aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID')
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php40
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php8
-rw-r--r--vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php2
3 files changed, 45 insertions, 5 deletions
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
index 54c5f9a63..52e183bb3 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -17,6 +17,16 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
private $nonce;
/**
+ * @var mixed
+ */
+ protected $code_challenge;
+
+ /**
+ * @var mixed
+ */
+ protected $code_challenge_method;
+
+ /**
* Set not authorized response
*
* @param RequestInterface $request
@@ -65,6 +75,10 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
// add the nonce to return with the redirect URI
$params['nonce'] = $this->nonce;
+ // Add PKCE code challenge.
+ $params['code_challenge'] = $this->code_challenge;
+ $params['code_challenge_method'] = $this->code_challenge_method;
+
return $params;
}
@@ -90,6 +104,32 @@ class AuthorizeController extends BaseAuthorizeController implements AuthorizeCo
$this->nonce = $nonce;
+ $code_challenge = $request->query('code_challenge');
+ $code_challenge_method = $request->query('code_challenge_method');
+
+ if ($this->config['enforce_pkce']) {
+ if (!$code_challenge) {
+ $response->setError(400, 'missing_code_challenge', 'This application requires you provide a PKCE code challenge');
+
+ return false;
+ }
+
+ if (preg_match('/^[A-Za-z0-9-._~]{43,128}$/', $code_challenge) !== 1) {
+ $response->setError(400, 'invalid_code_challenge', 'The PKCE code challenge supplied is invalid');
+
+ return false;
+ }
+
+ if (!in_array($code_challenge_method, array('plain', 'S256'), true)) {
+ $response->setError(400, 'missing_code_challenge_method', 'This application requires you specify a PKCE code challenge method');
+
+ return false;
+ }
+ }
+
+ $this->code_challenge = $code_challenge;
+ $this->code_challenge_method = $code_challenge_method;
+
return true;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
index b8ad41ffb..19e04104d 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/ResponseType/AuthorizationCode.php
@@ -31,9 +31,9 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo
// build the URL to redirect to
$result = array('query' => array());
- $params += array('scope' => null, 'state' => null, 'id_token' => null);
+ $params += array('scope' => null, 'state' => null, 'id_token' => null, 'code_challenge' => null, 'code_challenge_method' => null);
- $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token']);
+ $result['query']['code'] = $this->createAuthorizationCode($params['client_id'], $user_id, $params['redirect_uri'], $params['scope'], $params['id_token'], $params['code_challenge'], $params['code_challenge_method']);
if (isset($params['state'])) {
$result['query']['state'] = $params['state'];
@@ -56,10 +56,10 @@ class AuthorizationCode extends BaseAuthorizationCode implements AuthorizationCo
* @see http://tools.ietf.org/html/rfc6749#section-4
* @ingroup oauth2_section_4
*/
- public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null)
+ public function createAuthorizationCode($client_id, $user_id, $redirect_uri, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null)
{
$code = $this->generateAuthorizationCode();
- $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token);
+ $this->storage->setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, time() + $this->config['auth_code_lifetime'], $scope, $id_token, $code_challenge, $code_challenge_method);
return $code;
}
diff --git a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
index 446cec928..8e0988ff4 100644
--- a/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
+++ b/vendor/bshaffer/oauth2-server-php/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
@@ -33,5 +33,5 @@ interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
*
* @ingroup oauth2_section_4
*/
- public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null, $code_challenge = null, $code_challenge_method = null);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 18:02:15 +0000