Merge 2065ad2 into 3240fac

CHANGELOG.md

@@ -22,7 +22,10 @@ All notable changes to this project will be documented in this file, in reverse
 
 ### Fixed
 
-- Nothing.
+- [#143](https://github.com/zfcampus/zf-mvc-auth/pull/143) provides an update to `ZF\MvcAuth\Factory\OAuth2ServerFactory` to allow the `zf-oauth2.options.use_openid_connect`
+  option (or adapter-specific setting `options.use_openid_connect`) to vary which class is used for an
+  `authorization_code` grant type. If the setting is present and a boolean `true` value, the class
+  `OAuth2\OpenID\GrantType\AuthorizationCode` will be used instead of `OAuth2\GrantType\AuthorizationCode`.
 
 ## 1.5.0 - 2018-05-02
 

src/Factory/OAuth2ServerFactory.php

@@ -8,6 +8,7 @@
 use Interop\Container\ContainerInterface;
 use MongoClient;
 use OAuth2\GrantType\AuthorizationCode;
+use OAuth2\OpenID\GrantType\AuthorizationCode as OpenIDAuthorizationCodeGrantType;
 use OAuth2\GrantType\ClientCredentials;
 use OAuth2\GrantType\RefreshToken;
 use OAuth2\GrantType\UserCredentials;
@@ -225,10 +226,10 @@ private static function getOAuth2ServerConfig($config)
      */
     private static function marshalOptions(array $config)
     {
-        $enforceState   = isset($config['enforce_state'])
+        $enforceState = array_key_exists('enforce_state', $config)
             ? $config['enforce_state']
             : true;
-        $allowImplicit  = isset($config['allow_implicit'])
+        $allowImplicit = isset($config['allow_implicit'])
             ? $config['allow_implicit']
             : false;
         $accessLifetime = isset($config['access_lifetime'])
@@ -260,7 +261,9 @@ private static function marshalOptions(array $config)
      */
     private static function injectGrantTypes(OAuth2Server $server, array $availableGrantTypes, array $options)
     {
-        if (isset($availableGrantTypes['client_credentials']) && $availableGrantTypes['client_credentials'] === true) {
+        if (array_key_exists('client_credentials', $availableGrantTypes)
+            && $availableGrantTypes['client_credentials'] === true
+        ) {
             $clientOptions = [];
             if (isset($options['allow_credentials_in_request_body'])) {
                 $clientOptions['allow_credentials_in_request_body'] = $options['allow_credentials_in_request_body'];
@@ -270,22 +273,28 @@ private static function injectGrantTypes(OAuth2Server $server, array $availableG
             $server->addGrantType(new ClientCredentials($server->getStorage('client_credentials'), $clientOptions));
         }
 
-        if (isset($availableGrantTypes['authorization_code']) && $availableGrantTypes['authorization_code'] === true) {
+        if (array_key_exists('authorization_code', $availableGrantTypes)
+            && $availableGrantTypes['authorization_code'] === true
+        ) {
+            $authCodeClass = array_key_exists('use_openid_connect', $options) && $options['use_openid_connect'] === true
+                ? OpenIDAuthorizationCodeGrantType::class
+                : AuthorizationCode::class;
+
             // Add the "Authorization Code" grant type (this is where the oauth magic happens)
-            $server->addGrantType(new AuthorizationCode($server->getStorage('authorization_code')));
+            $server->addGrantType(new $authCodeClass($server->getStorage('authorization_code')));
         }
 
-        if (isset($availableGrantTypes['password']) && $availableGrantTypes['password'] === true) {
+        if (array_key_exists('password', $availableGrantTypes) && $availableGrantTypes['password'] === true) {
             // Add the "User Credentials" grant type
             $server->addGrantType(new UserCredentials($server->getStorage('user_credentials')));
         }
 
-        if (isset($availableGrantTypes['jwt']) && $availableGrantTypes['jwt'] === true) {
+        if (array_key_exists('jwt', $availableGrantTypes) && $availableGrantTypes['jwt'] === true) {
             // Add the "JWT Bearer" grant type
             $server->addGrantType(new JwtBearer($server->getStorage('jwt_bearer'), $options['audience']));
         }
 
-        if (isset($availableGrantTypes['refresh_token']) && $availableGrantTypes['refresh_token'] === true) {
+        if (array_key_exists('refresh_token', $availableGrantTypes) && $availableGrantTypes['refresh_token'] === true) {
             $refreshOptions = [];
             if (isset($options['always_issue_new_refresh_token'])) {
                 $refreshOptions['always_issue_new_refresh_token'] = $options['always_issue_new_refresh_token'];

test/Factory/OAuth2ServerFactoryTest.php

@@ -8,6 +8,7 @@
 
 use MongoDB;
 use OAuth2\GrantType;
+use OAuth2\OpenID\GrantType\AuthorizationCode as OpenIDAuthorizationCodeGrantType;
 use OAuth2\Server as OAuth2Server;
 use PHPUnit\Framework\TestCase;
 use ReflectionProperty;
@@ -216,4 +217,31 @@ public function testServerCreatedHasDefaultGrantTypesAsDefinedByOAuth2Module($di
             $this->assertEquals($value, $storageConfig[$key]);
         }
     }
+
+    public function testAllowsUsingOpenIDConnectGrantTypeViaConfiguration()
+    {
+        $options  = $this->getOAuth2Options();
+        $options['zf-oauth2']['options']['use_openid_connect'] = true;
+        $options['zf-oauth2']['storage_settings'] = [
+            'client_table'        => 'CLIENTS',
+            'code_table'          => 'AUTHORIZATION_CODES',
+            'user_table'          => 'USERS',
+            'refresh_token_table' => 'REFRESH_TOKENS',
+            'jwt_table'           => 'JWT',
+        ];
+
+        $services = new ServiceManager();
+        $services->setService('config', $options);
+
+        $config = [
+            'adapter' => 'pdo',
+            'dsn' => 'sqlite::memory:',
+        ];
+        $server = OAuth2ServerFactory::factory($config, $services);
+        $this->assertInstanceOf(OAuth2Server::class, $server);
+
+        $grantTypes = $server->getGrantTypes();
+        $this->assertArrayHasKey('authorization_code', $grantTypes);
+        $this->assertInstanceOf(OpenIDAuthorizationCodeGrantType::class, $grantTypes['authorization_code']);
+    }
 }