WIP

Author: cicnavi

routing/routes/routes.php

@@ -15,6 +15,7 @@
 use SimpleSAML\Module\oidc\Controllers\ConfigurationDiscoveryController;
 use SimpleSAML\Module\oidc\Controllers\EndSessionController;
 use SimpleSAML\Module\oidc\Controllers\Federation\EntityStatementController;
+use SimpleSAML\Module\oidc\Controllers\Federation\SubordinateListingsController;
 use SimpleSAML\Module\oidc\Controllers\JwksController;
 use SimpleSAML\Module\oidc\Controllers\UserInfoController;
 use SimpleSAML\OpenID\Codebooks\HttpMethodsEnum;
@@ -96,4 +97,8 @@
     $routes->add(RoutesEnum::FederationFetch->name, RoutesEnum::FederationFetch->value)
         ->controller([EntityStatementController::class, 'fetch'])
         ->methods([HttpMethodsEnum::GET->value]);
+
+    $routes->add(RoutesEnum::FederationList->name, RoutesEnum::FederationList->value)
+        ->controller([SubordinateListingsController::class, 'list'])
+        ->methods([HttpMethodsEnum::GET->value]);
 };

src/Codebooks/RoutesEnum.php

@@ -46,4 +46,5 @@ enum RoutesEnum: string
 
     case FederationConfiguration = '.well-known/openid-federation';
     case FederationFetch = 'federation/fetch';
+    case FederationList = 'federation/list';
 }

src/Controllers/Federation/EntityStatementController.php

@@ -211,7 +211,7 @@ public function configuration(): Response
 
     public function fetch(Request $request): Response
     {
-        $subject = $request->query->get(ClaimsEnum::Sub->value);
+        $subject = $request->query->getString(ClaimsEnum::Sub->value);
 
         if (empty($subject)) {
             return $this->routes->newJsonErrorResponse(
@@ -222,7 +222,6 @@ public function fetch(Request $request): Response
         }
 
         /** @var non-empty-string $subject */
-        $subject = (string)$subject;
 
         $cachedSubordinateStatement = $this->federationCache?->get(
             null,

src/Controllers/Federation/SubordinateListingsController.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Module\oidc\Controllers\Federation;
+
+use SimpleSAML\Module\oidc\Helpers;
+use SimpleSAML\Module\oidc\ModuleConfig;
+use SimpleSAML\Module\oidc\Repositories\ClientRepository;
+use SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException;
+use SimpleSAML\Module\oidc\Services\LoggerService;
+use SimpleSAML\Module\oidc\Utils\Routes;
+use SimpleSAML\OpenID\Codebooks\ErrorsEnum;
+use SimpleSAML\OpenID\Codebooks\ParamsEnum;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class SubordinateListingsController
+{
+    /**
+     * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
+     */
+    public function __construct(
+        private readonly ModuleConfig $moduleConfig,
+        private readonly ClientRepository $clientRepository,
+        private readonly Helpers $helpers,
+        private readonly Routes $routes,
+        private readonly LoggerService $loggerService,
+    ) {
+        if (!$this->moduleConfig->getFederationEnabled()) {
+            throw OidcServerException::forbidden('federation capabilities not enabled');
+        }
+    }
+
+    public function list(Request $request): Response
+    {
+        // If unsupported query parameter is provided, we have to respond with an error: "If the responder does not
+        // support this feature, it MUST use the HTTP status code 400 and the content type application/json, with
+        // the error code unsupported_parameter."
+
+        // Currently, we don't support any of the mentioned params in the spec, so let's return error for any of them.
+        $unsupportedParams = [
+            ParamsEnum::EntityType->value,
+            ParamsEnum::TrustMarked->value,
+            ParamsEnum::TrustMarkId->value,
+            ParamsEnum::Intermediate->value,
+        ];
+
+        $requestedParams = array_keys($request->query->all());
+
+        if (!empty($intersectedParams = array_intersect($unsupportedParams, $requestedParams))) {
+            return $this->routes->newJsonErrorResponse(
+                ErrorsEnum::UnsupportedParameter->value,
+                'Unsupported parameter: ' . implode(', ', $intersectedParams),
+            );
+        }
+
+        dd($request->query->all());
+
+
+        if ($entityTypes = $request->query->all(ParamsEnum::EntityType->value)) {
+        }
+
+        return new Response();
+    }
+}

src/Utils/Routes.php

@@ -193,4 +193,9 @@ public function urlFederationFetch(array $parameters = []): string
     {
         return $this->getModuleUrl(RoutesEnum::FederationFetch->value, $parameters);
     }
+
+    public function urlFederationList(array $parameters = []): string
+    {
+        return $this->getModuleUrl(RoutesEnum::FederationList->value, $parameters);
+    }
 }