salmanx · December 7, 2023 14:56
diff --git a/connect with custom oauth with pkce support b/connect with custom oauth with pkce support
 <?php
 namespace App\Http\Controllers;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Http;


 class MainContoller extends Controller
 {

    public function login(Request $request)
    {

        $codeVerifier = bin2hex(random_bytes(64));
        $codeChallenge = rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
        $state = \bin2hex(\random_bytes(16));

        session()->put('openid_connect_code_verifier', $codeVerifier);

        $authorizeUrl = 'http://localhost:3000/api/oidc/auth' ;
        $clientId = 'example-client-id';
        $redirectUri = 'http://localhost:3010/callback';

        $query = [
            'client_id' => $clientId,
            'response_type' => 'code',
            'scope' => 'openid offline_access',
            'redirect_uri' => $redirectUri,
            'code_challenge' => $codeChallenge,
            'code_challenge_method' => 'S256', // requred as have PKCE support enabled
            'state' => $state,
        ];

        $url = $authorizeUrl . '?' . http_build_query($query);

        return redirect()->away($url);
    }

    public function callback(Request $request) {
        $tokenEndpoint = 'http://localhost:3000/api/oidc/token';
        $code = $request->get('code');
        $codeVerifier = session()->get('openid_connect_code_verifier');

        $response = Http::asForm()->post($tokenEndpoint, [
            'code' => $code,
            'grant_type' => 'authorization_code',
            'client_id' => 'example-client-id',
            'client_secret' => 'example-client-secret',
            'code_verifier' => $codeVerifier,
        ]);

        session()->forget('openid_connect_code_verifier');

        return $response->json();
    }
 }
	<?php
	namespace App\Http\Controllers;
	use Illuminate\Http\Request;
	use Illuminate\Support\Facades\Http;


	class MainContoller extends Controller
	{

	public function login(Request $request)
	{

	$codeVerifier = bin2hex(random_bytes(64));
	$codeChallenge = rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
	$state = \bin2hex(\random_bytes(16));

	session()->put('openid_connect_code_verifier', $codeVerifier);

	$authorizeUrl = 'http://localhost:3000/api/oidc/auth' ;
	$clientId = 'example-client-id';
	$redirectUri = 'http://localhost:3010/callback';

	$query = [
	'client_id' => $clientId,
	'response_type' => 'code',
	'scope' => 'openid offline_access',
	'redirect_uri' => $redirectUri,
	'code_challenge' => $codeChallenge,
	'code_challenge_method' => 'S256', // requred as have PKCE support enabled
	'state' => $state,
	];

	$url = $authorizeUrl . '?' . http_build_query($query);

	return redirect()->away($url);
	}

	public function callback(Request $request) {
	$tokenEndpoint = 'http://localhost:3000/api/oidc/token';
	$code = $request->get('code');
	$codeVerifier = session()->get('openid_connect_code_verifier');

	$response = Http::asForm()->post($tokenEndpoint, [
	'code' => $code,
	'grant_type' => 'authorization_code',
	'client_id' => 'example-client-id',
	'client_secret' => 'example-client-secret',
	'code_verifier' => $codeVerifier,
	]);

	session()->forget('openid_connect_code_verifier');

	return $response->json();
	}
	}