diff --git a/src/Configuration/OAuth2Configuration.php b/src/Configuration/OAuth2Configuration.php index 7fca5a4..a7fd766 100644 --- a/src/Configuration/OAuth2Configuration.php +++ b/src/Configuration/OAuth2Configuration.php @@ -41,7 +41,7 @@ public function getSsoAuthorizeUrl(): string return $this->ssoAuthorizeUrl; } - public function getSsoUserInfoUrl(?string $userId): string + public function getSsoUserInfoUrl(?string $userId = null): string { if (!$userId) { return $this->ssoUserInfoUrl; diff --git a/src/Domain/Process/OAuth2/GrantAccessByOAuth2TokenProcess.php b/src/Domain/Process/OAuth2/GrantAccessByOAuth2TokenProcess.php index eaf20aa..9349285 100644 --- a/src/Domain/Process/OAuth2/GrantAccessByOAuth2TokenProcess.php +++ b/src/Domain/Process/OAuth2/GrantAccessByOAuth2TokenProcess.php @@ -135,7 +135,7 @@ private function getAuthUser(AccessTokenDto $accessTokenDto): ?AnzuAuthUserInter { if (self::AUTH_METHOD_SSO_EMAIL === $this->authMethod) { // fetch user info - $ssoUser = $this->OAuth2HttpClient->getSsoUserInfo(); + $ssoUser = $this->OAuth2HttpClient->getCurrentSsoUserInfo($accessTokenDto); return $this->oAuth2AuthUserRepository->findOneBySsoEmail($ssoUser->getEmail()); } @@ -149,7 +149,7 @@ private function getAuthUser(AccessTokenDto $accessTokenDto): ?AnzuAuthUserInter } // otherwise fetch user info - $ssoUser = $this->OAuth2HttpClient->getSsoUserInfo(); + $ssoUser = $this->OAuth2HttpClient->getCurrentSsoUserInfo($accessTokenDto); return $this->oAuth2AuthUserRepository->findOneBySsoUserId($ssoUser->getId()); } diff --git a/src/HttpClient/OAuth2HttpClient.php b/src/HttpClient/OAuth2HttpClient.php index f16e0b4..a1265f8 100644 --- a/src/HttpClient/OAuth2HttpClient.php +++ b/src/HttpClient/OAuth2HttpClient.php @@ -20,7 +20,7 @@ final class OAuth2HttpClient { - private const CLIENT_SERVICE_ACCESS_TOKEN_CACHE_KEY = 'sso_access_token_client_service'; + private const string CLIENT_SERVICE_ACCESS_TOKEN_CACHE_KEY = 'sso_access_token_client_service'; public function __construct( private readonly HttpClientInterface $client, @@ -34,24 +34,20 @@ public function __construct( */ public function requestAccessTokenByAuthCode(string $code): AccessTokenDto { - $accessToken = $this->sendTokenRequest($this->configuration->getSsoAccessTokenUrl(), [ + return $this->sendTokenRequest($this->configuration->getSsoAccessTokenUrl(), [ 'grant_type' => 'authorization_code', 'code' => $code, 'client_id' => $this->configuration->getSsoClientId(), 'client_secret' => $this->configuration->getSsoClientSecret(), 'redirect_uri' => $this->configuration->getSsoRedirectUrl(), ]); - - $this->storeAccessTokenToCache($this->getAccessTokenCacheItem(), $accessToken); - - return $accessToken; } /** * @throws UnsuccessfulAccessTokenRequestException * @throws UnsuccessfulUserInfoRequestException */ - public function getSsoUserInfo(?string $id = null): SsoUserDto + public function getSsoUserInfo(string $id): SsoUserDto { try { $response = $this->client->request( @@ -70,6 +66,28 @@ public function getSsoUserInfo(?string $id = null): SsoUserDto } } + /** + * @throws UnsuccessfulUserInfoRequestException + */ + public function getCurrentSsoUserInfo(AccessTokenDto $token): SsoUserDto + { + try { + $response = $this->client->request( + method: Request::METHOD_GET, + url: $this->configuration->getSsoUserInfoUrl(), + options: [ + 'auth_bearer' => $token->getAccessToken(), + ] + ); + + return $this->serializer->deserialize($response->getContent(), $this->configuration->getSsoUserInfoClass()); + } catch (ExceptionInterface $exception) { + throw UnsuccessfulUserInfoRequestException::create('User info request failed!', $exception); + } catch (SerializerException $exception) { + throw UnsuccessfulUserInfoRequestException::create('User info response deserialization failed!', $exception); + } + } + public function getSsoUserInfoByEmail(string $email): SsoUserDto { try {