ezralazuardy / heimdall Goto Github PK

Issue:

When you try to add the scope of 'openid' scope as shown on the following link (https://heimdall.ezralazuardy.com/documentation/oidc). It throws a message (error) while using token API. (http://localhost:8080/rest/token)

"Using integers for registered date claims is deprecated, please use DateTimeImmutable objects instead."

This seems to be caused by the dependency of league/oauth2-server. It uses newer package lcobucci/jwt where there have been major breaking changes. Similiar issue has been noted in laravel passport package. (laravel/passport#1381)

Solution :
This can be resolved by downgrading the package " lcobucci/jwt" to 3.3.3 for the dependency "league/oauth2-server" and then run command composer require lcobucci/jwt:3.3.3

Is your feature request related to a problem? Please describe.

I want to have multiple grant type in one server, is there any good example to do it?

Describe the solution you'd like

I have done it, but with condition from what grant_type value is.

// function to create a new instance of HeimdallAuthorizationServer
    static function createAuthorizationServer($grant_type = null)
    {
        // creating HeimdallAuthorizationServer config
        $config = Heimdall::withAuthorizationConfig(
            new ClientRepository(),
            new AccessTokenRepository(),
            new ScopeRepository(),
            __DIR__ . '/private.key'
        );

        $grant = null;
        switch ($grant_type) {
            case 'client_credentials':
                $grant = Heimdall::withClientCredentialsGrant('P1Y');
                break;
            default:
                // creating HeimdallAuthorizationServer grant
                $grant = Heimdall::withAuthorizationCodeGrant(
                    new AuthCodeRepository(),
                    new RefreshTokenRepository(),
                    'PT1H',
                    'P6M',
                    'P3M'
                );
                break;
        }

        // return a new instance of HeimdallAuthorizationServer
        return Heimdall::initializeAuthorizationServer($config, $grant);
    }

Describe alternatives you've considered

Instead of using condition above, is there any other solution, that can make multiple grant_type support?

Additional context

In League Library source code, it is possible to do it. What's about implementation in Heimdall?

Hello,
On this page https://heimdall.ezralazuardy.com/documentation/implementation#set-up-the-route-1

Following route works if you don't use any segments
$routes->get('rest/users', 'Rest/Users::getUsers');

If you want to use segments it has to be like this. (backslash instead of forwarslash between Rest and Users)

$routes->get('rest/(:segment)/users', 'Rest\Users::getUsers/$1');

Is your feature request related to a problem? Please describe.
I am happy to see OAuth 2.0 Server by phpleague come to CodeIgniter4, this is nice to start using oauth2, but before i am jump to this i will recomendating to refactor lot of code between source code and documentation following psr2 or maybe follow coding standard by CodeIgniter4, but i will be prefer to using follow psr2.

Describe the solution you'd like
PHP CodeSniffer is nice tool to refactor code.

Describe alternatives you've considered

Additional context

Authorization code grant type throws Using integers for registered date claims is deprecated, please use DateTimeImmutable objects instead during token generation because of the changes in lcobucci/jwt:3.4

league/oauth2-server:8.1.1 and lcobucci/jwt:3.3.3 works fine.

Steps to reproduce the behavior:
composer require ezralazuardy/heimdall //which installs latest versions of league/oauth2-server version 8.2.4 which uses lcobucci/jwt:3.4.5
Use authorization code grant
Token generation step gives error

Expected behavior
Generated tokens

Screenshots

Describe the bug

The link to the documentation leads to a domain that forces you to install browser add-ons and malware. Not sure if bad re-direct or documentation site compromised.

To Reproduce

Steps to reproduce the behavior:

1. Click link to go to documentation

Expected behavior

Expected documentation, almost got malware instead.

There seems to be some readability issue or a mistake on the PKCE page (https://heimdall.ezralazuardy.com/documentation/pkce)

The section labeled Creating code_verifier seems to be talking about code_challenge and the later section labeled Creating code_challenge seemed to be talking about code_verifier. So the titles should be updated to reflect their respective sections.

Another thing to note here is during my testing: code_verifier seems to be a plain string rather than encrypted SHA-256 by default. So a note should be included for those trying out the PKCE method.

Also, it would be worth noting on the top of the PKCE documentation that the flag of is_confidential has to be set to false for the PKCE to take effect.

In the ResourceFilter, in the example, the server instance seems to be wrong. Instead of HeimdallAuthorizationCode, it should be OAuthServer from my understanding on the following link : (https://heimdall.ezralazuardy.com/documentation/implementation).

Hello,
First of all thank you very much for Heimdall. Great name for a great library.

CI 4.1.1 and heimdal works great no problem.

I tried to implement OIDC by following these steps https://heimdall.ezralazuardy.com/documentation/oidc#enabling-oidc but seems getUserEntityByIdentifier doesn't even get called at all. Is there something missing in documentation?

I get no errors but the token generated has no profile information.

I'm using withClientCredentialsGrant BTW.

Describe the bug
I've been tried to using this lib and follow the docs correctly but I used password grant and it throws error. The error is "Unknown Heimdall grant type, please recheck your parameter". I don't know what parameter should I recheck. It doesn't give clear explanation. I would greatly greatful if someone would help me with this issue. Thanks

To Reproduce
I'm not quite clear what is this should be about, but I'm debugging via vscode with xdebug, as it can be look at screenshot below. And here's the log

CRITICAL - 2020-10-03 09:35:04 --> Unknown Heimdall grant type, please recheck your parameter. #0 D:\wamp64\www\cobacoba\app\Libraries\OAuthServer\OAuthServer.php(54): Heimdall\Heimdall::initializeAuthorizationServer(Object(Heimdall\Config\HeimdallAuthorizationConfig), Object(Heimdall\Config\HeimdallAuthorizationGrant)) #1 D:\wamp64\www\cobacoba\app\Controllers\Rest\Authorization.php(17): App\Libraries\OAuthServer\OAuthServer::createAuthorizationServer() #2 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(890): App\Controllers\Rest\Authorization->__construct() #3 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(399): CodeIgniter\CodeIgniter->createController() #4 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(312): CodeIgniter\CodeIgniter->handleRequest(NULL, Object(Config\Cache), false) #5 D:\wamp64\www\cobacoba\public\index.php(45): CodeIgniter\CodeIgniter->run() #6 {main}

Expected behavior
Know the grant type and generate token

Screenshots

Desktop (please complete the following information):

• OS: Windows 10 Home x64
• PHP version : 7.3.12 (Using WAMPServer)

Additional context
I have no idea

Describe the solution you'd like

Please can you remove the codeigniter4/framework requirement

I don't think it's necessary.

Website not working , so i can't check documentation

https://heimdall.ezralazuardy.com/documentation/implementation