Change accessToken to idToken for more available information

Author: mariusjp

composer.json

@@ -2,7 +2,7 @@
     "name": "coddin-web/oidc-client-laravel-wrapper",
     "description": "A Laravel wrapper of jumbojett's OpenID Connect Client",
     "type": "library",
-    "version": "1.3.3",
+    "version": "1.3.4",
     "minimum-stability": "stable",
     "prefer-stable": true,
     "require": {

src/Builder/JWTVerifierBuilder.php

@@ -6,13 +6,10 @@
 
 use Coddin\OpenIDConnectClient\Helper\ConfigRepository;
 use Coddin\OpenIDConnectClient\Helper\ConfigRepositoryException;
-use Lcobucci\Clock\FrozenClock;
 use Lcobucci\JWT\Configuration;
 use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Lcobucci\JWT\Validation\Constraint\IssuedBy;
-use Lcobucci\JWT\Validation\Constraint\SignedWith;
-use Lcobucci\JWT\Validation\Constraint\StrictValidAt;
 
 final class JWTVerifierBuilder
 {
@@ -41,13 +38,6 @@ public function execute(): Configuration
                 new IssuedBy(
                     id: $this->configRepository->getAsString('oidc.provider.issuer'),
                 ),
-//                new SignedWith(
-//                    signer: $signer,
-//                    key: $key,
-//                ),
-//                new StrictValidAt(
-//                    clock: new FrozenClock(new \DateTimeImmutable()),
-//                ),
             );
 
         return $configuration;

src/Http/Middleware/OpenIDConnectAuthenticated.php

@@ -58,14 +58,13 @@ public function handle(Request $request, \Closure $next): mixed
 
             $openIDClient->authenticate();
 
-            $accessToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
+            $idToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
             $this->tokenStorageAdaptor->put(
-                accessToken: $accessToken,
+                accessToken: $idToken,
                 refreshToken: $openIDClient->getRefreshToken(),
             );
 
             /** @var Plain $idToken */
-            $idToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
             $userUuid = $idToken->claims()->get('sub');
             $userName = $idToken->claims()->get('nickname');
             $userEmail = $idToken->claims()->get('email');
@@ -130,9 +129,10 @@ private function handleExistingToken(
             $openIDClient->refreshToken($refreshToken->toString());
 
             $jwtVerifier = $this->jwtVerifierBuilder->execute();
-            $newAccessToken = $jwtVerifier->parser()->parse($openIDClient->getAccessToken());
+            $newIdToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
+
             $this->tokenStorageAdaptor->put(
-                accessToken: $newAccessToken,
+                accessToken: $newIdToken,
                 refreshToken: $openIDClient->getRefreshToken(),
             );
         }

src/Service/Token/Storage/IlluminateSessionAdaptorToken.php

@@ -17,11 +17,7 @@ public function __construct(
 
     public function find(string $type): ?Token
     {
-        if ($type !== $this->getAccessTokenStorageKey() && $type !== $this->getRefreshTokenStorageKey()) {
-            return null;
-        }
-
-        $token = $this->sessionStore->get($this->getAccessTokenStorageKey());
+        $token = $this->sessionStore->get($type);
         if (!$token instanceof Token) {
             return null;
         }
@@ -40,8 +36,10 @@ public function get(string $type): Token
         return $token;
     }
 
-    public function put(Token $accessToken, ?string $refreshToken = null): void
-    {
+    public function put(
+        Token $accessToken,
+        ?string $refreshToken = null,
+    ): void {
         $this->sessionStore->put($this->getAccessTokenStorageKey(), $accessToken);
         if ($refreshToken !== null) {
             $this->sessionStore->put($this->getRefreshTokenStorageKey(), $refreshToken);

src/Service/Token/Storage/TokenStorageAdaptor.php

@@ -9,8 +9,8 @@
 
 interface TokenStorageAdaptor
 {
-    public const ACCESS_TOKEN_STORAGE_KEY = 'oidc_id_access_token';
-    public const REFRESH_TOKEN_STORAGE_KEY = 'oidc_id_refresh_token';
+    public const ACCESS_TOKEN_STORAGE_KEY = 'oidc_session_key_access_token';
+    public const REFRESH_TOKEN_STORAGE_KEY = 'oidc_session_key_refresh_token';
 
     public function find(string $type): ?Token;
 
