public function decodeJWT($encUser)
{
$client_id = config('laravel-auth0.client_id');
$client_secret = config('laravel-auth0.client_secret');
$this->apiuser = Auth0JWT::decode($encUser, $client_id, $client_secret);
return $this->apiuser;
}
public function setCurrentToken($token)
{
try {
$this->tokenInfo = \Auth0\SDK\Auth0JWT::decode($token, getenv('AUTH0_CLIENT_ID'), getenv('AUTH0_CLIENT_SECRET'));
$this->token = $token;
} catch (\Auth0\SDK\Exception\CoreException $e) {
throw $e;
}
}
public function testTokenGenerationDecode()
{
$client_id = 'client_id_1';
$client_secret = 'client_secret_1';
$generator = new TokenGenerator(['client_id' => $client_id, 'client_secret' => $client_secret]);
$jwt = $generator->generate(['users' => ['actions' => ['read']]]);
$decoded = Auth0JWT::decode($jwt, $client_id, $client_secret);
$this->assertObjectHasAttribute('aud', $decoded);
$this->assertEquals($client_id, $decoded->aud);
$this->assertObjectHasAttribute('scopes', $decoded);
$this->assertObjectHasAttribute('users', $decoded->scopes);
$this->assertObjectHasAttribute('actions', $decoded->scopes->users);
$this->assertArraySubset(['read'], $decoded->scopes->users->actions);
}
/**
* Authenticate the request and return the authenticated user instance.
*
* @param \Illuminate\Http\Request $request
* @param \Dingo\Api\Routing\Route $route
*
* @throws BadRequestHttpException if no token is provided.
* @throws UnauthorizedHttpException if invalid token or unauthorized user.
*
* @return \Illuminate\Contracts\Auth\Authenticatable
*/
public function authenticate(Request $request, Route $route)
{
$this->validateAuthorizationHeader($request);
$authorizationHeader = $request->header('Authorization');
$encToken = str_replace('Bearer ', '', $authorizationHeader);
if (trim($encToken) == '') {
throw new BadRequestHttpException('Auth0', 'Unable to authenticate with no token.');
}
$clientId = config('auth0.clientId');
$clientSecret = config('auth0.clientSecret');
$token = null;
try {
$token = Auth0JWT::decode($encToken, $clientId, $clientSecret);
} catch (CoreException $e) {
throw new UnauthorizedHttpException('Auth0', 'Unable to authenticate with invalid token.');
}
// if it does not represent a valid user, return a HTTP 401
$user = $this->userRepository->getUserByDecodedJWT($token);
if (!$user) {
throw new UnauthorizedHttpException('Auth0', 'Unauthorized user.');
}
return $user;
}
/**
* Exchanges the code from the URI parameters for an access token, id token and user info
* @return Boolean Wheter it exchanged the code or not correctly
*/
private function exchangeCode()
{
if (!isset($_REQUEST['code'])) {
return false;
}
$code = $_REQUEST['code'];
$this->debugInfo("Code: " . $code);
// Generate the url to the API that will give us the access token and id token
$auth_url = $this->generateUrl('token');
// Make the call
$auth0_response = $this->oauth_client->getAccessToken($auth_url, "authorization_code", array("code" => $code, "redirect_uri" => $this->redirect_uri));
// Parse it
$auth0_response = $auth0_response['result'];
$this->debugInfo(json_encode($auth0_response));
$access_token = isset($auth0_response['access_token']) ? $auth0_response['access_token'] : false;
$id_token = isset($auth0_response['id_token']) ? $auth0_response['id_token'] : false;
if (!$access_token) {
throw new ApiException('Invalid access_token - Retry login.');
}
// Set the access token in the oauth client for future calls to the Auth0 API
$this->oauth_client->setAccessToken($access_token);
$this->oauth_client->setAccessTokenType(Client::ACCESS_TOKEN_BEARER);
// Set it and persist it, if needed
$this->setAccessToken($access_token);
$this->setIdToken($id_token);
$token = Auth0JWT::decode($id_token, $this->client_id, $this->client_secret);
$user = ApiUsers::get($this->domain, $id_token, $token->user_id);
$this->setUser($user);
return true;
}
/**
* Decodes the JWT and validate it
*
* @return \stdClass
*/
public function decodeJWT($encToken)
{
return Auth0JWT::decode($encToken, $this->client_id, $this->client_secret);
}
/**
* Decodes the JWT and validate it
*
* @return stdClass
*/
public function decodeJWT($encToken)
{
return Auth0JWT::decode($encToken, $this->client_id, $this->client_secret, $this->secret_base64_encoded);
}
$events['auth0']['user'] = false;
$events['auth0']['message'] = 'No authorization header sent.';
echo json_encode(array('events' => $events));
exit;
}
/**
* Validate token.
*/
$token = str_replace('Bearer ', '', $authorizationHeader);
$secret = '<--!secret-->';
$client = '<--!client-->';
$domain = "<--!forplay.eu.auth0.com-->";
$decodedToken = null;
$api = new \Auth0\SDK\Auth0Api($token, $domain);
try {
$decodedToken = \Auth0\SDK\Auth0JWT::decode($token, $client, $secret);
} catch (\Auth0\SDK\Exception\CoreException $e) {
header('HTTP/1.0 401 Unauthorized');
/**
* Invalid token.
*/
$events['auth0']['method'] = 'secure';
$events['auth0']['authorized'] = false;
$events['auth0']['api'] = true;
$events['auth0']['user'] = false;
$events['auth0']['message'] = 'Invalid token.';
echo json_encode(array('events' => $events));
exit;
}
try {
$user = $api->users->get($decodedToken->sub);
public function isValidIdToken()
{
//error_reporting(-1); // reports all errors
$headers = getallheaders();
$auth = $headers['Authorization'] ? $headers['Authorization'] : $headers['authorization'];
error_log(print_r($headers, true));
//$tokens = explode(" ", $headers['Authorization']);
$tokens = explode(" ", $auth);
error_log(print_r($tokens, true));
if ($tokens[0] == "Bearer") {
//error_log($tokens[0]);
//error_log($tokens[1]);
//second is client ID and 4th argument is an array
$decoded_id_token = \Auth0\SDK\Auth0JWT::decode($tokens[1], $this->MAPLEAPP_SPA_AUD, $this->MAPLEAPP_SPA_SECRET, []);
return true;
} else {
error_log("error: no bearer in the authorization http header");
return false;
}
}