From 017ad9d23f590f4fe68ac271b63f50c22b3d2da2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20J=2E=20Garc=C3=ADa=20Lagar?= Date: Sun, 19 Jan 2025 22:34:07 +0100 Subject: [PATCH] Fix client credentials In `league/server-bundle` version `0.8`, when the client_credentials grant is used, the `sub` claim of the JWT is an empty string, but in version `0.9` is filled with the client ID. We override the `getSubjectIdentifier` of the AccessToken entity to return an empty string again when the client_credentials grant is used. --- src/Entity/AccessToken.php | 5 +++++ tests/Integration/ResourceServerTest.php | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/src/Entity/AccessToken.php b/src/Entity/AccessToken.php index a6d10dd4..10194d0c 100644 --- a/src/Entity/AccessToken.php +++ b/src/Entity/AccessToken.php @@ -14,4 +14,9 @@ final class AccessToken implements AccessTokenEntityInterface use AccessTokenTrait; use EntityTrait; use TokenEntityTrait; + + public function getSubjectIdentifier(): string + { + return $this->userIdentifier ?? ''; + } } diff --git a/tests/Integration/ResourceServerTest.php b/tests/Integration/ResourceServerTest.php index 966933e0..ed024bb6 100644 --- a/tests/Integration/ResourceServerTest.php +++ b/tests/Integration/ResourceServerTest.php @@ -95,4 +95,20 @@ public function testRevokedAccessToken(): void $this->assertNull($request); } + + public function testValidClientCredentialsGrant(): void + { + $tokenResponse = $this->handleTokenRequest( + $this->createAuthorizationRequest(null, [ + 'client_id' => 'foo', + 'client_secret' => 'secret', + 'grant_type' => 'client_credentials', + ]) + ); + + $resourceRequest = $this->handleResourceRequest($this->createResourceRequest($tokenResponse['access_token'])); + $this->assertSame(FixtureFactory::FIXTURE_CLIENT_FIRST, $resourceRequest->getAttribute('oauth_client_id')); + $this->assertSame('', $resourceRequest->getAttribute('oauth_user_id')); + $this->assertSame([], $resourceRequest->getAttribute('oauth_scopes')); + } }