/vendor/okta/jwt-verifier/src/JwtVerifierBuilder.php

https://github.com/UMMS-Biocore/dolphinnext · PHP · 183 lines · 96 code · 27 blank · 60 comment · 14 complexity · 8790a8a981f43ff01463f83a750ed1aa MD5 · raw file 

    

  1. <?php
    2. 

  2. /******************************************************************************
    3. 

  3.  * Copyright 2017 Okta, Inc.                                                  *
    4. 

  4.  *                                                                            *
    5. 

  5.  * Licensed under the Apache License, Version 2.0 (the "License");            *
    6. 

  6.  * you may not use this file except in compliance with the License.           *
    7. 

  7.  * You may obtain a copy of the License at                                    *
    8. 

  8.  *                                                                            *
    9. 

  9.  *      http://www.apache.org/licenses/LICENSE-2.0                            *
    10. 

  10.  *                                                                            *
    11. 

  11.  * Unless required by applicable law or agreed to in writing, software        *
    12. 

  12.  * distributed under the License is distributed on an "AS IS" BASIS,          *
    13. 

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   *
    14. 

  14.  * See the License for the specific language governing permissions and        *
    15. 

  15.  * limitations under the License.                                             *
    16. 

  16.  ******************************************************************************/
    17. 

  17. 

  18. namespace Okta\JwtVerifier;
    19. 

  19. 

  20. use Okta\JwtVerifier\Discovery\Oauth;
    21. 

  21. use Okta\JwtVerifier\Adaptors\Adaptor;
    22. 

  22. use Okta\JwtVerifier\Discovery\DiscoveryMethod;
    23. 

  23. use Bretterer\IsoDurationConverter\DurationParser;
    24. 

  24. 

  25. class JwtVerifierBuilder
    26. 

  26. {
    27. 

  27.     protected $issuer;
    28. 

  28.     protected $discovery;
    29. 

  29.     protected $request;
    30. 

  30.     protected $adaptor;
    31. 

  31.     protected $audience;
    32. 

  32.     protected $clientId;
    33. 

  33.     protected $nonce;
    34. 

  34.     protected $leeway = 120;
    35. 

  35. 

  36.     public function __construct(Request $request = null)
    37. 

  37.     {
    38. 

  38.         $this->request = $request;
    39. 

  39.     }
    40. 

  40. 

  41.     /**
    42. 

  42.      * Sets the issuer URI.
    43. 

  43.      *
    44. 

  44.      * @param string $issuer The issuer URI
    45. 

  45.      * @return JwtVerifierBuilder
    46. 

  46.      */
    47. 

  47.     public function setIssuer(string $issuer): self
    48. 

  48.     {
    49. 

  49.         $this->issuer = rtrim($issuer, "/");
    50. 

  50. 

  51.         return $this;
    52. 

  52.     }
    53. 

  53. 

  54.     /**
    55. 

  55.      * Set the Discovery class. This class should be an instance of DiscoveryMethod.
    56. 

  56.      *
    57. 

  57.      * @param DiscoveryMethod $discoveryMethod The DiscoveryMethod instance.
    58. 

  58.      * @return JwtVerifierBuilder
    59. 

  59.      */
    60. 

  60.     public function setDiscovery(DiscoveryMethod $discoveryMethod): self
    61. 

  61.     {
    62. 

  62.         $this->discovery = $discoveryMethod;
    63. 

  63. 

  64.         return $this;
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * Set the Adaptor class. This class should be an interface of Adaptor.
    69. 

  69.      *
    70. 

  70.      * @param Adaptor $adaptor The adaptor of the JWT library you are using.
    71. 

  71.      * @return JwtVerifierBuilder
    72. 

  72.      */
    73. 

  73.     public function setAdaptor(Adaptor $adaptor): self
    74. 

  74.     {
    75. 

  75.         $this->adaptor = $adaptor;
    76. 

  76. 

  77.         return $this;
    78. 

  78.     }
    79. 

  79. 

  80.     public function setAudience($audience)
    81. 

  81.     {
    82. 

  82.         $this->audience = $audience;
    83. 

  83. 

  84.         return $this;
    85. 

  85.     }
    86. 

  86. 

  87.     public function setClientId($clientId)
    88. 

  88.     {
    89. 

  89.         $this->clientId = $clientId;
    90. 

  90. 

  91.         return $this;
    92. 

  92.     }
    93. 

  93. 

  94.     public function setNonce($nonce)
    95. 

  95.     {
    96. 

  96.         $this->nonce = $nonce;
    97. 

  97. 

  98.         return $this;
    99. 

  99.     }
    100. 

