Allow developpers picking the algo they need

symfony · Feb 1, 2024 · d9c3714 · d9c3714
1 parent f594000
commit d9c3714
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 57 deletions.
diff --git a/...undle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php b/...undle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php
@@ -16,7 +16,6 @@
 use Symfony\Component\DependencyInjection\ChildDefinition;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Exception\LogicException;
-use Symfony\Component\DependencyInjection\Reference;
 
 /**
  * Configures a token handler for decoding and validating an OIDC token.
@@ -35,15 +34,8 @@ public function create(ContainerBuilder $container, string $id, array|string $co
             throw new LogicException('You cannot use the "oidc" token handler since "web-token/jwt-library" is not installed. Try running "composer require web-token/jwt-library".');
         }
 
-        // @see Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory
-        // for supported algorithms
-        if (\in_array($config['algorithm'], ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'], true)) {
-            $tokenHandlerDefinition->replaceArgument(0, new Reference('security.access_token_handler.oidc.signature.'.$config['algorithm']));
-        } else {
-            $tokenHandlerDefinition->replaceArgument(0, (new ChildDefinition('security.access_token_handler.oidc.signature'))
-                ->replaceArgument(0, $config['algorithm'])
-            );
-        }
+        $tokenHandlerDefinition->replaceArgument(0, (new ChildDefinition('security.access_token_handler.oidc.signature'))
+            ->replaceArgument(0, $config['algorithm']));
 
         $tokenHandlerDefinition->replaceArgument(1, (new ChildDefinition('security.access_token_handler.oidc.jwk'))
             ->replaceArgument(0, $config['key'])

diff --git a/.../Bundle/SecurityBundle/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php b/.../Bundle/SecurityBundle/DependencyInjection/Security/Factory/SignatureAlgorithmFactory.php
@@ -27,23 +27,8 @@ public static function create(string $algorithm): AlgorithmInterface
     {
         $algorithmFqcn = Algorithm::class.'\\'.$algorithm;
 
-        switch ($algorithm) {
-            case 'ES256':
-            case 'ES384':
-            case 'ES512':
-                if (!class_exists($algorithmFqcn)) {
-                    throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-ecdsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-ecdsa".', $algorithm));
-                }
-                break;
-            case 'RS256':
-            case 'RS384':
-            case 'RS512':
-                if (!class_exists($algorithmFqcn)) {
-                    throw new \LogicException(sprintf('You cannot use the "%s" signature algorithm since "web-token/jwt-signature-algorithm-rsa" is not installed. Try running "composer require web-token/jwt-signature-algorithm-rsa".', $algorithm));
-                }
-                break;
-            default:
-                throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* and RS* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
+        if (!class_exists(Algorithm::class.'\\'.$algorithm)) {
+            throw new InvalidArgumentException(sprintf('Unsupported signature algorithm "%s". Only ES* and RS* algorithms are supported. If you want to use another algorithm, create your TokenHandler as a service.', $algorithm));
         }
 
         return new $algorithmFqcn();

diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php
@@ -13,12 +13,6 @@
 
 use Jose\Component\Core\Algorithm;
 use Jose\Component\Core\JWK;
-use Jose\Component\Signature\Algorithm\ES256;
-use Jose\Component\Signature\Algorithm\ES384;
-use Jose\Component\Signature\Algorithm\ES512;
-use Jose\Component\Signature\Algorithm\RS256;
-use Jose\Component\Signature\Algorithm\RS384;
-use Jose\Component\Signature\Algorithm\RS512;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SignatureAlgorithmFactory;
 use Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor;
 use Symfony\Component\Security\Http\AccessToken\FormEncodedBodyExtractor;
@@ -91,29 +85,5 @@
             ->args([
                 abstract_arg('signature algorithm'),
             ])
-
-        ->set('security.access_token_handler.oidc.signature.ES256', ES256::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'ES256'])
-
-        ->set('security.access_token_handler.oidc.signature.ES384', ES384::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'ES384'])
-
-        ->set('security.access_token_handler.oidc.signature.ES512', ES512::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'ES512'])
-
-        ->set('security.access_token_handler.oidc.signature.RS256', RS256::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'RS256'])
-
-        ->set('security.access_token_handler.oidc.signature.RS384', RS384::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'RS384'])
-
-        ->set('security.access_token_handler.oidc.signature.RS512', RS512::class)
-            ->parent('security.access_token_handler.oidc.signature')
-            ->args(['index_0' => 'RS512'])
     ;
 };