Painless OAuth 2.0 Server for CodeIgniter 4 🔥

Your FOSSA integration was successful! Attached in this PR is a badge and license report to track scan status in your README.

Below are docs for integrating FOSSA license checks into your CI:

• CircleCI
• TravisCI
• Jenkins
• Other

Using PHP 7.4.12 And CodeIgniter 4.1.1 2 Functionality breaking errors: FIX For "Declaration of Heimdall\Http\Headers::normalizeKey($key) must be compatible with Heimdall\Interfaces\Http\HeadersInterface::normalizeKey($key)" Error FIX For "Return value of Heimdall\Server\HeimdallAuthorizationServer::return() must be an instance of CodeIgniter\HTTP\Response, none returned" Error

Did follow execution order as best i could but it seems current resource server implementation only validates token, it should return or pass some data to main controller, currently (CI 4.1.1) viable through request header data or global data. By phpleague's docs 'resource server' should return some header attributes but it looks like codeigniter does not support that and is using PSR4, maybe this workaround is not good but i believe it is one of essential functions of this library. ENHANCEMENT "If the access token is valid then attributes as per phpleague's oauth2 docs will be accessible via $this->request->header('authorization')->getValue()"

When you create a Authorization Server using the withClientCredentialsGrant function builder. See https://heimdall.ezralazuardy.com/documentation/client-credentials-grant Error is:

"title": "Heimdall\\Exception\\HeimdallConfigException",
"type": "Heimdall\\Exception\\HeimdallConfigException",
"code": 500,
"message": "Unknown Heimdall grant type, please recheck your parameter.",
"file": "vendor/ezralazuardy/heimdall/src/Heimdall.php",
"line": 56,

There seems to be some readability issue or a mistake on the PKCE page (https://heimdall.ezralazuardy.com/documentation/pkce)

The section labeled Creating code_verifier seems to be talking about code_challenge and the later section labeled Creating code_challenge seemed to be talking about code_verifier. So the titles should be updated to reflect their respective sections.

Another thing to note here is during my testing: code_verifier seems to be a plain string rather than encrypted SHA-256 by default. So a note should be included for those trying out the PKCE method.

Also, it would be worth noting on the top of the PKCE documentation that the flag of is_confidential has to be set to false for the PKCE to take effect.

Updates the requirements on steverhoades/oauth2-openid-connect-server to permit the latest version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Describe the bug I've been tried to using this lib and follow the docs correctly but I used password grant and it throws error. The error is "Unknown Heimdall grant type, please recheck your parameter". I don't know what parameter should I recheck. It doesn't give clear explanation. I would greatly greatful if someone would help me with this issue. Thanks

To Reproduce I'm not quite clear what is this should be about, but I'm debugging via vscode with xdebug, as it can be look at screenshot below. And here's the log

CRITICAL - 2020-10-03 09:35:04 --> Unknown Heimdall grant type, please recheck your parameter. #0 D:\wamp64\www\cobacoba\app\Libraries\OAuthServer\OAuthServer.php(54): Heimdall\Heimdall::initializeAuthorizationServer(Object(Heimdall\Config\HeimdallAuthorizationConfig), Object(Heimdall\Config\HeimdallAuthorizationGrant)) #1 D:\wamp64\www\cobacoba\app\Controllers\Rest\Authorization.php(17): App\Libraries\OAuthServer\OAuthServer::createAuthorizationServer() #2 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(890): App\Controllers\Rest\Authorization->__construct() #3 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(399): CodeIgniter\CodeIgniter->createController() #4 D:\wamp64\www\cobacoba\vendor\codeigniter4\framework\system\CodeIgniter.php(312): CodeIgniter\CodeIgniter->handleRequest(NULL, Object(Config\Cache), false) #5 D:\wamp64\www\cobacoba\public\index.php(45): CodeIgniter\CodeIgniter->run() #6 {main}

Expected behavior Know the grant type and generate token

Screenshots

Desktop (please complete the following information):

• OS: Windows 10 Home x64
• PHP version : 7.3.12 (Using WAMPServer)

Additional context I have no idea

Authorization code grant type throws Using integers for registered date claims is deprecated, please use DateTimeImmutable objects instead during token generation because of the changes in lcobucci/jwt:3.4

league/oauth2-server:8.1.1 and lcobucci/jwt:3.3.3 works fine.

