Making the issuer configurable.

moufmouf · moufmouf · commit da5191db32a5 · 2024-01-18T10:58:48.000+01:00
So far, the issuer was generated using `'https://' . $_SERVER['HTTP_HOST']`.

While this value is fine most of the time, it can cause trouble in:

- development environments (where the protocol is `http://`)
- long-lived PHP environments (like Swoole, ReactPHP...) where `$_SERVER['HTTP_HOST']` might not exist

I'm trying here to make the issuer configurable.
diff --git a/src/IdTokenResponse.php b/src/IdTokenResponse.php
@@ -21,15 +21,18 @@ class IdTokenResponse extends BearerTokenResponse
     protected ClaimExtractor $claimExtractor;
 
     private Configuration $config;
+    private ?string $issuer;
 
     public function __construct(
         IdentityRepositoryInterface $identityRepository,
         ClaimExtractor $claimExtractor,
-        Configuration $config
+        Configuration $config,
+        string $issuer = null,
     ) {
         $this->identityRepository = $identityRepository;
         $this->claimExtractor = $claimExtractor;
         $this->config = $config;
+        $this->issuer = $issuer;
     }
 
     protected function getBuilder(
@@ -41,7 +44,7 @@ protected function getBuilder(
         return $this->config
             ->builder()
             ->permittedFor($accessToken->getClient()->getIdentifier())
-            ->issuedBy('https://' . $_SERVER['HTTP_HOST'])
+            ->issuedBy($this->issuer ?? 'https://' . $_SERVER['HTTP_HOST'])
             ->issuedAt($dateTimeImmutableObject)
             ->expiresAt($dateTimeImmutableObject->add(new DateInterval('PT1H')))
             ->relatedTo($userEntity->getIdentifier());
diff --git a/src/Laravel/PassportServiceProvider.php b/src/Laravel/PassportServiceProvider.php
@@ -55,6 +55,7 @@ public function makeAuthorizationServer(): AuthorizationServer
                 app(config('openid.signer')),
                 InMemory::file($cryptKey->getKeyPath()),
             ),
+            app('request')->getSchemeAndHttpHost(),
         );
 
         return new AuthorizationServer(
diff --git a/tests/Factories/IdTokenResponseFactory.php b/tests/Factories/IdTokenResponseFactory.php
@@ -16,26 +16,30 @@ private function build(
         IdentityRepositoryInterface $identityRepository,
         ClaimExtractor $claimExtractor,
         ?Configuration $config = null,
+        ?string $issuer = null,
     ): BearerTokenResponse {
         return new IdTokenResponse(
             $identityRepository,
             $claimExtractor,
             $config ?? ConfigutationFactory::default(),
+            $issuer,
         );
     }
 
     public static function default(
         IdentityRepositoryInterface $identityRepository,
         ClaimExtractor $claimExtractor,
+        ?string $issuer = null,
     ): BearerTokenResponse {
-        return (new static())->build($identityRepository, $claimExtractor);
+        return (new static())->build($identityRepository, $claimExtractor, null, $issuer);
     }
 
     public static function withConfig(
         IdentityRepositoryInterface $identityRepository,
         ClaimExtractor $claimExtractor,
-        Configuration $config
+        Configuration $config,
+        ?string $issuer = null,
     ): BearerTokenResponse {
-        return (new static())->build($identityRepository, $claimExtractor, $config);
+        return (new static())->build($identityRepository, $claimExtractor, $config, $issuer);
     }
 }
