diff options
| -rw-r--r-- | src/OAuth2/ResponseType/JwtAccessToken.php | 18 | ||||
| -rw-r--r-- | src/OAuth2/Server.php | 3 | ||||
| -rw-r--r-- | test/OAuth2/ResponseType/JwtAccessTokenTest.php | 21 |
3 files changed, 38 insertions, 4 deletions
diff --git a/src/OAuth2/ResponseType/JwtAccessToken.php b/src/OAuth2/ResponseType/JwtAccessToken.php index 0af9705..0ee3708 100644 --- a/src/OAuth2/ResponseType/JwtAccessToken.php +++ b/src/OAuth2/ResponseType/JwtAccessToken.php @@ -128,7 +128,7 @@ class JwtAccessToken extends AccessToken $expires = time() + $this->config['access_lifetime']; $id = $this->generateAccessToken(); - return array( + $payload = array( 'id' => $id, // for BC (see #591) 'jti' => $id, 'iss' => $this->config['issuer'], @@ -139,5 +139,21 @@ class JwtAccessToken extends AccessToken 'token_type' => $this->config['token_type'], 'scope' => $scope ); + + if (isset($this->config['jwt_extra_payload_callable'])) { + if (!is_callable($this->config['jwt_extra_payload_callable'])) { + throw new \InvalidArgumentException('jwt_extra_payload_callable is not callable'); + } + + $extra = call_user_func($this->config['jwt_extra_payload_callable'], $client_id, $user_id, $scope); + + if (!is_array($extra)) { + throw new \InvalidArgumentException('jwt_extra_payload_callable must return array'); + } + + $payload = array_merge($extra, $payload); + } + + return $payload; } } diff --git a/src/OAuth2/Server.php b/src/OAuth2/Server.php index 62ae897..fb36c08 100644 --- a/src/OAuth2/Server.php +++ b/src/OAuth2/Server.php @@ -161,6 +161,7 @@ class Server implements ResourceControllerInterface, // merge all config values. These get passed to our controller objects $this->config = array_merge(array( 'use_jwt_access_tokens' => false, + 'jwt_extra_payload_callable' => null, 'store_encrypted_token_string' => true, 'use_openid_connect' => false, 'id_lifetime' => 3600, @@ -840,7 +841,7 @@ class Server implements ResourceControllerInterface, $refreshStorage = $this->storages['refresh_token']; } - $config = array_intersect_key($this->config, array_flip(explode(' ', 'store_encrypted_token_string issuer access_lifetime refresh_token_lifetime'))); + $config = array_intersect_key($this->config, array_flip(explode(' ', 'store_encrypted_token_string issuer access_lifetime refresh_token_lifetime jwt_extra_payload_callable'))); return new JwtAccessToken($this->storages['public_key'], $tokenStorage, $refreshStorage, $config); } diff --git a/test/OAuth2/ResponseType/JwtAccessTokenTest.php b/test/OAuth2/ResponseType/JwtAccessTokenTest.php index 7e37509..6195d55 100644 --- a/test/OAuth2/ResponseType/JwtAccessTokenTest.php +++ b/test/OAuth2/ResponseType/JwtAccessTokenTest.php @@ -40,6 +40,23 @@ class JwtAccessTokenTest extends TestCase $this->assertEquals(3600, $delta); $this->assertEquals($decodedAccessToken['id'], $decodedAccessToken['jti']); } + + public function testExtraPayloadCallback() + { + $jwtconfig = array('jwt_extra_payload_callable' => function() { + return array('custom_param' => 'custom_value'); + }); + + $server = $this->getTestServer($jwtconfig); + $jwtResponseType = $server->getResponseType('token'); + + $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false); + $jwt = new Jwt; + $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false); + + $this->assertArrayHasKey('custom_param', $decodedAccessToken); + $this->assertEquals('custom_value', $decodedAccessToken['custom_param']); + } public function testGrantJwtAccessToken() { @@ -140,7 +157,7 @@ class JwtAccessTokenTest extends TestCase $this->assertNotNull($response->getParameter('access_token')); } - private function getTestServer() + private function getTestServer($jwtconfig = array()) { $memoryStorage = Bootstrap::getInstance()->getMemoryStorage(); @@ -153,7 +170,7 @@ class JwtAccessTokenTest extends TestCase $server->addGrantType(new ClientCredentials($memoryStorage)); // make the "token" response type a JwtAccessToken - $config = array('issuer' => 'https://api.example.com'); + $config = array_merge(array('issuer' => 'https://api.example.com'), $jwtconfig); $server->addResponseType(new JwtAccessToken($memoryStorage, $memoryStorage, null, $config)); return $server; |