Maximum execution time exceeded in NativeCalculator.php

aloz77 commented 4 months ago

Trying to use the library with PHP 8.3 for OIDC with an Amazon server

Here is the debug output:

2024/05/27 08:32:21 [error] 1603076#1603076: *2372000165 FastCGI sent in stderr: "
PHP message: Svgta_Lib Debug: Svgta\OidcClient\init->__construct(); 
PHP message: # welcomeUrl: https://xxx.amazon.com/.well-known/openid-configuration; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\init->client_id(); 
PHP message: # client_id: myclientid; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcAuthorization->__construct(); 
PHP message: # client_id: myclientid; 
PHP message: # redirectUri: https://myserver.com/oidc-poc/callback.php; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcAuthorization->getUri(); 
PHP message: # uri: https://xxx.amazon.com/api/oauth2/v1/authorize?scope=openid&response_type=code&client_id=myclientid&redirect_uri=https%3A%2F%2Fmyserver.com%2Foidc-poc%2Fcallback.php&state=ld5V89wF4f5PLO0yuFOGgaUHOgx9bX8-berJBGbdv931zkzjQPUy2ePpB01X4BDJFswplXICF9Fu-uTHhFgJng; 
PHP message: # params: {"scope":"openid","response_type":"code","client_id":"myclientid","redirect_uri":"https:\/\/myserver.com\/oidc-poc\/callback.php","state":"ld5V89wF4f5PLO0yuFOGgaUHOgx9bX8-berJBGbdv931zkzjQPUy2ePpB01X4BDJFswplXICF9Fu-uTHhFgJng"}; 
PHP message: OIDC Start: Session cfevokmif3531qm1d2n2a11aa4" while reading response header from upstream, client: ***, server: myserver.com, request: "GET /oidc-poc/ HTTP/1.1", upstream: "fastcgi://127.0.0.1:9003", host: "myserver.com"

2024/05/27 08:33:53 [error] 1603076#1603076: *2372075214 FastCGI sent in stderr: "
PHP message: OIDC Callback: Session cfevokmif3531qm1d2n2a11aa4; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\init->__construct(); 
PHP message: # welcomeUrl: https://xxx.amazon.com/.well-known/openid-configuration; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\init->client_id(); 
PHP message: # client_id: myclientid; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\init->client_secret(); 
PHP message: # client_secret: not loggable info; 
PHP message: Svgta_Lib Warning: The client_secret is to small to verify HS384 signature; 
PHP message: Svgta_Lib Warning: The client_secret is to small to verify HS512 signature; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcTokens->__construct(); 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcTokens->getAuthMethod(); 
PHP message: # auth_method: client_secret_basic; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcTokens->flowCode(); 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcTokens->getAuthParams(); 
PHP message: # params: {"form_params":[],"auth":["myclientid","mysecret"]}; 
PHP message: Svgta_Lib Debug: Svgta\OidcClient\OidcTokens->ctrlJWT_sign(); 
PHP message: PHP Fatal error:  Maximum execution time of 90 seconds exceeded in /var/www/myserver.com/vendor/brick/math/src/Internal/Calculator/NativeCalculator.php on line 292
" while reading response header from upstream, client: ***, server: myserver.com, request: "GET /oidc-poc/callback.php?code=530d7548-3cd6-41ec-95f9-c5d7518382d1%40eu-west-1&state=ld5V89wF4f5PLO0yuFOGgaUHOgx9bX8-berJBGbdv931zkzjQPUy2ePpB01X4BDJFswplXICF9Fu-uTHhFgJng HTTP/1.1", upstream: "fastcgi://127.0.0.1:9003", host: "myserver.com"

The PHP code of callback.php is like this:

require_once('../vendor/autoload.php');
session_start();

$disco_url = "https://xxx.amazon.com/.well-known/openid-configuration";
$client_id = "myclientid";
$client_secret = "mysecret";

Svgta\OidcClient\init::setLogLevel(LOG_DEBUG);

error_log("OIDC Callback: Session {$_SESSION['oidc_session']}");

try {
    $client = new Svgta\OidcClient\init($disco_url);
    $client->setSessionKey($_SESSION['oidc_session']);
    $client->client_id($client_id);
    $client->client_secret($client_secret);
    $tokenRes = $client->token();
    $tokens = $tokenRes->get_tokens();
    $userInfo = $client->userInfo();
}
catch (Exception $e) {
    error_log("OIDC Exception: ".$e->getMessage());
}

Any ideas how to fix?

svgta1 commented 4 months ago

Hello,

What is the alg used for the id_token ? (HSxxx, RSxxx, ...) It's seems the problem come from the id_token verification.

May be you need to verify if you have theses extensions enabled : bcmath or gmp, curl, mbstring. openssl or sodium.

aloz77 commented 4 months ago

What is the alg used for the id_token ? (HSxxx, RSxxx, ...)

The server has this in the discovery data:

  "id_token_signing_alg_values_supported": [
    "RS256"
  ],

For the PHP modules I get this. Shouldn't the dependencies be checked by composer?

php -m | grep -E "curl|bcmath|gmp|mbstring|openssl|sodium"
curl
mbstring
openssl
sodium

svgta1 commented 4 months ago

Ok. Try with adding gmp. If your are in debian, it must be something like "sudo apt install php8.3-gmp". If your server is not very strong, it's help a lot for RSA algo.

aloz77 commented 4 months ago

Thank you, unfortunately I can't revalidate. We tried another library (https://github.com/jumbojett/OpenID-Connect-PHP) and that one worked out of the box.

svgta1 commented 4 months ago

Not a problem. I've started with this library at first before I created this one. A lot of improvments have been made since I tested it.

So, can I close this issue ?

svgta1 / oidc-client-php

Maximum execution time exceeded in NativeCalculator.php #3