Skip to content
Merged
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
}
],
"require": {
"pdsinterop/solid-auth": "v0.14.1",
"pdsinterop/solid-auth": "v0.14.2",
"pdsinterop/solid-crud": "v0.8.4",
"phpmailer/phpmailer": "^6.10",
"sweetrdf/easyrdf": "~1.15.0",
Expand Down
2 changes: 1 addition & 1 deletion init.php
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function initDatabase()
clientData TEXT NOT NULL
)',
'CREATE TABLE IF NOT EXISTS allowedClients (
userId VARCHAR(255) NOT NULL PRIMARY KEY,
userId VARCHAR(255) NOT NULL,
clientId VARCHAR(255) NOT NULL
)',
'CREATE TABLE IF NOT EXISTS userStorage (
Expand Down
21 changes: 15 additions & 6 deletions lib/Routes/SolidIdp.php
Original file line number Diff line number Diff line change
Expand Up @@ -128,29 +128,38 @@ public static function respondToRegister()


$generatedClientId = bin2hex(random_bytes(16)); // 32 chars for the client Id
$generatedClientSecret = bin2hex(random_bytes(32)); // and 64 chars for the client secret

$clientData['client_id_issued_at'] = time();
$clientData['client_id'] = $generatedClientId;
$clientData['client_secret'] = $generatedClientSecret;
$clientData['origin'] = $origin;
if (
(!isset($clientData['token_endpoint_auth_method'])) || // if not set, assume we have to add a client secret;
($clientData['token_endpoint_auth_method'] !== 'none')
) { // generate and use secret if we have token endpoint authentication
$generatedClientSecret = bin2hex(random_bytes(32)); // and 64 chars for the client secret
$clientData['client_secret'] = $generatedClientSecret;
}
ClientRegistration::saveClientRegistration($clientData);

$client = ClientRegistration::getRegistration($generatedClientId);

$responseData = array(
'redirect_uris' => $client['redirect_uris'],
'client_id' => $client['client_id'],
'client_secret' => $client['client_secret'],
'response_types' => array('code'),
'grant_types' => array('authorization_code', 'refresh_token'),
'application_type' => $client['application_type'] ?? 'web',
'client_name' => $client['client_name'] ?? $client['client_id'],
'id_token_signed_response_alg' => 'RS256',
'token_endpoint_auth_method' => 'client_secret_basic',
'client_id_issued_at' => $client['client_id_issued_at'],
'client_secret_expires_at' => 0
'client_id_issued_at' => $client['client_id_issued_at']
);
if (isset($client['client_secret'])) {
$responseData['client_secret'] = $client['client_secret'];
$responseData['token_endpoint_auth_method'] = 'client_secret_basic';
$responseData['client_secret_expires_at'] = 0;
} else {
$responseData['token_endpoint_auth_method'] = 'none'; // No client secret means we can't authenticate on the token endpoint;
}
header("HTTP/1.1 201 Created");
header("Content-type: application/json");
echo json_encode($responseData, JSON_PRETTY_PRINT | JSON_THROW_ON_ERROR);
Expand Down
14 changes: 14 additions & 0 deletions lib/Server.php
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,20 @@ public static function getConfigClient()
$registeredClient = ClientRegistration::getRegistration($clientId);
}
if (isset($registeredClient)) {
/*
If the token_endpoint_auth_method is 'none',
this means we are dealing with a public
client that is not able to securely store
the client secret. In that case, we remove
the client_secret so we treat the client as
a public client
*/
if (
isset($registeredClient['token_endpoint_auth_method']) &&
($registeredClient['token_endpoint_auth_method'] === "none")
) {
unset($registeredClient['client_secret']);
}
return new ConfigClient(
$clientId,
$registeredClient['client_secret'] ?? '',
Expand Down
24 changes: 24 additions & 0 deletions upgrade/0.4.1/upgrade.functions.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<?php

function upgradeDatabase()
{
$statements = [
'BEGIN TRANSACTION',
'CREATE TABLE allowedClients_new (userId VARCHAR(255) NOT NULL, clientId VARCHAR(255) NOT NULL)',
'INSERT INTO allowedClients_new (userId, clientId) SELECT userId, clientId FROM allowedClients',
'DROP TABLE allowedClients',
'ALTER TABLE allowedClients_new RENAME TO allowedClients',
'COMMIT'
];

try {
$pdo = new \PDO("sqlite:" . DBPATH);

// create tables
foreach ($statements as $statement) {
$pdo->exec($statement);
}
} catch (\PDOException $e) {
echo $e->getMessage();
}
}
9 changes: 9 additions & 0 deletions upgrade/0.4.1/upgrade.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?php

require_once(__DIR__ . "/../../config.php");
require_once(__DIR__ . "/../../vendor/autoload.php");
require_once(__DIR__ . "/upgrade.functions.php");

use Pdsinterop\PhpSolid\Server;

upgradeDatabase();
Loading