Merge branch 'master' into features/allow-client_secret_basic-on-requ…

…est-token * master: fix: Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed (jumbojett#373) fix: Check if subject is equal to subject of id token when verifying JWT claims (jumbojett#406) fix: Cast SERVER_PORT to integer (jumbojett#404) chore(deps): bump actions/cache from 3 to 4 (jumbojett#417) chore(deps): bump actions/checkout from 2 to 4 (jumbojett#416) docs: Update README.md to correct addScope parameter type in 1.0.0 (jumbojett#405) chore: Update ci to support php 8.3 and add dependabot (jumbojett#407) release: 1.0.0 (jumbojett#402) Set the User-Agent regardless of GET or POST (jumbojett#382) fix: Update well known config value function response types (jumbojett#376) feat: set useragent (jumbojett#370) feat: php7.0 minimum requirement (jumbojett#327) updated composer.json added replace, updated README.md added notification about project forked from # Conflicts: # CHANGELOG.md
Magentron · May 22, 2024 · c9ee737 · c9ee737
2 parents 5b3bd9a + 41301c6
commit c9ee737
Show file tree

Hide file tree

Showing 8 changed files with 304 additions and 489 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -14,20 +14,20 @@ jobs:
             fail-fast: false
             matrix:
                 os: [ubuntu-latest]
-                php: ['5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1']
+                php: ['7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2', '8.3']
 
         steps:
             - name: Checkout
-              uses: actions/checkout@v2
+              uses: actions/checkout@v4
             - name: Install PHP
               uses: shivammathur/setup-php@v2
               with:
                   php-version: ${{ matrix.php }}
             - name: Get composer cache directory
               id: composer-cache
-              run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+              run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
             - name: Cache composer dependencies
-              uses: actions/cache@v1
+              uses: actions/cache@v4
               with:
                   path: ${{ steps.composer-cache.outputs.dir }}
                   key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,18 +4,29 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [unreleased]
-* Update visibility of getWellKnownConfigValue to protected. #363
-* Fixed issue on authentication for php8. #354
+[unreleased]
+- Updated CI to also test on PHP 8.3 #407
+- Updated readme PHP requirement to PHP 7.0+ #407
+- Added dependabot for GitHub Actions #407
+- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
+- Check subject when verifying JWT #406
+- Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed #373
 * Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347
-* Support for signed and encrypted UserInfo response. #305
-* Support for signed and encrypted ID Token. #305
-* Update construct typehint in docblock. #364
-* Fixed LogoutToken verification for single value aud claims #334
+
+## [1.0.0] - 2023-12-13
 
 ### Added
-- Support for signed and encrypted UserInfo response. #305
-- Support for signed and encrypted ID Token. #305
+- PHP 7.0 is required. #327
+- Support for signed and encrypted UserInfo response and ID Token. #305
+- Allow to set User-Agent header. #370
+
+### Fixed
+- User-Agent is set for any HTTP method in fetchURL() (not just POST). #382
+- Update visibility of getWellKnownConfigValue to protected. #363
+- Fixed issue on authentication for php8. #354
+- Update construct typehint in docblock. #364
+- Fixed LogoutToken verification for single value aud claims. #334
+- Update well known config value function response types. #376
 
 ## [0.9.10] - 2022-09-30
 

diff --git a/README.md b/README.md
@@ -1,3 +1,5 @@
+NB: This is a fork from [jumbojett/OpenID-Connect-PHP](https://github.com/jumbojett/OpenID-Connect-PHP) to allow client basic authentication on obtaining the access token.
+
 PHP OpenID Connect Basic Client
 ========================
 A simple library that allows an application to authenticate a user through the basic OpenID Connect flow.
@@ -7,14 +9,14 @@ the OpenID Connect protocol to set up authentication.
 A special thanks goes to Justin Richer and Amanda Anganes for their help and support of the protocol.
 
