Add scope modification in the token

2025-04-23 16:26:54 +02:00 · 2025-04-23 16:26:54 +02:00 · b19b6a2988
parent f41c34b750
commit b19b6a2988
2 changed files with 79 additions and 0 deletions
--- a/config/services.yaml
+++ b/config/services.yaml
@ -22,6 +22,9 @@ services:
    App\EventSubscriber\:
        resource: '../src/EventSubscriber/'
        tags: ['kernel.event_subscriber']
+    App\EventSubscriber\ScopeResolveListener:
+        tags:
+            - { name: kernel.event_listener, event: league.oauth2_server.event.scope_resolve, method: onScopeResolve }

    # add more service definitions when explicit configuration is needed
    # please note that last definitions always *replace* previous ones
--- a/src/EventSubscriber/ScopeResolveListener.php
+++ b/src/EventSubscriber/ScopeResolveListener.php
@ -0,0 +1,76 @@
+<?php
+
+namespace App\EventSubscriber;
+
+use League\Bundle\OAuth2ServerBundle\Event\ScopeResolveEvent;
+use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
+use League\Bundle\OAuth2ServerBundle\Model\Client;
+use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
+use Psr\Log\LoggerInterface;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+final class ScopeResolveListener implements EventSubscriberInterface
+{
+    private ClientRepositoryInterface $clientRepository;
+    private LoggerInterface $logger;
+
+    public function __construct(ClientRepositoryInterface $clientRepository, LoggerInterface $logger)
+    {
+        $this->logger = $logger;
+        // Inject the client repository
+        $this->clientRepository = $clientRepository;
+    }
+
+    public function onScopeResolve(ScopeResolveEvent $event): void
+    {
+        // Get the client ID from the event
+        $client = $event->getClient();
+        $clientIdentifier = $client->getIdentifier();
+
+        // Get the requested scopes from the event
+        $requestedScopes = $event->getScopes();
+        
+        // Prepare our final scopes collection
+        $finalScopes = [];
+        
+        // Add default scopes that everyone gets
+        $defaultScopes = ['email', 'profile', 'openid'];
+        foreach ($defaultScopes as $scope) {
+            $finalScopes[] = new Scope($scope);
+        }
+        
+        // Add client-specific scopes based on client identifier or name
+        switch ($clientIdentifier) {
+            case $_ENV['EASYEXPLOIT_CLIENT_ID']:
+                $finalScopes[] = new Scope('apps:easyexploit');
+                break;
+            case 'EasyAccess':
+                $finalScopes[] = new Scope('apps:easyaccess');
+                break;
+            case 'EasyMonithor':
+                $finalScopes[] = new Scope('apps:easymonithor');
+                break;
+            case 'EasyCheck':
+                $finalScopes[] = new Scope('apps:easycheck');
+                break;
+            // Add more cases as needed for other applications
+        }
+        
+        // // If the client is an admin client, add admin scopes
+        // if (str_contains($client->getName(), 'Admin')) {
+        //     $finalScopes[] = new Scope('apps:manage');
+        //     $finalScopes[] = new Scope('orgs:manage');
+        //     $finalScopes[] = new Scope('users:manage');
+        // }
+        
+        // Set the resolved scopes
+        $event->setScopes(...$finalScopes);
+    }
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            ScopeResolveEvent::class => 'onScopeResolve',
+        ];
+    }
+}