- Introduced `needSignInUris` and `needSignOutUris` methods in `OidcConfigResolver` to determine URI requirements based on app type. - Updated `AuthorizationCodeClientFactory` to merge sign-in and sign-out URIs for redirect handling. - Enhanced app creation UI to conditionally display sign-in and sign-out URI fields. - Added authorization check for OIDC app creation using `AppPermissionEnum`.
39 lines
1.1 KiB
PHP
39 lines
1.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Services\Applications\OIDC\Factory;
|
|
|
|
use App\Data\Application\{ClientCredentialsData, StoreOIDCAppData};
|
|
use App\Enums\ApplicationTypeEnum;
|
|
use Exception;
|
|
use Laravel\Passport\ClientRepository;
|
|
|
|
readonly class AuthorizationCodeClientFactory implements ClientCreationContract
|
|
{
|
|
public function __construct(
|
|
private ClientRepository $client,
|
|
) {}
|
|
|
|
/**
|
|
* @throws Exception
|
|
*/
|
|
public function create(
|
|
StoreOIDCAppData $data
|
|
): ClientCredentialsData {
|
|
$client = $this->client->createAuthorizationCodeGrantClient(
|
|
name: $data->name,
|
|
// laravel-oidc-server expects redirect_uris to consist of sign_in and sign_out uris.
|
|
redirectUris: array_merge($data->signInUris, $data->signOutUris),
|
|
confidential: ApplicationTypeEnum::Web === $data->type,
|
|
);
|
|
|
|
return new ClientCredentialsData(
|
|
clientId: $client->id,
|
|
grantType: 'authorization_code',
|
|
clientSecret: $client->plainSecret,
|
|
redirectUris: $client->getAttribute('redirect_uris'),
|
|
);
|
|
}
|
|
}
|