-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Configuration.php
109 lines (101 loc) · 4.3 KB
/
Configuration.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
declare(strict_types=1);
/*
* The MIT License (MIT)
*
* Copyright (c) 2014-2019 Spomky-Labs
*
* This software may be modified and distributed under the terms
* of the MIT license. See the LICENSE file for details.
*/
namespace SpomkyLabs\LexikJoseBundle\DependencyInjection;
use Assert\Assertion;
use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
final class Configuration implements ConfigurationInterface
{
/**
* {@inheritdoc}
*/
public function getConfigTreeBuilder(): TreeBuilder
{
$treeBuilder = new TreeBuilder('lexik_jose');
$rootNode = $treeBuilder->getRootNode();
Assertion::isInstanceOf($rootNode, ArrayNodeDefinition::class, 'Invalid root node');
$rootNode
->addDefaultsIfNotSet()
->children()
->scalarNode('server_name')
->info('The name of the server. The recommended value is the server URL. This value will be used to check the issuer of the token.')
->isRequired()
->end()
->scalarNode('audience')
->info('The audience of the token. If not set `server_name` will be used.')
->end()
->integerNode('ttl')
->info('The lifetime of a token (in second). For security reasons, a value below 1 hour (3600 sec) is recommended.')
->min(0)
->defaultValue(1800)
->end()
->scalarNode('key_set')
->info('Private/Shared keys used by this server to validate signed tokens. Must be a JWKSet object.')
->isRequired()
->end()
->scalarNode('key_index')
->info('Index of the key in the key set used to sign the tokens. Could be an integer or the key ID.')
->isRequired()
->end()
->scalarNode('signature_algorithm')
->info('Signature algorithm used to sign the tokens.')
->isRequired()
->end()
->arrayNode('claim_checked')
->info('List of aliases to claim checkers.')
->useAttributeAsKey('name')
->prototype('scalar')->end()
->treatNullLike([])
->treatFalseLike([])
->end()
->arrayNode('mandatory_claims')
->info('List of claims that must be present.')
->useAttributeAsKey('name')
->prototype('scalar')->end()
->defaultValue([])
->treatNullLike([])
->treatFalseLike([])
->end()
->end();
$this->addEncryptionSection($rootNode);
return $treeBuilder;
}
private function addEncryptionSection(ArrayNodeDefinition $node): void
{
$node
->addDefaultsIfNotSet()
->children()
->arrayNode('encryption')
->addDefaultsIfNotSet()
->canBeEnabled()
->children()
->scalarNode('key_set')
->info('Private/ Shared keys used by this server to decrypt the tokens. Must be a JWKSet object.')
->isRequired()
->end()
->scalarNode('key_index')
->isRequired()
->info('Index of the key in the key set used to encrypt the tokens. Could be an integer or the key ID.')
->end()
->scalarNode('key_encryption_algorithm')
->isRequired()
->info('Key encryption algorithm used to encrypt the tokens.')
->end()
->scalarNode('content_encryption_algorithm')
->info('Content encryption algorithm used to encrypt the tokens.')
->isRequired()
->end()
->end()
->end()
->end();
}
}