M composer.lock => composer.lock +2 -2
@@ 58,7 58,7 @@
"source": {
"type": "git",
"url": "https://git.sr.ht/~fkooman/php-oauth2-server",
- "reference": "59c2ae89013e539b9579b34d75c89f09471473d8"
+ "reference": "ade41c35af50b1fc78e9eb46e3783505141dd6ee"
},
"require": {
"ext-date": "*",
@@ 99,7 99,7 @@
"email": "fkooman@tuxed.net",
"source": "https://git.sr.ht/~fkooman/php-oauth2-server"
},
- "time": "2023-04-27T10:03:27+00:00"
+ "time": "2024-03-20T12:24:00+00:00"
},
{
"name": "fkooman/otp-verifier",
M src/OIDC/RsaJwtSigner.php => src/OIDC/RsaJwtSigner.php +1 -12
@@ 51,7 51,7 @@ class RsaJwtSigner implements JwtSignerInterface
return [$secretKey->toPem(), $secretKey->keyId()];
}
- public function jwtAlg(): string
+ public function alg(): string
{
return $this->secretKey->alg();
}
@@ 60,15 60,4 @@ class RsaJwtSigner implements JwtSignerInterface
{
return Jwt::encode($this->secretKey, $jwtPayload);
}
-
- /**
- * The JWK of the *Public* Key.
- */
- public function publicJwk(): array
- {
- // XXX is this still actually used?!
- return [
- 'keys' => [],
- ];
- }
}
M web/well-known.php => web/well-known.php +11 -3
@@ 27,17 27,25 @@ declare(strict_types=1);
require_once dirname(__DIR__) . '/vendor/autoload.php';
$baseDir = dirname(__DIR__);
+use fkooman\Jwt\PublicKeySet;
use fkooman\Jwt\RS256\SecretKey;
use fkooman\OAuth\Server\OAuthServer;
use fkooman\SAML\IdP\Cfg\Config;
use fkooman\SAML\IdP\FileIO;
use fkooman\SAML\IdP\Http\JsonResponse;
use fkooman\SAML\IdP\Http\Request;
-use fkooman\SAML\IdP\OIDC\RsaJwtSigner;
try {
$config = Config::fromFile($baseDir . '/config/config.php');
- $jwtSigner = new RsaJwtSigner(SecretKey::fromPem(FileIO::read($baseDir . '/config/keys/rsa.key')));
+
+ $publicKeySet = new PublicKeySet();
+ // we only support RS256 for now
+ $algList = ['RS256'];
+ foreach (glob($baseDir . '/config/keys/rsa_*.key') as $secretKeyFile) {
+ [,$keyId] = explode('_', basename($secretKeyFile, '.key'), 2);
+ $publicKeySet->add(SecretKey::fromPem(FileIO::read($secretKeyFile), $keyId)->publicKey());
+ }
+
$request = Request::createFromGlobals();
switch ($request->getPathInfo()) {
case '/.well-known/openid-configuration':
@@ 47,7 55,7 @@ try {
$request->getRootUri() . 'openid/authorize',
$request->getRootUri() . 'openid/token',
$request->getRootUri() . 'openid/userinfo',
- $jwtSigner,
+ $algList,
$request->getRootUri() . 'openid/jwks'
)
);