Laravel AT Protocol Client (alpha & unstable)
Store DPoP key with session ID after OAuth callback for token binding
+7
+7
src/Auth/OAuthEngine.php
+7
src/Auth/OAuthEngine.php
···
7
7
use SocialDept\AtpClient\Data\AuthorizationRequest;
8
8
use SocialDept\AtpClient\Data\DPoPKey;
9
9
use SocialDept\AtpClient\Events\OAuthUserAuthenticated;
10
+
use SocialDept\AtpClient\Contracts\KeyStore;
10
11
use SocialDept\AtpClient\Exceptions\AuthenticationException;
11
12
use SocialDept\AtpClient\Http\DPoPClient;
12
13
use SocialDept\AtpResolver\Facades\Resolver;
···
18
19
protected ClientMetadataManager $metadata,
19
20
protected DPoPClient $dpopClient,
20
21
protected ClientAssertionManager $clientAssertion,
22
+
protected KeyStore $keyStore,
21
23
) {}
22
24
23
25
/**
···
103
105
}
104
106
105
107
$token = AccessToken::fromResponse($response->json(), $request->handle, $request->pdsEndpoint);
108
+
109
+
// Store the DPoP key with the session ID so future requests can use it
110
+
// The token is bound to this key's thumbprint (cnf.jkt claim)
111
+
$sessionId = 'session_'.hash('sha256', $token->did);
112
+
$this->keyStore->store($sessionId, $request->dpopKey);
106
113
107
114
event(new OAuthUserAuthenticated($token));
108
115