OIDC Userinfo: Added JWT signed response support

Not yet tested, nor checked all response validations.
2025-07-30 04:23:11 +03:00 · 2024-04-19 14:12:27 +01:00
parent fa543bbd4d
commit b18cee3dc4
4 changed files with 196 additions and 144 deletions
--- a/app/Access/Oidc/OidcService.php
+++ b/app/Access/Oidc/OidcService.php
@ -246,7 +246,11 @@ class OidcService
        if (!$userDetails->isFullyPopulated($this->shouldSyncGroups()) && !empty($settings->userinfoEndpoint)) {
            $provider = $this->getProvider($settings);
            $request = $provider->getAuthenticatedRequest('GET', $settings->userinfoEndpoint, $accessToken->getToken());
-            $response = new OidcUserinfoResponse($provider->getResponse($request));
+            $response = new OidcUserinfoResponse(
+                $provider->getResponse($request),
+                $settings->issuer,
+                $settings->keys,
+            );

            try {
                $response->validate($idToken->getClaim('sub'));