Introduce an API endpoint to obtain public keys, that can be used to verify access tokens on other services

This commit is contained in:
ErickSkrauch 2024-06-14 04:36:49 +02:00
parent 17109f8eb5
commit 2111e1769f
No known key found for this signature in database
GPG Key ID: 669339FCBB30EE0E
3 changed files with 62 additions and 0 deletions

View File

@ -108,6 +108,10 @@ class Component extends BaseComponent {
return $rawValue;
}
public function getPublicKey(): string {
return $this->getAlgorithmManager()->get(self::PREFERRED_ALGORITHM)->getPublicKey()->getContent();
}
private function getAlgorithmManager(): AlgorithmsManager {
if ($this->algorithmManager === null) {
$this->algorithmManager = new AlgorithmsManager([

View File

@ -0,0 +1,35 @@
<?php
declare(strict_types=1);
namespace api\controllers;
use api\filters\NginxCache;
use Yii;
use yii\helpers\ArrayHelper;
use yii\web\Controller as BaseController;
final class PublicKeysController extends BaseController {
public function behaviors(): array {
return ArrayHelper::merge(parent::behaviors(), [
'nginxCache' => [
'class' => NginxCache::class,
'rules' => [
'index' => 3600, // 1h
],
],
]);
}
public function actionIndex(): array {
return [
'keys' => [
[
'alg' => 'ES256', // Hardcoded for awhile since right now there is no way to find used algo
'pem' => Yii::$app->tokens->getPublicKey(),
],
],
];
}
}

View File

@ -0,0 +1,23 @@
<?php
declare(strict_types=1);
namespace api\tests\functional;
use api\tests\FunctionalTester;
final class PublicKeysCest {
public function getPublicKeys(FunctionalTester $I): void {
$I->sendGet('/api/public-keys');
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'keys' => [
[
'alg' => 'ES256',
'pem' => "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES2Pyq9r0CyyviLaWwq0ki5uy8hr/\nZbNO++3j4XP43uLD9/GYkrKGIRl+Hu5HT+LwZvrFcEaVhPk5CvtV4zlYJg==\n-----END PUBLIC KEY-----\n",
],
],
]);
}
}