From 882538130b070af23b1e1327619b6653896761c6 Mon Sep 17 00:00:00 2001 From: = Date: Fri, 19 Jun 2026 09:50:41 +0000 Subject: [PATCH] Feat: make signin / signout uris render related to apptype - Introduced `needSignInUris` and `needSignOutUris` methods in `OidcConfigResolver` to determine URI requirements based on app type. - Updated `AuthorizationCodeClientFactory` to merge sign-in and sign-out URIs for redirect handling. - Enhanced app creation UI to conditionally display sign-in and sign-out URI fields. - Added authorization check for OIDC app creation using `AppPermissionEnum`. --- .../AuthorizationCodeClientFactory.php | 3 +- .../Applications/OIDC/OidcConfigResolver.php | 12 +++ .../Applications/OIDC/OidcService.php | 3 +- .../views/pages/apps/oidc/⚡create.blade.php | 99 +++++++++++-------- 4 files changed, 75 insertions(+), 42 deletions(-) diff --git a/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php b/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php index 7b7e2cc..9259e75 100644 --- a/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php +++ b/app/Services/Applications/OIDC/Factory/AuthorizationCodeClientFactory.php @@ -23,7 +23,8 @@ public function create( ): ClientCredentialsData { $client = $this->client->createAuthorizationCodeGrantClient( name: $data->name, - redirectUris: $data->signInUris, + // laravel-oidc-server expects redirect_uris to consist of sign_in and sign_out uris. + redirectUris: array_merge($data->signInUris, $data->signOutUris), confidential: ApplicationTypeEnum::Web === $data->type, ); diff --git a/app/Services/Applications/OIDC/OidcConfigResolver.php b/app/Services/Applications/OIDC/OidcConfigResolver.php index d43ce81..9babdc9 100644 --- a/app/Services/Applications/OIDC/OidcConfigResolver.php +++ b/app/Services/Applications/OIDC/OidcConfigResolver.php @@ -21,4 +21,16 @@ public function hasClientSecret(): bool { return ApplicationTypeEnum::SPA !== $this->applicationType; } + + public function needSignInUris(): bool + { + + return ApplicationTypeEnum::Machine !== $this->applicationType; + } + + public function needSignOutUris(): bool + { + + return ApplicationTypeEnum::Machine !== $this->applicationType; + } } diff --git a/app/Services/Applications/OIDC/OidcService.php b/app/Services/Applications/OIDC/OidcService.php index fd4cead..e7e8376 100644 --- a/app/Services/Applications/OIDC/OidcService.php +++ b/app/Services/Applications/OIDC/OidcService.php @@ -10,8 +10,7 @@ use App\Models\{ConnectionProtocol, ConnectionStatus}; use App\Services\{ApplicationLogoUploader, ConnectedAppService}; use App\Services\Applications\OIDC\Factory\ClientCreationFactory; -use Illuminate\Support\Facades\DB; -use Illuminate\Support\Facades\Log; +use Illuminate\Support\Facades\{DB, Log}; use Illuminate\Support\Str; use Throwable; diff --git a/resources/views/pages/apps/oidc/⚡create.blade.php b/resources/views/pages/apps/oidc/⚡create.blade.php index 0d3fa7e..c25867e 100644 --- a/resources/views/pages/apps/oidc/⚡create.blade.php +++ b/resources/views/pages/apps/oidc/⚡create.blade.php @@ -1,9 +1,10 @@ authorize(AppPermissionEnum::Create->value); $this->form->validate(); $this->attempt( function () { $data = StoreOIDCAppData::fromArray($this->applicationType, $this->form->pull()); $appdata = $this->oidcService->createApp($data); - // Show the credentials - $this->created = true; - $this->clientId = $appdata->clientCredentials->clientId; - $this->clientSecret = $appdata->clientCredentials->clientSecret; - $this->app = $appdata->application; + $this->showCredentials($appdata); } ); } @@ -105,6 +103,24 @@ public function clearRoles(): void $this->clearChoice('roles'); } + #[Computed] + public function hasClientSecret(): bool + { + return $this->configResolver->for($this->applicationType)->hasClientSecret(); + } + + #[Computed] + public function needSignInUris(): bool + { + return $this->configResolver->for($this->applicationType)->needSignInUris(); + } + + #[Computed] + public function needSignOutUris(): bool + { + return $this->configResolver->for($this->applicationType)->needSignOutUris(); + } + protected function choiceFields(): array { return [ @@ -116,10 +132,12 @@ protected function choiceFields(): array ]; } - #[Computed] - public function hasClientSecret(): bool + private function showCredentials(CreatedApplicationData $appData): void { - return $this->configResolver->for($this->applicationType)->hasClientSecret(); + $this->clientId = $appData->clientCredentials->clientId; + $this->clientSecret = $appData->clientCredentials->clientSecret; + $this->app = $appData->application; + $this->created = true; } }; ?> @@ -132,7 +150,7 @@ public function hasClientSecret(): bool >
-

{{$app->name}}

@@ -186,37 +204,40 @@ class="btn-primary"
- - -
-
-
-

Sign In Redirect URIs

-

- {{config('app.name')}} sends response and ID Token back to these URIs. -

-
-
- + @if($this->needSignInUris) + +
+
+
+

Sign In Redirect URIs

+

+ Allowed URIs which this app can ask to get the response back. +

+
+
+

You can add this later.

+ +
-
- - - -
-
-
-

Sign out Redirect URIs

-

- {{config('app.name')}} sends back the user to these URIs after logout. -

-
-
- + + @endif + @if($this->needSignOutUris) + +
+
+
+

Sign out Redirect URIs

+

+ Allowed URIs which this app can redirect the user back to after logout. +

+
+
+

You can add this later.

+ +
-
- - + + @endif