diff --git a/database/migrations/structure/20230412_0037_oauth_audience.sql b/database/migrations/structure/20230412_0037_oauth_audience.sql new file mode 100644 index 0000000..f88ddfc --- /dev/null +++ b/database/migrations/structure/20230412_0037_oauth_audience.sql @@ -0,0 +1,2 @@ +ALTER TABLE `oauth_tokens` +ADD `audience` varchar(255) NOT NULL DEFAULT ''; diff --git a/src/Controller/OAuthAuthController.php b/src/Controller/OAuthAuthController.php index 7dd983a..34236e3 100644 --- a/src/Controller/OAuthAuthController.php +++ b/src/Controller/OAuthAuthController.php @@ -49,7 +49,8 @@ class OAuthAuthController implements ISecured } $redirectUriParsed = parse_url($redirectUri); - $redirectUriBase = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'] . $redirectUriParsed['path']; + $redirectUriHost = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host']; + $redirectUriBase = $redirectUriHost . $redirectUriParsed['path']; $redirectUriQuery = []; if (isset($redirectUriParsed['query'])) { parse_str($redirectUriParsed['query'], $redirectUriQuery); @@ -72,6 +73,7 @@ class OAuthAuthController implements ISecured $token->setUser($user); $token->setCode($code); $token->setAccessToken($accessToken); + $token->setAudience($redirectUriHost); $token->setCreatedDate(new DateTime()); $token->setExpiresDate(new DateTime('+5 minutes')); $this->pdm->saveToDb($token); diff --git a/src/Controller/OAuthController.php b/src/Controller/OAuthController.php index abd7a70..c7a263f 100644 --- a/src/Controller/OAuthController.php +++ b/src/Controller/OAuthController.php @@ -59,6 +59,7 @@ class OAuthController 'iat' => (int)$token->getCreatedDate()->getTimestamp(), 'nbf' => (int)$token->getCreatedDate()->getTimestamp(), 'exp' => (int)$token->getExpiresDate()->getTimestamp(), + 'aud' => $token->getAudience(), 'nonce' => $token->getNonce() ], $this->getUserInfoInternal( $this->userRepository->getById($token->getUserId()), diff --git a/src/PersistentData/Model/OAuthToken.php b/src/PersistentData/Model/OAuthToken.php index e82242c..2cc3553 100644 --- a/src/PersistentData/Model/OAuthToken.php +++ b/src/PersistentData/Model/OAuthToken.php @@ -7,7 +7,7 @@ class OAuthToken extends Model { protected static string $table = 'oauth_tokens'; - protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'created', 'expires']; + protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'audience', 'created', 'expires']; protected static array $relations = ['user' => User::class]; @@ -25,6 +25,8 @@ class OAuthToken extends Model private string $accessToken = ''; + private string $audience = ''; + private DateTime $created; private DateTime $expires; @@ -64,6 +66,11 @@ class OAuthToken extends Model $this->accessToken = $accessToken; } + public function setAudience(string $audience): void + { + $this->audience = $audience; + } + public function setCreatedDate(DateTime $created): void { $this->created = $created; @@ -119,6 +126,11 @@ class OAuthToken extends Model return $this->accessToken; } + public function getAudience(): string + { + return $this->audience; + } + public function getCreatedDate(): DateTime { return $this->created;