search

facile-it / php-openid-client

PHP OpenID Client
36 stars 7 forks source link

Unable to customize sent claims. #6

Closed drupol closed 3 years ago

drupol commented 3 years ago

Hello!

In ClientSecretJWT.php, the users claims are merged with the new claims.

array_merge(
            $claims,
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ]
        )

The fact that it is in this particular order, makes it impossible to customize the claims in IntrospectionService (and probably in some other places as well).

I could provide a PR where $claims is after instead of being before? Do you think it make sense?

Something like that:

array_merge(
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ],
            $claims
        )

or 

[
            $claims +
            [
                'iss' => $clientId,
                'sub' => $clientId,
                'aud' => $issuerMetadata->getIssuer(),
                'iat' => $time,
                'exp' => $time + 60,
                'jti' => $jti,
            ],
]

Thanks!

drupol commented 3 years ago

Fixed, thanks!