Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
378 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\Rp1; | ||
|
||
use Illuminate\Http\Request; | ||
use Illuminate\Support\Facades\Http; | ||
use Illuminate\Support\Facades\Log; | ||
use Jose\Component\Checker\ClaimCheckerManagerFactory; | ||
use Jose\Component\Core\JWK; | ||
use Jose\Component\Signature\JWSLoader; | ||
use Ory\Hydra\Client\Api\AdminApi; | ||
use Ory\Hydra\Client\Api\PublicApi; | ||
|
||
class Callback | ||
{ | ||
public function __invoke( | ||
Request $request, | ||
PublicApi $public, | ||
JWK $jwk, | ||
JWSLoader $loader, | ||
ClaimCheckerManagerFactory $claimCheckerManagerFactory, | ||
) { | ||
$error = $request->input('error'); | ||
|
||
if (null !== $error) { | ||
return match ($error) { | ||
'access_denied' => response('使用者拒絕授權'), | ||
default => response('未知的 error: ' . $error), | ||
}; | ||
} | ||
|
||
$redirectUri = 'http://127.0.0.1:8000/rp1/callback'; | ||
|
||
$public->getConfig() | ||
->setUsername('rp1') | ||
->setPassword('secret1'); | ||
|
||
try { | ||
$tokenResponse = $public->oauth2Token( | ||
grantType: 'authorization_code', | ||
code: $request->input('code'), | ||
redirectUri: $redirectUri | ||
); | ||
} catch (\Throwable $e) { | ||
dump($e); | ||
return response('請求 Token 失敗'); | ||
} | ||
|
||
Log::debug('Token Response: ', json_decode((string)$tokenResponse, true)); | ||
|
||
dump(json_decode((string)$tokenResponse, true)); | ||
|
||
$userinfoEndpoint = $public->getConfig()->getHost() . '/userinfo'; | ||
|
||
$userInfo = Http::withToken($tokenResponse->getAccessToken()) | ||
->get($userinfoEndpoint); | ||
|
||
Log::debug('User info: ', $userInfo->json()); | ||
|
||
$idToken = $tokenResponse->getIdToken(); | ||
|
||
$jws = $loader->loadAndVerifyWithKey($idToken, $jwk, $signature); | ||
|
||
$claimCheckerManager = $claimCheckerManagerFactory->create(['exp', 'iat', 'iss']); | ||
|
||
$claimCheckerManager->check(json_decode($jws->getPayload(), true)); | ||
|
||
dump(json_decode($jws->getPayload(), true)); | ||
|
||
$request->session()->put('rp1.id_token', $idToken); | ||
|
||
return response('拿到身分驗證回應了'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\Rp1; | ||
|
||
use Illuminate\Http\RedirectResponse; | ||
use Illuminate\Support\Arr; | ||
use Illuminate\Support\Facades\Log; | ||
use Illuminate\Support\Facades\Redirect; | ||
|
||
class Login | ||
{ | ||
public function __invoke(): RedirectResponse | ||
{ | ||
$authorizeUri = 'http://127.0.0.1:4444/oauth2/auth'; | ||
|
||
$query = Arr::query([ | ||
'client_id' => 'rp1', | ||
'redirect_uri' => 'http://127.0.0.1:8000/rp1/callback', | ||
'scope' => 'openid', | ||
'response_type' => 'code', | ||
'state' => '1a2b3c4d', | ||
]); | ||
|
||
$authenticationRequest = $authorizeUri . '?' . $query; | ||
|
||
Log::info('Authentication Request: ' . $authenticationRequest); | ||
|
||
return Redirect::away($authenticationRequest); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\Rp1; | ||
|
||
use Illuminate\Http\RedirectResponse; | ||
use Illuminate\Http\Request; | ||
use Illuminate\Support\Arr; | ||
use Illuminate\Support\Facades\Log; | ||
use Illuminate\Support\Facades\Redirect; | ||
|
||
class Logout | ||
{ | ||
public function __invoke(Request $request): RedirectResponse | ||
{ | ||
$idToken = $request->session()->get('rp1.id_token'); | ||
|
||
if (null === $idToken) { | ||
throw new \RuntimeException('No login session'); | ||
