Cheetah
IdToken.php
Go to the documentation of this file.
1 <?php
2 
3 namespace OAuth2\OpenID\ResponseType;
4 
5 use OAuth2\Encryption\EncryptionInterface;
6 use OAuth2\Encryption\Jwt;
7 use OAuth2\Storage\PublicKeyInterface;
8 use OAuth2\OpenID\Storage\UserClaimsInterface;
9 
10 class IdToken implements IdTokenInterface
11 {
12  protected $userClaimsStorage;
13  protected $publicKeyStorage;
14  protected $config;
15  protected $encryptionUtil;
16 
17  public function __construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config = array(), EncryptionInterface $encryptionUtil = null)
18  {
19  $this->userClaimsStorage = $userClaimsStorage;
20  $this->publicKeyStorage = $publicKeyStorage;
21  if (is_null($encryptionUtil)) {
22  $encryptionUtil = new Jwt();
23  }
24  $this->encryptionUtil = $encryptionUtil;
25 
26  if (!isset($config['issuer'])) {
27  throw new \LogicException('config parameter "issuer" must be set');
28  }
29  $this->config = array_merge(array(
30  'id_lifetime' => 3600,
31  ), $config);
32  }
33 
34  public function getAuthorizeResponse($params, $userInfo = null)
35  {
36  // build the URL to redirect to
37  $result = array('query' => array());
38  $params += array('scope' => null, 'state' => null, 'nonce' => null);
39 
40  // create the id token.
41  list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
42  $userClaims = $this->userClaimsStorage->getUserClaims($user_id, $params['scope']);
43 
44  $id_token = $this->createIdToken($params['client_id'], $userInfo, $params['nonce'], $userClaims, null);
45  $result["fragment"] = array('id_token' => $id_token);
46  if (isset($params['state'])) {
47  $result["fragment"]["state"] = $params['state'];
48  }
49 
50  return array($params['redirect_uri'], $result);
51  }
52 
53  public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null)
54  {
55  // pull auth_time from user info if supplied
56  list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo);
57 
58  $token = array(
59  'iss' => $this->config['issuer'],
60  'sub' => $user_id,
61  'aud' => $client_id,
62  'iat' => time(),
63  'exp' => time() + $this->config['id_lifetime'],
64  'auth_time' => $auth_time,
65  );
66 
67  if ($nonce) {
68  $token['nonce'] = $nonce;
69  }
70 
71  if ($userClaims) {
72  $token += $userClaims;
73  }
74 
75  if ($access_token) {
76  $token['at_hash'] = $this->createAtHash($access_token, $client_id);
77  }
78 
79  return $this->encodeToken($token, $client_id);
80  }
81 
82  protected function createAtHash($access_token, $client_id = null)
83  {
84  // maps HS256 and RS256 to sha256, etc.
85  $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
86  $hash_algorithm = 'sha' . substr($algorithm, 2);
87  $hash = hash($hash_algorithm, $access_token);
88  $at_hash = substr($hash, 0, strlen($hash) / 2);
89 
90  return $this->encryptionUtil->urlSafeB64Encode($at_hash);
91  }
92 
93  protected function encodeToken(array $token, $client_id = null)
94  {
95  $private_key = $this->publicKeyStorage->getPrivateKey($client_id);
96  $algorithm = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
97 
98  return $this->encryptionUtil->encode($token, $private_key, $algorithm);
99  }
100 
101  private function getUserIdAndAuthTime($userInfo)
102  {
103  $auth_time = null;
104 
105  // support an array for user_id / auth_time
106  if (is_array($userInfo)) {
107  if (!isset($userInfo['user_id'])) {
108  throw new \LogicException('if $user_id argument is an array, user_id index must be set');
109  }
110 
111  $auth_time = isset($userInfo['auth_time']) ? $userInfo['auth_time'] : null;
112  $user_id = $userInfo['user_id'];
113  } else {
114  $user_id = $userInfo;
115  }
116 
117  if (is_null($auth_time)) {
118  $auth_time = time();
119  }
120 
121  // userInfo is a scalar, and so this is the $user_id. Auth Time is null
122  return array($user_id, $auth_time);
123  }
124 }
OAuth2\OpenID\ResponseType\IdToken\createIdToken
createIdToken($client_id, $userInfo, $nonce=null, $userClaims=null, $access_token=null)
Definition: IdToken.php:53
OAuth2\OpenID\ResponseType\IdToken
Definition: IdToken.php:11
OAuth2\OpenID\ResponseType\IdToken\createAtHash
createAtHash($access_token, $client_id=null)
