From 31ff9b287d6fc3512f875a9742f82c1ce890c6b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Wed, 12 Apr 2023 02:03:15 +0200
Subject: [PATCH 1/4] Revert "add aud to jwt"

This reverts commit 97780eb0797a1b05ff0314c64fd1093806ad745d.
---
 src/Controller/OAuthAuthController.php  |  4 +---
 src/Controller/OAuthController.php      |  1 -
 src/PersistentData/Model/OAuthToken.php | 14 +-------------
 3 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/src/Controller/OAuthAuthController.php b/src/Controller/OAuthAuthController.php
index 34236e3..7dd983a 100644
--- a/src/Controller/OAuthAuthController.php
+++ b/src/Controller/OAuthAuthController.php
@@ -49,8 +49,7 @@ class OAuthAuthController implements ISecured
         }
 
         $redirectUriParsed = parse_url($redirectUri);
-        $redirectUriHost = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'];
-        $redirectUriBase = $redirectUriHost . $redirectUriParsed['path'];
+        $redirectUriBase = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'] . $redirectUriParsed['path'];
         $redirectUriQuery = [];
         if (isset($redirectUriParsed['query'])) {
             parse_str($redirectUriParsed['query'], $redirectUriQuery);
@@ -73,7 +72,6 @@ class OAuthAuthController implements ISecured
         $token->setUser($user);
         $token->setCode($code);
         $token->setAccessToken($accessToken);
-        $token->setAudience($redirectUriHost);
         $token->setCreatedDate(new DateTime());
         $token->setExpiresDate(new DateTime('+5 minutes'));
         $this->pdm->saveToDb($token);
diff --git a/src/Controller/OAuthController.php b/src/Controller/OAuthController.php
index c7a263f..abd7a70 100644
--- a/src/Controller/OAuthController.php
+++ b/src/Controller/OAuthController.php
@@ -59,7 +59,6 @@ class OAuthController
             'iat' => (int)$token->getCreatedDate()->getTimestamp(),
             'nbf' => (int)$token->getCreatedDate()->getTimestamp(),
             'exp' => (int)$token->getExpiresDate()->getTimestamp(),
-            'aud' => $token->getAudience(),
             'nonce' => $token->getNonce()
         ], $this->getUserInfoInternal(
             $this->userRepository->getById($token->getUserId()),
diff --git a/src/PersistentData/Model/OAuthToken.php b/src/PersistentData/Model/OAuthToken.php
index 2cc3553..e82242c 100644
--- a/src/PersistentData/Model/OAuthToken.php
+++ b/src/PersistentData/Model/OAuthToken.php
@@ -7,7 +7,7 @@ class OAuthToken extends Model
 {
     protected static string $table = 'oauth_tokens';
 
-    protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'audience', 'created', 'expires'];
+    protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'created', 'expires'];
 
     protected static array $relations = ['user' => User::class];
 
@@ -25,8 +25,6 @@ class OAuthToken extends Model
 
     private string $accessToken = '';
 
-    private string $audience = '';
-
     private DateTime $created;
 
     private DateTime $expires;
@@ -66,11 +64,6 @@ class OAuthToken extends Model
         $this->accessToken = $accessToken;
     }
 
-    public function setAudience(string $audience): void
-    {
-        $this->audience = $audience;
-    }
-
     public function setCreatedDate(DateTime $created): void
     {
         $this->created = $created;
@@ -126,11 +119,6 @@ class OAuthToken extends Model
         return $this->accessToken;
     }
 
-    public function getAudience(): string
-    {
-        return $this->audience;
-    }
-
     public function getCreatedDate(): DateTime
     {
         return $this->created;

From 6af7813e3d1ddbd477ab86716861149f25564769 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Wed, 12 Apr 2023 02:04:56 +0200
Subject: [PATCH 2/4] drop audience from oauth_tokens

---
 .../structure/20230412_0203_revert_oauth_audience.sql           | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 database/migrations/structure/20230412_0203_revert_oauth_audience.sql

diff --git a/database/migrations/structure/20230412_0203_revert_oauth_audience.sql b/database/migrations/structure/20230412_0203_revert_oauth_audience.sql
new file mode 100644
index 0000000..a0c19ed
--- /dev/null
+++ b/database/migrations/structure/20230412_0203_revert_oauth_audience.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `oauth_tokens`
+DROP `audience`;

From eb4ebb958242114f459c198fe05ab7bacaf41429 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Wed, 12 Apr 2023 02:05:44 +0200
Subject: [PATCH 3/4] send clientId as aud

---
 src/Controller/OAuthController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Controller/OAuthController.php b/src/Controller/OAuthController.php
index abd7a70..0156209 100644
--- a/src/Controller/OAuthController.php
+++ b/src/Controller/OAuthController.php
@@ -59,6 +59,7 @@ class OAuthController
             'iat' => (int)$token->getCreatedDate()->getTimestamp(),
             'nbf' => (int)$token->getCreatedDate()->getTimestamp(),
             'exp' => (int)$token->getExpiresDate()->getTimestamp(),
+            'aud' => $clientId,
             'nonce' => $token->getNonce()
         ], $this->getUserInfoInternal(
             $this->userRepository->getById($token->getUserId()),

From 87b811f7169282aec0631fec5fe7f84c4f1f3497 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=91cze=20Bence?= <bence@pocze.ch>
Date: Wed, 12 Apr 2023 02:10:33 +0200
Subject: [PATCH 4/4] client id can be anything

---
 .../structure/20230412_0208_oauth_client_id_longer.sql       | 2 ++
 src/Cli/AddOAuthClientCommand.php                            | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 database/migrations/structure/20230412_0208_oauth_client_id_longer.sql

diff --git a/database/migrations/structure/20230412_0208_oauth_client_id_longer.sql b/database/migrations/structure/20230412_0208_oauth_client_id_longer.sql
new file mode 100644
index 0000000..e229b98
--- /dev/null
+++ b/database/migrations/structure/20230412_0208_oauth_client_id_longer.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `oauth_clients`
+MODIFY `client_id` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL;
diff --git a/src/Cli/AddOAuthClientCommand.php b/src/Cli/AddOAuthClientCommand.php
index 9e1d329..21461e4 100644
--- a/src/Cli/AddOAuthClientCommand.php
+++ b/src/Cli/AddOAuthClientCommand.php
@@ -14,12 +14,13 @@ class AddOAuthClientCommand extends Command
     {
         $this->setName('oauth:add-client')
             ->setDescription('Adding of OAuth client.')
+            ->addArgument('client-id', InputArgument::OPTIONAL, 'Client ID')
             ->addArgument('preapproved', InputArgument::OPTIONAL, 'Preapproved');
     }
 
     public function execute(InputInterface $input, OutputInterface $output): int
     {
-        $clientId = bin2hex(random_bytes(8));
+        $clientId = $input->getArgument('client-id') ? $input->getArgument('client-id') : bin2hex(random_bytes(8));
         $clientSecret = bin2hex(random_bytes(20));
 
         $oAuthClient = new OAuthClient();
@@ -27,7 +28,7 @@ class AddOAuthClientCommand extends Command
         $oAuthClient->setClientSecret($clientSecret);
         $oAuthClient->setCreatedDate(new DateTime());
 
-        if ($input->hasArgument('preapproved') && $input->getArgument('preapproved')) {
+        if ($input->getArgument('preapproved')) {
             $oAuthClient->setPreapproved($input->getArgument('preapproved'));
         }