Replace bogus identifier with configuration option

limosa-io / openid-connect-server

This is an OpenID Connect Server written in PHP.

GNU Affero General Public License v3.0

46 stars 9 forks source link

Replace bogus identifier with configuration option #17

Closed RobertMe closed 1 year ago

RobertMe commented 1 year ago

Add a property to set the identifier (jti) instead of the bogus value. Implementers can set the identifier based on the TOKEN_POPULATED event (#16).

arietimmerman commented 1 year ago

Thanks for this improvement. I think it would be good to set the "identified by" field by default to a random string value.

Do you agree?

RobertMe commented 1 year ago

Thanks for the feedback. The identifier is now being prepopulated using the same code/logic as for the identifier for the access token, auth code and refresh token.

I've also sneaked in a fix for #16 where I was incorrectly emitting the event from the AuthCodeGrant.

arietimmerman commented 1 year ago

Very much appreciated.