Extract issuedBy retrieval

ecs.php

@@ -10,7 +10,6 @@
 use PhpCsFixer\Fixer\Operator\BinaryOperatorSpacesFixer;
 use SlevomatCodingStandard\Sniffs\Arrays\TrailingArrayCommaSniff;
 use SlevomatCodingStandard\Sniffs\Classes\ClassConstantVisibilitySniff;
-use SlevomatCodingStandard\Sniffs\Classes\ClassMemberSpacingSniff;
 use SlevomatCodingStandard\Sniffs\Classes\ConstantSpacingSniff;
 use SlevomatCodingStandard\Sniffs\Classes\EmptyLinesAroundClassBracesSniff;
 use SlevomatCodingStandard\Sniffs\Classes\PropertySpacingSniff;
@@ -38,11 +37,10 @@
     $services->set(ClassConstantVisibilitySniff::class);
     $services->set(TrailingArrayCommaSniff::class);
     $services->set(ArrayIndentSniff::class);
-    $services->set(ClassMemberSpacingSniff::class);
     $services->set(CastSpacingSniff::class);
     $services->set(SpaceAfterCastSniff::class);
     $services->set(LineLengthSniff::class)
-        ->property('absoluteLineLimit', 120);
+        ->property('absoluteLineLimit', 150);
     $services->set(FunctionSpacingSniff::class)
         ->property('spacing', 1)
         ->property('spacingBeforeFirst', 0)

src/IdTokenResponse.php

@@ -13,19 +13,16 @@
 use OpenIDConnect\Interfaces\CurrentRequestServiceInterface;
 use OpenIDConnect\Interfaces\IdentityEntityInterface;
 use OpenIDConnect\Interfaces\IdentityRepositoryInterface;
+use OpenIDConnect\Services\IssuedByGetter;
 
 class IdTokenResponse extends BearerTokenResponse {
     use CryptTrait;
 
     protected IdentityRepositoryInterface $identityRepository;
-
     protected ClaimExtractor $claimExtractor;
-
     private Configuration $config;
     private ?CurrentRequestServiceInterface $currentRequestService;
-
     private array $tokenHeaders;
-
     private bool $useMicroseconds;
 
     public function __construct(
@@ -36,7 +33,7 @@ public function __construct(
         bool $useMicroseconds = true,
         CurrentRequestServiceInterface $currentRequestService = null,
         $encryptionKey = null,
-        protected ?string $issuedBy = null
+        protected string $issuedByConfigured = 'laravel',
     ) {
         $this->identityRepository = $identityRepository;
         $this->claimExtractor = $claimExtractor;
@@ -59,35 +56,12 @@ protected function getBuilder(
         return $this->config
             ->builder()
             ->permittedFor($accessToken->getClient()->getIdentifier())
-            ->issuedBy($this->getIssuedBy())
+            ->issuedBy(IssuedByGetter::get($this->currentRequestService, $this->issuedByConfigured))
             ->issuedAt($dateTimeImmutableObject)
             ->expiresAt($dateTimeImmutableObject->add(new DateInterval('PT1H')))
             ->relatedTo($userEntity->getIdentifier());
     }
 
-    private function getIssuedBy(): string
-    {
-        if($this->issuedBy === 'laravel-url') {
-            return url('/');
-        } elseif($this->issuedBy === null || $this->issuedBy === 'auto-detect') {
-            $host = $_SERVER['HTTP_HOST'] ?? null;
-
-            if (empty($host)) {
-                return url('/');
-            }
-
-            $scheme = $_SERVER['REQUEST_SCHEME'] ?? null;
-
-            if (empty($scheme)) {
-                $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
-            }
-
-            return $scheme . '://' . $host;
-        } else {
-            return $this->issuedBy;
-        }
-    }
-
     protected function getExtraParams(AccessTokenEntityInterface $accessToken): array {
         /**
          * Include the scope return value, which according to RFC 6749, section 5.1 (and 3.3)

src/Laravel/DiscoveryController.php

@@ -6,18 +6,19 @@
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\URL;
 use Laravel\Passport\Passport;
+use OpenIDConnect\Services\IssuedByGetter;
 
 class DiscoveryController
 {
     /**
      * Compatible with https://openid.net/specs/openid-connect-discovery-1_0.html, chapter 3
      */
-    public function __invoke(Request $request)
+    public function __invoke(Request $request, LaravelCurrentRequestService $currentRequestService)
     {
         URL::forceScheme('https'); // for route() calls below
 
         $response = [
-            'issuer' => 'https://' . $_SERVER['HTTP_HOST'],
+            'issuer' => IssuedByGetter::get($currentRequestService, config('openid.issuedBy', 'laravel')),
             'authorization_endpoint' => route('passport.authorizations.authorize'),
             'token_endpoint' => route('passport.token'),
             'grant_types_supported' => $this->getSupportedGrantTypes(),
@@ -52,7 +53,7 @@ public function __invoke(Request $request)
 
     /**
      * Returns JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports.
-     * The server MUST support the openid scope value. 
+     * The server MUST support the openid scope value.
      * Servers MAY choose not to advertise some supported scope values even when this parameter is used,
      * although those defined in [OpenID.Core] SHOULD be listed, if supported.
      */

src/Laravel/PassportServiceProvider.php

@@ -62,7 +62,7 @@ public function makeAuthorizationServer(): AuthorizationServer
             config('openid.use_microseconds'),
             app(LaravelCurrentRequestService::class),
             $encryptionKey,
-            config('openid.issuedBy', null)
+            config('openid.issuedBy', 'laravel')
         );
 
         return new AuthorizationServer(

src/Laravel/config/openid.php

@@ -83,9 +83,9 @@
     'use_microseconds' => true,
 
     /**
-     * Value for the issuedBy params. By default: auto-detect to get the scheme and host from the $_SERVER variable.
-     * Use "laravel-url" to use url('/') and let laravel decide
-     * Use any other string for direct use of it.
+     * Value for the issuedBy params. By default: laravel to get the scheme and host from the $_SERVER variable.
+     * Options: laravel (use Request to extract scheme and host), server (use $_SERVER to detect)
+     * or another string that will be used as-is
      */
-    'issuedBy' => 'auto-detect',
+    'issuedBy' => 'laravel',
 ];

src/Services/IssuedByGetter.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace OpenIDConnect\Services;
+
+use OpenIDConnect\Interfaces\CurrentRequestServiceInterface;
+
+class IssuedByGetter
+{
+    public static function get(?CurrentRequestServiceInterface $currentRequestService, string $issuedByConfigured = 'laravel'): string
+    {
+        if($issuedByConfigured === 'laravel' && $currentRequestService) {
+            $uri = $currentRequestService->getRequest()->getUri();
+            return $uri->getScheme() . '://' . $uri->getHost() . ($uri->getPort() ? ':' . $uri->getPort() : '');
+        }
+
+        if($issuedByConfigured === 'server' || ($issuedByConfigured === 'laravel' && !$currentRequestService)) {
+            $host = $_SERVER['HTTP_HOST'] ?? null;
+
+            $scheme = $_SERVER['REQUEST_SCHEME'] ?? null;
+
+            if (empty($scheme)) {
+                $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
+            }
+
+            return $scheme . '://' . $host;
+        }
+
+        return $issuedByConfigured;
+    }
+}