Startseite Erkunden Hilfe
Anmelden
chiappa
/
sprint_planer_web
Mirror von https://git.snix.ch/chiappa/sprint_planer_web.git
1
0
Fork 0
Dateien Issues 0
Struktur: e4e49e9a0b
Branches Tags
sprint_planer_w...
/
src
/
Auth
/
OidcClient.php

OidcClient.php 2.0 KB
Verlauf Originalformat

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. <?php
    2. 

  2. /*
    3. 

  3.  * Copyright 2026 Alessandro Chiapparini <sprint_planer_web@chiapparini.org>
    4. 

  4.  * SPDX-License-Identifier: Apache-2.0
    5. 

  5.  *
    6. 

  6.  * Licensed under the Apache License, Version 2.0 (the "License");
    7. 

  7.  * you may not use this file except in compliance with the License.
    8. 

  8.  * See the LICENSE file in the project root for the full license text.
    9. 

  9.  */
    10. 

  10. 

  11. declare(strict_types=1);
    12. 

  12. 

  13. namespace App\Auth;
    14. 

  14. 

  15. use Jumbojett\OpenIDConnectClient;
    16. 

  16. use RuntimeException;
    17. 

  17. 

  18. /**
    19. 

  19.  * Thin factory around jumbojett/openid-connect-php configured for
    20. 

  20.  * Microsoft Entra ID (v2.0 endpoint) with Authorization Code + PKCE.
    21. 

  21.  *
    22. 

  22.  * Reads these env vars:
    23. 

  23.  *   ENTRA_TENANT_ID
    24. 

  24.  *   ENTRA_CLIENT_ID
    25. 

  25.  *   ENTRA_CLIENT_SECRET
    26. 

  26.  *   APP_BASE_URL
    27. 

  27.  */
    28. 

  28. final class OidcClient
    29. 

  29. {
    30. 

  30.     public static function create(): OpenIDConnectClient
    31. 

  31.     {
    32. 

  32.         $tenant       = self::env('ENTRA_TENANT_ID');
    33. 

  33.         $clientId     = self::env('ENTRA_CLIENT_ID');
    34. 

  34.         $clientSecret = self::env('ENTRA_CLIENT_SECRET');
    35. 

  35.         $baseUrl      = rtrim(self::env('APP_BASE_URL'), '/');
    36. 

  36. 

  37.         $issuer = "https://login.microsoftonline.com/{$tenant}/v2.0";
    38. 

  38. 

  39.         $oidc = new OpenIDConnectClient($issuer, $clientId, $clientSecret);
    40. 

  40.         $oidc->setRedirectURL($baseUrl . '/auth/callback');
    41. 

  41.         $oidc->addScope(['openid', 'profile', 'email']);
    42. 

  42.         $oidc->setCodeChallengeMethod('S256'); // PKCE
    43. 

  43. 

  44.         // Entra's userinfo endpoint doesn't return new info beyond the id_token
    45. 

  45.         // for our scopes; rely on verified claims to avoid the extra round trip.
    46. 

  46.         return $oidc;
    47. 

  47.     }
    48. 

  48. 

  49.     public static function isConfigured(): bool
    50. 

  50.     {
    51. 

  51.         foreach (['ENTRA_TENANT_ID', 'ENTRA_CLIENT_ID', 'ENTRA_CLIENT_SECRET', 'APP_BASE_URL'] as $k) {
    52. 

  52.             $v = getenv($k);
    53. 

  53.             if (!is_string($v) || $v === '') {
    54. 

  54.                 return false;
    55. 

  55.             }
    56. 

  56.         }
    57. 

  57.         return true;
    58. 

  58.     }
    59. 

  59. 

  60.     private static function env(string $name): string
    61. 

  61.     {
    62. 

  62.         $v = getenv($name);
    63. 

  63.         if (!is_string($v) || $v === '') {
    64. 

  64.             throw new RuntimeException("Required env var not set: {$name}");
    65. 

  65.         }
    66. 

  66.         return $v;
    67. 

  67.     }
    68. 

  68. }
    69.