OAuth2OLD\OpenID\ResponseTypes\IdTokenResponseType::handle()

Complexity

Conditions	17
Paths	160

Size

Total Lines	67
Code Lines	33

Duplication

Lines	0
Ratio	0 %

Importance

Changes

0

<?php
    public function handle(ServerRequestInterface $request, ResourceOwnerInterface $resourceOwner,
                           RegisteredClient $client, ?array $scope = null, ?array $extendedResponseTypes = null): array
    {
        $data = $request->getMethod() === 'GET' ? $request->getQueryParams() : $request->getParsedBody();

        // Get required claims
        $claims = [
            'iss' => $this->configurationRepository->getConfig(Config::OPENID_ISSUER),
            'sub' => $resourceOwner->getIdentifier(),
            'aud' => $client->getIdentifier(),
            'exp' => time() + $this->idTokenStorage->getLifetime(),
            'iat' => time()
        ];

        // todo, include if auth_time is marked as an essential claim by the client otherwise it is optional (conf ?)
        if(isset($data['max_age']) && $data['max_age']) {
            $claims['auth_time'] = $resourceOwner->getTimeWhenAuthenticationOccured();
        }

        if(isset($data['nonce']) && !is_null($data['nonce'])) {
            $claims['nonce'] = $data['nonce'];
        }

        if(empty($extendedResponseTypes)) {
            $standardClaims = $this->userInfoClaimsStorage->getClaims($resourceOwner);

            foreach ($this->userInfoClaimsStorage->getClaimsByScope($scope) as $claimRequested) {
                if(isset($standardClaims[$claimRequested]) && $standardClaims[$claimRequested]) {
                    $claims[$claimRequested] = $standardClaims[$claimRequested];
                }
            }
        }

        if(isset($extendedResponseTypes['code'])) {
            //c_hash
            /**
             * @var \OAuth2OLD\ResponseTypes\ResponseTypeInterface $responseType
             */
            $responseType = $extendedResponseTypes['code'];
            $code = $responseType->handle($request, $resourceOwner, $client, $scope)['code'];
            $result['code'] = $code;

$result was never initialized. Although not strictly required by PHP, it is generally a good practice to add $result = array(); before regardless.

            $claims['c_hash'] = 'todo'; //todo
        }

        if(isset($extendedResponseTypes['token'])) {
            //at_hash
            /**
             * @var \OAuth2OLD\ResponseTypes\ResponseTypeInterface $responseType
             */
            $responseType = $extendedResponseTypes['token'];
            $token = $responseType->handle($request, $resourceOwner, $client, $scope)['token'];
            $result['token'] = $token;
            $claims['at_hash'] = 'todo'; //todo
        }
        else {
            $requestedScopes = isset($data['scope']) ? explode(' ', $data['scope']) : [];

            if ((empty($requestedScopes) && !is_null($scope)) || (is_array($scope) && !empty(array_diff($requestedScopes, $scope)))) {
                $data['scope'] = implode(' ', $scope);
            }
        }


//        $idToken = new IdToken($claims);

50% of this comment could be valid code. Did you maybe forget this after debugging?

        $key = 'mykey'; // todo
        $result['id_token'] = JWT::encode($claims, $key);
        return $result;
    }
}