Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenID Connect #114

Open
wants to merge 59 commits into
base: v2.x
Choose a base branch
from
Open

OpenID Connect #114

wants to merge 59 commits into from

Conversation

MichaelKubovic
Copy link

Thanks to @ajgarlag we have a working, OIDC-compliant integration.

The code in this PR covers:

  • steverhoades/oauth2-openid-connect-server integration
  • adds support for nonce to comply with spec (RP CAN use nonce, but when they do, we cannot drop it)
  • default authentication-enforcing and authorization implementations

ajgarlag and others added 30 commits January 20, 2019 19:09
@ajgarlag
Add support for the "authorization_code" grant type
db82e08
@ajgarlag
Add some integration tests
b4e41c5
@ajgarlag
Add final integration tests
34d6e4e
@ajgarlag
Use an event to resolve authorization request
6aace21 
An event listener shoud allow or deny the authorization request, or provide
an URI where the user will be redirected to view the authorization interface
@ajgarlag
Minor fixes
4e8a508
@ajgarlag
Remove unused dependencies
b1b67e8
@ajgarlag
Use ScopeConverter to convert scopes
a79d41e
@ajgarlag
Improve naming and semantics
87ab8cc
@ajgarlag
Adds "OpenID Connect" support
c89cfb8
@ajgarlag
Move the authorization check into an EventListener
84a2a5a
@ajgarlag
Remove authorization check
c2ca3f5
@ajgarlag
Fix README
2e4c9c7
@MichaelKubovic
Merge remote-tracking branch 'ajgarlag/feature/authorization_code'
7e4d68a
@MichaelKubovic
Merge remote-tracking branch 'ajgarlag/feature/openid-connect'
074a27e
@ajgarlag
Rename decisionUri to resolutionUri
345c0b6 
This Uri can represent any URI, not only the decision (consent) uri.
@MichaelKubovic
Merge remote-tracking branch 'ajgarlag/feature/authorization_code'
98720dd
@ajgarlag
Add return types to AuthorizationRequestResolveEvent
a8dd556
@MichaelKubovic
refactored authoriztion controller to independent event listeners
cc4a780
@MichaelKubovic
refactored authoriztion controller to independent event listeners
050fc3a 
# Conflicts:
#	OAuth2Events.php
@MichaelKubovic
adds authorization strategy configuration
2754317
@MichaelKubovic
Merge branch 'feature/authorization_code' into develop
b2c1108 
# Conflicts:
#	DependencyInjection/TrikoderOAuth2Extension.php
#	Event/Listener/AuthorizationRequestUserResolvingListener.php
#	Resources/config/services.xml
@MichaelKubovic
configure openid connect authentiction listener
fd2f6f8
@ajgarlag
Use Security class instead of TokenStorageInterface
39e479f
@ajgarlag
Use integers instead of booleans values for authorization resolution.
c060226
@ajgarlag
Test authorization code request with faked redirect uri
b6f385a
@ajgarlag
Rename AuthCode to AuthorizationCode
d45129d 
Classes under the `Trikoder\Bundle\OAuth2Bundle\League` remain named as
AuthCode to reflect the naming choosen by the league/oauth2-server project.
@ajgarlag
Method AbstractIntegrationTest::handleAuthorizeRequest returns Respon…
f3ada2f 
…se instead of array
@ajgarlag
Rename test methods
6f9e8b0
@ajgarlag
Update the AuthorizationRequestResolveEvent workflow
57fe8d2
@MichaelKubovic
Merge remote-tracking branch 'ajgarlag/feature/authorization_code' in…
ddb8720 
…to feature/authorization_code