@@ -19,10 +19,14 @@ public function find(string $type): ?Token;
      */
     public function get(string $type): Token;
 
-    public function put(Token $accessToken, ?string $refreshToken = null): void;
+    public function put(
+        Token $accessToken,
+        ?string $refreshToken = null,
+    ): void;
 
     public function forget(): void;
 
+
     public function getAccessTokenStorageKey(): string;
 
     public function getRefreshTokenStorageKey(): string;

tests/Unit/Builder/JWTVerifierBuilderTest.php

@@ -7,8 +7,6 @@
 use Coddin\OpenIDConnectClient\Builder\JWTVerifierBuilder;
 use Coddin\OpenIDConnectClient\Helper\ConfigRepository;
 use Lcobucci\JWT\Validation\Constraint\IssuedBy;
-use Lcobucci\JWT\Validation\Constraint\SignedWith;
-use Lcobucci\JWT\Validation\Constraint\StrictValidAt;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
@@ -46,20 +44,14 @@ public function execute(): void
 
         $constraints = $jwtVerifier->validationConstraints();
 
-        self::assertCount(3, $constraints);
+        self::assertCount(1, $constraints);
 
-        $expectedNrOfMatches = 3;
+        $expectedNrOfMatches = 1;
         $countedNrOfMatches = 0;
         foreach ($constraints as $constraint) {
             if ($constraint instanceof IssuedBy) {
                 $countedNrOfMatches++;
             }
-            if ($constraint instanceof SignedWith) {
-                $countedNrOfMatches++;
-            }
-            if ($constraint instanceof StrictValidAt) {
-                $countedNrOfMatches++;
-            }
         }
 
         self::assertEquals($expectedNrOfMatches, $countedNrOfMatches, 'The constraint types do not match');

tests/Unit/Http/Middleware/OpenIDConnectAuthenticatedTest.php

@@ -1,5 +1,7 @@
 <?php
 
+/** @noinspection PhpMissingFieldTypeInspection */
+
 declare(strict_types=1);
 
 namespace Coddin\Tests\Unit\Http\Middleware;
@@ -30,20 +32,20 @@
 final class OpenIDConnectAuthenticatedTest extends TestCase
 {
     /** @var ResponseFactory & MockObject */
-    private ResponseFactory|MockObject $responseFactory;
+    private $responseFactory;
     /** @var OpenIDConnectClientBuilder & MockObject */
-    private OpenIDConnectClientBuilder|MockObject $openIDConnectClientBuilder;
+    private $openIDConnectClientBuilder;
     /** @var JWTVerifierBuilder & MockObject */
-    private JWTVerifierBuilder|MockObject $jwtVerifierBuilder;
+    private $jwtVerifierBuilder;
     /** @var TokenStorageAdaptor & MockObject */
-    private TokenStorageAdaptor|MockObject $storageAdaptor;
+    private $storageAdaptor;
     /** @var ConfigRepository & MockObject */
-    private ConfigRepository|MockObject $configRepository;
+    private $configRepository;
 
     /** @var Request & MockObject */
-    private Request|MockObject $request;
+    private $request;
     /** @var ClosureTestClass & MockObject */
-    private ClosureTestClass|MockObject $closure;
+    private $closure;
 
     protected function setUp(): void
     {
@@ -206,7 +208,7 @@ public function existing_token_almost_expired(): void
 
         $openIDConnectClient
             ->expects(self::once())
-            ->method('getAccessToken')
+            ->method('getIdToken')
             ->willReturn('this_is_an_access_token');
 
         $newAccessToken = $this->createMock(Token::class);
@@ -312,15 +314,10 @@ private function authenticateWithNewToken(): void
 
