/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { if (!array_key_exists('id_token_encrypted_response_alg', $registration_parameters) || !array_key_exists('id_token_encrypted_response_enc', $registration_parameters)) { return; } Assertion::string($registration_parameters['id_token_encrypted_response_alg'], 'Invalid parameter "id_token_encrypted_response_alg". The value must be a string.'); Assertion::string($registration_parameters['id_token_encrypted_response_enc'], 'Invalid parameter "id_token_encrypted_response_enc". The value must be a string.'); Assertion::inArray($registration_parameters['id_token_encrypted_response_alg'], $this->getIdTokenManager()->getSupportedKeyEncryptionAlgorithms(), sprintf('The ID Token content encryption algorithm "%s" is not supported. Please choose one of the following algorithm: %s', $registration_parameters['id_token_encrypted_response_alg'], json_encode($this->getIdTokenManager()->getSupportedContentEncryptionAlgorithms()))); Assertion::inArray($registration_parameters['id_token_encrypted_response_enc'], $this->getIdTokenManager()->getSupportedContentEncryptionAlgorithms(), sprintf('The ID Token key encryption algorithm "%s" is not supported. Please choose one of the following algorithm: %s', $registration_parameters['id_token_encrypted_response_enc'], json_encode($this->getIdTokenManager()->getSupportedKeyEncryptionAlgorithms()))); $client->set('id_token_encrypted_response_alg', $registration_parameters['id_token_encrypted_response_alg']); $client->set('id_token_encrypted_response_enc', $registration_parameters['id_token_encrypted_response_enc']); }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { foreach (['software_id', 'software_version', 'software_statement'] as $key) { if (array_key_exists($key, $registration_parameters)) { $client->set($key, $registration_parameters[$key]); } } }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { if (!array_key_exists('sector_identifier_uri', $registration_parameters)) { return; } Assertion::url($registration_parameters['sector_identifier_uri'], sprintf('The sector identifier URI "%s" is not valid.', $registration_parameters['sector_identifier_uri'])); $this->checkSectorIdentifierUri($registration_parameters['sector_identifier_uri']); $client->set('sector_identifier_uri', $registration_parameters['sector_identifier_uri']); }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { if (!array_key_exists('request_uris', $registration_parameters)) { return; } Assertion::isArray($registration_parameters['request_uris'], 'The parameter "request_uris" must be a list of URI.'); Assertion::allUrl($registration_parameters['request_uris'], 'The parameter "request_uris" must be a list of URI.'); $client->set('request_uris', $registration_parameters['request_uris']); }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { $metadatas = []; foreach ($this->getSupportedParameters() as $parameter => $closure) { $metadatas = array_merge($metadatas, $this->getInternationalizedParameters($registration_parameters, $parameter, $closure)); } foreach ($metadatas as $k => $v) { $client->set($k, $v); } }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { if (!$this->hasScopeManager()) { return; } if (array_key_exists('scope', $registration_parameters)) { Assertion::regex($registration_parameters['scope'], '/^[\\x20\\x23-\\x5B\\x5D-\\x7E]+$/', 'Invalid characters found in the "scope" parameter.'); $client->set('scope', $registration_parameters['scope']); } if (array_key_exists('scope_policy', $registration_parameters)) { Assertion::inArray($registration_parameters['scope_policy'], $this->getScopeManager()->getSupportedScopePolicies(), sprintf('The scope policy "%s" is not supported. Please choose one of the following policy: "%s".', $registration_parameters['scope_policy'], json_encode($this->getScopeManager()->getSupportedScopePolicies()))); $client->set('scope_policy', $registration_parameters['scope_policy']); } /* * Should be handled by the scope policy itself */ if (array_key_exists('default_scope', $registration_parameters)) { Assertion::regex($registration_parameters['default_scope'], '/^[\\x20\\x23-\\x5B\\x5D-\\x7E]+$/', 'Invalid characters found in the "default_scope" parameter.'); $client->set('default_scope', $registration_parameters['default_scope']); } }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { if (!array_key_exists('subject_type', $registration_parameters)) { return; } Assertion::string($registration_parameters['subject_type'], 'Invalid parameter "subject_type". The value must be a string.'); $supported_types = ['public']; if ($this->getUserinfo()->isPairwiseSubjectIdentifierSupported()) { $supported_types[] = 'pairwise'; } Assertion::inArray($registration_parameters['subject_type'], $supported_types, sprintf('The subject type "%s" is not supported. Please use one of the following value: %s', $registration_parameters['subject_type'], json_encode($supported_types))); $client->set('subject_type', $registration_parameters['subject_type']); }
