| public static createFromJKU ( $jku, $allow_unsecured_connection = false, Psr\Cache\CacheItemPoolInterface $cache = null, $ttl = 86400, $allow_http_connection = false ) | ||
| $cache | Psr\Cache\CacheItemPoolInterface | |
/**
* {@inheritdoc}
*/
public function checkClientConfiguration(array $client_configuration, ClientInterface $client)
{
if ('client_secret_jwt' === $client_configuration['token_endpoint_auth_method']) {
$client->set('client_secret', $this->createClientSecret());
$client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime);
} elseif ('private_key_jwt' === $client_configuration['token_endpoint_auth_method']) {
Assertion::true(array_key_exists('jwks', $client_configuration) xor array_key_exists('jwks_uri', $client_configuration), 'The parameter "jwks" or "jwks_uri" must be set.');
if (array_key_exists('jwks', $client_configuration)) {
$jwks = new JWKSet($client_configuration['jwks']);
Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks" must be a valid JWKSet object.');
$client->set('jwks', $client_configuration['jwks']);
} else {
$jwks = JWKFactory::createFromJKU($client_configuration['jwks_uri']);
Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks_uri" must be a valid uri that provide a valid JWKSet.');
$client->set('jwks_uri', $client_configuration['jwks_uri']);
}
} else {
throw new \InvalidArgumentException('Unsupported token endpoint authentication method.');
}
}
/**
* @return null|\Jose\Object\JWKSetInterface
*/
public function getPublicKeySet()
{
Assertion::true($this->hasPublicKeySet(), 'The client has no public key set');
if ($this->hasJwks()) {
return new JWKSet($this->getJwks());
}
if ($this->hasJwksUri()) {
return JWKFactory::createFromJKU($this->getJwksUri());
}
if ($this->hasClientSecret()) {
$jwk_set = new JWKSet();
$jwk_set->addKey(new JWK(['kty' => 'oct', 'use' => 'sig', 'k' => $this->getClientSecret()]));
return $jwk_set;
}
}
