
'client_id' => $this->clientID,
'client_secret' => $this->clientSecret,
'scope' => implode(' ', $this->scopes)
'grant_type' => $grant_type,
'scope' => implode(' ', $this->scopes)
];

$this->setOptionalBasicAuthentication($headers, $post_data);

// Convert token params to string format
$post_params = http_build_query($post_data, '', '&', $this->encType);

Expand Down Expand Up @@ -839,13 +839,7 @@ public function requestResourceOwnerToken(bool $bClientAuth = false) {

//For client authentication include the client values
if($bClientAuth) {
$token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
$headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
} else {
$post_data['client_id'] = $this->clientID;
$post_data['client_secret'] = $this->clientSecret;
}
$this->setOptionalBasicAuthentication($headers, $post_data);
}

// Convert token params to string format
Expand All @@ -854,6 +848,23 @@ public function requestResourceOwnerToken(bool $bClientAuth = false) {
return json_decode($this->fetchURL($token_endpoint, $post_params, $headers), false);
}

/**
* Use client basic authentication if supported.
*
* @param array $headers
* @param array $post_data
* @throws OpenIDConnectClientException
*/
protected function setOptionalBasicAuthentication(&$headers, &$post_data) {
$token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);

if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
$headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
} else {
$post_data['client_id'] = $this->clientID;
$post_data['client_secret'] = $this->clientSecret;
}
}

/**
* Requests ID and Access tokens
Expand Down