-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OpenID Response Type #1316
base: master
Are you sure you want to change the base?
Add OpenID Response Type #1316
Conversation
Apply fixes from StyleCI
Apply fixes from StyleCI
This reverts commit 35af257.
Apply fixes from StyleCI
Apply fixes from StyleCI
I'm glad to see some progress here! @marcriemer do you intend to continue working on it? Did you get stuck somewhere particularly? |
@doobry-systemli So far my implementation works very well. I will continue my work on in this feature. Please let me know If you have any successions for improvements. |
Apply fixes from StyleCI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keep up the great work! Thanks for this PR!
Hi @marcriemer, interface ClaimSetRepositoryInterface
{
/**
* Get ClaimSetEntries
*
* @param AccessTokenEntityInterface $authCode
*
* @return ClaimSetInterface
*/
public function getClaimSetEntry(AccessTokenEntityInterface $authCode): ClaimSetInterface;
} $claimSet = $this->claimRepository->getClaimSetEntry($accessToken);
if ($claimSet instanceof ClaimSetInterface) {
foreach ($this->extractor->extract($accessToken->getScopes(), $claimSet->getClaims()) as $claimName => $claimValue) {
$builder->withClaim($claimName, $claimValue);
}
}
So in my case method |
Hi @marcriemer Thank you for the initiative. Why this PR is not merged even if the PR is reviewed? Is there any plan to merge this PR? Thank you. |
Version 9 bringing in the device code is being worked on just now. Then I will start to look at other features. V9 RC1 should be tagged today all being well |
@pat0s Thanks for bringing this up. You are right, the method should return a ClaimSetEntryInterface. The ClaimSetEntryInterface extends ClaimSetInterface. |
Apply fixes from StyleCI
Revert "Apply fixes from StyleCI"
Apply fixes from StyleCI
Apply fixes from StyleCI
Hi @marcriemer, Thanks for the initiative and your work. It's a very interesting feature. @Sephster Have you any news about this PR ? |
$builder = $this->idTokenRepository->getBuilder($accessToken); | ||
|
||
if ($claimSet instanceof ClaimSetEntryInterface) { | ||
foreach ($this->extractor->extract($accessToken->getScopes(), $claimSet->getClaims()) as $claimName => $claimValue) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
getClaims
is documented as returning string[]
while the extractor expects array<string, string>
. This looks inconsistent to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To me, this looks like we need 2 separate interface: one returning the map of claim names to claim values (used by the ClaimRepository when getting the claims for an access token) and one listing a set of claim names associated with a scope.
Even if both interfaces have a method named getClaims
, the would still be separate interface due to different signatures.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
btw, rebasing this PR would probably make the CI red because phpstan should be complaining about that.
@marcriemer @Sephster what is the status of this work ? |
->expiresAt($accessToken->getExpiryDateTime()) | ||
->relatedTo($accessToken->getUserIdentifier()); | ||
|
||
if ($this->nonce) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't the nonce come from the authorization request ? Configuring as a constructor argument of the repository is probably not usable. It would be great to have an actual example of the openid setup.
No description provided.