Definition: IdToken.php:82
OAuth2\OpenID\Storage\UserClaimsInterface
Definition: UserClaimsInterface.php:10
use
GNU LESSER GENERAL PUBLIC LICENSE February Free Software Inc Franklin Fifth MA USA Everyone is permitted to copy and distribute verbatim copies of this license but changing it is not allowed[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it By the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This the Lesser General Public applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular based on the explanations below When we speak of free we are referring to freedom of use
Definition: license.txt:27
OAuth2\Storage\PublicKeyInterface
Definition: PublicKeyInterface.php:12
$hash
$hash
Definition: Filter.ExtractStyleBlocks.txt:46
php
OAuth2\Encryption\Jwt
Definition: Jwt.php:10
OAuth2\OpenID\ResponseType\IdToken\$encryptionUtil
$encryptionUtil
Definition: IdToken.php:15
OAuth2\OpenID\ResponseType\IdToken\$config
$config
Definition: IdToken.php:14
OAuth2\OpenID\ResponseType\IdToken\encodeToken
encodeToken(array $token, $client_id=null)
Definition: IdToken.php:93
OAuth2\OpenID\ResponseType\IdTokenInterface
Definition: IdTokenInterface.php:8
OAuth2\OpenID\ResponseType\IdToken\__construct
__construct(UserClaimsInterface $userClaimsStorage, PublicKeyInterface $publicKeyStorage, array $config=array(), EncryptionInterface $encryptionUtil=null)
Definition: IdToken.php:17
time
that in the case of a Adaptation or at a minimum such credit will if a credit for all contributing authors of the Adaptation or Collection then as part of these credits and in a manner at least as prominent as the credits for the other contributing authors For the avoidance of You may only use the credit required by this Section for the purpose of attribution in the manner set out above by exercising Your rights under this You may not implicitly or explicitly assert or imply any connection sponsorship or endorsement by the Original Licensor and or Attribution as of You or Your use of the without the express prior written permission of the Original Licensor and or Attribution Parties Except as otherwise agreed in writing by the Licensor or as may be otherwise permitted by applicable if You Distribute or Publicly Perform the Work either by itself or as part of any Adaptations or You must not modify or take other derogatory action in relation to the Work which would be prejudicial to the Original Author s honor or reputation Licensor agrees that in those in which any exercise of the right granted in modification or other derogatory action prejudicial to the Original Author s honor and the Licensor will waive or not as this to the fullest extent permitted by the applicable national to enable You to reasonably exercise Your right under Warranties and Disclaimer UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN LICENSOR OFFERS THE WORK AS IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE STATUTORY OR WITHOUT WARRANTIES OF FITNESS FOR A PARTICULAR OR THE ABSENCE OF LATENT OR OTHER OR THE PRESENCE OF ABSENCE OF WHETHER OR NOT DISCOVERABLE SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED SO SUCH EXCLUSION MAY NOT APPLY TO YOU Limitation on Liability EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Termination This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License Individuals or entities who have received Adaptations or Collections from You under this will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses and will survive any termination of this License Subject to the above terms and the license granted here is Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time
Definition: license.txt:56
OAuth2\OpenID\ResponseType\IdToken\$publicKeyStorage
$publicKeyStorage
Definition: IdToken.php:13
OAuth2\OpenID\ResponseType\IdToken\$userClaimsStorage
$userClaimsStorage
Definition: IdToken.php:12
OAuth2\OpenID\ResponseType
Definition: AuthorizationCode.php:3
OAuth2\OpenID\ResponseType\IdToken\getAuthorizeResponse
getAuthorizeResponse($params, $userInfo=null)
Definition: IdToken.php:34
OAuth2\Encryption\EncryptionInterface
Definition: EncryptionInterface.php:6
Generated by doxygen 1.8.20