Merge pull request #14 from christiaangoossens/patch-1

JWKS Improvements
jeremy379 · Apr 26, 2024 · 258f242 · 258f242
2 parents 76ac2bd + fe6fd60
commit 258f242
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 5 deletions.
diff --git a/src/Laravel/DiscoveryController.php b/src/Laravel/DiscoveryController.php
@@ -13,7 +13,6 @@ public function __invoke(Request $request)
             'issuer' => url('/'),
             'authorization_endpoint' => route('passport.authorizations.authorize'),
             'token_endpoint' => route('passport.token'),
-            'jwks_uri' => route('openid.jwks'),
             'response_types_supported' => [
                 'code',
                 'token',
@@ -41,6 +40,10 @@ public function __invoke(Request $request)
             $response['userinfo_endpoint'] = route('openid.userinfo');
         }
 
+        if (Route::has('openid.jwks')) {
+            $response['jwks_uri'] = route('openid.jwks');
+        }
+
         return response()->json($response, 200, [], JSON_PRETTY_PRINT);
     }
 }
diff --git a/src/Laravel/JwksController.php b/src/Laravel/JwksController.php
@@ -15,7 +15,9 @@ public function __invoke() {
         $jsonData = [
             'keys' => [
                 [
+                    'alg' => 'RS256',
                     'kty' => 'RSA',
+                    'use' => 'sig',
                     'n' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['n'])), '='),
                     'e' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['e'])), '='),
                 ],

diff --git a/src/Laravel/config/openid.php b/src/Laravel/config/openid.php
@@ -47,9 +47,13 @@
         'discovery' => true,
         /**
          * When set to true, this package will expose the JSON Web Key Set endpoint.
-         * - /oauth/jwks
          */
         'jwks' => true,
+         /**
+          * Optional URL to change the JWKS path to align with your custom Passport routes.
+          * Defaults to /oauth/jwks
+          */
+        'jwks_url' => '/oauth/jwks',
     ],
 
     /**

diff --git a/src/Laravel/routes/web.php b/src/Laravel/routes/web.php
@@ -4,9 +4,9 @@
 use OpenIDConnect\Laravel\DiscoveryController;
 use OpenIDConnect\Laravel\JwksController;
 
-if (config('openid.routes.discovery', true)) {
-    Route::get('/oauth/jwks', JwksController::class)->name('openid.jwks');
-}
 if (config('openid.routes.jwks', true)) {
+    Route::get(config('openid.routes.jwks_url', '/oauth/jwks'), JwksController::class)->name('openid.jwks');
+}
+if (config('openid.routes.discovery', true)) {
     Route::get('/.well-known/openid-configuration', DiscoveryController::class)->name('openid.discovery');
 }