From ac5ef377c92ee0df8337964aae418c53c1ff1bb6 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sat, 28 Jun 2025 12:04:28 +0200 Subject: [PATCH 1/6] change response code for registration to 201 created --- solid/lib/Controller/ServerController.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index b4dc255b..667a0183 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -410,9 +410,7 @@ public function register() { 'redirect_uris' => $clientData['redirect_uris'], ); $registration = $this->tokenGenerator->respondToRegistration($registration, $this->config->getPrivateKey()); - return (new JSONResponse($registration)); -// ->addHeader('Access-Control-Allow-Origin', $origin) -// ->addHeader('Access-Control-Allow-Methods', 'POST'); + return (new JSONResponse($registration, 201)); } /** From 961b890844b7acda6ace37db4d6fb1ca57235914 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sat, 28 Jun 2025 12:04:54 +0200 Subject: [PATCH 2/6] rmeove id_token from authorization response --- solid/lib/Controller/ServerController.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 667a0183..f7d84057 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -268,14 +268,15 @@ public function authorize() { $server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response); $response = $server->respondToAuthorizationRequest($request, $user, $approval); +/* $response = $this->tokenGenerator->addIdTokenToResponse( $response, $clientId, $this->getProfilePage(), - $this->session->get("nonce"), + '', // $this->session->get("nonce"), $this->config->getPrivateKey() ); - +*/ return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*'); } From 2f448a2d55445bd93eb0196be08c324560761069 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sat, 28 Jun 2025 12:05:29 +0200 Subject: [PATCH 3/6] find client ID from encrypted code/token data if not posted in the main body --- solid/lib/Controller/ServerController.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index f7d84057..bce7546a 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -325,6 +325,7 @@ public function session() { public function token() { $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); $grantType = $request->getParsedBody()['grant_type']; + $clientId = $request->getParsedBody()['client_id']; switch ($grantType) { case "authorization_code": $code = $request->getParsedBody()['code']; @@ -332,19 +333,23 @@ public function token() { // FIXME: because this is a public page, the nonce from the session is not available here. $codeInfo = $this->tokenGenerator->getCodeInfo($code); $userId = $codeInfo['user_id']; + if (!$clientId) { + $clientId = $codeInfo['client_id']; + } break; case "refresh_token": $refreshToken = $request->getParsedBody()['refresh_token']; $tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'? $userId = $tokenInfo['user_id']; + if (!$clientId) { + $clientId = $tokenInfo['client_id']; + } break; default: $userId = false; break; } - $clientId = $request->getParsedBody()['client_id']; - $httpDpop = $request->getServerParams()['HTTP_DPOP']; $response = new \Laminas\Diactoros\Response(); From 9bb9a257f7b9080fba3a05044d9a08cfbb6b93c9 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sun, 29 Jun 2025 09:31:12 +0200 Subject: [PATCH 4/6] add client_secret, check for array key --- solid/lib/Controller/ServerController.php | 9 +++++---- solid/tests/Unit/Controller/ServerControllerTest.php | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index bce7546a..22a6f379 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -324,11 +324,12 @@ public function session() { */ public function token() { $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); - $grantType = $request->getParsedBody()['grant_type']; - $clientId = $request->getParsedBody()['client_id']; + $requestBody = $request->getParsedBody(); + $grantType = $requestBody['grant_type'] ? $requestBody['grant_type'] : null; + $clientId = $requestBody['client_id'] ? $requestBody['client_id'] : null; switch ($grantType) { case "authorization_code": - $code = $request->getParsedBody()['code']; + $code = $requestBody['code']; // FIXME: not sure if decoding this here is the way to go. // FIXME: because this is a public page, the nonce from the session is not available here. $codeInfo = $this->tokenGenerator->getCodeInfo($code); @@ -338,7 +339,7 @@ public function token() { } break; case "refresh_token": - $refreshToken = $request->getParsedBody()['refresh_token']; + $refreshToken = $requestBody['refresh_token']; $tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'? $userId = $tokenInfo['user_id']; if (!$clientId) { diff --git a/solid/tests/Unit/Controller/ServerControllerTest.php b/solid/tests/Unit/Controller/ServerControllerTest.php index 2920b0dd..12886477 100644 --- a/solid/tests/Unit/Controller/ServerControllerTest.php +++ b/solid/tests/Unit/Controller/ServerControllerTest.php @@ -348,6 +348,7 @@ public function testRegisterWithRedirectUris() 'registration_client_uri' => '', 'response_types' => ['id_token token'], 'token_endpoint_auth_method' => 'client_secret_basic', + 'client_secret' => '3b5798fddd49e23662ee6fe801085100', ], 'headers' => [ 'Cache-Control' => 'no-cache, no-store, must-revalidate', From cd3d0d95d89f9930539dda7c97283437658cccb0 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sun, 29 Jun 2025 10:55:00 +0200 Subject: [PATCH 5/6] use isset --- solid/lib/Controller/ServerController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 22a6f379..7f74b9b5 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -325,8 +325,8 @@ public function session() { public function token() { $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); $requestBody = $request->getParsedBody(); - $grantType = $requestBody['grant_type'] ? $requestBody['grant_type'] : null; - $clientId = $requestBody['client_id'] ? $requestBody['client_id'] : null; + $grantType = isset($requestBody['grant_type']) ? $requestBody['grant_type'] : null; + $clientId = isset($requestBody['client_id']) ? $requestBody['client_id'] : null; switch ($grantType) { case "authorization_code": $code = $requestBody['code']; From 85e62d18cd501583c769ce34460377f1c911c8ae Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Sun, 29 Jun 2025 10:57:53 +0200 Subject: [PATCH 6/6] fix test by adding grant_type authorization_code --- solid/tests/Unit/Controller/ServerControllerTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/solid/tests/Unit/Controller/ServerControllerTest.php b/solid/tests/Unit/Controller/ServerControllerTest.php index 12886477..4c3cf8c2 100644 --- a/solid/tests/Unit/Controller/ServerControllerTest.php +++ b/solid/tests/Unit/Controller/ServerControllerTest.php @@ -370,6 +370,7 @@ public function testToken() { $_POST['client_id'] = self::MOCK_CLIENT_ID; $_POST['code'] = ''; + $_POST['grant_type'] = 'authorization_code'; $_SERVER['HTTP_DPOP'] = 'mock dpop'; $_SESSION['nonce'] = 'mock nonce';