Enabled client_secret_basic authentication on requestClientCredentia…

…lsToken() jumbojett#347
Magentron · Nov 28, 2022 · cb6cec4 · cb6cec4
1 parent 2d78c15
commit cb6cec4
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## [0.9.11]
+
+### Added
+
+* Enabled `client_secret_basic` authentication on `requestClientCredentialsToken()` #347
+
 ## [0.9.10]
 
 ## Fixed

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -848,12 +848,12 @@ public function requestClientCredentialsToken() {
         $grant_type = 'client_credentials';
 
         $post_data = [
-            'grant_type'    => $grant_type,
-            'client_id'     => $this->clientID,
-            'client_secret' => $this->clientSecret,
-            'scope'         => implode(' ', $this->scopes)
+            'grant_type' => $grant_type,
+            'scope'      => implode(' ', $this->scopes)
         ];
 
+        $this->setOptionalBasicAuthentication($headers, $post_data);
+
         // Convert token params to string format
         $post_params = http_build_query($post_data, '', '&', $this->encType);
 
@@ -884,13 +884,7 @@ public function requestResourceOwnerToken($bClientAuth = FALSE) {
 
         //For client authentication include the client values
         if($bClientAuth) {
-            $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
-            if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
-                $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
-            } else {
-                $post_data['client_id']     = $this->clientID;
-                $post_data['client_secret'] = $this->clientSecret;
-            }
+            $this->setOptionalBasicAuthentication($headers, $post_data);
         }
 
         // Convert token params to string format
@@ -899,6 +893,23 @@ public function requestResourceOwnerToken($bClientAuth = FALSE) {
         return json_decode($this->fetchURL($token_endpoint, $post_params, $headers));
     }
 
+    /**
+     * Use client basic authentication if supported.
+     *
+     * @param array $headers
+     * @param array $post_data
+     * @throws OpenIDConnectClientException
+     */
+    protected function setOptionalBasicAuthentication(&$headers, &$post_data) {
+        $token_endpoint_auth_methods_supported = $this->getProviderConfigValue('token_endpoint_auth_methods_supported', ['client_secret_basic']);
+
+        if ($this->supportsAuthMethod('client_secret_basic', $token_endpoint_auth_methods_supported)) {
+            $headers = ['Authorization: Basic ' . base64_encode(urlencode($this->clientID) . ':' . urlencode($this->clientSecret))];
+        } else {
+            $post_data['client_id']     = $this->clientID;
+            $post_data['client_secret'] = $this->clientSecret;
+        }
+    }
 
     /**
      * Requests ID and Access tokens