Support issuer ( iss )claim

corbosman · Jan 29, 2024 · a96dbae · a96dbae
1 parent 322aa80
commit a96dbae
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 1 deletion.
diff --git a/config/passport-claims.php b/config/passport-claims.php
@@ -13,5 +13,17 @@
     */
     'claims' => [
         // App\Claims\CustomClaim::class
-    ]
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Issue Claim
+    |--------------------------------------------------------------------------
+    |
+    | Here you config the issue claim, weather to add it or not and what is the issuer.
+    | NOTE: it will set the `iss` claim ref: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1
+    |
+    */
+    'issuer_enabled' => env('JWT_ISSUER_ENABLED', false),
+    'issuer' => env('JWT_ISSUER'),
 ];
diff --git a/src/AccessToken.php b/src/AccessToken.php
@@ -31,6 +31,10 @@ private function convertToJWT() : Token
             ->relatedTo((string) $this->getUserIdentifier())
             ->withClaim('scopes', $this->getScopes());
 
+        if (config('passport-claims.issuer_enabled') && config('passport-claims.issuer')) {
+            $jwt = $jwt->issuedBy(config('passport-claims.issuer'));
+        }
+
         return collect(app(Pipeline::class)
             ->send($this)
             ->through(config('passport-claims.claims', []))

diff --git a/tests/AccessTokenClaimTest.php b/tests/AccessTokenClaimTest.php
@@ -48,5 +48,53 @@ public function test_can_add_claims_to_token()
         $this->assertEquals('test', $jwt->claims()->get('my-claim'));
         $this->assertEquals('test', $jwt->claims()->get('another-claim'));
     }
+
+    public function test_jwt_dose_not_include_iss_claim_by_default()
+    {
+         /* set up the environment */
+         $repository = new AccessTokenRepository(m::mock(TokenRepository::class), m::mock(Dispatcher::class));
+         $client = new Client('client-id', 'name', 'redirect');
+         $scopes = [];
+         $userIdentifier = 1;
+         $keys = (new RSA())->createKey(2048);
+
+        /* create the laravel token */
+        $token = $repository->getNewToken($client, $scopes, $userIdentifier);
+        $token->setPrivateKey(new CryptKey($keys['privatekey']));
+        $token->setExpiryDateTime(CarbonImmutable::now()->addHour());
+        $token->setIdentifier('test');
+
+        /* convert the token to a JWT and parse the JWT back to a Token */
+        $jwt = (new Parser(new JoseEncoder))->parse($token->__toString());
+
+        /* assert our claims were set on the token */
+        $this->assertEquals(null, $jwt->claims()->get('iss'));
+    }
+
+    public function test_jwt_has_iss_claim_when_configured()
+    {
+         /* set up the environment */
+         $repository = new AccessTokenRepository(m::mock(TokenRepository::class), m::mock(Dispatcher::class));
+         $client = new Client('client-id', 'name', 'redirect');
+         $scopes = [];
+         $userIdentifier = 1;
+         $keys = (new RSA())->createKey(2048);
+
+        /* set custom claims, defined below this test */
+        app('config')->set('passport-claims.issuer_enabled', true);
+        app('config')->set('passport-claims.issuer', 'https://example.com');
+
+        /* create the laravel token */
+        $token = $repository->getNewToken($client, $scopes, $userIdentifier);
+        $token->setPrivateKey(new CryptKey($keys['privatekey']));
+        $token->setExpiryDateTime(CarbonImmutable::now()->addHour());
+        $token->setIdentifier('test');
+
+        /* convert the token to a JWT and parse the JWT back to a Token */
+        $jwt = (new Parser(new JoseEncoder))->parse($token->__toString());
+
+        /* assert our claims were set on the token */
+        $this->assertEquals('https://example.com', $jwt->claims()->get('iss'));
+    }
 }