|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
/* |
|
6
|
|
|
* The MIT License (MIT) |
|
7
|
|
|
* |
|
8
|
|
|
* Copyright (c) 2014-2017 Spomky-Labs |
|
9
|
|
|
* |
|
10
|
|
|
* This software may be modified and distributed under the terms |
|
11
|
|
|
* of the MIT license. See the LICENSE file for details. |
|
12
|
|
|
*/ |
|
13
|
|
|
|
|
14
|
|
|
namespace OAuth2Framework\Bundle\Server\Service; |
|
15
|
|
|
|
|
16
|
|
|
use OAuth2Framework\Bundle\Server\TokenEndpointAuthMethod\ClientAssertionJwt; |
|
17
|
|
|
use OAuth2Framework\Component\Server\Endpoint\Authorization\AuthorizationRequestLoader; |
|
18
|
|
|
use OAuth2Framework\Component\Server\Endpoint\UserInfo\UserInfo; |
|
19
|
|
|
use OAuth2Framework\Component\Server\GrantType\GrantTypeManager; |
|
20
|
|
|
use OAuth2Framework\Component\Server\GrantType\PKCEMethod\PKCEMethodManager; |
|
21
|
|
|
use OAuth2Framework\Component\Server\Model\Scope\ScopeRepositoryInterface; |
|
22
|
|
|
use OAuth2Framework\Component\Server\ResponseMode\ResponseModeManager; |
|
23
|
|
|
use OAuth2Framework\Component\Server\ResponseType\ResponseTypeManager; |
|
24
|
|
|
use OAuth2Framework\Component\Server\TokenEndpointAuthMethod\TokenEndpointAuthMethodManager; |
|
25
|
|
|
use OAuth2Framework\Component\Server\Endpoint\Metadata\Metadata; |
|
26
|
|
|
use Symfony\Component\Routing\RouterInterface; |
|
27
|
|
|
|
|
28
|
|
|
final class MetadataBuilder |
|
29
|
|
|
{ |
|
30
|
|
|
/** |
|
31
|
|
|
* @var RouterInterface |
|
32
|
|
|
*/ |
|
33
|
|
|
private $router; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* @var Metadata |
|
37
|
|
|
*/ |
|
38
|
|
|
private $metadata; |
|
39
|
|
|
|
|
40
|
|
|
/** |
|
41
|
|
|
* MetadataBuilder constructor. |
|
42
|
|
|
* |
|
43
|
|
|
* @param RouterInterface $router |
|
44
|
|
|
*/ |
|
45
|
|
|
public function __construct(RouterInterface $router) |
|
46
|
|
|
{ |
|
47
|
|
|
$this->router = $router; |
|
48
|
|
|
$this->metadata = new Metadata(); |
|
49
|
|
|
} |
|
50
|
|
|
|
|
51
|
|
|
/** |
|
52
|
|
|
* @return Metadata |
|
53
|
|
|
*/ |
|
54
|
|
|
public function getMetadata(): Metadata |
|
55
|
|
|
{ |
|
56
|
|
|
return $this->metadata; |
|
57
|
|
|
} |
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* @param string $name |
|
61
|
|
|
* @param string $routeName |
|
62
|
|
|
* @param array $routeParameters |
|
63
|
|
|
*/ |
|
64
|
|
|
public function setRoute(string $name, string $routeName, array $routeParameters = []) |
|
65
|
|
|
{ |
|
66
|
|
|
$path = $this->router->generate($routeName, $routeParameters, RouterInterface::ABSOLUTE_URL); |
|
67
|
|
|
$this->metadata->set($name, $path); |
|
68
|
|
|
|
|
69
|
|
|
/* |
|
|
|
|
|
|
70
|
|
|
$this->metadata->set('service_documentation', 'https://my.server.com/documentation'); |
|
71
|
|
|
$this->metadata->set('op_policy_uri', 'https://my.server.com/policy.html'); |
|
72
|
|
|
$this->metadata->set('op_tos_uri', 'https://my.server.com/tos.html'); |
|
73
|
|
|
*/ |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
/** |
|
77
|
|
|
* @param PKCEMethodManager $PKCEMethodManager |
|
78
|
|
|
*/ |
|
79
|
|
|
public function setCodeChallengeMethodsSupported(PKCEMethodManager $PKCEMethodManager) |
|
80
|
|
|
{ |
|
81
|
|
|
$this->metadata->set('code_challenge_methods_supported', $PKCEMethodManager->names()); |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
/** |
|
85
|
|
|
* @param ClientAssertionJwt $clientAssertionJwt |
|
86
|
|
|
*/ |
|
87
|
|
|
public function setClientAssertionJwt(ClientAssertionJwt $clientAssertionJwt) |
|
88
|
|
|
{ |
|
89
|
|
|
$this->metadata->set('token_endpoint_auth_signing_alg_values_supported', $clientAssertionJwt->getSupportedSignatureAlgorithms()); |
|
90
|
|
|
$this->metadata->set('token_endpoint_auth_encryption_alg_values_supported', $clientAssertionJwt->getSupportedKeyEncryptionAlgorithms()); |
|
91
|
|
|
$this->metadata->set('token_endpoint_auth_encryption_enc_values_supported', $clientAssertionJwt->getSupportedContentEncryptionAlgorithms()); |
|
92
|
|
|
} |
|
93
|
|
|
|
|
94
|
|
|
/** |
|
95
|
|
|
* @param GrantTypeManager $grantTypeManager |
