From 13d0260cc97c5cce9399f44afa65b70857499da6 Mon Sep 17 00:00:00 2001
From: Jasper Weyne <jasperweyne@gmail.com>
Date: Thu, 9 Jul 2020 16:27:45 +0200
Subject: [PATCH] Configurable OpenID Connect services

---
 app/Auth/Access/OpenIdService.php | 22 +++++++++++++++++++---
 app/Config/openid.php             |  3 +++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/app/Auth/Access/OpenIdService.php b/app/Auth/Access/OpenIdService.php
index 14b6ac9a5..fc0c00298 100644
--- a/app/Auth/Access/OpenIdService.php
+++ b/app/Auth/Access/OpenIdService.php
@@ -139,6 +139,7 @@ class OpenIdService extends ExternalAuthService
      */
     protected function getProvider(): OpenIDConnectProvider
     {
+        // Setup settings
         $settings = $this->config['openid'];
         $overrides = $this->config['openid_overrides'] ?? [];
 
@@ -149,12 +150,27 @@ class OpenIdService extends ExternalAuthService
         $openIdSettings = $this->loadOpenIdDetails();
         $settings = array_replace_recursive($settings, $openIdSettings, $overrides);
 
-        $signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
-        return new OpenIDConnectProvider($settings, ['signer' => $signer]);
+        // Setup services
+        $services = $this->loadOpenIdServices();
+        $overrides = $this->config['openid_services'] ?? [];
+
+        $services = array_replace_recursive($services, $overrides);
+
+        return new OpenIDConnectProvider($settings, $services);
     }
 
     /**
-     * Load dynamic service provider options required by the onelogin toolkit.
+     * Load services utilized by the OpenID Connect provider.
+     */
+    protected function loadOpenIdServices(): array
+    {
+        return [
+            'signer' => new \Lcobucci\JWT\Signer\Rsa\Sha256(),
+        ];
+    }
+
+    /**
+     * Load dynamic service provider options required by the OpenID Connect provider.
      */
     protected function loadOpenIdDetails(): array
     {
diff --git a/app/Config/openid.php b/app/Config/openid.php
index 2232ba7b2..20089518b 100644
--- a/app/Config/openid.php
+++ b/app/Config/openid.php
@@ -18,6 +18,9 @@ return [
     // Overrides, in JSON format, to the configuration passed to underlying OpenIDConnectProvider library.
     'openid_overrides' => env('OPENID_OVERRIDES', null),
 
+    // Custom service instances, used by the underlying OpenIDConnectProvider library
+    'openid_services' => [],
+
     'openid' => [
         // OAuth2/OpenId client id, as configured in your Authorization server.
         'clientId'                => env('OPENID_CLIENT_ID', ''),