# Conflicts:
#	Controller/AuthorizationController.php
#	Event/AuthorizationRequestResolveEvent.php
#	Resources/config/services.xml
MichaelKubovic and others added 14 commits May 9, 2019 12:12
@MichaelKubovic
get definition by id instead of alias
f385bd1
@MichaelKubovic
Made authentication listener extendable, fixed service configurations
5348443
@MichaelKubovic
Merge branch 'master' into develop
6e4e68f 
# Conflicts:
#	DependencyInjection/TrikoderOAuth2Extension.php
#	Resources/config/services.xml
#	Tests/Acceptance/AbstractAcceptanceTest.php
#	Tests/Acceptance/TokenEndpointTest.php
#	Tests/Fixtures/FixtureFactory.php
#	Tests/Integration/AbstractIntegrationTest.php
#	composer.json
@MichaelKubovic
make properties protected to make them accesible for subclasses
f48d907
@MichaelKubovic
adds nonce support
79cc5cf
@MichaelKubovic
Merge remote-tracking branch 'upstream/master' into develop
de9f8de 
# Conflicts:
#	DependencyInjection/Configuration.php
@MichaelKubovic
Merge remote-tracking branch 'upstream/master' into develop
6075e5e 
# Conflicts:
#	Controller/AuthorizationController.php
#	DependencyInjection/Configuration.php
#	DependencyInjection/TrikoderOAuth2Extension.php
#	Event/AuthorizationRequestResolveEvent.php
#	League/Entity/AuthCode.php
#	League/Repository/AuthCodeRepository.php
#	Manager/AuthorizationCodeManagerInterface.php
#	Manager/Doctrine/AuthorizationCodeManager.php
#	Manager/InMemory/AuthorizationCodeManager.php
#	Model/AuthorizationCode.php
#	OAuth2Events.php
#	OAuth2Grants.php
#	Resources/config/doctrine/model/AuthorizationCode.orm.xml
#	Resources/config/services.xml
#	Tests/Acceptance/AuthorizationEndpointTest.php
#	Tests/Acceptance/TokenEndpointTest.php
#	Tests/Fixtures/FixtureFactory.php
#	Tests/Integration/AbstractIntegrationTest.php
#	Tests/Integration/AuthorizationServerTest.php
#	Tests/TestHelper.php
#	composer.json
@MichaelKubovic
brings nonce back after merge
4d84913
@MichaelKubovic
approveAuthorization method name changed in upstream
dffde0c
@spideyfusion
Merge pull request trikoder#97 from trikoder/v2.x
c8712d4 
Merge v2.0.1 into master
@MichaelKubovic
Merge remote-tracking branch 'upstream/v2.x' into develop
2158c1d 
# Conflicts:
#	DependencyInjection/TrikoderOAuth2Extension.php
#	Resources/config/routes.xml
#	Resources/config/services.xml
#	composer.json
@MichaelKubovic
fixes after merge
1a44f60
@MichaelKubovic
Merge remote-tracking branch 'upstream/master' into develop
1f8524b
@MichaelKubovic
Reorganized listeners to follow the upstream structure
8d8fe9f
@ajgarlag
Copy link
Contributor

ajgarlag commented Nov 7, 2019

@MichaelKubovic, thanks for your mention.

As the original author of the implementation, I discarded the idea to submit it as a PR because I think it is out of the scope of this bundle. But is up to the @trikoder team to decide about it.

Currently I'm implementing the OIDC support as a different bundle that leverages this one to provide the oAuth2 server implementation.

If this PR is discarded, I could publish my current draft implementation, so you can collaborate if you want.

@spideyfusion
Copy link
Contributor

@MichaelKubovic @ajgarlag Thank you for your continued involvement with bundle's development. We'll review this PR soon. 👍

@jankulovski
Copy link

Any updates on this?

@Tayfun74
Copy link

Any updates?

@alenpokos
Copy link

@jankulovski @Tayfun74 Sorry for no response. It is holiday season here and the team is a bit more in vacation mode. We should be back in full number in the next week and I am sure @spideyfusion will also find the time to provide feedback on this PR.

@spideyfusion spideyfusion self-assigned this Jan 17, 2020
@Tayfun74
Copy link

Tayfun74 commented Mar 4, 2020

@spideyfusion When do you have time to provide feedback?

@spideyfusion spideyfusion linked an issue Apr 20, 2020 that may be closed by this pull request
Support for OpenId Connect #25
Closed
@nanasess nanasess mentioned this pull request Jul 10, 2020
Open
@Tayfun74
Copy link

Any updates on this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@spideyfusion spideyfusion

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for OpenId Connect
8 participants
@MichaelKubovic @ajgarlag @spideyfusion @jankulovski @Tayfun74 @alenpokos @mikaelz @miso93