Browse Source

Updated claims on OpenId/OAuth

* updated claim nickname to be user identifier
* added sub claim to endpoint /api/v1/userinfo/me
* fixed broken test

Change-Id: I9c34e5c2271ba5bcf7e480ea31530d1717fb0e09
tags/1.0.21^0
Sebastian Marcet 2 years ago
parent
commit
b459998364

+ 1
- 0
app/Repositories/EloquentResourceServerRepository.php View File

@@ -39,6 +39,7 @@ final class EloquentResourceServerRepository
39 39
      */
40 40
     public function getByHost($host)
41 41
     {
42
+        if(!is_array($host)) $host = [$host];
42 43
         return $this->entity->whereIn('host', $host)->first();
43 44
     }
44 45
 

+ 8
- 7
app/Services/OAuth2/ResourceServer/UserService.php View File

@@ -127,13 +127,14 @@ class UserService extends OAuth2ProtectedService implements IUserService
127 127
                 $pic_url    = $current_user->getPic();
128 128
                 $pic_url    = str_contains($pic_url, 'http') ? $pic_url : $assets_url . $pic_url;
129 129
 
130
-                $data[StandardClaims::Name]       = $current_user->getFullName();
131
-                $data[StandardClaims::GivenName]  = $current_user->getFirstName();
132
-                $data[StandardClaims::FamilyName] = $current_user->getLastName();
133
-                $data[StandardClaims::NickName]   = $current_user->getNickName();
134
-                $data[StandardClaims::Picture]    = $pic_url;
135
-                $data[StandardClaims::Birthdate]  = $current_user->getDateOfBirth();
136
-                $data[StandardClaims::Gender]     = $current_user->getGender();
130
+                $data[StandardClaims::Name]                = $current_user->getFullName();
131
+                $data[StandardClaims::GivenName]           = $current_user->getFirstName();
132
+                $data[StandardClaims::FamilyName]          = $current_user->getLastName();
133
+                $data[StandardClaims::NickName]            = $current_user->getIdentifier();
134
+                $data[StandardClaims::SubjectIdentifier]   = $current_user->getAuthIdentifier();
135
+                $data[StandardClaims::Picture]             = $pic_url;
136
+                $data[StandardClaims::Birthdate]           = $current_user->getDateOfBirth();
137
+                $data[StandardClaims::Gender]              = $current_user->getGender();
137 138
             }
138 139
             if (in_array(self::UserProfileScope_Email, $scopes)) {
139 140
                 // Email Claim

+ 11
- 8
app/libs/OpenId/Extensions/Implementations/OpenIdSREGExtension_1_0.php View File

@@ -76,15 +76,15 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension
76 76
 
77 77
         $this->auth_service = $auth_service;
78 78
 
79
-        self::$available_properties[OpenIdSREGExtension::Nickname] = OpenIdSREGExtension::Nickname;
80
-        self::$available_properties[OpenIdSREGExtension::Email] = OpenIdSREGExtension::Email;
81
-        self::$available_properties[OpenIdSREGExtension::FullName] = OpenIdSREGExtension::FullName;
82
-        self::$available_properties[OpenIdSREGExtension::Country] = OpenIdSREGExtension::Country;
83
-        self::$available_properties[OpenIdSREGExtension::Language] = OpenIdSREGExtension::Language;
84
-        self::$available_properties[OpenIdSREGExtension::Gender] = OpenIdSREGExtension::Gender;
79
+        self::$available_properties[OpenIdSREGExtension::Nickname]       = OpenIdSREGExtension::Nickname;
80
+        self::$available_properties[OpenIdSREGExtension::Email]          = OpenIdSREGExtension::Email;
81
+        self::$available_properties[OpenIdSREGExtension::FullName]       = OpenIdSREGExtension::FullName;
82
+        self::$available_properties[OpenIdSREGExtension::Country]        = OpenIdSREGExtension::Country;
83
+        self::$available_properties[OpenIdSREGExtension::Language]       = OpenIdSREGExtension::Language;
84
+        self::$available_properties[OpenIdSREGExtension::Gender]         = OpenIdSREGExtension::Gender;
85 85
         self::$available_properties[OpenIdSREGExtension::DateOfBirthday] = OpenIdSREGExtension::DateOfBirthday;
86
-        self::$available_properties[OpenIdSREGExtension::Postcode] = OpenIdSREGExtension::Postcode;
87
-        self::$available_properties[OpenIdSREGExtension::Timezone] = OpenIdSREGExtension::Timezone;
86
+        self::$available_properties[OpenIdSREGExtension::Postcode]       = OpenIdSREGExtension::Postcode;
87
+        self::$available_properties[OpenIdSREGExtension::Timezone]       = OpenIdSREGExtension::Timezone;
88 88
     }
89 89
 
90 90
     /**
@@ -152,6 +152,9 @@ class OpenIdSREGExtension_1_0 extends OpenIdExtension
152 152
                 if ($attr == self::Nickname || $attr == self::FullName) {
153 153
                     $response->addParam(self::param($attr), $user->getFullName());
154 154
                 }
155
+                if ($attr == self::Nickname) {
156
+                    $response->addParam(self::param($attr), $user->getIdentifier());
157
+                }
155 158
                 if ($attr == self::Language) {
156 159
                     $response->addParam(self::param($attr), $user->getLanguage());
157 160
                 }

+ 1
- 1
tests/OpenIdProtocolTest.php View File

@@ -635,7 +635,7 @@ class OpenIdProtocolTest extends OpenStackIDBaseTest
635 635
 
636 636
         //set login info
637 637
         Session::set("openid.authorization.response", IAuthService::AuthorizationResponse_AllowForever);
638
-        $sreg_required_params = array('email', 'fullname');
638
+        $sreg_required_params = array('email', 'fullname', 'nickname');
639 639
 
640 640
         $params = array(
641 641
             OpenIdProtocol::param(OpenIdProtocol::OpenIDProtocol_NS) => OpenIdProtocol::OpenID2MessageType,

Loading…
Cancel
Save