search

ronvanderheijden / openid-connect

Adds the OpenID Connect identity layer to the PHP League's OAuth2 Server. With Laravel Passport support.
MIT License
41 stars 11 forks source link

openid-configuration scopes_supported is malformed #25

Closed timcortesi closed 1 month ago

timcortesi commented 2 months ago

The value of scopes_supported as returned by the default endpoint /.well-known/openid-configuration violates the spec as outlined here: https://openid.net/specs/openid-connect-discovery-1_0-37.html

scopes_supported RECOMMENDED. JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports.

It should be returning a simple json array of scopes, where as currently it is returning a json object with scopes and descriptions.

Currently it returns something like:

"scopes_supported": {
    "openid": "Enable OpenID Connect",
    "profile": "Information about your profile",
    "email": "Information about your email address",
    "phone": "Information about your phone numbers",
    "address": "Information about your address"
  }

and it should return something like:

"scopes_supported": [
    "openid",
    "profile",
    "email",
    "phone",
    "address"
  ]

To correct this, Line 35 of DiscoveryController.php:

            'scopes_supported' => config('openid.passport.tokens_can'),

Should be changed to:

            'scopes_supported' => array_keys(config('openid.passport.tokens_can')),
moufmouf commented 1 month ago

Hey @timcortesi,

Thanks a lot for the report. Looking at this right now!