Store both the id- and the accessToken

Author: mariusjp

composer.json

@@ -2,7 +2,7 @@
     "name": "coddin-web/oidc-client-laravel-wrapper",
     "description": "A Laravel wrapper of jumbojett's OpenID Connect Client",
     "type": "library",
-    "version": "1.3.3",
+    "version": "1.4.0",
     "minimum-stability": "stable",
     "prefer-stable": true,
     "require": {

src/Http/Middleware/OpenIDConnectAuthenticated.php

@@ -43,10 +43,15 @@ public function handle(Request $request, \Closure $next): mixed
             return $next($request);
         }
 
+        $idToken = $this->tokenStorageAdaptor->find(TokenStorageAdaptor::ID_TOKEN_STORAGE_KEY);
         $accessToken = $this->tokenStorageAdaptor->find(TokenStorageAdaptor::ACCESS_TOKEN_STORAGE_KEY);
 
-        if ($accessToken !== null) {
-            return $this->handleExistingToken($accessToken, $request, $next);
+        if ($idToken !== null && $accessToken !== null) {
+            return $this->handleExistingToken(
+                accessToken: $accessToken,
+                request: $request,
+                next: $next,
+            );
         }
 
         try {
@@ -58,9 +63,11 @@ public function handle(Request $request, \Closure $next): mixed
 
             $openIDClient->authenticate();
 
+            $accessToken = $jwtVerifier->parser()->parse($openIDClient->getAccessToken());
             $idToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
             $this->tokenStorageAdaptor->put(
-                accessToken: $idToken,
+                idToken: $idToken,
+                accessToken: $accessToken,
                 refreshToken: $openIDClient->getRefreshToken(),
             );
 
@@ -130,9 +137,11 @@ private function handleExistingToken(
 
             $jwtVerifier = $this->jwtVerifierBuilder->execute();
             $newIdToken = $jwtVerifier->parser()->parse($openIDClient->getIdToken());
+            $newAccessToken = $jwtVerifier->parser()->parse($openIDClient->getAccessToken());
 
             $this->tokenStorageAdaptor->put(
-                accessToken: $newIdToken,
+                idToken: $newIdToken,
+                accessToken: $newAccessToken,
                 refreshToken: $openIDClient->getRefreshToken(),
             );
         }

src/Service/Token/Storage/IlluminateSessionAdaptorToken.php

@@ -37,9 +37,11 @@ public function get(string $type): Token
     }
 
     public function put(
+        Token $idToken,
         Token $accessToken,
         ?string $refreshToken = null,
     ): void {
+        $this->sessionStore->put($this->getIdTokenStorageKey(), $idToken);
         $this->sessionStore->put($this->getAccessTokenStorageKey(), $accessToken);
         if ($refreshToken !== null) {
             $this->sessionStore->put($this->getRefreshTokenStorageKey(), $refreshToken);
@@ -48,11 +50,17 @@ public function put(
 
     public function forget(): void
     {
+        $this->sessionStore->forget($this->getIdTokenStorageKey());
         $this->sessionStore->forget($this->getAccessTokenStorageKey());
         $this->sessionStore->forget($this->getRefreshTokenStorageKey());
         $this->sessionStore->save();
     }
 
+    public function getIdTokenStorageKey(): string
+    {
+        return self::ID_TOKEN_STORAGE_KEY;
+    }
+
     public function getAccessTokenStorageKey(): string
     {
         return self::ACCESS_TOKEN_STORAGE_KEY;

src/Service/Token/Storage/TokenStorageAdaptor.php

@@ -9,6 +9,7 @@
 
 interface TokenStorageAdaptor
 {
+    public const ID_TOKEN_STORAGE_KEY = 'oidc_session_key_id_token';
     public const ACCESS_TOKEN_STORAGE_KEY = 'oidc_session_key_access_token';
     public const REFRESH_TOKEN_STORAGE_KEY = 'oidc_session_key_refresh_token';
 
@@ -20,13 +21,13 @@ public function find(string $type): ?Token;
     public function get(string $type): Token;
 
     public function put(
+        Token $idToken,
         Token $accessToken,
         ?string $refreshToken = null,
     ): void;
 
     public function forget(): void;
 
-
     public function getAccessTokenStorageKey(): string;
 
     public function getRefreshTokenStorageKey(): string;