day11

composer.json

@@ -10,7 +10,8 @@
         "guzzlehttp/guzzle": "^7.2",
         "laravel/framework": "^9.19",
         "laravel/sanctum": "^3.0",
-        "laravel/tinker": "^2.7"
+        "laravel/tinker": "^2.7",
+        "ory/hydra-client": "^1.11"
     },
     "require-dev": {
         "fakerphp/faker": "^1.9.1",

resources/views/auth/login.blade.php

@@ -14,6 +14,7 @@
 
         <form method="POST" action="{{ route('oauth2.login') }}">
             @csrf
+            <input type="hidden" name="challenge" value="{{ $challenge }}" />
 
             <!-- Email Address -->
             <div>

routes/auth.php

@@ -8,7 +8,14 @@
 use App\Http\Controllers\Auth\PasswordResetLinkController;
 use App\Http\Controllers\Auth\RegisteredUserController;
 use App\Http\Controllers\Auth\VerifyEmailController;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Redirect;
 use Illuminate\Support\Facades\Route;
+use Ory\Hydra\Client\Api\AdminApi;
+use Ory\Hydra\Client\Model\AcceptLoginRequest;
+use Ory\Hydra\Client\Model\RejectRequest;
 
 Route::middleware('guest')->group(function () {
     Route::get('register', [RegisteredUserController::class, 'create'])
@@ -27,7 +34,11 @@
             'state' => '1a2b3c4d',
         ]);
 
-        return redirect($authorizeUri . '?' . $query);
+        $authenticationRequest = $authorizeUri . '?' . $query;
+
+        Log::info('Authentication Request: ' . $authenticationRequest);
+
+        return redirect($authenticationRequest);
     })->name('login');
 
     Route::get('callback', function () {
@@ -70,16 +81,71 @@
         ->name('logout');
 });
 
-Route::get('/oauth2/login', function () {
-    return view('auth.login');
+Route::get('/oauth2/login', function (Request $request, AdminApi $adminApi) {
+    $adminApi->getConfig()->setHost('http://127.0.0.1:4445');
+
+    $loginChallenge = $request->input('login_challenge');
+
+    if(empty($loginChallenge)) {
+        throw new \RuntimeException('No login_challenge');
+    }
+
+    try {
+        $loginRequest = $adminApi->getLoginRequest($loginChallenge);
+    } catch (\Throwable $e) {
+        throw new \RuntimeException('Hydra Server error: ' . $e->getMessage());
+    }
+
+    Log::debug('Login Request', json_decode((string)$loginRequest, true));
+
+    return view('auth.login', [
+        'challenge' => $loginChallenge,
+    ]);
 })->name('oauth2.login');
 
-Route::post('/oauth2/login', function(\App\Http\Requests\Auth\LoginRequest $request) {
-    $request->authenticate();
+Route::post('/oauth2/login', function(Request $request, AdminApi $adminApi) {
+    $adminApi->getConfig()->setHost('http://127.0.0.1:4445');
+
+    $loginChallenge = $request->input('challenge');
+
+    if(empty($loginChallenge)) {
+        throw new \RuntimeException('No login_challenge');
+    }
+
+    if (!Auth::once($request->only('email', 'password'))) {
+        return Redirect::back();
+
+//        $rejectRequest = new RejectRequest([
+//            'error' => '...',
+//
+//            'error_description' => '...',
+//        ]);
+//
+//        $completedRequest = $adminApi->acceptLoginRequest($loginChallenge, $rejectRequest);
+//
+//        return Redirect::away($completedRequest->getRedirectTo());
+    }
+
+    $user = Auth::user();
+
+    $acceptLoginRequest = new AcceptLoginRequest([
+        'context' => new stdClass(),
+        'remember' => $request->boolean('remember'),
+        'rememberFor' => 0,
+        'subject' => (string)$user->getAuthIdentifier(),
+    ]);
+
+    Log::debug('Accept Login Request: ', json_decode((string)$acceptLoginRequest, true));
+
+    try {
+        $completedRequest = $adminApi->acceptLoginRequest($loginChallenge, $acceptLoginRequest);
+    } catch (\Throwable $e) {
+        throw new \RuntimeException('Hydra Server error: ' . $e->getMessage());
+    }
 
-    $request->session()->regenerate();
+    Log::debug('Completed Request: ', json_decode((string)$completedRequest, true));
 
-    return 'OAuth 2.0 身分驗證完成';
+    return Redirect::away($completedRequest->getRedirectTo());
 });
 
 Route::get('/oauth2/consent', function () {