Make KnpU\OAuth2ClientBundle\Client\OAuth2Client::getSession() protected
MLukman opened this issue · 3 comments
MLukman commented
Hi,
Please make the getSession() method of KnpU\OAuth2ClientBundle\Client\OAuth2Client protected so that any custom client that extends this class can make use of the session to store some value that is tied to the session.
This use of session value is necessary for OAuth 2.0 PKCE extension (https://oauth.net/2/pkce/) that makes use of code challenge and verifier to validate token exchange requests against their corresponding authorization requests.
MLukman commented
Or should I just create a PR myself since it's very simple? I hope no unit test is required for such a PR ...
MLukman commented
Nevermind, I found a way. Here I shared my OAuth2Client subclass if anyone needs to support PKCE service provider:
<?php
namespace App\Security\Authentication;
use KnpU\OAuth2ClientBundle\Client\OAuth2Client;
use League\OAuth2\Client\Provider\AbstractProvider;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
class PKCEOAuth2Client extends OAuth2Client
{
protected SessionInterface $session;
public function __construct(AbstractProvider $provider,
RequestStack $requestStack)
{
parent::__construct($provider, $requestStack);
$this->session = $requestStack->getSession();
}
public function redirect(array $scopes = [], array $options = [])
{
$this->session->set('pkce_challenge', $code_verifier = bin2hex(random_bytes(64)));
$pkce = [
'code_challenge' => rtrim(strtr(base64_encode(hash('sha256', $code_verifier, true)), '+/', '-_'), '='),
'code_challenge_method' => 'S256',
];
return parent::redirect($scopes, $options + $pkce);
}
public function getAccessToken(array $options = [])
{
return parent::getAccessToken($options + ['code_verifier' => $this->session->get('pkce_challenge')]);
}
}