4 changed files with 17 additions and 4 deletions
--- a/database/migrations/structure/20230412_0203_revert_oauth_audience.sql
+++ b/database/migrations/structure/20230412_0203_revert_oauth_audience.sql
@ -1,2 +0,0 @@
-ALTER TABLE `oauth_tokens`
-DROP `audience`;
--- a/src/Controller/OAuthAuthController.php
+++ b/src/Controller/OAuthAuthController.php
@ -49,7 +49,8 @@ class OAuthAuthController implements ISecured
        }

        $redirectUriParsed = parse_url($redirectUri);
-        $redirectUriBase = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'] . $redirectUriParsed['path'];
+        $redirectUriHost = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'];
+        $redirectUriBase = $redirectUriHost . $redirectUriParsed['path'];
        $redirectUriQuery = [];
        if (isset($redirectUriParsed['query'])) {
            parse_str($redirectUriParsed['query'], $redirectUriQuery);
@ -72,6 +73,7 @@ class OAuthAuthController implements ISecured
        $token->setUser($user);
        $token->setCode($code);
        $token->setAccessToken($accessToken);
+        $token->setAudience($redirectUriHost);
        $token->setCreatedDate(new DateTime());
        $token->setExpiresDate(new DateTime('+5 minutes'));
        $this->pdm->saveToDb($token);
--- a/src/Controller/OAuthController.php
+++ b/src/Controller/OAuthController.php
@ -59,6 +59,7 @@ class OAuthController
            'iat' => (int)$token->getCreatedDate()->getTimestamp(),
            'nbf' => (int)$token->getCreatedDate()->getTimestamp(),
            'exp' => (int)$token->getExpiresDate()->getTimestamp(),
+            'aud' => $token->getAudience(),
            'nonce' => $token->getNonce()
        ], $this->getUserInfoInternal(
            $this->userRepository->getById($token->getUserId()),
--- a/src/PersistentData/Model/OAuthToken.php
+++ b/src/PersistentData/Model/OAuthToken.php
@ -7,7 +7,7 @@ class OAuthToken extends Model
 {
    protected static string $table = 'oauth_tokens';

-    protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'created', 'expires'];
+    protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'audience', 'created', 'expires'];

    protected static array $relations = ['user' => User::class];

@ -25,6 +25,8 @@ class OAuthToken extends Model

    private string $accessToken = '';

+    private string $audience = '';
+
    private DateTime $created;

    private DateTime $expires;
@ -64,6 +66,11 @@ class OAuthToken extends Model
        $this->accessToken = $accessToken;
    }

+    public function setAudience(string $audience): void
+    {
+        $this->audience = $audience;
+    }
+
    public function setCreatedDate(DateTime $created): void
    {
        $this->created = $created;
@ -119,6 +126,11 @@ class OAuthToken extends Model
        return $this->accessToken;
    }

+    public function getAudience(): string
+    {
+        return $this->audience;
+    }
+
    public function getCreatedDate(): DateTime
    {
        return $this->created;