OpenIDConnectServer\IdTokenResponse

Complexity

Total Complexity

10

Size/Duplication

Total Lines	98
Duplicated Lines	0 %

Test Coverage

Coverage

0%

Importance

Changes	5
Bugs	1	Features	1

4 Methods

Rating	Name	Duplication	Size	Complexity
A	getBuilder()	0	16	1
A	isOpenIDRequest()	0	13	3
A	__construct()	0	8	1
A	getExtraParams()	0	29	5

<?php
/**
 * @author Steve Rhoades <sedonami@gmail.com>
 * @license http://opensource.org/licenses/MIT MIT
 */
namespace OpenIDConnectServer;

use \DateTimeImmutable;
use OpenIDConnectServer\Repositories\IdentityProviderInterface;
use OpenIDConnectServer\Entities\ClaimSetInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use Lcobucci\JWT\Configuration;

class IdTokenResponse extends BearerTokenResponse
{
    /**
     * @var IdentityProviderInterface
     */
    protected $identityProvider;

    /**
     * @var ClaimExtractor
     */
    protected $claimExtractor;

    /**
     * @var Configuration
     */
    private $config;

    public function __construct(
        IdentityProviderInterface $identityProvider,
        ClaimExtractor $claimExtractor,
        Configuration $config
    ) {
        $this->identityProvider = $identityProvider;
        $this->claimExtractor   = $claimExtractor;
        $this->config           = $config;
    }

    protected function getBuilder(AccessTokenEntityInterface $accessToken, UserEntityInterface $userEntity)
    {
        $dateTimeImmutableObject = new DateTimeImmutable();

        // Add required id_token claims
        $builder = $this->config
            ->builder()
            ->permittedFor($accessToken->getClient()->getIdentifier())

$accessToken->getClient()->getIdentifier() of type string is incompatible with the type Lcobucci\JWT\list expected by parameter $audiences of Lcobucci\JWT\Builder::permittedFor().

            ->issuedBy('https://' . $_SERVER['HTTP_HOST'])
            ->issuedAt($dateTimeImmutableObject)
            ->expiresAt($dateTimeImmutableObject->setTimestamp(
                $accessToken->getExpiryDateTime()->getTimestamp(),
            ))
            ->relatedTo($userEntity->getIdentifier());

        return $builder;
    }

    /**
     * @param AccessTokenEntityInterface $accessToken
     * @return array
     */
    protected function getExtraParams(AccessTokenEntityInterface $accessToken)
    {
        if (false === $this->isOpenIDRequest($accessToken->getScopes())) {
            return [];
        }

        /** @var UserEntityInterface $userEntity */
        $userEntity = $this->identityProvider->getUserEntityByIdentifier($accessToken->getUserIdentifier());

        if (false === is_a($userEntity, UserEntityInterface::class)) {
            throw new \RuntimeException('UserEntity must implement UserEntityInterface');
        } else if (false === is_a($userEntity, ClaimSetInterface::class)) {
            throw new \RuntimeException('UserEntity must implement ClaimSetInterface');
        }

        // Add required id_token claims
        $builder = $this->getBuilder($accessToken, $userEntity);

        // Need a claim factory here to reduce the number of claims by provided scope.
        $claims = $this->claimExtractor->extract($accessToken->getScopes(), $userEntity->getClaims());

        foreach ($claims as $claimName => $claimValue) {
            $builder = $builder->withClaim($claimName, $claimValue);
        }

        $token = $builder->getToken($this->config->signer(), $this->config->signingKey());

        return [
            'id_token' => $token->toString()
        ];
    }

    /**
     * @param ScopeEntityInterface[] $scopes
     * @return bool
     */
    private function isOpenIDRequest($scopes)
    {
        // Verify scope and make sure openid exists.
        $valid  = false;

        foreach ($scopes as $scope) {
            if ($scope->getIdentifier() === 'openid') {
                $valid = true;
                break;
            }
        }

        return $valid;
    }

}