Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implict flow not supported #6

Closed
georgeboot opened this issue Sep 26, 2023 · 2 comments
Closed

Implict flow not supported #6

georgeboot opened this issue Sep 26, 2023 · 2 comments

Comments

@georgeboot
Copy link
Contributor

Issue previously raised in thephpleague/oauth2-server#1374

When I use the authorisation code grant, this works as expected.

However, when I try to do an implict flow by setting response_type=token id_token or response_type=id_token, the server always rejects the request because the following check does not match the request:
https://github.com/thephpleague/oauth2-server/blob/ab7714d073844497fd222d5d0a217629089936bc/src/Grant/ImplicitGrant.php#L105-L109

Are there any recommended ways to bypass this issue?
@jeremy379
Copy link
Owner

Hello

Indeed it's made to work with an Authorization grant as the implicit flow is deprecated(https://oauth2.thephpleague.com/authorization-server/implicit-grant/).

I'll take a look if I can provide a way to support it (If you want you can also submit a PR).

@jeremy379
Copy link
Owner

There is something you can do without changing the package: It's adding a custom grant type copying the implicit.
Inside Laravel you can create a new Grant Type and then register it.

To register the grant type, you can use a ServiceProvider (either reuse one or create a new one)

namespace App\Providers;

use Exception;
use Illuminate\Contracts\Container\BindingResolutionException;
use Illuminate\Support\ServiceProvider;
use Laravel\Passport\Bridge\RefreshTokenRepository;
use Laravel\Passport\Bridge\UserRepository;
use Laravel\Passport\Passport;
use League\OAuth2\Server\AuthorizationServer;

class GrantAuthServiceProvider extends ServiceProvider
{
	/**
	 * Register services.
	 */
	public function register()
	{
		app()->afterResolving(AuthorizationServer::class, function (AuthorizationServer $server) {
			$grants = $this->makeGrants();

			foreach ($grants as $grant) {
				$server->enableGrantType($grant, Passport::tokensExpireIn());
			}
		});
	}

	/**
	 * Bootstrap services.
	 */
	public function boot(): void
	{
	}

	/**
	 * @throws BindingResolutionException
	 * @throws Exception
	 */
	public function makeGrants(): array
	{
		$newGrantType = app()->make(ImplicitOpenIdGrant::class); //Build the  class using the container or manually

		$newGrantType->setRefreshTokenTTL(Passport::refreshTokensExpireIn());
	
		return [
			'implicit-open-id' => $newGrantType, // The key is the name of the grant
		];
	}
}

@christiaangoossens christiaangoossens mentioned this issue Apr 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@georgeboot @jeremy379