-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathConfiguration.php
More file actions
120 lines (114 loc) · 6.59 KB
/
Copy pathConfiguration.php
File metadata and controls
120 lines (114 loc) · 6.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
namespace ItkDev\OpenIdConnectBundle\DependencyInjection;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
class Configuration implements ConfigurationInterface
{
public function getConfigTreeBuilder(): TreeBuilder
{
$treeBuilder = new TreeBuilder('itkdev_openid_connect');
// Specify which variables must be configured in itk_dev_openid_connect file
// That is client_id, client_secret, discovery url and cache path
// And return route for redirect uri generating in loginController
$treeBuilder->getRootNode()
->children()
->arrayNode('cache_options')
->isRequired()
->children()
->scalarNode('cache_pool')
->info('Method for caching')
->defaultValue('cache.app')
->cannotBeEmpty()
->end() // cache_pool
->end()
->end() // cache_options
->arrayNode('cli_login_options')
->isRequired()
->children()
->scalarNode('route')
->info('Return route for CLI login')
->isRequired()->cannotBeEmpty()
->end()
->end()
->end()
->scalarNode('user_provider')
->defaultNull()
->info('The User Provider to inject')
->end()
->arrayNode('openid_providers')
->isRequired()
->requiresAtLeastOneElement()
->normalizeKeys(false)
->arrayPrototype()
->children()
->arrayNode('options')
->isRequired()
->children()
->scalarNode('metadata_url')
->info('URL to OpenId Discovery Document')
->isRequired()
->end()
->scalarNode('client_id')
->info('Client ID assigned by authorizer')
->isRequired()->cannotBeEmpty()
->end()
->scalarNode('client_secret')
->info('Client secret/password assigned by authorizer')
->isRequired()->cannotBeEmpty()
->end()
->integerNode('leeway')
->info('Leeway in seconds to account for clock skew between server and provider')
->defaultValue(10)
->end()
->integerNode('cache_duration')
->info('Cache duration in seconds for the OIDC discovery document and JWKS (default: 86400 — 24 hours)')
->defaultValue(86400)
->end()
->scalarNode('redirect_uri')
->info('Redirect URI registered at identity provider')
->cannotBeEmpty()
->end()
->scalarNode('redirect_route')
->info('Redirect route registered at identity provider (must not be set if redirect_uri is set)')
->cannotBeEmpty()
->end()
->arrayNode('redirect_route_parameters')
->info('Redirect route parameters')
->end()
->booleanNode('allow_http')
->info('Whether to allow http or not (default: false)')
->defaultValue(false)
->end()
// Uses Guzzle under the hood through itk-dev/openid-connect -> league/oauth2-client -> guzzlehttp/guzzle
->arrayNode('http_client_options')
->info('Options forwarded to the underlying Guzzle HTTP client. league/oauth2-client only forwards: timeout, proxy, verify (verify is only consulted when proxy is set).')
->addDefaultsIfNotSet()
->children()
// @see https://docs.guzzlephp.org/en/stable/request-options.html#timeout
->floatNode('timeout')
->info('Total request timeout in seconds. Defaults to 30; set to 0 to wait indefinitely (Guzzle\'s own default).')
->defaultValue(30.0)
->end()
// @see https://docs.guzzlephp.org/en/stable/request-options.html#proxy
->scalarNode('proxy')
->info('HTTP proxy URI')
->end()
// @see https://docs.guzzlephp.org/en/stable/request-options.html#verify
->booleanNode('verify')
->info('Verify TLS certificates (only consulted by Guzzle when proxy is set)')
->end()
->end()
->end()
->end()
->validate()
->ifTrue(static fn (array $v) => isset($v['redirect_uri'], $v['redirect_route']))
->thenInvalid('Only one of redirect_uri or redirect_route must be set.')
->end()
->end()
->end()
->end()
->end()
->end();
return $treeBuilder;
}
}