Fixes to OAuth2 connect-with-openid. Add zothash Claim. Add zotwebbie Claim.

2 files changed, 52 insertions, 4 deletions

diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php
index cbb4748fe..b747b95db 100644
--- a/Zotlabs/Identity/OAuth2Server.php
+++ b/Zotlabs/Identity/OAuth2Server.php
@@ -4,7 +4,7 @@ namespace Zotlabs\Identity;
 
 class OAuth2Server extends \OAuth2\Server {
 
-	public function __construct(OAuth2Storage $storage, $config = []) {
+	public function __construct(OAuth2Storage $storage, $config = null) {
 
 		if(! is_array($config)) {
 			$config = [
@@ -19,7 +19,8 @@ class OAuth2Server extends \OAuth2\Server {
 		$this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
 
 		// Add the "Authorization Code" grant type (this is where the oauth magic happens)
-		$this->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
+                // Need to use OpenID\GrantType to return id_token (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
+		$this->addGrantType(new \OAuth2\OpenID\GrantType\AuthorizationCode($storage));
 
 		$keyStorage = new \OAuth2\Storage\Memory( [
 			'keys' => [
diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php
index bc6db565c..a50b21a70 100644
--- a/Zotlabs/Identity/OAuth2Storage.php
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -50,20 +50,67 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
     public function getUser($username)
     {
 
-		$x = channelx_by_nick($username);
+		$x = channelx_by_n($username);
 		if(! $x) {
 			return false;
 		}
 
 		return( [
+                        'webbie'    => $x['channel_address'].'@'.\App::get_hostname(),
+                        'zothash'   => $x['channel_hash'],
 			'username'  => $x['channel_address'],
 			'user_id'   => $x['channel_id'],
+			'name'      => $x['channel_name'],
 			'firstName' => $x['channel_name'],
 			'lastName'  => '',
 			'password'  => 'NotARealPassword'
 		] );
     }
 
+    public function scopeExists($scope) {
+      // Report that the scope is valid even if it's not.
+      // We will only return a very small subset no matter what.
+      // @TODO: Truly validate the scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //        vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+      //    for more info.
+      return true;
+    }
+
+    public function getDefaultScope($client_id=null) {
+      // Do not REQUIRE a scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //    for more info.
+      return null;
+    }
+
+    public function getUserClaims ($user_id, $claims) {
+      // Populate the CLAIMS requested (if any).
+      // @TODO: create a more reasonable/comprehensive list.
+      // @TODO: present claims on the AUTHORIZATION screen
+
+        $userClaims = Array();
+        $claims = explode (' ', trim($claims));
+        $validclaims = Array ("name","preferred_username","zothash");
+        $claimsmap = Array (
+                            "zotwebbie" => 'webbie',
+                            "zothash" => 'zothash',
+                            "name" => 'name',
+                            "preferred_username" => "username"
+                           );
+        $userinfo = $this->getUser($user_id);
+        foreach ($validclaims as $validclaim) {
+            if (in_array($validclaim,$claims)) {
+              $claimkey = $claimsmap[$validclaim];
+              $userClaims[$validclaim] = $userinfo[$claimkey];
+            } else {
+              $userClaims[$validclaim] = $validclaim;
+            }
+        }
+        $userClaims["sub"]=$user_id;
+        return $userClaims; 
+    }
+
     /**
      * plaintext passwords are bad!  Override this for your application
      *
@@ -78,4 +125,4 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
         return true;
     }
 
-}
\ No newline at end of file
+}