jeremy379 / laravel-openid-connect

Implement OpenID Connect inside Laravel
MIT License
27 stars 13 forks source link

Implict flow not supported #6

Closed georgeboot closed 3 months ago

georgeboot commented 1 year ago

Issue previously raised in https://github.com/thephpleague/oauth2-server/issues/1374

When I use the authorisation code grant, this works as expected.

However, when I try to do an implict flow by setting response_type=token id_token or response_type=id_token, the server always rejects the request because the following check does not match the request: https://github.com/thephpleague/oauth2-server/blob/ab7714d073844497fd222d5d0a217629089936bc/src/Grant/ImplicitGrant.php#L105-L109

Are there any recommended ways to bypass this issue?

jeremy379 commented 1 year ago

Hello

Indeed it's made to work with an Authorization grant as the implicit flow is deprecated(https://oauth2.thephpleague.com/authorization-server/implicit-grant/).

I'll take a look if I can provide a way to support it (If you want you can also submit a PR).

jeremy379 commented 1 year ago

There is something you can do without changing the package: It's adding a custom grant type copying the implicit. Inside Laravel you can create a new Grant Type and then register it.

To register the grant type, you can use a ServiceProvider (either reuse one or create a new one)

namespace App\Providers;

use Exception;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Support\ServiceProvider;
use Laravel\Passport\Bridge\RefreshTokenRepository;
use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Passport;
use League\OAuth2\Server\AuthorizationServer;

class GrantAuthServiceProvider extends ServiceProvider
{
    /**
     * Register services.
     */
    public function register()
    {
        app()->afterResolving(AuthorizationServer::class, function (AuthorizationServer $server) {
            $grants = $this->makeGrants();

            foreach ($grants as $grant) {
                $server->enableGrantType($grant, Passport::tokensExpireIn());
            }
        });
    }

    /**
     * Bootstrap services.
     */
    public function boot(): void
    {
    }

    /**
     * @throws BindingResolutionException
     * @throws Exception
     */
    public function makeGrants(): array
    {
        $newGrantType = app()->make(ImplicitOpenIdGrant::class); //Build the  class using the container or manually

        $newGrantType->setRefreshTokenTTL(Passport::refreshTokensExpireIn());

        return [
            'implicit-open-id' => $newGrantType, // The key is the name of the grant
        ];
    }
}