Skip to content

Commit

Permalink
add key ID to the ID token, used for non-dpop applications
Browse files Browse the repository at this point in the history
  • Loading branch information
@ylebre
ylebre committed Nov 16, 2023
1 parent 60464a6 commit bb63483
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/TokenGenerator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use Pdsinterop\Solid\Auth\Exception\InvalidTokenException;
use Pdsinterop\Solid\Auth\Utils\DPop;
use Pdsinterop\Solid\Auth\Utils\Jwks;
use Pdsinterop\Solid\Auth\Enum\OpenId\OpenIdConnectMetadata as OidcMeta;
use Laminas\Diactoros\Response\JsonResponse;
use League\OAuth2\Server\CryptTrait;
Expand Down Expand Up @@ -88,6 +89,10 @@ public function generateIdToken($accessToken, $clientId, $subject, $nonce, $priv
$token = $token->withClaim("cnf", [
"jkt" => $jkt,
]);
} else {
// legacy mode
$jwks = $this->getJwks();
$token = $token->withHeader('kid', $jwks['keys'][0]['kid']);
}

return $token->getToken($jwtConfig->signer(), $jwtConfig->signingKey())->toString();
Expand Down Expand Up @@ -201,4 +206,10 @@ private function makeJwkThumbprint($dpop): string

return $this->dpopUtil->makeJwkThumbprint($jwk);
}

private function getJwks() {
$key = $this->config->getKeys()->getPublicKey();
$jwks = new Jwks($key);
return json_decode($jwks->__toString(), true);
}
}

0 comments on commit bb63483

Please sign in to comment.