feature #57721 [Security][SecurityBundle] Add encryption support to OIDC tokens (Spomky)

fabpot · fabpot · commit f7d2f38bef92 · 2025-01-17T08:34:52.000+01:00
This PR was merged into the 7.3 branch.

Discussion
----------

[Security][SecurityBundle] Add encryption support to OIDC tokens

| Q             | A
| ------------- | ---
| Branch?       | 7.3
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Issues        | Fix #50441
| License       | MIT

The changes add encryption support to OpenID Connect (OIDC) tokens in the Symfony Security Bundle. This is useful in making the application more secure. They also ensure the tokens are correctly decrypted and validated before use. Additionally, tests have been expanded to cover these new scenarios.

```yaml
security:
    firewalls:
        main:
            pattern: ^/
            access_token:
                token_handler:
                    oidc:
                        ...
                        encryption:
                            enabled: true
                            algorithms: [...]
                            keyset: '{"keys": [{...}]}'
```

Commits
-------

04c53b4bae0 [Security] OAuth2 Introspection Endpoint (RFC7662)
diff --git a/DependencyInjection/Compiler/UnusedTagsPass.php b/DependencyInjection/Compiler/UnusedTagsPass.php
@@ -85,6 +85,7 @@ class UnusedTagsPass implements CompilerPassInterface
         'routing.route_loader',
         'scheduler.schedule_provider',
         'scheduler.task',
+        'security.access_token_handler.oidc.encryption_algorithm',
         'security.access_token_handler.oidc.signature_algorithm',
         'security.authenticator.login_linker',
         'security.expression_language_provider',
