search

ronvanderheijden / openid-connect

Adds the OpenID Connect identity layer to the PHP League's OAuth2 Server. With Laravel Passport support.
MIT License
42 stars 13 forks source link

Use previously declared passport scopes and merge with OIDC scopes #11

Open jonerickson opened 1 year ago

jonerickson commented 1 year ago

Currently PassportServiceProvider overwrites the scopes Passport recognizes with only the OIDC scopes provided in the config file:

Passport\Passport::tokensCan(config('openid.passport.tokens_can'));

This PR takes into account scopes that may have already been defined to be used by Passport and merges them with the OIDC scopes. It uses the Collection helper merge where the OIDC scopes will take precedence in the case of duplicates.

$openIdScopes = collect(config('openid.passport.tokens_can'));
$previousScopes = collect(Passport\Passport::scopes())->mapWithKeys(function (Passport\Scope $scope) {
    return [$scope->id => $scope->description];
});
Passport\Passport::tokensCan($previousScopes->merge($openIdScopes)->toArray());

If no scopes were previously defined, no behavior changes.

ronvanderheijden commented 1 year ago

I would recommend to publish the PassportServiceProvider instead.

jonerickson commented 1 year ago

Do you mean just extending src/Laravel/PassportServiceProvider.php? In this case I would have to make sure and keep the boot method up-to-date with each update of your package. Seems like more work and more failure points to me.