         $parser = $this->createPartialMock(Parser::class, ['parse']);
         $jwtVerifier
-            ->expects(self::exactly(2))
+            ->expects(self::once())
             ->method('parser')
             ->willReturn($parser);
 
-        $openIDClient
-            ->expects(self::once())
-            ->method('getAccessToken')
-            ->willReturn('access_token.second_part.third_part');
-
         $openIDClient
             ->expects(self::once())
             ->method('getIdToken')
@@ -341,23 +338,19 @@ private function authenticateWithNewToken(): void
                 '[email protected]',
             );
 
-        $accessToken = $this->createPartialMock(Token\Plain::class, []);
-
         $idToken = $this->createPartialMock(Token\Plain::class, ['claims']);
         $idToken
             ->expects(self::exactly(3))
             ->method('claims')
             ->willReturn($dataSet);
 
         $parser
-            ->expects(self::exactly(2))
+            ->expects(self::once())
             ->method('parse')
             ->withConsecutive(
-                ['access_token.second_part.third_part'],
                 ['id_token.second_part.third_part'],
             )
             ->willReturnOnConsecutiveCalls(
-                $accessToken,
                 $idToken,
             );
 
@@ -371,7 +364,7 @@ private function authenticateWithNewToken(): void
             ->expects(self::once())
             ->method('put')
             ->with(
-                $accessToken,
+                $idToken,
                 $refreshToken,
             );
     }

tests/Unit/Http/Middleware/TokenAuthenticatedTest.php

@@ -1,5 +1,7 @@
 <?php
 
+/** @noinspection PhpMissingFieldTypeInspection */
+
 declare(strict_types=1);
 
 namespace Coddin\Tests\Unit\Http\Middleware;
@@ -24,14 +26,14 @@
 final class TokenAuthenticatedTest extends \Orchestra\Testbench\TestCase
 {
     /** @var TokenStorageAdaptor & MockObject */
-    private TokenStorageAdaptor|MockObject $storageAdaptor;
+    private $storageAdaptor;
     /** @var JWTVerifierBuilder & MockObject */
-    private JWTVerifierBuilder|MockObject $jwtVerifierBuilder;
+    private $jwtVerifierBuilder;
 
     /** @var Request & MockObject */
-    private Request|MockObject $request;
+    private $request;
     /** @var ClosureTestClass & MockObject */
-    private ClosureTestClass|MockObject $closure;
+    private $closure;
 
     protected function setUp(): void
     {

tests/Unit/Storage/IlluminateSessionAdaptorTokenTest.php

@@ -40,7 +40,7 @@ public function missing_token_in_session(): void
         $this->store
             ->expects(self::once())
             ->method('get')
-            ->with('oidc_id_access_token')
+            ->with('oidc_session_key_access_token')
             ->willReturn(null);
 
         self::expectException(MissingTokenException::class);
@@ -60,7 +60,7 @@ public function get_token(): void
         $this->store
             ->expects(self::once())
             ->method('get')
-            ->with('oidc_id_access_token')
+            ->with('oidc_session_key_access_token')
             ->willReturn($token);
 
         $tokenAdaptor = new IlluminateSessionAdaptorToken(
@@ -78,7 +78,7 @@ public function put_accessToken_only(): void
         $this->store
             ->expects(self::once())
             ->method('put')
-            ->with('oidc_id_access_token', $token);
+            ->with('oidc_session_key_access_token', $token);
 
         $tokenAdaptor = new IlluminateSessionAdaptorToken(
             sessionStore: $this->store,
@@ -97,11 +97,11 @@ public function put_accessToken_and_refreshToken(): void
             ->method('put')
             ->withConsecutive(
                 [
-                    'oidc_id_access_token',
+                    'oidc_session_key_access_token',
                     $accessToken,
                 ],
                 [
-                    'oidc_id_refresh_token',
+                    'oidc_session_key_refresh_token',
                     $refreshToken,
                 ],
             );