diff --git a/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php b/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php index 7b7e2cc..9259e75 100644 --- a/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php +++ b/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php @@ -23,7 +23,8 @@ public function create( ): ClientCredentialsData { $client = $this->client->createAuthorizationCodeGrantClient( name: $data->name, - redirectUris: $data->signInUris, + // laravel-oidc-server expects redirect_uris to consist of sign_in and sign_out uris. + redirectUris: array_merge($data->signInUris, $data->signOutUris), confidential: ApplicationTypeEnum::Web === $data->type, ); diff --git a/app/Services/Applications/OIDC/OidcConfigResolver.php b/app/Services/Applications/OIDC/OidcConfigResolver.php index d43ce81..9babdc9 100644 --- a/app/Services/Applications/OIDC/OidcConfigResolver.php +++ b/app/Services/Applications/OIDC/OidcConfigResolver.php @@ -21,4 +21,16 @@ public function hasClientSecret(): bool { return ApplicationTypeEnum::SPA !== $this->applicationType; } + + public function needSignInUris(): bool + { + + return ApplicationTypeEnum::Machine !== $this->applicationType; + } + + public function needSignOutUris(): bool + { + + return ApplicationTypeEnum::Machine !== $this->applicationType; + } } diff --git a/app/Services/Applications/OIDC/OidcService.php b/app/Services/Applications/OIDC/OidcService.php index fd4cead..e7e8376 100644 --- a/app/Services/Applications/OIDC/OidcService.php +++ b/app/Services/Applications/OIDC/OidcService.php @@ -10,8 +10,7 @@ use App\Models\{ConnectionProtocol, ConnectionStatus}; use App\Services\{ApplicationLogoUploader, ConnectedAppService}; use App\Services\Applications\OIDC\Factory\ClientCreationFactory; -use Illuminate\Support\Facades\DB; -use Illuminate\Support\Facades\Log; +use Illuminate\Support\Facades\{DB, Log}; use Illuminate\Support\Str; use Throwable; diff --git a/resources/views/pages/apps/oidc/⚡create.blade.php b/resources/views/pages/apps/oidc/⚡create.blade.php index 0d3fa7e..c25867e 100644 --- a/resources/views/pages/apps/oidc/⚡create.blade.php +++ b/resources/views/pages/apps/oidc/⚡create.blade.php @@ -1,9 +1,10 @@ authorize(AppPermissionEnum::Create->value); $this->form->validate(); $this->attempt( function () { $data = StoreOIDCAppData::fromArray($this->applicationType, $this->form->pull()); $appdata = $this->oidcService->createApp($data); - // Show the credentials - $this->created = true; - $this->clientId = $appdata->clientCredentials->clientId; - $this->clientSecret = $appdata->clientCredentials->clientSecret; - $this->app = $appdata->application; + $this->showCredentials($appdata); } ); } @@ -105,6 +103,24 @@ public function clearRoles(): void $this->clearChoice('roles'); } + #[Computed] + public function hasClientSecret(): bool + { + return $this->configResolver->for($this->applicationType)->hasClientSecret(); + } + + #[Computed] + public function needSignInUris(): bool + { + return $this->configResolver->for($this->applicationType)->needSignInUris(); + } + + #[Computed] + public function needSignOutUris(): bool + { + return $this->configResolver->for($this->applicationType)->needSignOutUris(); + } + protected function choiceFields(): array { return [ @@ -116,10 +132,12 @@ protected function choiceFields(): array ]; } - #[Computed] - public function hasClientSecret(): bool + private function showCredentials(CreatedApplicationData $appData): void { - return $this->configResolver->for($this->applicationType)->hasClientSecret(); + $this->clientId = $appData->clientCredentials->clientId; + $this->clientSecret = $appData->clientCredentials->clientSecret; + $this->app = $appData->application; + $this->created = true; } }; ?> @@ -132,7 +150,7 @@ public function hasClientSecret(): bool >
- {{config('app.name')}} sends response and ID Token back to these URIs. -
-+ Allowed URIs which this app can ask to get the response back. +
+You can add this later.
+- {{config('app.name')}} sends back the user to these URIs after logout. -
-+ Allowed URIs which this app can redirect the user back to after logout. +
+You can add this later.
+