/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
if (!array_key_exists('id_token_encrypted_response_alg', $registration_parameters) || !array_key_exists('id_token_encrypted_response_enc', $registration_parameters)) {
return;
}
Assertion::string($registration_parameters['id_token_encrypted_response_alg'], 'Invalid parameter "id_token_encrypted_response_alg". The value must be a string.');
Assertion::string($registration_parameters['id_token_encrypted_response_enc'], 'Invalid parameter "id_token_encrypted_response_enc". The value must be a string.');
Assertion::inArray($registration_parameters['id_token_encrypted_response_alg'], $this->getIdTokenManager()->getSupportedKeyEncryptionAlgorithms(), sprintf('The ID Token content encryption algorithm "%s" is not supported. Please choose one of the following algorithm: %s', $registration_parameters['id_token_encrypted_response_alg'], json_encode($this->getIdTokenManager()->getSupportedContentEncryptionAlgorithms())));
Assertion::inArray($registration_parameters['id_token_encrypted_response_enc'], $this->getIdTokenManager()->getSupportedContentEncryptionAlgorithms(), sprintf('The ID Token key encryption algorithm "%s" is not supported. Please choose one of the following algorithm: %s', $registration_parameters['id_token_encrypted_response_enc'], json_encode($this->getIdTokenManager()->getSupportedKeyEncryptionAlgorithms())));
$client->set('id_token_encrypted_response_alg', $registration_parameters['id_token_encrypted_response_alg']);
$client->set('id_token_encrypted_response_enc', $registration_parameters['id_token_encrypted_response_enc']);
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
foreach (['software_id', 'software_version', 'software_statement'] as $key) {
if (array_key_exists($key, $registration_parameters)) {
$client->set($key, $registration_parameters[$key]);
}
}
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
if (!array_key_exists('sector_identifier_uri', $registration_parameters)) {
return;
}
Assertion::url($registration_parameters['sector_identifier_uri'], sprintf('The sector identifier URI "%s" is not valid.', $registration_parameters['sector_identifier_uri']));
$this->checkSectorIdentifierUri($registration_parameters['sector_identifier_uri']);
$client->set('sector_identifier_uri', $registration_parameters['sector_identifier_uri']);
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
if (!array_key_exists('request_uris', $registration_parameters)) {
return;
}
Assertion::isArray($registration_parameters['request_uris'], 'The parameter "request_uris" must be a list of URI.');
Assertion::allUrl($registration_parameters['request_uris'], 'The parameter "request_uris" must be a list of URI.');
$client->set('request_uris', $registration_parameters['request_uris']);
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
$metadatas = [];
foreach ($this->getSupportedParameters() as $parameter => $closure) {
$metadatas = array_merge($metadatas, $this->getInternationalizedParameters($registration_parameters, $parameter, $closure));
}
foreach ($metadatas as $k => $v) {
$client->set($k, $v);
}
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
if (!$this->hasScopeManager()) {
return;
}
if (array_key_exists('scope', $registration_parameters)) {
Assertion::regex($registration_parameters['scope'], '/^[\\x20\\x23-\\x5B\\x5D-\\x7E]+$/', 'Invalid characters found in the "scope" parameter.');
$client->set('scope', $registration_parameters['scope']);
}
if (array_key_exists('scope_policy', $registration_parameters)) {
Assertion::inArray($registration_parameters['scope_policy'], $this->getScopeManager()->getSupportedScopePolicies(), sprintf('The scope policy "%s" is not supported. Please choose one of the following policy: "%s".', $registration_parameters['scope_policy'], json_encode($this->getScopeManager()->getSupportedScopePolicies())));
$client->set('scope_policy', $registration_parameters['scope_policy']);
}
/*
* Should be handled by the scope policy itself
*/
if (array_key_exists('default_scope', $registration_parameters)) {
Assertion::regex($registration_parameters['default_scope'], '/^[\\x20\\x23-\\x5B\\x5D-\\x7E]+$/', 'Invalid characters found in the "default_scope" parameter.');
$client->set('default_scope', $registration_parameters['default_scope']);
}
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