  100. 

  101.     /**
    102. 

  102.      * Set the leeway using ISO_8601 Duration string. ie: PT2M
    103. 

  103.      *
    104. 

  104.      * @param string $leeway ISO_8601 Duration format. Default: PT2M
    105. 

  105.      * @return self
    106. 

  106.      * @throws \InvalidArgumentException
    107. 

  107.      */
    108. 

  108.     public function setLeeway(string $leeway = "PT2M"): self
    109. 

  109.     {
    110. 

  110.         if(strstr($leeway, "P")) {
    111. 

  111.             throw new \InvalidArgumentException("It appears that the leeway provided is not in ISO_8601 Duration Format.  Please privide a duration in the format of `PT(n)S`");
    112. 

  112.         }
    113. 

  113. 

  114.         $leeway = (new DurationParser)->parse($leeway);
    115. 

  115.         $this->leeway = $leeway;
    116. 

  116. 

  117.         return $this;
    118. 

  118.     }
    119. 

  119. 

  120.     /**
    121. 

  121.      * Build and return the JwtVerifier.
    122. 

  122.      *
    123. 

  123.      * @throws \InvalidArgumentException
    124. 

  124.      * @return JwtVerifier
    125. 

  125.      */
    126. 

  126.     public function build(): JwtVerifier
    127. 

  127.     {
    128. 

  128.         $this->validateIssuer($this->issuer);
    129. 

  129. 

  130.         $this->validateClientId($this->clientId);
    131. 

  131. 

  132.         return new JwtVerifier(
    133. 

  133.             $this->issuer,
    134. 

  134.             $this->discovery,
    135. 

  135.             $this->adaptor,
    136. 

  136.             $this->request,
    137. 

  137.             $this->leeway,
    138. 

  138.             [
    139. 

  139.                 'nonce' => $this->nonce,
    140. 

  140.                 'audience' => $this->audience,
    141. 

  141.                 'clientId' => $this->clientId
    142. 

  142.             ]
    143. 

  143.         );
    144. 

  144.     }
    145. 

  145. 

  146.     /**
    147. 

  147.      * Validate the issuer
    148. 

  148.      *
    149. 

  149.      * @param string $issuer
    150. 

  150.      * @throws \InvalidArgumentException
    151. 

  151.      * @return void
    152. 

  152.      */
    153. 

  153.     private function validateIssuer($issuer): void {
    154. 

  154.         if (null === $issuer || "" == $issuer) {
    155. 

  155.             throw new \InvalidArgumentException("Your Issuer is missing. You can find your issuer from your authorization server settings in the Okta Developer Console. Find out more information aobut Authorization Servers at https://developer.okta.com/docs/guides/customize-authz-server/overview/");
    156. 

  156.         }
    157. 

  157. 

  158.         if (strstr($issuer, "https://") == false) {
    159. 

  159.             throw new \InvalidArgumentException("Your Issuer must start with https. Current value: {$issuer}. You can copy your issuer from your authorization server settings in the Okta Developer Console. Find out more information aobut Authorization Servers at https://developer.okta.com/docs/guides/customize-authz-server/overview/");
    160. 

  160.         }
    161. 

  161. 

  162.         if (strstr($issuer, "{yourOktaDomain}") != false) {
    163. 

  163.             throw new \InvalidArgumentException("Replace {yourOktaDomain} with your Okta domain. You can copy your domain from the Okta Developer Console. Follow these instructions to find it: https://bit.ly/finding-okta-domain");
    164. 

  164.         }
    165. 

  165.     }
    166. 

  166. 

  167.     /**
    168. 

  168.      * Validate the client id
    169. 

  169.      *
    170. 

  170.      * @param string $cid
    171. 

  171.      * @throws \InvalidArgumentException
    172. 

  172.      * @return void
    173. 

  173.      */
    174. 

  174.     private function validateClientId($cid): void {
    175. 

  175.         if (null === $cid || "" == $cid) {
    176. 

  176.             throw new \InvalidArgumentException("Your client ID is missing. You can copy it from the Okta Developer Console in the details for the Application you created. Follow these instructions to find it: https://bit.ly/finding-okta-app-credentials");
    177. 

  177.         }
    178. 

  178. 

  179.         if (strstr($cid, "{clientId}") != false) {
    180. 

  180.             throw new \InvalidArgumentException("Replace {clientId} with the client ID of your Application. You can copy it from the Okta Developer Console in the details for the Application you created. Follow these instructions to find it: https://bit.ly/finding-okta-app-credentials");
    181. 

  181.         }
    182. 

  182.     }
    183. 

  183. }
    184.