Steps to reproduce the behavior: composer require ezralazuardy/heimdall //which installs latest versions of league/oauth2-server version 8.2.4 which uses lcobucci/jwt:3.4.5 Use authorization code grant Token generation step gives error

Expected behavior Generated tokens

Screenshots

Hello, First of all thank you very much for Heimdall. Great name for a great library.

CI 4.1.1 and heimdal works great no problem.

I tried to implement OIDC by following these steps https://heimdall.ezralazuardy.com/documentation/oidc#enabling-oidc but seems getUserEntityByIdentifier doesn't even get called at all. Is there something missing in documentation?

I get no errors but the token generated has no profile information.

I'm using withClientCredentialsGrant BTW.

Is your feature request related to a problem? Please describe.

I want to have multiple grant type in one server, is there any good example to do it?

Describe the solution you'd like

I have done it, but with condition from what grant_type value is.

// function to create a new instance of HeimdallAuthorizationServer
    static function createAuthorizationServer($grant_type = null)
    {
        // creating HeimdallAuthorizationServer config
        $config = Heimdall::withAuthorizationConfig(
            new ClientRepository(),
            new AccessTokenRepository(),
            new ScopeRepository(),
            __DIR__ . '/private.key'
        );

        $grant = null;
        switch ($grant_type) {
            case 'client_credentials':
                $grant = Heimdall::withClientCredentialsGrant('P1Y');
                break;
            default:
                // creating HeimdallAuthorizationServer grant
                $grant = Heimdall::withAuthorizationCodeGrant(
                    new AuthCodeRepository(),
                    new RefreshTokenRepository(),
                    'PT1H',
                    'P6M',
                    'P3M'
                );
                break;
        }

        // return a new instance of HeimdallAuthorizationServer
        return Heimdall::initializeAuthorizationServer($config, $grant);
    }

Describe alternatives you've considered

Instead of using condition above, is there any other solution, that can make multiple grant_type support?

Additional context

In League Library source code, it is possible to do it. What's about implementation in Heimdall?

Issue:

When you try to add the scope of 'openid' scope as shown on the following link (https://heimdall.ezralazuardy.com/documentation/oidc). It throws a message (error) while using token API. (http://localhost:8080/rest/token)

"Using integers for registered date claims is deprecated, please use DateTimeImmutable objects instead."

This seems to be caused by the dependency of league/oauth2-server. It uses newer package lcobucci/jwt where there have been major breaking changes. Similiar issue has been noted in laravel passport package. (https://github.com/laravel/passport/issues/1381)

Solution : This can be resolved by downgrading the package " lcobucci/jwt" to 3.3.3 for the dependency "league/oauth2-server" and then run command composer require lcobucci/jwt:3.3.3

In the ResourceFilter, in the example, the server instance seems to be wrong. Instead of HeimdallAuthorizationCode, it should be OAuthServer from my understanding on the following link : (https://heimdall.ezralazuardy.com/documentation/implementation).

Hello, On this page https://heimdall.ezralazuardy.com/documentation/implementation#set-up-the-route-1

Following route works if you don't use any segments $routes->get('rest/users', 'Rest/Users::getUsers');

If you want to use segments it has to be like this. (backslash instead of forwarslash between Rest and Users)

$routes->get('rest/(:segment)/users', 'Rest\Users::getUsers/$1');

Is your feature request related to a problem? Please describe. I am happy to see OAuth 2.0 Server by phpleague come to CodeIgniter4, this is nice to start using oauth2, but before i am jump to this i will recomendating to refactor lot of code between source code and documentation following psr2 or maybe follow coding standard by CodeIgniter4, but i will be prefer to using follow psr2.

Describe the solution you'd like PHP CodeSniffer is nice tool to refactor code.

Describe alternatives you've considered

Additional context