Skip to content

Fix Microsoft OpenID configuration cache serialization#1444

Merged
atymic merged 2 commits intoSocialiteProviders:masterfrom
ubertech-za:fix/microsoft-openid-cache-serialization
Mar 26, 2026
Merged

Fix Microsoft OpenID configuration cache serialization#1444
atymic merged 2 commits intoSocialiteProviders:masterfrom
ubertech-za:fix/microsoft-openid-cache-serialization

Conversation

@ubertech-za
Copy link
Copy Markdown
Contributor

@ubertech-za ubertech-za commented Mar 25, 2026

getOpenIdConfiguration() caches json_decode output as stdClass. On deserialization from file/database cache drivers, PHP returns __PHP_Incomplete_Class, breaking subsequent login attempts.

Fix: return associative arrays instead of stdClass objects, and update all property access to array syntax.

@ubertech-za ubertech-za mentioned this pull request Mar 25, 2026
Closed
@atymic atymic requested a review from Copilot March 25, 2026 22:46
@atymic
Copy link
Copy Markdown
Member

atymic commented Mar 25, 2026

Should we change the cache key?

Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a login-breaking caching issue in the Microsoft provider by ensuring the OpenID configuration is cached as an associative array (instead of a stdClass), avoiding __PHP_Incomplete_Class on cache deserialization.

Changes:

  • Decode OpenID configuration JSON as associative arrays (json_decode(..., true)).
  • Update OpenID configuration usages from object property access to array access.
  • Tighten getOpenIdConfiguration() return type to array.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

atymic
atymic requested changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@atymic atymic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ubertech-za can you please change the cache key so its different and does not result in errors for existing users :)

@ubertech-za
Copy link
Copy Markdown
Contributor Author

ubertech-za commented Mar 25, 2026

@ubertech-za can you please change the cache key so its different and does not result in errors for existing users :)

Something like this?

$cacheKey = 'socialite:microsoft:openid:v2:' . sha1((string) $discovery);

@atymic
Copy link
Copy Markdown
Member

atymic commented Mar 25, 2026

just add v2 after jwks like jwks-v2

@ubertech-za
Copy link
Copy Markdown
Contributor Author

ubertech-za commented Mar 25, 2026

just add v2 after jwks like jwks-v2

$cacheKey = 'socialite:microsoft:openid-v2:' . sha1((string) $discovery);

May be safer if you do this :) You know the codebase better.

@atymic
Copy link
Copy Markdown
Member

atymic commented Mar 25, 2026

Either is fine, new cache key will be different :)

@mlategan
Fix Microsoft OpenID configuration cache serialization
544385a 
getOpenIdConfiguration() caches json_decode output as stdClass. On
deserialization from file/database cache drivers, PHP returns
__PHP_Incomplete_Class, breaking subsequent login attempts.

Changes:
- Return associative arrays from json_decode instead of stdClass
- Update all property access to array syntax
- Bump cache keys to openid-v2 and jwks-v2 so stale stdClass entries
  from prior versions are never read
- Update property type from mixed to ?array
- Update docblock @return from mixed to array<string, mixed>
@ubertech-za ubertech-za force-pushed the fix/microsoft-openid-cache-serialization branch from 27827fe to 544385a Compare March 25, 2026 23:21
@atymic atymic requested a review from Copilot March 25, 2026 23:31
Copilot AI reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@mlategan
Add JSON_THROW_ON_ERROR and shape validation to OpenID config decoding
391cdce 
Addresses review feedback: json_decode(..., true) can return null on
invalid/empty JSON, which would violate the array return type.

Extract decodeOpenIdConfiguration() helper that:
- Uses JSON_THROW_ON_ERROR to surface malformed responses
- Validates required keys (jwks_uri, issuer) are present
- Throws InvalidStateException on failure
@atymic atymic merged commit 3647391 into SocialiteProviders:master Mar 26, 2026
1 check passed
@atymic atymic added the release:patch Release a new patch version for changed providers label Mar 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@atymic atymic atymic approved these changes

Assignees

No one assigned

Labels

release:patch Release a new patch version for changed providers

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ubertech-za @atymic @mlategan