|
96
|
|
|
*/ |
|
97
|
|
|
public function setGrantTypeManager(GrantTypeManager $grantTypeManager) |
|
98
|
|
|
{ |
|
99
|
|
|
$this->metadata->set('grant_types_supported', $grantTypeManager->getSupportedGrantTypes()); |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
/** |
|
103
|
|
|
* @param ResponseTypeManager $responseTypeManager |
|
104
|
|
|
*/ |
|
105
|
|
|
public function setResponseTypeManager(ResponseTypeManager $responseTypeManager) |
|
106
|
|
|
{ |
|
107
|
|
|
$this->metadata->set('response_types_supported', $responseTypeManager->all()); |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
/** |
|
111
|
|
|
* @param ResponseModeManager $responseModeManager |
|
112
|
|
|
*/ |
|
113
|
|
|
public function setResponseModeManager(ResponseModeManager $responseModeManager) |
|
114
|
|
|
{ |
|
115
|
|
|
$this->metadata->set('response_modes_supported', $responseModeManager->all()); |
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
/** |
|
119
|
|
|
* @param TokenEndpointAuthMethodManager $tokenEndpointAuthMethodManager |
|
120
|
|
|
*/ |
|
121
|
|
|
public function setTokenEndpointAuthMethodManager(TokenEndpointAuthMethodManager $tokenEndpointAuthMethodManager) |
|
122
|
|
|
{ |
|
123
|
|
|
$this->metadata->set('token_endpoint_auth_methods_supported', $tokenEndpointAuthMethodManager->all()); |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
/** |
|
127
|
|
|
* @param ScopeRepositoryInterface $scopeRepository |
|
128
|
|
|
*/ |
|
129
|
|
|
public function setScopeRepository(ScopeRepositoryInterface $scopeRepository) |
|
130
|
|
|
{ |
|
131
|
|
|
$this->metadata->set('scopes_supported', $scopeRepository->getSupportedScopes()); |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
/** |
|
135
|
|
|
* @param UserInfo $userInfo |
|
136
|
|
|
*/ |
|
137
|
|
|
public function setUserinfo(UserInfo $userInfo) |
|
138
|
|
|
{ |
|
139
|
|
|
$this->metadata->set('subject_types_supported', $userInfo->isPairwiseSubjectIdentifierSupported() ? ['public', 'pairwise'] : ['public']); |
|
140
|
|
|
$this->metadata->set('claims_supported', $userInfo->getClaimsSupported()); |
|
141
|
|
|
} |
|
142
|
|
|
|
|
143
|
|
|
/** |
|
144
|
|
|
* @param string $name |
|
145
|
|
|
* @param mixed $value |
|
146
|
|
|
*/ |
|
147
|
|
|
public function addKeyValuePair(string $name, $value) |
|
148
|
|
|
{ |
|
149
|
|
|
$this->metadata->set($name, $value); |
|
150
|
|
|
/* |
|
|
|
|
|
|
151
|
|
|
$this->metadata->set('acr_values_supported', []); |
|
152
|
|
|
$this->metadata->set('display_values_supported', ['page']); |
|
153
|
|
|
$this->metadata->set('claim_types_supported', false); |
|
154
|
|
|
$this->metadata->set('ui_locales_supported', ['en_US', 'fr_FR']); |
|
155
|
|
|
$this->metadata->set('claims_parameter_supported', false); |
|
156
|
|
|
*/ |
|
157
|
|
|
} |
|
158
|
|
|
|
|
159
|
|
|
/** |
|
160
|
|
|
* @param AuthorizationRequestLoader $authorizationRequestLoader |
|
161
|
|
|
*/ |
|
162
|
|
|
public function setAuthorizationRequestLoader(AuthorizationRequestLoader $authorizationRequestLoader) |
|
163
|
|
|
{ |
|
164
|
|
|
$this->metadata->set('request_parameter_supported', $authorizationRequestLoader->isRequestObjectSupportEnabled()); |
|
165
|
|
|
$this->metadata->set('request_uri_parameter_supported', $authorizationRequestLoader->isRequestObjectReferenceSupportEnabled()); |
|
166
|
|
|
$this->metadata->set('require_request_uri_registration', $authorizationRequestLoader->isRequestUriRegistrationRequired()); |
|
167
|
|
|
$this->metadata->set('request_object_signing_alg_values_supported', $authorizationRequestLoader->getSupportedSignatureAlgorithms()); |
|
168
|
|
|
$this->metadata->set('request_object_encryption_alg_values_supported', $authorizationRequestLoader->getSupportedKeyEncryptionAlgorithms()); |
|
169
|
|
|
$this->metadata->set('request_object_encryption_enc_values_supported', $authorizationRequestLoader->getSupportedContentEncryptionAlgorithms()); |
|
170
|
|
|
} |
|
171
|
|
|
} |
|
172
|
|
|
|
OAuth2-Framework /
oauth2-framework
Loading history...
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.