Closed drupol closed 3 years ago
Hello,
In IntrospectionService.php, we should use the proper aud key in the client_assertion, which should be provided by the issuer.
aud
client_assertion
In order to do that, we should do:
public function introspect(OpenIDClient $client, string $token, array $params = []): array { $endpointUri = get_endpoint_uri($client, 'introspection_endpoint'); $authMethod = $client->getAuthMethodFactory() ->create($client->getMetadata()->getIntrospectionEndpointAuthMethod()); $tokenRequest = $this->requestFactory->createRequest('POST', $endpointUri) ->withHeader('content-type', 'application/x-www-form-urlencoded'); // This is the changes $params += [ 'token' => $token, 'aud' => $client->getIssuer()->getMetadata()->getIntrospectionEndpoint(), ]; // This is the end of the changes. $tokenRequest = $authMethod->createRequest($tokenRequest, $client, $params); $httpClient = $client->getHttpClient() ?? $this->client; try { $response = $httpClient->sendRequest($tokenRequest); dump($response); dump((string) $response->getBody()); } catch (ClientExceptionInterface $e) { throw new RuntimeException('Unable to get revocation response', 0, $e); } return parse_metadata_response($response, 200); }
By using this construction, the user is free to customize this as well if needed through the $claims variable.
$claims
This issue depends on #6
Fixed, thanks!
drupol
commented
3 years ago drupol
commented
3 years ago
Hello,
In IntrospectionService.php, we should use the proper
audkey in theclient_assertion, which should be provided by the issuer.In order to do that, we should do:
By using this construction, the user is free to customize this as well if needed through the
$claimsvariable.This issue depends on #6