Merge branch 'pu/pm/SsoRpAccessTokenTtlCfg' into 'main'

tweak(SSO) add access token ttl to RP config

See merge request tine20/tine20!7203

Author: paulmhh

tine20/SSO/Controller.php

@@ -924,7 +924,7 @@ protected static function getOpenIdConnectServer(): \League\OAuth2\Server\Author
         );
 
         $grant->setIssuer(static::getOAuthIssuer());
-        $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month
+        $grant->setRefreshTokenTTL(new \DateInterval('P1D')); // refresh tokens will expire after 1 day
 
         // Enable the authentication code grant on the server
         $server->enableGrantType(
@@ -942,7 +942,7 @@ protected static function getOpenIdConnectServer(): \League\OAuth2\Server\Author
         );
 
         $grant->setIssuer(static::getOAuthIssuer());
-        $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month
+        $grant->setRefreshTokenTTL(new \DateInterval('P1D')); // refresh tokens will expire after 1 day
 
         // Enable the authentication code grant on the server
         $server->enableGrantType(

tine20/SSO/Facade/OpenIdConnect/AuthCodeGrant.php

@@ -6,7 +6,7 @@
  * @subpackage  Facade
  * @license     http://www.gnu.org/licenses/agpl.html AGPL Version 3
  * @author      Paul Mehrer <[email protected]>
- * @copyright   Copyright (c) 2023-2024 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2023-2025 Metaways Infosystems GmbH (http://www.metaways.de)
  *
  */
 
@@ -22,6 +22,14 @@ public function respondToAccessTokenRequest(
         ResponseTypeInterface $responseType,
         \DateInterval $accessTokenTTL
     ): ResponseTypeInterface {
+
+        list($clientId) = $this->getClientCredentials($request);
+        /** @var SSO_Facade_OAuth2_ClientEntity $client */
+        $client = $this->getClientEntityOrFail($clientId, $request);
+        if ($ttl = $client->getRelyingPart()->{SSO_Model_RelyingParty::FLD_ACCESS_TOKEN_TTL}) {
+            $this->idTokenTTL = $accessTokenTTL = new DateInterval('PT' . $ttl . 'M');
+        }
+
         /** @var \Idaas\OpenID\ResponseTypes\BearerTokenResponse $result */
         $result = parent::respondToAccessTokenRequest($request, $responseType, $accessTokenTTL);
 

tine20/SSO/Model/RelyingParty.php

@@ -29,6 +29,7 @@ class SSO_Model_RelyingParty extends Tinebase_Record_NewAbstract
     public const FLD_LOGO_DARK = 'logo_dark';
     public const FLD_LOGO_LIGHT = 'logo_light';
     public const FLD_NAME = 'name';
+    public const FLD_ACCESS_TOKEN_TTL = 'access_token_ttl';
 
     /**
      * holds the configuration object (must be declared in the concrete class)
@@ -43,7 +44,7 @@ class SSO_Model_RelyingParty extends Tinebase_Record_NewAbstract
      * @var array
      */
     protected static $_modelConfiguration = [
-        self::VERSION => 4,
+        self::VERSION => 5,
         self::RECORD_NAME => 'Relying Party',
         self::RECORDS_NAME => 'Relying Parties', // ngettext('Relying Party', 'Relying Parties', n)
         self::TITLE_PROPERTY => self::FLD_NAME,
@@ -128,6 +129,12 @@ class SSO_Model_RelyingParty extends Tinebase_Record_NewAbstract
                     [Tinebase_Record_Validator_SubValidate::class],
                 ],
             ],
+            self::FLD_ACCESS_TOKEN_TTL  => [
+                self::TYPE                  => self::TYPE_INTEGER,
+                self::SPECIAL_TYPE          => self::SPECIAL_TYPE_MINUTES,
+                self::NULLABLE              => true,
+                self::LABEL                 => 'Access Token TTL',
+            ],
         ]
     ];
 

tine20/SSO/Setup/Update/18.php

@@ -17,6 +17,7 @@ class SSO_Setup_Update_18 extends Setup_Update_Abstract
     protected const RELEASE018_UPDATE001 = __CLASS__ . '::update001';
     protected const RELEASE018_UPDATE002 = __CLASS__ . '::update002';
     protected const RELEASE018_UPDATE003 = __CLASS__ . '::update003';
+    protected const RELEASE018_UPDATE004 = __CLASS__ . '::update004';
 
     static protected $_allUpdates = [
         self::PRIO_NORMAL_APP_STRUCTURE     => [
@@ -28,6 +29,10 @@ class SSO_Setup_Update_18 extends Setup_Update_Abstract
                 self::CLASS_CONST                   => self::class,
                 self::FUNCTION_CONST                => 'update002',
             ],
+            self::RELEASE018_UPDATE004          => [
+                self::CLASS_CONST                   => self::class,
+                self::FUNCTION_CONST                => 'update004',
+            ],
         ],
         self::PRIO_NORMAL_APP_UPDATE        => [
             self::RELEASE018_UPDATE000          => [
@@ -80,4 +85,13 @@ public function update003()
 
         $this->addApplicationUpdate(SSO_Config::APP_NAME, '18.3', self::RELEASE018_UPDATE003);
     }
+
+    public function update004()
+    {
+        Setup_SchemaTool::updateSchema([
+            SSO_Model_RelyingParty::class,
+        ]);
+
+        $this->addApplicationUpdate(SSO_Config::APP_NAME, '18.4', self::RELEASE018_UPDATE004);
+    }
 }

tine20/SSO/Setup/setup.xml

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <application>
     <name>SSO</name>
-    <version>18.3</version>
+    <version>18.4</version>
     <order>100</order>
     <status>enabled</status>
 </application>

tine20/Tinebase/ModelConfiguration/Const.php

@@ -246,7 +246,7 @@ class Tinebase_ModelConfiguration_Const {
     public const SPECIAL_TYPE_URL = 'url';
     public const SPECIAL_TYPE_COUNTRY = 'country';
     public const SPECIAL_TYPE_CURRENCY = 'currency';
-
+    public const SPECIAL_TYPE_MINUTES = 'minutes';
     public const SPECIAL_TYPE_MONTH = 'month';
     public const STORAGE = 'storage';
     public const SUPPORTED_FORMATS = 'supportedFormats';