dynamic self client identification for portal

2026-02-18 16:43:32 +01:00 · 2026-02-18 16:43:32 +01:00 · 6569af4720
parent e388999ff7
commit 6569af4720
4 changed files with 9 additions and 2 deletions
--- a/.env
+++ b/.env
@ -49,6 +49,7 @@ OAUTH_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.key
 OAUTH_PASSPHRASE=8170ea18d2e3e05b5c7ae0672a754bf4
 OAUTH_ENCRYPTION_KEY=f1b7c279f7992205a0df45e295d07066
 OAUTH_SSO_IDENTIFIER='sso-own-identifier'
+OAUTH_SSO_IDENTIFIER_LOGIN='sso-own-identifier'
 ###< league/oauth2-server-bundle ###

 ###> nelmio/cors-bundle ###
--- a/config/services.yaml
+++ b/config/services.yaml
@ -11,6 +11,7 @@ parameters:
    mercure_secret: '%env(MERCURE_JWT_SECRET)%'
    logos_directory: '%kernel.project_dir%/public/uploads/logos'
    oauth_sso_identifier: '%env(OAUTH_SSO_IDENTIFIER)%'
+    oauth_sso_identifier_login: '%env(OAUTH_SSO_IDENTIFIER_LOGIN)%'

 services:
    # default configuration for services in *this* file
@ -36,6 +37,9 @@ services:
    App\EventSubscriber\:
        resource: '../src/EventSubscriber/'
        tags: ['kernel.event_subscriber']
+    App\EventSubscriber\LoginSubscriber:
+        arguments:
+          $clientIdentifier: '%oauth_sso_identifier_login%'
    App\Service\AwsService:
        arguments:
            $awsPublicUrl: '%aws_public_url%'
--- a/docs/API.md
+++ b/docs/API.md
@ -175,6 +175,7 @@ php bin/console league:oauth2-server:create-client sso_internal_service --grant-
 ```

 now, copy the identifier, and paste it in the .env file
+please note that we have 2 client for the application because one is used for m2m and the other is used for the user, so implement both, the one ending with _LOGIN is the one for the user
 ```dotenv
 OAUTH_SSO_IDENTIFIER='sso-own-identifier'
 ```
--- a/src/EventSubscriber/LoginSubscriber.php
+++ b/src/EventSubscriber/LoginSubscriber.php
@ -14,7 +14,8 @@ class LoginSubscriber implements EventSubscriberInterface

    private EntityManagerInterface $entityManager;

-    public function __construct(EntityManagerInterface $entityManager)
+    public function __construct(EntityManagerInterface $entityManager,
+                                private string                       $clientIdentifier)
    {
        $this->entityManager = $entityManager;
    }
@ -51,7 +52,7 @@ class LoginSubscriber implements EventSubscriberInterface
        if ($user) {
            $user->setLastConnection(new \DateTime('now', new \DateTimeZone('Europe/Paris')));

-            $easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['name' => 'EasySolution']);
+            $easySolution = $this->entityManager->getRepository(Client::class)->findOneBy(['identifier' => $this->clientIdentifier]);
            if ($easySolution) {
                $accessToken = new AccessToken(
                    identifier: bin2hex(random_bytes(40)),