Add OpenID Response Type

[marcriemer]

No description provided.

[doobry-systemli]

I'm glad to see some progress here! @marcriemer do you intend to continue working on it? Did you get stuck somewhere particularly?

[marcriemer]

@doobry-systemli So far my implementation works very well. I will continue my work on in this feature. Please let me know If you have any successions for improvements.

[fruitwasp]

keep up the great work! Thanks for this PR!

[pat0s]

Hi @marcriemer,
I would like to ask one question. I got a little bit lost. I think it's not a mistake, but it is confusing.

interface ClaimSetRepositoryInterface
{
    /**
     * Get ClaimSetEntries
     *
     * @param AccessTokenEntityInterface $authCode
     *
     * @return ClaimSetInterface
     */
    public function getClaimSetEntry(AccessTokenEntityInterface $authCode): ClaimSetInterface;
}

$claimSet = $this->claimRepository->getClaimSetEntry($accessToken);

if ($claimSet instanceof ClaimSetInterface) {
            foreach ($this->extractor->extract($accessToken->getScopes(), $claimSet->getClaims()) as $claimName => $claimValue) {
                $builder->withClaim($claimName, $claimValue);
            }
        }

getClaimSetEntry() sounds like I should return ClaimSetEntry. ClaimSetEntry also implements ClaimSetEntryInterface, which means new method getScope(). I think it is irrelevant in this case. It seems like I should return only ClaimSet from this repository.

ClaimSet is new Entity which I created. It implements only ClaimSetInterface and stores all claims with values (from all scopes) in one array. Entity is created according to method's return type ClaimSetInterface.

So in my case method getClaimSetEntry() returns new ClaimSet(['email' => 'email@example', 'email_verified' => 1, ...])

[abin2hats]

Hi @marcriemer

Thank you for the initiative.

Why this PR is not merged even if the PR is reviewed?

Is there any plan to merge this PR?

Thank you.

[Sephster]

Version 9 bringing in the device code is being worked on just now. Then I will start to look at other features. V9 RC1 should be tagged today all being well

[marcriemer]

@pat0s Thanks for bringing this up. You are right, the method should return a ClaimSetEntryInterface.

The ClaimSetEntryInterface extends ClaimSetInterface.

[SimLibaud]

Hi @marcriemer,

Thanks for the initiative and your work. It's a very interesting feature.

@Sephster Have you any news about this PR ?

[stof]

getClaims is documented as returning string[] while the extractor expects array<string, string>. This looks inconsistent to me.

[stof]

To me, this looks like we need 2 separate interface: one returning the map of claim names to claim values (used by the ClaimRepository when getting the claims for an access token) and one listing a set of claim names associated with a scope.

Even if both interfaces have a method named getClaims, the would still be separate interface due to different signatures.

[stof]

btw, rebasing this PR would probably make the CI red because phpstan should be complaining about that.

[stof]

@marcriemer @Sephster what is the status of this work ?

[stof]

shouldn't the nonce come from the authorization request ? Configuring as a constructor argument of the repository is probably not usable. It would be great to have an actual example of the openid setup.