修复认证

2024-07-24 14:57:28 +08:00 · 2024-07-24 14:57:28 +08:00 · ce8aff3626
commit ce8aff3626
parent 21b2254379
1 changed files with 17 additions and 1 deletions
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@ -47,11 +47,27 @@ private function setJWTGuard(): void

            try {
                $decoded = JWT::decode($jwt, $keys, $headers);
-                $request->attributes->add(['token_type' => $headers->typ]);
+                //                $request->attributes->add(['token_type' => $headers->typ]);
            } catch (Exception $e) {
                return response()->json(['error' => 'Invalid token, '.$e->getMessage()], 401);
            }

+            // must id_token
+            if ($headers->typ !== 'id_token') {
+                return response()->json(['error' => 'The token not id_token'], 401);
+            }
+
+            // 检查是否有 字段
+            $required_fields = [
+                'name', 'sub',
+            ];
+
+            foreach ($required_fields as $field) {
+                if (! isset($decoded->$field)) {
+                    return response()->json(['error' => 'The token not contain the field '.$field], 401);
+                }
+            }
+
            if (config('oauth.force_aud')) {
                if (! in_array($decoded->aud, config('oauth.trusted_aud'))) {
                    return response()->json(['error' => 'The application rejected the token, token aud is '.$decoded->aud.', app aud is '.config('oauth.client_id')], 401);