From 4a1e4263dbd9cc26296896275ba8c34b77bda151 Mon Sep 17 00:00:00 2001 From: Christiaan Goossens <9487666+christiaangoossens@users.noreply.github.com> Date: Fri, 26 Apr 2024 14:40:13 +0200 Subject: [PATCH 1/4] Fix a typo in the routes file --- src/Laravel/routes/web.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Laravel/routes/web.php b/src/Laravel/routes/web.php index 68dc143..281b78a 100644 --- a/src/Laravel/routes/web.php +++ b/src/Laravel/routes/web.php @@ -4,9 +4,9 @@ use OpenIDConnect\Laravel\DiscoveryController; use OpenIDConnect\Laravel\JwksController; -if (config('openid.routes.discovery', true)) { - Route::get('/oauth/jwks', JwksController::class)->name('openid.jwks'); -} if (config('openid.routes.jwks', true)) { + Route::get(config('openid.routes.jwks_url', '/oauth/jwks'), JwksController::class)->name('openid.jwks'); +} +if (config('openid.routes.discovery', true)) { Route::get('/.well-known/openid-configuration', DiscoveryController::class)->name('openid.discovery'); } From 3e4b2b921acdbd9b71900a2af181d1655f2aaff4 Mon Sep 17 00:00:00 2001 From: Christiaan Goossens <9487666+christiaangoossens@users.noreply.github.com> Date: Fri, 26 Apr 2024 14:42:58 +0200 Subject: [PATCH 2/4] Add jwks_url to config --- src/Laravel/config/openid.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Laravel/config/openid.php b/src/Laravel/config/openid.php index c9f7ce0..47b08b8 100644 --- a/src/Laravel/config/openid.php +++ b/src/Laravel/config/openid.php @@ -47,9 +47,13 @@ 'discovery' => true, /** * When set to true, this package will expose the JSON Web Key Set endpoint. - * - /oauth/jwks */ 'jwks' => true, + /** + * Optional URL to change the JWKS path to align with your custom Passport routes. + * Defaults to /oauth/jwks + */ + 'jwks_url' => '/oauth/jwks', ], /** From 7115514d9c584d31dd4268ffeb1aa5be548eb37b Mon Sep 17 00:00:00 2001 From: Christiaan Goossens <9487666+christiaangoossens@users.noreply.github.com> Date: Fri, 26 Apr 2024 14:45:43 +0200 Subject: [PATCH 3/4] Fix optional JWKS route in DiscoveryController --- src/Laravel/DiscoveryController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Laravel/DiscoveryController.php b/src/Laravel/DiscoveryController.php index e6dd271..cd17041 100644 --- a/src/Laravel/DiscoveryController.php +++ b/src/Laravel/DiscoveryController.php @@ -13,7 +13,6 @@ public function __invoke(Request $request) 'issuer' => url('/'), 'authorization_endpoint' => route('passport.authorizations.authorize'), 'token_endpoint' => route('passport.token'), - 'jwks_uri' => route('openid.jwks'), 'response_types_supported' => [ 'code', 'token', @@ -41,6 +40,10 @@ public function __invoke(Request $request) $response['userinfo_endpoint'] = route('openid.userinfo'); } + if (Route::has('openid.jwks')) { + $response['jwks_uri'] = route('openid.jwks'); + } + return response()->json($response, 200, [], JSON_PRETTY_PRINT); } } From fe6fd60994ff31d479bc3f63292e007bd096b800 Mon Sep 17 00:00:00 2001 From: Christiaan Goossens <9487666+christiaangoossens@users.noreply.github.com> Date: Fri, 26 Apr 2024 14:46:15 +0200 Subject: [PATCH 4/4] Make the JWKS more fully featured by adding additional key params --- src/Laravel/JwksController.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Laravel/JwksController.php b/src/Laravel/JwksController.php index d8e6f83..7fcd444 100644 --- a/src/Laravel/JwksController.php +++ b/src/Laravel/JwksController.php @@ -15,7 +15,9 @@ public function __invoke() { $jsonData = [ 'keys' => [ [ + 'alg' => 'RS256', 'kty' => 'RSA', + 'use' => 'sig', 'n' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['n'])), '='), 'e' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['e'])), '='), ],