Adding well-known configuration and JWKS routes in Laravel #16
Conversation
moufmouf
changed the title
moufmouf
force-pushed
the
autodiscovery
branch
from
5bedbe9 to
3be9e08
Compare
|
I would be very interested in this PR, is there something left to do @ronvanderheijden? Or is there any case I could help bringing this PR forward? |
|
I don't think the owner will make this PR forward, will you guys make this own community repo? |
|
@aungmyatmoethegreat I will as a last resort. Before taking such steps, we should ask the repo owner if he needs some help. Maybe he saw the PRs but has no time to deal with those. I opened an issue to ask here: #21 |
| @@ -35,26 +35,25 @@ public function boot() | |||
| __DIR__ . '/config/openid.php' => $this->app->configPath('openid.php'), | |||
| ], ['openid', 'openid-config']); | |||
|
|
|||
| $this->loadRoutesFrom(__DIR__.'/routes/web.php'); | |||
There was a problem hiding this comment.
I think we should only add the routes when the setting is enable in the config.
There was a problem hiding this comment.
Good idea. I added in the config a routes entry and one can now select which routes should be enabled (I put the conditions in the web.php file)
src/Laravel/routes/web.php
Outdated
| Route::get('/oauth/jwks', \OpenIDConnect\Laravel\JwksController::class."@jwks")->name('openid.jwks'); | ||
| Route::get('/.well-known/openid-configuration', \OpenIDConnect\Laravel\DiscoveryController::class."@discovery")->name('openid.discovery'); |
There was a problem hiding this comment.
| Route::get('/oauth/jwks', \OpenIDConnect\Laravel\JwksController::class."@jwks")->name('openid.jwks'); | |
| Route::get('/.well-known/openid-configuration', \OpenIDConnect\Laravel\DiscoveryController::class."@discovery")->name('openid.discovery'); | |
| use OpenIDConnect\Laravel\JwksController; | |
| use OpenIDConnect\Laravel\DiscoveryController; | |
| Route::get('/oauth/jwks', [JwksController::class, 'jwks'])->name('openid.jwks'); | |
| Route::get('/.well-known/openid-configuration', [DiscoveryController::class, 'discovery'])->name('openid.discovery'); |
There was a problem hiding this comment.
But an __invoke() is perhaps a better improvement.
There was a problem hiding this comment.
Let's go for the __invoke!
src/Laravel/DiscoveryController.php
Outdated
|
|
||
| class DiscoveryController | ||
| { | ||
| public function discovery(Request $request) |
There was a problem hiding this comment.
Can't we use an invocable controller while calling a single method?
| public function discovery(Request $request) | |
| public function __invoke(Request $request) |
src/IdTokenResponse.php
Outdated
| @@ -21,15 +21,18 @@ class IdTokenResponse extends BearerTokenResponse | |||
| protected ClaimExtractor $claimExtractor; | |||
|
|
|||
| private Configuration $config; | |||
| private ?string $issuer; | |||
|
|
|||
| public function __construct( | |||
There was a problem hiding this comment.
I think we can use constructor property promotion in PHP 8.0. So that we can combine class fields, constructor definition and variable assignments all into one syntax, in the construct parameter list.
There was a problem hiding this comment.
The package is still compatible with PHP 7.4 (that's what is declared in composer.json) so I guess this is a no go for this version at least.
src/Laravel/JwksController.php
Outdated
| } | ||
|
|
||
| private function getPublicKey(): string { | ||
| $publicKey = str_replace('\\n', "\n", app()->make(Config::class)->get('passport.public_key') ?? ''); |
There was a problem hiding this comment.
In Larvel 11, config/passport.php is not published by default, so that we might use passport keypart to retieve the public key.
| $publicKey = str_replace('\\n', "\n", app()->make(Config::class)->get('passport.public_key') ?? ''); | |
| $publicKeyFile = File::get(Passport::keyPath('oauth-public.key')); | |
| $publicKey = str_replace('\\n', "\n", $publicKeyFile); |
There was a problem hiding this comment.
The public key file is not necessarily a file. It can come from env vars for instance. And I believe the config method will still read from the config file of teh package (even if the config is not published)
When using Laravel with Passport, we have enough knowledge of the environment to be able to provide 2 useful routes our of the box: - a discovery endpoint at `/.well-known/openid-configuration`. - a JWKS endpoint at `/oauth/jwks`. This greatly eases integrating with Laravel since clients can now use auto-discovery to integrate with Laravel + PassPort + OpenID.
Co-authored-by: Ron van der Heijden <[email protected]>
Routes can now be disabled from the config. Also, switching to using invokable routes.
|
@ronvanderheijden Thanks a lot for the review. I took your comments (and those of @aungmyatmoethegreat) in consideration and pushed the change. Tell me if it looks good. I'll rebase the other PRS depending on this one to apply the changes to all depending PRs. |
|
Ok, let's merge this! 👍 |
|
This pull-request breaks the actions. I have fixed them in pull-requests #23 :) |
|
Hey @ronvanderheijden, Really sorry about that. I did not notice the actions. For some reason, they did not show up in the pull request on my side. I'll double check for the other PRs! |
When using Laravel with Passport, we have enough knowledge of the environment
to be able to provide 2 useful routes our of the box:
/.well-known/openid-configuration./oauth/jwks.This greatly eases integrating with Laravel since clients can now
use auto-discovery to integrate with Laravel + PassPort + OpenID.
This PR has been successfully tested using the Javascript openid-client package.
This PR is based on top of #13