From 87e919b518541bf220e344aa9c0fe3256ffa6c0a Mon Sep 17 00:00:00 2001 From: Bastian Duenhofen Date: Mon, 11 Sep 2023 21:17:12 +0200 Subject: [PATCH 1/2] [Feature] retrieving resource owner form JSON Web Token if no oidcEndpointUserInfo is set --- Classes/Service/AuthenticationService.php | 26 +++++++++++++++++------ 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/Classes/Service/AuthenticationService.php b/Classes/Service/AuthenticationService.php index 1d6436f..9fd3c48 100644 --- a/Classes/Service/AuthenticationService.php +++ b/Classes/Service/AuthenticationService.php @@ -242,14 +242,26 @@ protected function authenticateWithResourceOwnerPasswordCredentials(string $user protected function getUserFromAccessToken(OAuthService $service, AccessToken $accessToken) { // Using the access token, we may look up details about the resource owner - try { - $this->logger->debug('Retrieving resource owner'); - $resourceOwner = $service->getResourceOwner($accessToken)->toArray(); - $this->logger->debug('Resource owner retrieved', $resourceOwner); - } catch (IdentityProviderException $e) { - $this->logger->error('Could not retrieve resource owner', ['exception' => $e]); - return false; + if ($this->config['oidcEndpointUserInfo'] !== '') { + try { + $this->logger->debug('Retrieving resource owner'); + $resourceOwner = $service->getResourceOwner($accessToken)->toArray(); + $this->logger->debug('Resource owner retrieved', $resourceOwner); + } catch (IdentityProviderException $e) { + $this->logger->error('Could not retrieve resource owner', ['exception' => $e]); + return false; + } + } else { + $this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); + $jwt = $accessToken->getToken(); + $jwtDecoded = base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $jwt)[1]))); + $resourceOwner = json_decode($jwtDecoded, true); + if (json_last_error() !== JSON_ERROR_NONE) { + $this->logger->error('Could not retrieve resource owner from JSON Web Token', ['Failed to parse JSON response: %s' => json_last_error_msg()]); + return false; + } } + if (empty($resourceOwner['sub'])) { $this->logger->error('No "sub" found in resource owner, revoking access token'); try { From 8ba0592c5dfc71a06288d88b7d1ac84f5448af5b Mon Sep 17 00:00:00 2001 From: Bastian Duenhofen Date: Thu, 14 Sep 2023 08:02:13 +0200 Subject: [PATCH 2/2] [Fix] typos and apply cs --- Classes/Service/AuthenticationService.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Classes/Service/AuthenticationService.php b/Classes/Service/AuthenticationService.php index 9fd3c48..e497165 100644 --- a/Classes/Service/AuthenticationService.php +++ b/Classes/Service/AuthenticationService.php @@ -252,9 +252,9 @@ protected function getUserFromAccessToken(OAuthService $service, AccessToken $ac return false; } } else { - $this->logger->debug('UserInfo Endpoint is not set, retrie resource owner form JSON Web Token'); + $this->logger->debug('UserInfo Endpoint is not set, retrieve resource owner from JSON Web Token'); $jwt = $accessToken->getToken(); - $jwtDecoded = base64_decode(str_replace('_', '/', str_replace('-','+',explode('.', $jwt)[1]))); + $jwtDecoded = base64_decode(str_replace('_', '/', str_replace('-', '+', explode('.', $jwt)[1]))); $resourceOwner = json_decode($jwtDecoded, true); if (json_last_error() !== JSON_ERROR_NONE) { $this->logger->error('Could not retrieve resource owner from JSON Web Token', ['Failed to parse JSON response: %s' => json_last_error_msg()]);