 # Requirements #
- 1. PHP 5.4 or greater
+ 1. PHP 7.0 or greater
  2. CURL extension
  3. JSON extension
 
 ## Install ##
 1. Install library using composer
 ```
-composer require jumbojett/openid-connect-php
+composer require magentron/openid-connect-php
 ```
 
 2. Include composer autoloader
@@ -69,8 +71,8 @@ use Jumbojett\OpenIDConnectClient;
 $oidc = new OpenIDConnectClient('https://id.provider.com',
                                 'ClientIDHere',
                                 'ClientSecretHere');
-$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
-$oidc->addScope('my_scope');
+$oidc->providerConfigParam(['token_endpoint'=>'https://id.provider.com/connect/token']);
+$oidc->addScope(['my_scope']);
 
 // this assumes success (to validate check if the access_token property is there and a valid JWT) :
 $clientCredentialsToken = $oidc->requestClientCredentialsToken()->access_token;
@@ -85,12 +87,12 @@ use Jumbojett\OpenIDConnectClient;
 $oidc = new OpenIDConnectClient('https://id.provider.com',
                                 'ClientIDHere',
                                 'ClientSecretHere');
-$oidc->providerConfigParam(array('token_endpoint'=>'https://id.provider.com/connect/token'));
-$oidc->addScope('my_scope');
+$oidc->providerConfigParam(['token_endpoint'=>'https://id.provider.com/connect/token']);
+$oidc->addScope(['my_scope']);
 
 //Add username and password
-$oidc->addAuthParam(array('username'=>'<Username>'));
-$oidc->addAuthParam(array('password'=>'<Password>'));
+$oidc->addAuthParam(['username'=>'<Username>']);
+$oidc->addAuthParam(['password'=>'<Password>']);
 
 //Perform the auth and return the token (to validate check if the access_token property is there and a valid JWT) :
 $token = $oidc->requestResourceOwnerToken(TRUE)->access_token;
@@ -105,10 +107,9 @@ use Jumbojett\OpenIDConnectClient;
 $oidc = new OpenIDConnectClient('https://id.provider.com',
                                 'ClientIDHere',
                                 'ClientSecretHere');
-$oidc->setResponseTypes(array('id_token'));
-$oidc->addScope(array('openid'));
+$oidc->setResponseTypes(['id_token']);
 $oidc->setAllowImplicitFlow(true);
-$oidc->addAuthParam(array('response_mode' => 'form_post'));
+$oidc->addAuthParam(['response_mode' => 'form_post']);
 $oidc->setCertPath('/path/to/my.cert');
 $oidc->authenticate();
 $sub = $oidc->getVerifiedClaims('sub');
@@ -184,7 +185,7 @@ function handleLogout() {
                 session_commit();
                 session_id($session_id_to_destroy); // switches to that session
                 session_start();
-                $_SESSION = array(); // effectively ends the session
+                $_SESSION = []; // effectively ends the session
             }
         }
     }

diff --git a/composer.json b/composer.json
@@ -1,18 +1,20 @@
 {
-    "name": "jumbojett/openid-connect-php",
-    "description": "Bare-bones OpenID Connect client",
+    "name": "magentron/openid-connect-php",
+    "description": "Bare-bones OpenID Connect client (forked to allow client secret basic authentication on obtaining access token)",
     "license": "Apache-2.0",
     "require": {
-        "php": ">=5.4",
-        "phpseclib/phpseclib" : "~2.0 || ^3.0",
+        "php": ">=7.0",
         "ext-json": "*",
         "ext-curl": "*",
-        "paragonie/random_compat": ">=2"
+        "phpseclib/phpseclib": "~3.0"
     },
     "require-dev": {
-        "roave/security-advisories": "dev-master",
+        "roave/security-advisories": "dev-latest",
         "yoast/phpunit-polyfills": "^1.0"
     },
+	"replace": {
+		"jumbojett/openid-connect-php": "<=0.9.10"
+	},
     "archive" : {
         "exclude" : [
             ".*"