/** * {@inheritdoc} */ public function checkClientConfiguration(array $client_configuration, ClientInterface $client) { $client->set('client_secret', $this->createClientSecret()); $client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime); }
/** * @param \Symfony\Component\Console\Input\InputInterface $input * @param \Symfony\Component\Console\Output\OutputInterface $output * @param \OAuth2\Client\ClientInterface $client */ private function selectGrantTypes(InputInterface $input, OutputInterface $output, ClientInterface $client) { $token_endpoint = $this->getContainer()->get('oauth2_server.grant_type.manager'); $helper = $this->getHelper('question'); $question = new ChoiceQuestion('Please select allowed grant types.', $token_endpoint->getSupportedGrantTypes()); $question->setMultiselect(true); $question->setErrorMessage('The grant type "%s" is invalid.'); $grant_types = $helper->ask($input, $output, $question); $client->set('grant_types', $grant_types); }
/** * @param \OAuth2\Client\ClientInterface $client * @param array $registration_parameters */ private function checkResponseTypes(ClientInterface $client, array $registration_parameters) { Assertion::isArray($registration_parameters['response_types'], 'The parameter "response_types" must be an array of strings.'); Assertion::allString($registration_parameters['response_types'], 'The parameter "grant_types" must be an array of strings.'); foreach ($registration_parameters['response_types'] as $response_type) { $types = $this->getResponseTypeManager()->getResponseTypes($response_type); if (!in_array($response_type, $client->get('response_types'))) { $response_types = $client->get('response_types'); $response_types[] = $response_type; $client->set('response_types', $response_types); } foreach ($types as $type) { $associated_grant_types = $type->getAssociatedGrantTypes(); $diff = array_diff($associated_grant_types, $registration_parameters['grant_types']); Assertion::true(empty($diff), sprintf('The response type "%s" is associated with the grant types "%s" but this response type is missing.', $type->getResponseType(), json_encode($diff))); $client->set('grant_types', array_unique(array_merge($client->get('grant_types'), $associated_grant_types))); } } }
/** * {@inheritdoc} */ public function checkClientConfiguration(array $client_configuration, ClientInterface $client) { if ('client_secret_jwt' === $client_configuration['token_endpoint_auth_method']) { $client->set('client_secret', $this->createClientSecret()); $client->set('client_secret_expires_at', 0 === $this->secret_lifetime ? 0 : time() + $this->secret_lifetime); } elseif ('private_key_jwt' === $client_configuration['token_endpoint_auth_method']) { Assertion::true(array_key_exists('jwks', $client_configuration) xor array_key_exists('jwks_uri', $client_configuration), 'The parameter "jwks" or "jwks_uri" must be set.'); if (array_key_exists('jwks', $client_configuration)) { $jwks = new JWKSet($client_configuration['jwks']); Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks" must be a valid JWKSet object.'); $client->set('jwks', $client_configuration['jwks']); } else { $jwks = JWKFactory::createFromJKU($client_configuration['jwks_uri']); Assertion::isInstanceOf($jwks, JWKSetInterface::class, 'The parameter "jwks_uri" must be a valid uri that provide a valid JWKSet.'); $client->set('jwks_uri', $client_configuration['jwks_uri']); } } else { throw new \InvalidArgumentException('Unsupported token endpoint authentication method.'); } }
/** * {@inheritdoc} */ public function check(ClientInterface $client, array $registration_parameters) { $client->set('registration_client_uri', $this->getRegistrationClientUri($client)); $client->set('registration_access_token', $this->getRegistrationAccessToken($client)); }