openinfra/openstackid
Code Issues Proposed changes
openstackid/app/controllers/apis/protected/OAuth2UserApiController.php
Sebastian Marcet ea98eff8cf OIDC - OpenId Connect Implementation 
DB refactoring
Client Admin Rectoring
upgraded layout to use latest bootstrap
Added bower support
Added Behat support
OIDC Discovery suuport added
OIDC JWKS endpoint added
Refactored OpenId workflows
Refactored OAuth2 workflows
Server Keys Admin Added
Authorization Code Flow refactored to support OIDC
Allow native apps to use auth code grant
Allow native apps to use "TokenEndpoint_AuthMethod_PrivateKeyJwt"
Filter on UI public/private keys algs based on the key usage
Set as default auth protocol for private clients "client_secret_basic"
Added feature client_secret_expired
Filtered content of Token Endpoint Authorization Signed Algorithm based on Token Endpoint Authorization Method
Implemented OAuth 2.0 Multiple Response Type Encoding Practices
Implemented OAuth 2.0 Form Post Response Mode
Implicit Flow refactored to support OIDC
UserInfo Endpoint (OIDC/Claims)
Hybrid Flow
OIDC Session Management

Change-Id: If3d38666f3f7f56bd8c94b9df2e6340554512612
2015-12-16 11:03:01 -03:00

113 lines
3.3 KiB
PHP
Raw Blame History

<?php
use oauth2\IResourceServerContext;
use utils\services\ILogService;
use oauth2\resource_server\IUserService;
use oauth2\services\IClientService;
use oauth2\heuristics\SigningKeyFinder;
use oauth2\heuristics\EncryptionKeyFinder;
use oauth2\builders\IdTokenBuilder;
use utils\http\HttpContentType;
/**
* Class OAuth2UserApiController
* OAUTH2 Protected User REST API
*/
class OAuth2UserApiController extends OAuth2ProtectedController
{
/**
* @var IUserService
*/
private $user_service;
/**
* @var IClientService
*/
private $client_service;
/**
* @var IdTokenBuilder
*/
private $id_token_builder;
/**
* @param IUserService $user_service
* @param IResourceServerContext $resource_server_context
* @param ILogService $log_service
* @param IClientService $client_service
* @param IdTokenBuilder $id_token_builder
*/
public function __construct
(
IUserService $user_service,
IResourceServerContext $resource_server_context,
ILogService $log_service,
IClientService $client_service,
IdTokenBuilder $id_token_builder
)
{
parent::__construct($resource_server_context,$log_service);
$this->user_service = $user_service;
$this->client_service = $client_service;
$this->id_token_builder = $id_token_builder;
}
/**
* Gets User Basic Info
* @return mixed
*/
public function me()
{
try
{
$data = $this->user_service->getCurrentUserInfo();
return $this->ok($data);
}
catch(Exception $ex)
{
$this->log_service->error($ex);
return $this->error500($ex);
}
}
public function userInfo()
{
try
{
$claims = $this->user_service->getCurrentUserInfoClaims();
$client_id = $this->resource_server_context->getCurrentClientId();
$client = $this->client_service->getClientById($client_id);
// The UserInfo Claims MUST be returned as the members of a JSON object unless a signed or encrypted response
// was requested during Client Registration.
$user_info_response_info = $client->getUserInfoResponseInfo();
$sig_alg = $user_info_response_info->getSigningAlgorithm();
$enc_alg = $user_info_response_info->getEncryptionKeyAlgorithm();
$enc = $user_info_response_info->getEncryptionContentAlgorithm();
if($sig_alg || ($enc_alg && $enc) )
{
$jwt = $this->id_token_builder->buildJWT($claims, $user_info_response_info, $client);
$http_response = Response::make($jwt->toCompactSerialization(), 200);
$http_response->header('Content-Type', HttpContentType::JWT);
$http_response->header('Cache-Control','no-cache, no-store, max-age=0, must-revalidate');
$http_response->header('Pragma','no-cache');
return $http_response;
}
else
{
// return plain json
return $this->ok( $claims->toArray() );
}
}
catch(Exception $ex)
{
$this->log_service->error($ex);
return $this->error500($ex);
}
}
}
View Git Blame Copy Permalink