From a96dbae58cea110638fe8328c2332670c232c250 Mon Sep 17 00:00:00 2001 From: abublihi Date: Mon, 29 Jan 2024 21:48:16 +0300 Subject: [PATCH] Support issuer ( iss )claim --- config/passport-claims.php | 14 +++++++++- src/AccessToken.php | 4 +++ tests/AccessTokenClaimTest.php | 48 ++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/config/passport-claims.php b/config/passport-claims.php index d344ba2..f6e0354 100644 --- a/config/passport-claims.php +++ b/config/passport-claims.php @@ -13,5 +13,17 @@ */ 'claims' => [ // App\Claims\CustomClaim::class - ] + ], + + /* + |-------------------------------------------------------------------------- + | Issue Claim + |-------------------------------------------------------------------------- + | + | Here you config the issue claim, weather to add it or not and what is the issuer. + | NOTE: it will set the `iss` claim ref: https://www.rfc-editor.org/rfc/rfc7519#section-4.1.1 + | + */ + 'issuer_enabled' => env('JWT_ISSUER_ENABLED', false), + 'issuer' => env('JWT_ISSUER'), ]; diff --git a/src/AccessToken.php b/src/AccessToken.php index 6eabe5b..ce687b5 100644 --- a/src/AccessToken.php +++ b/src/AccessToken.php @@ -31,6 +31,10 @@ private function convertToJWT() : Token ->relatedTo((string) $this->getUserIdentifier()) ->withClaim('scopes', $this->getScopes()); + if (config('passport-claims.issuer_enabled') && config('passport-claims.issuer')) { + $jwt = $jwt->issuedBy(config('passport-claims.issuer')); + } + return collect(app(Pipeline::class) ->send($this) ->through(config('passport-claims.claims', [])) diff --git a/tests/AccessTokenClaimTest.php b/tests/AccessTokenClaimTest.php index b1851b7..a1ec4c1 100644 --- a/tests/AccessTokenClaimTest.php +++ b/tests/AccessTokenClaimTest.php @@ -48,5 +48,53 @@ public function test_can_add_claims_to_token() $this->assertEquals('test', $jwt->claims()->get('my-claim')); $this->assertEquals('test', $jwt->claims()->get('another-claim')); } + + public function test_jwt_dose_not_include_iss_claim_by_default() + { + /* set up the environment */ + $repository = new AccessTokenRepository(m::mock(TokenRepository::class), m::mock(Dispatcher::class)); + $client = new Client('client-id', 'name', 'redirect'); + $scopes = []; + $userIdentifier = 1; + $keys = (new RSA())->createKey(2048); + + /* create the laravel token */ + $token = $repository->getNewToken($client, $scopes, $userIdentifier); + $token->setPrivateKey(new CryptKey($keys['privatekey'])); + $token->setExpiryDateTime(CarbonImmutable::now()->addHour()); + $token->setIdentifier('test'); + + /* convert the token to a JWT and parse the JWT back to a Token */ + $jwt = (new Parser(new JoseEncoder))->parse($token->__toString()); + + /* assert our claims were set on the token */ + $this->assertEquals(null, $jwt->claims()->get('iss')); + } + + public function test_jwt_has_iss_claim_when_configured() + { + /* set up the environment */ + $repository = new AccessTokenRepository(m::mock(TokenRepository::class), m::mock(Dispatcher::class)); + $client = new Client('client-id', 'name', 'redirect'); + $scopes = []; + $userIdentifier = 1; + $keys = (new RSA())->createKey(2048); + + /* set custom claims, defined below this test */ + app('config')->set('passport-claims.issuer_enabled', true); + app('config')->set('passport-claims.issuer', 'https://example.com'); + + /* create the laravel token */ + $token = $repository->getNewToken($client, $scopes, $userIdentifier); + $token->setPrivateKey(new CryptKey($keys['privatekey'])); + $token->setExpiryDateTime(CarbonImmutable::now()->addHour()); + $token->setIdentifier('test'); + + /* convert the token to a JWT and parse the JWT back to a Token */ + $jwt = (new Parser(new JoseEncoder))->parse($token->__toString()); + + /* assert our claims were set on the token */ + $this->assertEquals('https://example.com', $jwt->claims()->get('iss')); + } }