Merge pull request #15 from C0deWiser/master

Robert Kummer · web-flow · commit 5fc2027e87ed · 2020-09-28T19:00:57.000+02:00
Laravel 8, optional username, uuid (not integer) client_id etc
diff --git a/composer.json b/composer.json
@@ -1,6 +1,7 @@
 {
 	"name": "ipunkt/laravel-oauth-introspection",
 	"description": "OAuth 2.0 Token Introspection implementation for extending Laravel Passport (RFC 7662)",
+	"version": "2.0",
 	"keywords": [
 		"laravel",
 		"passport",
@@ -16,10 +17,10 @@
 		}
 	],
 	"require": {
-		"php": "^7.0",
-		"guzzlehttp/guzzle": "~6.0",
-		"ipunkt/laravel-package-manager": "^1.0",
-		"laravel/passport": "~1.0|~2.0|~3.0|~4.0|~5.0|~6.0|~7.0"
+		"php": ">=7.0",
+		"guzzlehttp/guzzle": ">=7.0",
+		"ipunkt/laravel-package-manager": "^2.0",
+		"laravel/passport": ">=8.0"
 	},
 	"autoload": {
 		"psr-4": {
diff --git a/src/Http/Controllers/IntrospectionController.php b/src/Http/Controllers/IntrospectionController.php
@@ -3,6 +3,8 @@
 namespace Ipunkt\Laravel\OAuthIntrospection\Http\Controllers;
 
 use Illuminate\Http\JsonResponse;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Str;
 use Laravel\Passport\Bridge\AccessTokenRepository;
 use Laravel\Passport\ClientRepository;
 use Laravel\Passport\Passport;
@@ -70,12 +72,12 @@ public function introspectToken(ServerRequestInterface $request)
 		try {
 			$this->resourceServer->validateAuthenticatedRequest($request);
 
-			if (array_get($request->getParsedBody(), 'token_type_hint', 'access_token') !== 'access_token') {
+			if (Arr::get($request->getParsedBody(), 'token_type_hint', 'access_token') !== 'access_token') {
 				//  unsupported introspection
 				return $this->notActiveResponse();
 			}
 
-			$accessToken = array_get($request->getParsedBody(), 'token');
+			$accessToken = Arr::get($request->getParsedBody(), 'token');
 			if ($accessToken === null) {
 				return $this->notActiveResponse();
 			}
@@ -91,19 +93,19 @@ public function introspectToken(ServerRequestInterface $request)
 
 			/** @var string $userModel */
 			$userModel = config('auth.providers.users.model');
-			$user = (new $userModel)->findOrFail($token->getClaim('sub'));
+			$user = (new $userModel)->find($token->getClaim('sub'));
 
 			return $this->jsonResponse([
 				'active' => true,
 				'scope' => trim(implode(' ', (array)$token->getClaim('scopes', []))),
-				'client_id' => intval($token->getClaim('aud')),
-				'username' => $user->email,
+				'client_id' => $token->getClaim('aud'),
+				'username' => optional($user)->email,
 				'token_type' => 'access_token',
 				'exp' => intval($token->getClaim('exp')),
 				'iat' => intval($token->getClaim('iat')),
 				'nbf' => intval($token->getClaim('nbf')),
-				'sub' => intval($token->getClaim('sub')),
-				'aud' => intval($token->getClaim('aud')),
+				'sub' => $token->getClaim('sub'),
+				'aud' => $token->getClaim('aud'),
 				'jti' => $token->getClaim('jti'),
 			]);
 		} catch (OAuthServerException $oAuthServerException) {
@@ -190,7 +192,7 @@ private function exceptionResponse(\Exception $exception, $status = 500) : JsonR
 	{
 		return $this->errorResponse([
 			'error' => [
-				'id' => str_slug(get_class($exception) . ' ' . $status),
+				'id' => Str::slug(get_class($exception) . ' ' . $status),
 				'status' => $status,
 				'title' => $exception->getMessage(),
 				'detail' => $exception->getTraceAsString()
