Merge pull request #88 from a1comms/feature/jwt-v4.x

Feature/jwt v4.x
affordablemobiles · Dec 5, 2023 · faea11f · faea11f
2 parents a2d0139 + 7747a6e
commit faea11f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 29 deletions.
diff --git a/src/A1comms/GaeSupportLaravel/Integration/JWT/Signer/IAMSigner.php b/src/A1comms/GaeSupportLaravel/Integration/JWT/Signer/IAMSigner.php
@@ -4,7 +4,6 @@
 
 namespace A1comms\GaeSupportLaravel\Integration\JWT\Signer;
 
-use Lcobucci\JWT\Signature;
 use Lcobucci\JWT\Signer;
 use Lcobucci\JWT\Signer\Key;
 
@@ -23,7 +22,7 @@ class IAMSigner implements Signer
      *
      * @return string
      */
-    public function getAlgorithmId()
+    public function algorithmId(): string
     {
         return 'RS256';
     }
@@ -33,36 +32,39 @@ public function getAlgorithmId()
      */
     public function modifyHeader(array &$headers): void
     {
-        $headers['alg'] = $this->getAlgorithmId();
+        $headers['alg'] = $this->algorithmId();
     }
 
     /**
      * Returns a signature for given data.
      *
      * @param string $payload
-     * @param string $key
+     * @param Key $key
      *
-     * @return Signature
+     * @return string
      *
-     * @throws \InvalidArgumentException When given key is invalid
+     * @throws CannotSignPayload  When payload signing fails.
+     * @throws InvalidKeyProvided When issue key is invalid/incompatible.
+     * @throws ConversionFailed   When signature could not be converted.
      */
-    public function sign($payload, $key)
+    public function sign(string $payload, Key $key): string
     {
-        return new Signature($this->createHash($payload, $key));
+        return $this->createHash($payload, $key);
     }
 
     /**
      * Returns if the expected hash matches with the data and key.
      *
      * @param string $expected
      * @param string $payload
-     * @param string $key
+     * @param Key $key
      *
      * @return bool
      *
-     * @throws \InvalidArgumentException When given key is invalid
+     * @throws InvalidKeyProvided When issue key is invalid/incompatible.
+     * @throws ConversionFailed   When signature could not be converted.
      */
-    public function verify($expected, $payload, $key)
+    public function verify(string $expected, string $payload, Key $key): bool
     {
         return $this->doVerify($expected, $payload, $key);
     }
@@ -86,7 +88,7 @@ public function createHash($payload, Key $key)
 
         $service = new \Google_Service_IAMCredentials($client);
 
-        $keyID = sprintf('projects/-/serviceAccounts/%s', $key->getContent());
+        $keyID = sprintf('projects/-/serviceAccounts/%s', $key->contents());
 
         $requestBody = new \Google_Service_IAMCredentials_SignBlobRequest();
 

diff --git a/src/A1comms/GaeSupportLaravel/Integration/JWT/TokenSource/DWDTokenSource.php b/src/A1comms/GaeSupportLaravel/Integration/JWT/TokenSource/DWDTokenSource.php
@@ -5,11 +5,12 @@
 namespace A1comms\GaeSupportLaravel\Integration\JWT\TokenSource;
 
 use A1comms\GaeSupportLaravel\Integration\JWT\Signer\IAMSigner;
+use DateTimeImmutable;
 use Google\Auth\Credentials\GCECredentials;
 use Google\Auth\Credentials\ServiceAccountCredentials;
 use Google\Auth\OAuth2;
-use Lcobucci\JWT\Builder;
-use Lcobucci\JWT\Signer\Key;
+use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Signer\Key\InMemory;
 
 class DWDTokenSource extends OAuth2
 {
@@ -39,25 +40,25 @@ public function getTokenCredentialUri()
 
     public function toJwt(array $config = [])
     {
-        $gce_creds    = new GCECredentials();
+        $gce_creds = new GCECredentials();
         $client_email = $gce_creds->getClientName();
 
-        $time = time();
+        $config = Configuration::forSymmetricSigner(
+            new IAMSigner(),
+            InMemory::plainText($client_email)
+        );
 
-        $signer = new IAMSigner();
+        $now = new DateTimeImmutable();
 
-        $keyID = new Key($client_email);
+        $token = $config->builder()
+            ->issuedBy($client_email)
+            ->permittedFor($this->getTokenCredentialUri())
+            ->relatedTo($this->subject)
+            ->issuedAt($now)
+            ->expiresAt($now->modify('+1 hour'))
+            ->withClaim('scope', implode(' ', $this->scopes))
+            ->getToken($config->signer(), $config->signingKey());
 
-        $token = (new Builder())
-            ->issuedBy($client_email)                           // Configures the issuer (iss claim)
-            ->permittedFor($this->getTokenCredentialUri())      // aud claim
-            ->relatedTo($this->subject)                         // sub claim
-            ->issuedAt($time)                                   // Configures the time that the token was issue (iat claim)
-            ->expiresAt($time + 3600)                           // Configures the expiration time of the token (exp claim)
-            ->withClaim('scope', implode(' ', $this->scopes))   // scopes claim
-            ->getToken($signer, $keyID)
-        ;
-
-        return (string) $token;
+        return $token->toString();
     }
 }