ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-30 10:42:02 +05:30
Code Issues Packages Projects Releases Wiki Activity

Shuffle the contents of the authorization code payload

Browse Source
This commit is contained in:
Alex Bilbie 2017-07-01 15:30:21 +01:00
parent 63530443fe
commit 4a717104fa
1 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/Grant/AuthCodeGrant.php
View File

@ -311,6 +311,26 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
$authorizationRequest->getScopes() $authorizationRequest->getScopes()
); );
$payload = [
'client_id' => $authCode->getClient()->getIdentifier(),
'redirect_uri' => $authCode->getRedirectUri(),
'auth_code_id' => $authCode->getIdentifier(),
'scopes' => $authCode->getScopes(),
'user_id' => $authCode->getUserIdentifier(),
'expire_time' => (new \DateTime())->add($this->authCodeTTL)->format('U'),
'code_challenge' => $authorizationRequest->getCodeChallenge(),
'code_challenge_method ' => $authorizationRequest->getCodeChallengeMethod(),
'_padding' => base64_encode(random_bytes(mt_rand(8, 256)))
];
// Shuffle the payload so that the structure is no longer know and obvious
$keys = array_keys($payload);
shuffle($keys);
$shuffledPayload = [];
foreach ($keys as $key) {
$shuffledPayload[$key] = $payload[$key];
}
$response = new RedirectResponse(); $response = new RedirectResponse();
$response->setRedirectUri( $response->setRedirectUri(
$this->makeRedirectUri( $this->makeRedirectUri(
@ -318,16 +338,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
[ [
'code' => $this->encrypt( 'code' => $this->encrypt(
json_encode( json_encode(
[ $shuffledPayload
'client_id' => $authCode->getClient()->getIdentifier(),
'redirect_uri' => $authCode->getRedirectUri(),
'auth_code_id' => $authCode->getIdentifier(),
'scopes' => $authCode->getScopes(),
'user_id' => $authCode->getUserIdentifier(),
'expire_time' => (new \DateTime())->add($this->authCodeTTL)->format('U'),
'code_challenge' => $authorizationRequest->getCodeChallenge(),
'code_challenge_method ' => $authorizationRequest->getCodeChallengeMethod(),
]
) )
), ),
'state' => $authorizationRequest->getState(), 'state' => $authorizationRequest->getState(),