Open hhniao opened 6 years ago
alexandre-le-borgne
commented
6 years ago I had the same problem as you and I just override the method getDefaultResponseTypes() by removing the condition:
if (0 == count($this->responseTypes)) { $this->responseTypes = $this->getDefaultResponseTypes(); }
Then, you can pass in the parameter your own reponse types.
hhniao
commented
6 years ago thanks for you answer. sure, if remove this condition. then all be working. but i have a question, why them write this condition here? it is ietf of rules? or any other?
ps: i have received a email from github for notice the reply. but content of email is diffrenent with reply.
alexandre-le-borgne
commented
6 years ago I think it is a mistake of the author.
He considers that if you customize a single response type then you must pass as a parameter of the constructor of the class Server all types that you use. The good idea would have been to be able to modify the classes used by the response types without being able to edit available response types because default ones already respect the RFC (code, id_token, token etc)
Reply of ps: Yes i edited my comment, ignore it. Same thing for this one ;)
hhniao
commented
6 years ago as you say, it is respect the RFC, so it maybe respect rules of openid(i dont know how to call this organization.) too? if it is respect rules of openid, so maybe no need to write any code. maybe some config options can be finish it.
http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes A Subject Identifier is a locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client. Two Subject Identifier types are defined by this specification:
public This provides the same sub (subject) value to all Clients. It is the default if the provider has no subject_types_supported element in its discovery document. pairwise This provides a different sub value to each Client, so as not to enable Clients to correlate the End-User's activities without permission. The OpenID Provider's Discovery document SHOULD list its supported Subject Identifier types in the subject_types_supported element. If there is more than one type listed in the array, the Client MAY elect to provide its preferred identifier type using the subject_type parameter during Registration.
because i dont expect show any "real user id" in the id token. maybe show "real user id" dont have any problem? like this: `public function createIdToken($client_id, $userInfo, $nonce = null, $userClaims = null, $access_token = null) { list($user_id, $auth_time) = $this->getUserIdAndAuthTime($userInfo); $user_id = md5($client_id . $user_id); ... ...
}`
override this method? i dont know how to override it. becaose Server::createDefaultIdTokenResponseType() make me cant use any other IdToken class. so maybe i need to rewrite Server::createDefaultIdTokenResponseType()?
i have take a look Server::addResponseType(), and try it. i need add all ResponseType if i add one of ResponseType. becaose Server::createDefaultAuthorizeController(), have section to check ResponseType count.
if (0 == count($this->responseTypes)) { $this->responseTypes = $this->getDefaultResponseTypes(); }