Callable for customizing JWT payload (#804)develop

3 files changed, 38 insertions, 4 deletions

diff --git a/src/OAuth2/ResponseType/JwtAccessToken.php b/src/OAuth2/ResponseType/JwtAccessToken.php
index 0af9705..0ee3708 100644
--- a/src/OAuth2/ResponseType/JwtAccessToken.php
+++ b/src/OAuth2/ResponseType/JwtAccessToken.php
@@ -128,7 +128,7 @@ class JwtAccessToken extends AccessToken
         $expires = time() + $this->config['access_lifetime'];
         $id = $this->generateAccessToken();
 
-        return array(
+        $payload = array(
             'id'         => $id, // for BC (see #591)
             'jti'        => $id,
             'iss'        => $this->config['issuer'],
@@ -139,5 +139,21 @@ class JwtAccessToken extends AccessToken
             'token_type' => $this->config['token_type'],
             'scope'      => $scope
         );
+        
+        if (isset($this->config['jwt_extra_payload_callable'])) {
+            if (!is_callable($this->config['jwt_extra_payload_callable'])) {
+                throw new \InvalidArgumentException('jwt_extra_payload_callable is not callable');
+            }
+            
+            $extra = call_user_func($this->config['jwt_extra_payload_callable'], $client_id, $user_id, $scope);
+            
+            if (!is_array($extra)) {
+                throw new \InvalidArgumentException('jwt_extra_payload_callable must return array');
+            }
+            
+            $payload = array_merge($extra, $payload);
+        }
+        
+        return $payload;
     }
 }
diff --git a/src/OAuth2/Server.php b/src/OAuth2/Server.php
index 62ae897..fb36c08 100644
--- a/src/OAuth2/Server.php
+++ b/src/OAuth2/Server.php
@@ -161,6 +161,7 @@ class Server implements ResourceControllerInterface,
         // merge all config values.  These get passed to our controller objects
         $this->config = array_merge(array(
             'use_jwt_access_tokens'        => false,
+            'jwt_extra_payload_callable' => null,
             'store_encrypted_token_string' => true,
             'use_openid_connect'       => false,
             'id_lifetime'              => 3600,
@@ -840,7 +841,7 @@ class Server implements ResourceControllerInterface,
             $refreshStorage = $this->storages['refresh_token'];
         }
 
-        $config = array_intersect_key($this->config, array_flip(explode(' ', 'store_encrypted_token_string issuer access_lifetime refresh_token_lifetime')));
+        $config = array_intersect_key($this->config, array_flip(explode(' ', 'store_encrypted_token_string issuer access_lifetime refresh_token_lifetime jwt_extra_payload_callable')));
 
         return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config);
     }
diff --git a/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/test/OAuth2/ResponseType/JwtAccessTokenTest.php
index 7e37509..6195d55 100644
--- a/test/OAuth2/ResponseType/JwtAccessTokenTest.php
+++ b/test/OAuth2/ResponseType/JwtAccessTokenTest.php
@@ -40,6 +40,23 @@ class JwtAccessTokenTest extends TestCase
         $this->assertEquals(3600, $delta);
         $this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']);
     }
+    
+    public function testExtraPayloadCallback()
+    {
+        $jwtconfig = array('jwt_extra_payload_callable' => function() {
+            return array('custom_param' => 'custom_value');
+        });
+        
+        $server = $this->getTestServer($jwtconfig);
+        $jwtResponseType = $server->getResponseType('token');
+        
+        $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false);
+        $jwt = new Jwt;
+        $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false);
+        
+        $this->assertArrayHasKey('custom_param', $decodedAccessToken);
+        $this->assertEquals('custom_value', $decodedAccessToken['custom_param']);
+    }
 
     public function testGrantJwtAccessToken()
     {
@@ -140,7 +157,7 @@ class JwtAccessTokenTest extends TestCase
         $this->assertNotNull($response->getParameter('access_token'));
     }
 
-    private function getTestServer()
+    private function getTestServer($jwtconfig = array())
     {
         $memoryStorage = Bootstrap::getInstance()->getMemoryStorage();
 
@@ -153,7 +170,7 @@ class JwtAccessTokenTest extends TestCase
         $server->addGrantType(new ClientCredentials($memoryStorage));
 
         // make the "token" response type a JwtAccessToken
-        $config = array('issuer' => 'https://api.example.com');
+        $config = array_merge(array('issuer' => 'https://api.example.com'), $jwtconfig);
         $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, null, $config));
 
         return $server;