~fkooman/php-saml-idp

bc7a2f56793256e74a66239afc6db00cec4dc27b — François Kooman 8 months ago a3fede7
udpate for interface
3 files changed, 14 insertions(+), 17 deletions(-)

M composer.lock
M src/OIDC/RsaJwtSigner.php
M web/well-known.php
M composer.lock => composer.lock +2 -2
@@ 58,7 58,7 @@
            "source": {
                "type": "git",
                "url": "https://git.sr.ht/~fkooman/php-oauth2-server",
                "reference": "59c2ae89013e539b9579b34d75c89f09471473d8"
                "reference": "ade41c35af50b1fc78e9eb46e3783505141dd6ee"
            },
            "require": {
                "ext-date": "*",


@@ 99,7 99,7 @@
                "email": "fkooman@tuxed.net",
                "source": "https://git.sr.ht/~fkooman/php-oauth2-server"
            },
            "time": "2023-04-27T10:03:27+00:00"
            "time": "2024-03-20T12:24:00+00:00"
        },
        {
            "name": "fkooman/otp-verifier",

M src/OIDC/RsaJwtSigner.php => src/OIDC/RsaJwtSigner.php +1 -12
@@ 51,7 51,7 @@ class RsaJwtSigner implements JwtSignerInterface
        return [$secretKey->toPem(), $secretKey->keyId()];
    }

    public function jwtAlg(): string
    public function alg(): string
    {
        return $this->secretKey->alg();
    }


@@ 60,15 60,4 @@ class RsaJwtSigner implements JwtSignerInterface
    {
        return Jwt::encode($this->secretKey, $jwtPayload);
    }

    /**
     * The JWK of the *Public* Key.
     */
    public function publicJwk(): array
    {
        // XXX is this still actually used?!
        return [
            'keys' => [],
        ];
    }
}

M web/well-known.php => web/well-known.php +11 -3
@@ 27,17 27,25 @@ declare(strict_types=1);
require_once dirname(__DIR__) . '/vendor/autoload.php';
$baseDir = dirname(__DIR__);

use fkooman\Jwt\PublicKeySet;
use fkooman\Jwt\RS256\SecretKey;
use fkooman\OAuth\Server\OAuthServer;
use fkooman\SAML\IdP\Cfg\Config;
use fkooman\SAML\IdP\FileIO;
use fkooman\SAML\IdP\Http\JsonResponse;
use fkooman\SAML\IdP\Http\Request;
use fkooman\SAML\IdP\OIDC\RsaJwtSigner;

try {
    $config = Config::fromFile($baseDir . '/config/config.php');
    $jwtSigner = new RsaJwtSigner(SecretKey::fromPem(FileIO::read($baseDir . '/config/keys/rsa.key')));

    $publicKeySet = new PublicKeySet();
    // we only support RS256 for now
    $algList = ['RS256'];
    foreach (glob($baseDir . '/config/keys/rsa_*.key') as $secretKeyFile) {
        [,$keyId] = explode('_', basename($secretKeyFile, '.key'), 2);
        $publicKeySet->add(SecretKey::fromPem(FileIO::read($secretKeyFile), $keyId)->publicKey());
    }

    $request = Request::createFromGlobals();
    switch ($request->getPathInfo()) {
        case '/.well-known/openid-configuration':


@@ 47,7 55,7 @@ try {
                    $request->getRootUri() . 'openid/authorize',
                    $request->getRootUri() . 'openid/token',
                    $request->getRootUri() . 'openid/userinfo',
                    $jwtSigner,
                    $algList,
                    $request->getRootUri() . 'openid/jwks'
                )
            );