public static createFromJKU ( $jku, $allow_unsecured_connection = false, Psr\Cache\CacheItemPoolInterface $cache = null, $ttl = 86400, $allow_http_connection = false ) | ||
$cache | Psr\Cache\CacheItemPoolInterface |
/** * {@inheritdoc} */ public function checkClientConfiguration(array $client_configuration, ClientInterface $client) { if ('client_secret_jwt' === $client_configuration['token_endpoint_auth_method']) { $client->set('client_secret', $this->createClientSecret()); $client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime); } elseif ('private_key_jwt' === $client_configuration['token_endpoint_auth_method']) { Assertion::true(array_key_exists('jwks', $client_configuration) xor array_key_exists('jwks_uri', $client_configuration), 'The parameter "jwks" or "jwks_uri" must be set.'); if (array_key_exists('jwks', $client_configuration)) { $jwks = new JWKSet($client_configuration['jwks']); Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks" must be a valid JWKSet object.'); $client->set('jwks', $client_configuration['jwks']); } else { $jwks = JWKFactory::createFromJKU($client_configuration['jwks_uri']); Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks_uri" must be a valid uri that provide a valid JWKSet.'); $client->set('jwks_uri', $client_configuration['jwks_uri']); } } else { throw new \InvalidArgumentException('Unsupported token endpoint authentication method.'); } }
/** * @return null|\Jose\Object\JWKSetInterface */ public function getPublicKeySet() { Assertion::true($this->hasPublicKeySet(), 'The client has no public key set'); if ($this->hasJwks()) { return new JWKSet($this->getJwks()); } if ($this->hasJwksUri()) { return JWKFactory::createFromJKU($this->getJwksUri()); } if ($this->hasClientSecret()) { $jwk_set = new JWKSet(); $jwk_set->addKey(new JWK(['kty' => 'oct', 'use' => 'sig', 'k' => $this->getClientSecret()])); return $jwk_set; } }