Add scope modification in the token

2025-04-23 16:26:54 +02:00 · 2025-04-23 16:26:54 +02:00 · b19b6a2988
parent f41c34b750
commit b19b6a2988
2 changed files with 79 additions and 0 deletions
--- a/config/services.yaml
+++ b/config/services.yaml
@ -22,6 +22,9 @@ services:
    App\EventSubscriber\:
        resource: '../src/EventSubscriber/'
        tags: ['kernel.event_subscriber']
    App\EventSubscriber\ScopeResolveListener:
        tags:
            - { name: kernel.event_listener, event: league.oauth2_server.event.scope_resolve, method: onScopeResolve }
    # add more service definitions when explicit configuration is needed
    # please note that last definitions always *replace* previous ones
--- a/src/EventSubscriber/ScopeResolveListener.php
+++ b/src/EventSubscriber/ScopeResolveListener.php
@ -0,0 +1,76 @@
 <?php
 namespace App\EventSubscriber;
 use League\Bundle\OAuth2ServerBundle\Event\ScopeResolveEvent;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
 use League\Bundle\OAuth2ServerBundle\Model\Client;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 final class ScopeResolveListener implements EventSubscriberInterface
 {
    private ClientRepositoryInterface $clientRepository;
    private LoggerInterface $logger;
    public function __construct(ClientRepositoryInterface $clientRepository, LoggerInterface $logger)
    {
        $this->logger = $logger;
        // Inject the client repository
        $this->clientRepository = $clientRepository;
    }
    public function onScopeResolve(ScopeResolveEvent $event): void
    {
        // Get the client ID from the event
        $client = $event->getClient();
        $clientIdentifier = $client->getIdentifier();
        // Get the requested scopes from the event
        $requestedScopes = $event->getScopes();
        // Prepare our final scopes collection
        $finalScopes = [];
        // Add default scopes that everyone gets
        $defaultScopes = ['email', 'profile', 'openid'];
        foreach ($defaultScopes as $scope) {
            $finalScopes[] = new Scope($scope);
        }
        // Add client-specific scopes based on client identifier or name
        switch ($clientIdentifier) {
            case $_ENV['EASYEXPLOIT_CLIENT_ID']:
                $finalScopes[] = new Scope('apps:easyexploit');
                break;
            case 'EasyAccess':
                $finalScopes[] = new Scope('apps:easyaccess');
                break;
            case 'EasyMonithor':
                $finalScopes[] = new Scope('apps:easymonithor');
                break;
            case 'EasyCheck':
                $finalScopes[] = new Scope('apps:easycheck');
                break;
            // Add more cases as needed for other applications
        }
        // // If the client is an admin client, add admin scopes
        // if (str_contains($client->getName(), 'Admin')) {
        //     $finalScopes[] = new Scope('apps:manage');
        //     $finalScopes[] = new Scope('orgs:manage');
        //     $finalScopes[] = new Scope('users:manage');
        // }
        // Set the resolved scopes
        $event->setScopes(...$finalScopes);
    }
    public static function getSubscribedEvents(): array
    {
        return [
            ScopeResolveEvent::class => 'onScopeResolve',
        ];
    }
 }