} | ||
|
||
$query = Arr::query([ | ||
'client_id' => 'rp1', | ||
'id_token_hint' => $idToken, | ||
'post_logout_redirect_uri' => 'http://127.0.0.1:8000/rp1/logout/callback', | ||
'state' => '1a2b3c4d', | ||
]); | ||
|
||
$endSessionEndpoint = 'http://127.0.0.1:4444/oauth2/sessions/logout'; | ||
|
||
$LogoutRequest = $endSessionEndpoint . '?' . $query; | ||
|
||
Log::info('End session request: ' . $LogoutRequest); | ||
|
||
return Redirect::away($LogoutRequest); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\Rp2; | ||
|
||
use Illuminate\Http\Request; | ||
use Illuminate\Support\Facades\Http; | ||
use Illuminate\Support\Facades\Log; | ||
use Jose\Component\Checker\ClaimCheckerManagerFactory; | ||
use Jose\Component\Core\JWK; | ||
use Jose\Component\Signature\JWSLoader; | ||
use Ory\Hydra\Client\Api\AdminApi; | ||
use Ory\Hydra\Client\Api\PublicApi; | ||
|
||
class Callback | ||
{ | ||
public function __invoke( | ||
Request $request, | ||
PublicApi $hydra, | ||
JWK $jwk, | ||
JWSLoader $loader, | ||
ClaimCheckerManagerFactory $claimCheckerManagerFactory, | ||
) { | ||
$error = $request->input('error'); | ||
|
||
if (null !== $error) { | ||
return match ($error) { | ||
'access_denied' => response('使用者拒絕授權'), | ||
default => response('未知的 error: ' . $error), | ||
}; | ||
} | ||
|
||
$redirectUri = 'http://127.0.0.1:8000/rp2/callback'; | ||
|
||
$hydra->getConfig() | ||
->setUsername('rp2') | ||
->setPassword('secret2'); | ||
|
||
try { | ||
$tokenResponse = $hydra->oauth2Token( | ||
grantType: 'authorization_code', | ||
code: $request->input('code'), | ||
redirectUri: $redirectUri | ||
); | ||
} catch (\Throwable $e) { | ||
dump($e); | ||
return response('請求 Token 失敗'); | ||
} | ||
|
||
Log::debug('Token Response: ', json_decode((string)$tokenResponse, true)); | ||
|
||
dump(json_decode((string)$tokenResponse, true)); | ||
|
||
$userinfoEndpoint = $hydra->getConfig()->getHost() . '/userinfo'; | ||
|
||
$userInfo = Http::withToken($tokenResponse->getAccessToken()) | ||
->get($userinfoEndpoint); | ||
|
||
Log::debug('User info: ', $userInfo->json()); | ||
|
||
$idToken = $tokenResponse->getIdToken(); | ||
|
||
$jws = $loader->loadAndVerifyWithKey($idToken, $jwk, $signature); | ||
|
||
$claimCheckerManager = $claimCheckerManagerFactory->create(['exp', 'iat', 'iss']); | ||
|
||
$claimCheckerManager->check(json_decode($jws->getPayload(), true)); | ||
|
||
dump(json_decode($jws->getPayload(), true)); | ||
|
||
$request->session()->put('rp2.id_token', $idToken); | ||
|
||
return response('拿到身分驗證回應了'); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<?php | ||
|
||
namespace App\Http\Controllers\Rp2; | ||
|
||
use Illuminate\Http\RedirectResponse; | ||
use Illuminate\Support\Arr; | ||
use Illuminate\Support\Facades\Log; | ||
use Illuminate\Support\Facades\Redirect; | ||
|
||
class Login | ||
{ | ||
public function __invoke(): RedirectResponse | ||
{ | ||
$authorizeUri = 'http://127.0.0.1:4444/oauth2/auth'; | ||
|
||
$query = Arr::query([ | ||
'client_id' => 'rp2', | ||
'redirect_uri' => 'http://127.0.0.1:8000/rp2/callback', | ||
'scope' => 'openid', | ||
'response_type' => 'code', | ||
'state' => '1a2b3c4d', | ||
]); | ||
|
||
$authenticationRequest = $authorizeUri . '?' . $query; | ||
|
||
Log::info('Authentication Request: ' . $authenticationRequest); | ||
|
||
return Redirect::away($authenticationRequest); | ||
} | ||
} |
Oops, something went wrong.