if (!array_key_exists('subject_type', $registration_parameters)) {
return;
}
Assertion::string($registration_parameters['subject_type'], 'Invalid parameter "subject_type". The value must be a string.');
$supported_types = ['public'];
if ($this->getUserinfo()->isPairwiseSubjectIdentifierSupported()) {
$supported_types[] = 'pairwise';
}
Assertion::inArray($registration_parameters['subject_type'], $supported_types, sprintf('The subject type "%s" is not supported. Please use one of the following value: %s', $registration_parameters['subject_type'], json_encode($supported_types)));
$client->set('subject_type', $registration_parameters['subject_type']);
}
/**
* {@inheritdoc}
*/
public function checkClientConfiguration(array $client_configuration, ClientInterface $client)
{
$client->set('client_secret', $this->createClientSecret());
$client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime);
}
/**
* @param \Symfony\Component\Console\Input\InputInterface $input
* @param \Symfony\Component\Console\Output\OutputInterface $output
* @param \OAuth2\Client\ClientInterface $client
*/
private function selectGrantTypes(InputInterface $input, OutputInterface $output, ClientInterface $client)
{
$token_endpoint = $this->getContainer()->get('oauth2_server.grant_type.manager');
$helper = $this->getHelper('question');
$question = new ChoiceQuestion('Please select allowed grant types.', $token_endpoint->getSupportedGrantTypes());
$question->setMultiselect(true);
$question->setErrorMessage('The grant type "%s" is invalid.');
$grant_types = $helper->ask($input, $output, $question);
$client->set('grant_types', $grant_types);
}
/**
* @param \OAuth2\Client\ClientInterface $client
* @param array $registration_parameters
*/
private function checkResponseTypes(ClientInterface $client, array $registration_parameters)
{
Assertion::isArray($registration_parameters['response_types'], 'The parameter "response_types" must be an array of strings.');
Assertion::allString($registration_parameters['response_types'], 'The parameter "grant_types" must be an array of strings.');
foreach ($registration_parameters['response_types'] as $response_type) {
$types = $this->getResponseTypeManager()->getResponseTypes($response_type);
if (!in_array($response_type, $client->get('response_types'))) {
$response_types = $client->get('response_types');
$response_types[] = $response_type;
$client->set('response_types', $response_types);
}
foreach ($types as $type) {
$associated_grant_types = $type->getAssociatedGrantTypes();
$diff = array_diff($associated_grant_types, $registration_parameters['grant_types']);
Assertion::true(empty($diff), sprintf('The response type "%s" is associated with the grant types "%s" but this response type is missing.', $type->getResponseType(), json_encode($diff)));
$client->set('grant_types', array_unique(array_merge($client->get('grant_types'), $associated_grant_types)));
}
}
}
/**
* {@inheritdoc}
*/
public function checkClientConfiguration(array $client_configuration, ClientInterface $client)
{
if ('client_secret_jwt' === $client_configuration['token_endpoint_auth_method']) {
$client->set('client_secret', $this->createClientSecret());
$client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime);
} elseif ('private_key_jwt' === $client_configuration['token_endpoint_auth_method']) {
Assertion::true(array_key_exists('jwks', $client_configuration) xor array_key_exists('jwks_uri', $client_configuration), 'The parameter "jwks" or "jwks_uri" must be set.');
if (array_key_exists('jwks', $client_configuration)) {
$jwks = new JWKSet($client_configuration['jwks']);
Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks" must be a valid JWKSet object.');
$client->set('jwks', $client_configuration['jwks']);
} else {
$jwks = JWKFactory::createFromJKU($client_configuration['jwks_uri']);
Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks_uri" must be a valid uri that provide a valid JWKSet.');
$client->set('jwks_uri', $client_configuration['jwks_uri']);
}
} else {
throw new \InvalidArgumentException('Unsupported token endpoint authentication method.');
}
}
/**
* {@inheritdoc}
*/
public function check(ClientInterface $client, array $registration_parameters)
{
$client->set('registration_client_uri', $this->getRegistrationClientUri($client));
$client->set('registration_access_token', $this->getRegistrationAccessToken($client));
}
