/
security_authenticator_access_token.php
119 lines (102 loc) · 4.82 KB
/
security_authenticator_access_token.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
use Jose\Component\Core\Algorithm;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\ES256;
use Jose\Component\Signature\Algorithm\ES384;
use Jose\Component\Signature\Algorithm\ES512;
use Jose\Component\Signature\Algorithm\RS256;
use Jose\Component\Signature\Algorithm\RS384;
use Jose\Component\Signature\Algorithm\RS512;
use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory;
use Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor;
use Symfony\Component\Security\Http\AccessToken\FormEncodedBodyExtractor;
use Symfony\Component\Security\Http\AccessToken\HeaderAccessTokenExtractor;
use Symfony\Component\Security\Http\AccessToken\Oidc\OidcTokenHandler;
use Symfony\Component\Security\Http\AccessToken\Oidc\OidcUserInfoTokenHandler;
use Symfony\Component\Security\Http\AccessToken\QueryAccessTokenExtractor;
use Symfony\Component\Security\Http\Authenticator\AccessTokenAuthenticator;
use Symfony\Contracts\HttpClient\HttpClientInterface;
return static function (ContainerConfigurator $container) {
$container->services()
->set('security.access_token_extractor.header', HeaderAccessTokenExtractor::class)
->set('security.access_token_extractor.query_string', QueryAccessTokenExtractor::class)
->set('security.access_token_extractor.request_body', FormEncodedBodyExtractor::class)
->set('security.authenticator.access_token', AccessTokenAuthenticator::class)
->abstract()
->args([
abstract_arg('access token handler'),
abstract_arg('access token extractor'),
null,
null,
null,
null,
])
->set('security.authenticator.access_token.chain_extractor', ChainAccessTokenExtractor::class)
->abstract()
->args([
abstract_arg('access token extractors'),
])
// OIDC
->set('security.access_token_handler.oidc_user_info.http_client', HttpClientInterface::class)
->abstract()
->factory([service('http_client'), 'withOptions'])
->args([abstract_arg('http client options')])
->set('security.access_token_handler.oidc_user_info', OidcUserInfoTokenHandler::class)
->abstract()
->args([
abstract_arg('http client'),
service('logger')->nullOnInvalid(),
abstract_arg('claim'),
])
->set('security.access_token_handler.oidc', OidcTokenHandler::class)
->abstract()
->args([
abstract_arg('signature algorithm'),
abstract_arg('signature key'),
abstract_arg('audience'),
abstract_arg('issuers'),
'sub',
service('logger')->nullOnInvalid(),
service('clock'),
])
->set('security.access_token_handler.oidc.jwk', JWK::class)
->abstract()
->factory([JWK::class, 'createFromJson'])
->args([
abstract_arg('signature key'),
])
->set('security.access_token_handler.oidc.signature', Algorithm::class)
->abstract()
->factory([SignatureAlgorithmFactory::class, 'create'])
->args([
abstract_arg('signature algorithm'),
])
->set('security.access_token_handler.oidc.signature.ES256', ES256::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'ES256'])
->set('security.access_token_handler.oidc.signature.ES384', ES384::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'ES384'])
->set('security.access_token_handler.oidc.signature.ES512', ES512::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'ES512'])
->set('security.access_token_handler.oidc.signature.RS256', RS256::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'RS256'])
->set('security.access_token_handler.oidc.signature.RS384', RS384::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'RS384'])
->set('security.access_token_handler.oidc.signature.RS512', RS512::class)
->parent('security.access_token_handler.oidc.signature')
->args(['index_0' => 'RS512'])
;
};