From 6569af47207d3aab1faee0e7b946b546491501c7 Mon Sep 17 00:00:00 2001
From: Charles <ce.marguerite@sudalys.fr>
Date: Wed, 18 Feb 2026 16:43:32 +0100
Subject: [PATCH] dynamic self client identification for portal

---
 .env                                    | 1 +
 config/services.yaml                    | 4 ++++
 docs/API.md                             | 1 +
 src/EventSubscriber/LoginSubscriber.php | 5 +++--
 4 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.env b/.env
index 2931bca..29f1e55 100644
--- a/.env
+++ b/.env
@@ -49,6 +49,7 @@ OAUTH_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.key
 OAUTH_PASSPHRASE=8170ea18d2e3e05b5c7ae0672a754bf4
 OAUTH_ENCRYPTION_KEY=f1b7c279f7992205a0df45e295d07066
 OAUTH_SSO_IDENTIFIER='sso-own-identifier'
+OAUTH_SSO_IDENTIFIER_LOGIN='sso-own-identifier'
 ###< league/oauth2-server-bundle ###
 
 ###> nelmio/cors-bundle ###
diff --git a/config/services.yaml b/config/services.yaml
index 146d0f0..d732fc0 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -11,6 +11,7 @@ parameters:
     mercure_secret: '%env(MERCURE_JWT_SECRET)%'
     logos_directory: '%kernel.project_dir%/public/uploads/logos'
     oauth_sso_identifier: '%env(OAUTH_SSO_IDENTIFIER)%'
+    oauth_sso_identifier_login: '%env(OAUTH_SSO_IDENTIFIER_LOGIN)%'
 
 services:
     # default configuration for services in *this* file
@@ -36,6 +37,9 @@ services:
     App\EventSubscriber\:
         resource: '../src/EventSubscriber/'
         tags: ['kernel.event_subscriber']
+    App\EventSubscriber\LoginSubscriber:
+        arguments:
+          $clientIdentifier: '%oauth_sso_identifier_login%'
     App\Service\AwsService:
         arguments:
             $awsPublicUrl: '%aws_public_url%'
diff --git a/docs/API.md b/docs/API.md
index 32101ef..03e5c75 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -175,6 +175,7 @@ php bin/console league:oauth2-server:create-client sso_internal_service --grant-
 ```
 
 now, copy the identifier, and paste it in the .env file
+please note that we have 2 client for the application because one is used for m2m and the other is used for the user, so implement both, the one ending with _LOGIN is the one for the user
 ```dotenv
 OAUTH_SSO_IDENTIFIER='sso-own-identifier'
 ```
diff --git a/src/EventSubscriber/LoginSubscriber.php b/src/EventSubscriber/LoginSubscriber.php
index 3c3febc..cb74755 100644
--- a/src/EventSubscriber/LoginSubscriber.php
+++ b/src/EventSubscriber/LoginSubscriber.php
@@ -14,7 +14,8 @@ class LoginSubscriber implements EventSubscriberInterface
 
     private EntityManagerInterface $entityManager;
 
-    public function __construct(EntityManagerInterface $entityManager)
+    public function __construct(EntityManagerInterface $entityManager,
+                                private string                       $clientIdentifier)
     {
         $this->entityManager = $entityManager;
     }
@@ -51,7 +52,7 @@ class LoginSubscriber implements EventSubscriberInterface
         if ($user) {
             $user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris')));
 
-            $easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['name' => 'EasySolution']);
+            $easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]);
             if ($easySolution) {
                 $accessToken = new AccessToken(
                     identifier: bin2hex(random_bytes(40)),