enable code_challenge parameter

xi · xi · commit 86561b36f67e · 2025-01-07T17:15:53.000+01:00
depends on cosmocode/dokuwiki-plugin-oauth#163
diff --git a/Keycloak.php b/Keycloak.php
@@ -36,28 +36,28 @@ class Keycloak extends AbstractOAuth2Base
      *
      * @return string
      */
-    public function getEndpoint(string $endpoint)
+    public function getDiscovery(string $endpoint, $default = '')
     {
         if (!isset($this->discovery)) {
             $plugin = plugin_load('helper', 'oauthkeycloak');
             $json = file_get_contents($plugin->getConf('openidurl'));
             if (!$json) throw new \Exception('Failed accessing ' . $plugin->getConf('openidurl'));
             $this->discovery = json_decode($json, true);
         }
-        if (!isset($this->discovery[$endpoint])) return '';
+        if (!isset($this->discovery[$endpoint])) return $default;
         return $this->discovery[$endpoint];
     }
 
     /** @inheritdoc */
     public function getAuthorizationEndpoint()
     {
-        return new Uri($this->getEndpoint(self::ENDPOINT_AUTH));
+        return new Uri($this->getDiscovery(self::ENDPOINT_AUTH));
     }
 
     /** @inheritdoc */
     public function getAccessTokenEndpoint()
     {
-        return new Uri($this->getEndpoint(self::ENDPOINT_TOKEN));
+        return new Uri($this->getDiscovery(self::ENDPOINT_TOKEN));
     }
 
     /** @inheritdoc */
@@ -72,6 +72,18 @@ public function needsStateParameterInAuthUrl()
         return true;
     }
 
+    /** @inheritdoc */
+    public function getCodeChallengeMethod()
+    {
+        $methods = $this->getDiscovery('code_challenge_methods_supported', []);
+        foreach (['S256', 'plain'] as $m) {
+            if (in_array($m, $methods)) {
+                return $m;
+            }
+        }
+        return null;
+    }
+
     /**
      * Logout from Keycloak
      *
@@ -94,7 +106,7 @@ public function logout()
         ];
 
         $this->httpClient->retrieveResponse(
-            new Uri($this->getEndpoint(self::ENDPOINT_LOGOUT)),
+            new Uri($this->getDiscovery(self::ENDPOINT_LOGOUT)),
             $parameters,
             $this->getExtraOAuthHeaders()
         );

Original file line number	Diff line number	Diff line change
`@@ -36,28 +36,28 @@ class Keycloak extends AbstractOAuth2Base`
`36`	`36`	`*`
`37`	`37`	`* @return string`
`38`	`38`	`*/`
`39`		`- public function getEndpoint(string $endpoint)`
	`39`	`+ public function getDiscovery(string $endpoint, $default = '')`
`40`	`40`	`{`
`41`	`41`	`if (!isset($this->discovery)) {`
`42`	`42`	`$plugin = plugin_load('helper', 'oauthkeycloak');`
`43`	`43`	`$json = file_get_contents($plugin->getConf('openidurl'));`
`44`	`44`	`if (!$json) throw new \Exception('Failed accessing ' . $plugin->getConf('openidurl'));`
`45`	`45`	`$this->discovery = json_decode($json, true);`
`46`	`46`	`}`
`47`		`- if (!isset($this->discovery[$endpoint])) return '';`
	`47`	`+ if (!isset($this->discovery[$endpoint])) return $default;`
`48`	`48`	`return $this->discovery[$endpoint];`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`/** @inheritdoc */`
`52`	`52`	`public function getAuthorizationEndpoint()`
`53`	`53`	`{`
`54`		`- return new Uri($this->getEndpoint(self::ENDPOINT_AUTH));`
	`54`	`+ return new Uri($this->getDiscovery(self::ENDPOINT_AUTH));`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`/** @inheritdoc */`
`58`	`58`	`public function getAccessTokenEndpoint()`
`59`	`59`	`{`
`60`		`- return new Uri($this->getEndpoint(self::ENDPOINT_TOKEN));`
	`60`	`+ return new Uri($this->getDiscovery(self::ENDPOINT_TOKEN));`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`/** @inheritdoc */`
`@@ -72,6 +72,18 @@ public function needsStateParameterInAuthUrl()`
`72`	`72`	`return true;`
`73`	`73`	`}`
`74`	`74`
	`75`	`+ /** @inheritdoc */`
	`76`	`+ public function getCodeChallengeMethod()`
	`77`	`+ {`
	`78`	`+ $methods = $this->getDiscovery('code_challenge_methods_supported', []);`
	`79`	`+ foreach (['S256', 'plain'] as $m) {`
	`80`	`+ if (in_array($m, $methods)) {`
	`81`	`+ return $m;`
	`82`	`+ }`
	`83`	`+ }`
	`84`	`+ return null;`
	`85`	`+ }`
	`86`	`+`
`75`	`87`	`/**`
`76`	`88`	`* Logout from Keycloak`
`77`	`89`	`*`
`@@ -94,7 +106,7 @@ public function logout()`
`94`	`106`	`];`
`95`	`107`
`96`	`108`	`$this->httpClient->retrieveResponse(`
`97`		`- new Uri($this->getEndpoint(self::ENDPOINT_LOGOUT)),`
	`109`	`+ new Uri($this->getDiscovery(self::ENDPOINT_LOGOUT)),`
`98`	`110`	`$parameters,`
`99`	`111`	`$this->getExtraOAuthHeaders()`
`100`	`112`	`);`