If you want to add OpenConnect to the supported OAuth2 built-in Apigility so you'd get a JWT as answer, that's what you should do:
First, add these lines to /config/autoload/global.php
'zf-oauth2' => [
'allow_implicit' => true,
'access_lifetime' => 28800,
'enforce_state' => true,
'options' => [
'use_jwt_access_tokens' => true,
'store_encrypted_token_string' => true,
'use_openid_connect' => true,
'issuer' => 'issueroftoken.com',
'id_lifetime' => 28800,
'www_realm' => 'Service',
'token_param_name' => 'access_token',
'token_bearer_header_name' => 'Bearer',
'require_exact_redirect_uri' => true,
'allow_credentials_in_request_body' => true,
'allow_public_clients' => true,
'always_issue_new_refresh_token' => true,
'unset_refresh_token_after_use' => true,
],
],
The lines that matter there are use_jwt_access_tokens
and use_openid_connect
which must be set to true and issuer
that must be filled (I added my website's address). The rest can be removed if you don't want to change their defaults.
Then you'd need to create this table (found this info here):
CREATE TABLE oauth_public_keys (
client_id VARCHAR(80),
public_key VARCHAR(2000),
private_key VARCHAR(2000),
encryption_algorithm VARCHAR(100) DEFAULT 'RS256'
)
This table will be used to store the one key for each client, that you should generate by running the command (found this one here):
# private key
$ openssl genrsa -out privkey.pem 2048
# public key
$ openssl rsa -in privkey.pem -pubout -out pubkey.pem
Then you should take the content of those files and fill public_key
and private_key
along with the client_id
.
My access tokens were being generated at oauth_access_tokens
because I am using implicit type grant (no client_secret
on oauth_clients
and the allow_implicit
flag on global.php), so I needed to increase the access_token
field, you may need to check how many chars the field(s) you're using have:
ALTER TABLE `oauth_access_tokens` CHANGE `access_token` `access_token` VARCHAR(2000) NOT NULL;
That should be it! You should now be getting a JWT as an answer from Apigility!
Hope this helps.