Skip to content

Commit

Permalink
use client_secret_basic on refreshToken() and requestClientCredential…
Browse files Browse the repository at this point in the history 
…sToken() if supported
  • Loading branch information
@JuliusPC
JuliusPC committed May 16, 2021
1 parent 24a4ee0 commit e28ab77
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 1 deletion.
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).

## [1.1.2]

### Changed
* algorithm to determine if `client_secret_basic` or `client_secret_post` will be used for authentication in `refreshToken()` and `requestClientCredentialsToken()` is now the same like in `requestTokens()`

## [1.1.1]

### Changed
Expand Down
20 changes: 19 additions & 1 deletion src/OpenIDConnectClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,7 @@ private function requestAuthorization() {
*/
public function requestClientCredentialsToken() {
$token_endpoint = $this->getProviderConfigValue('token_endpoint');
$token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);

$headers = [];

Expand All @@ -740,6 +741,13 @@ public function requestClientCredentialsToken() {
'scope' => implode(' ', $this->scopes)
];

// Consider Basic authentication if provider config is set this way
if (in_array('client_secret_basic', $token_endpoint_auth_methods_supported, true)) {
$headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
unset($post_data['client_secret']);
unset($post_data['client_id']);
}

// Convert token params to string format
$post_params = http_build_query($post_data, '', '&', $this->encType);

Expand Down Expand Up @@ -840,6 +848,9 @@ protected function requestTokens($code) {
*/
public function refreshToken($refresh_token, $sendScopes = true) {
$token_endpoint = $this->getProviderConfigValue('token_endpoint');
$token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);

$headers = [];

$grant_type = 'refresh_token';

Expand All @@ -854,10 +865,17 @@ public function refreshToken($refresh_token, $sendScopes = true) {
$token_params['scopes'] = implode(' ', $this->scopes);
}

// Consider Basic authentication if provider config is set this way
if (in_array('client_secret_basic', $token_endpoint_auth_methods_supported, true)) {
$headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
unset($token_params['client_secret']);
unset($token_params['client_id']);
}

// Convert token params to string format
$token_params = http_build_query($token_params, '', '&', $this->encType);

$json = json_decode($this->fetchURL($token_endpoint, $token_params));
$json = json_decode($this->fetchURL($token_endpoint, $token_params, $headers));

if (isset($json->access_token)) {
$this->accessToken = $json->access_token;
Expand Down

0 comments on commit e28ab77

Please sign in to comment.