[10.x] Allow to use custom authorization server response (#1521)

yaroslawww · driesvints · taylorotwell · web-flow · commit ba1996cdaf25 · 2022-01-21T08:51:20.000-06:00
* Allow to use custom authorization server response

* Update src/Passport.php

Remove direct initialisation as "null"

Co-authored-by: Dries Vints &lt;dries@vints.io&gt;

* Update Passport.php

Co-authored-by: Dries Vints &lt;dries@vints.io&gt;
Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/src/Passport.php b/src/Passport.php
@@ -182,6 +182,13 @@ class Passport
      */
     public static $withInheritedScopes = false;
 
+    /**
+     * The authorization server response type.
+     *
+     * @var \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface|null
+     */
+    public static $authorizationServerResponseType;
+
     /**
      * Enable the implicit grant type.
      *
diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php
@@ -212,7 +212,8 @@ public function makeAuthorizationServer()
             $this->app->make(Bridge\AccessTokenRepository::class),
             $this->app->make(Bridge\ScopeRepository::class),
             $this->makeCryptKey('private'),
-            app('encrypter')->getKey()
+            app('encrypter')->getKey(),
+            Passport::$authorizationServerResponseType
         );
     }
 
diff --git a/tests/Feature/AccessTokenControllerTest.php b/tests/Feature/AccessTokenControllerTest.php
@@ -10,6 +10,7 @@
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Database\Factories\ClientFactory;
 use Laravel\Passport\HasApiTokens;
+use Laravel\Passport\Passport;
 use Laravel\Passport\Token;
 use Laravel\Passport\TokenRepository;
 use Lcobucci\JWT\Configuration;
@@ -270,9 +271,65 @@ public function testGettingAccessTokenWithPasswordGrantWithInvalidClientSecret()
 
         $this->assertSame(0, Token::count());
     }
+
+    public function testGettingCustomResponseType()
+    {
+        $this->withoutExceptionHandling();
+        Passport::$authorizationServerResponseType = new IdTokenResponse('foo_bar_open_id_token');
+
+        $user = new User();
+        $user->email = 'foo@gmail.com';
+        $user->password = $this->app->make(Hasher::class)->make('foobar123');
+        $user->save();
+
+        /** @var Client $client */
+        $client = ClientFactory::new()->asClientCredentials()->create(['user_id' => $user->id]);
+
+        $response = $this->post(
+            '/oauth/token',
+            [
+                'grant_type' => 'client_credentials',
+                'client_id' => $client->id,
+                'client_secret' => $client->secret,
+            ]
+        );
+
+        $response->assertOk();
+
+        $decodedResponse = $response->decodeResponseJson()->json();
+
+        $this->assertArrayHasKey('id_token', $decodedResponse);
+        $this->assertSame('foo_bar_open_id_token', $decodedResponse['id_token']);
+    }
 }
 
 class User extends \Illuminate\Foundation\Auth\User
 {
     use HasApiTokens;
 }
+
+class IdTokenResponse extends \League\OAuth2\Server\ResponseTypes\BearerTokenResponse
+{
+    /**
+     * @var string Id token.
+     */
+    protected $idToken;
+
+    /**
+     * @param  string  $idToken
+     */
+    public function __construct($idToken)
+    {
+        $this->idToken = $idToken;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function getExtraParams(\League\OAuth2\Server\Entities\AccessTokenEntityInterface $accessToken)
+    {
+        return [
+            'id_token' => $this->idToken,
+        ];
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -212,7 +212,8 @@ public function makeAuthorizationServer()`
`212`	`212`	`$this->app->make(Bridge\AccessTokenRepository::class),`
`213`	`213`	`$this->app->make(Bridge\ScopeRepository::class),`
`214`	`214`	`$this->makeCryptKey('private'),`
`215`		`- app('encrypter')->getKey()`
	`215`	`+ app('encrypter')->getKey(),`
	`216`	`+ Passport::$authorizationServerResponseType`
`216`	`217`	`);`
`217`	`218`	`}`
`218`	`219`