From 4af346cceecf60285d8c545212082801e5942422 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Fri, 12 Jun 2026 16:43:32 +0200 Subject: [PATCH 1/5] update php-solid-auth to implement rfc-9207 --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 4bcd6e6..f7abbbb 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ } ], "require": { - "pdsinterop/solid-auth": "v0.13.0", + "pdsinterop/solid-auth": "v0.14.0", "pdsinterop/solid-crud": "v0.8.3", "phpmailer/phpmailer": "^6.10", "sweetrdf/easyrdf": "~1.15.0", From a0ea40c828f5d610ba87f770a4fa07d9624b6287 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Mon, 22 Jun 2026 16:27:58 +0200 Subject: [PATCH 2/5] persist remote client document registrations --- lib/ClientRegistration.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/ClientRegistration.php b/lib/ClientRegistration.php index 2a597a3..80cce44 100644 --- a/lib/ClientRegistration.php +++ b/lib/ClientRegistration.php @@ -5,10 +5,6 @@ class ClientRegistration { public static function getRegistration($clientId) { - if (preg_match("/^http(s)?:/", $clientId)) { - return self::getRemoteRegistration($clientId); - } - Db::connect(); $query = Db::$pdo->prepare( 'SELECT clientData FROM clients WHERE clientId=:clientId' @@ -20,6 +16,14 @@ public static function getRegistration($clientId) { if (sizeof($result) === 1) { return json_decode($result[0]['clientData'], true); } + if (preg_match("/^http(s)?:/", $clientId)) { + $clientData = self::getRemoteRegistration($clientId); + if (!isset($clientData['origin']) && isset($clientData['client_uri'])) { + $clientData['origin'] = preg_replace("/\/$/", "", $clientData['client_uri']); + } + self::saveClientRegistration($clientData); + return $clientData; + } return false; } From 3506c6917e7cebd4f39f68e2a09799bb8688199b Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Mon, 22 Jun 2026 16:28:20 +0200 Subject: [PATCH 3/5] only add id_token when asked --- lib/Routes/SolidIdp.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/Routes/SolidIdp.php b/lib/Routes/SolidIdp.php index 9c3f3ff..6cc3225 100644 --- a/lib/Routes/SolidIdp.php +++ b/lib/Routes/SolidIdp.php @@ -90,15 +90,17 @@ public static function respondToAuthorize() { $response = $authServer->respondToAuthorizationRequest($request, $user, $approval); - $tokenGenerator = Server::getTokenGenerator(); + if (in_array("id_token", $requestedResponseTypes)) { + $tokenGenerator = Server::getTokenGenerator(); - $response = $tokenGenerator->addIdTokenToResponse( - $response, - $clientId, - $webId, - $_SESSION['nonce'] ?? '', - Server::getKeys()["privateKey"] - ); + $response = $tokenGenerator->addIdTokenToResponse( + $response, + $clientId, + $webId, + $_SESSION['nonce'] ?? '', + Server::getKeys()["privateKey"] + ); + } Server::respond($response); } From c03a18a7b403e2df616e30ddd5afdcfde3865d0f Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Mon, 22 Jun 2026 16:28:37 +0200 Subject: [PATCH 4/5] return bad request when jti is invalid --- lib/Routes/SolidStorage.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/Routes/SolidStorage.php b/lib/Routes/SolidStorage.php index 6eecb89..1201725 100644 --- a/lib/Routes/SolidStorage.php +++ b/lib/Routes/SolidStorage.php @@ -36,7 +36,14 @@ public static function respondToStorage() { $resourceServer->setBaseUrl($baseUrl); $wac->setBaseUrl($baseUrl); - $webId = StorageServer::getWebId($rawRequest); + try { + $webId = StorageServer::getWebId($rawRequest); + } catch(\Exception $e) { + $response = $resourceServer->getResponse() + -> withStatus(400, "Bad request"); + StorageServer::respond($response); + exit(); + } if (!isset($webId)) { $response = $resourceServer->getResponse() From 66e4a28bdda81be76a6b456b42b0aa9753cb3ca4 Mon Sep 17 00:00:00 2001 From: Ben Peachey Date: Tue, 23 Jun 2026 10:03:46 +0200 Subject: [PATCH 5/5] Update solid-auth dependency to v0.14.1 Packagist no longer support re-tagging a release. Since the v0.14.0 release has been removed, v0.14.0 has been re-tagged as v0.14.1. --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index f7abbbb..0017f6a 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ } ], "require": { - "pdsinterop/solid-auth": "v0.14.0", + "pdsinterop/solid-auth": "v0.14.1", "pdsinterop/solid-crud": "v0.8.3", "phpmailer/phpmailer": "^6.10", "sweetrdf/easyrdf": "~1.15.0",