Remove jwks_url parameter

Author: louismariegaborit

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

@@ -5,7 +5,6 @@ CHANGELOG
 ---
 
  * Mark class `ExpressionCacheWarmer` as `final`
- * Add `jwks_url` option in oidc token handler configuration
 
 7.0
 ---

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/AccessToken/OidcTokenHandlerFactory.php

@@ -17,7 +17,6 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Exception\LogicException;
 use Symfony\Component\DependencyInjection\Reference;
-use Symfony\Component\HttpClient\HttpClient;
 
 /**
  * Configures a token handler for decoding and validating an OIDC token.
@@ -52,27 +51,13 @@ public function create(ContainerBuilder $container, string $id, array|string $co
 
         $tokenHandlerDefinition->replaceArgument(0, $algorithmManagerDefinition);
 
-        if (!isset($config['jwks_url']) && !isset($config['key'])) {
-            throw new LogicException('You should defined key or jwks_url parameter in configuration.');
+        if (!isset($config['key'])) {
+            throw new LogicException('You should defined key parameter in configuration.');
         }
 
-        if (isset($config['jwks_url'])) {
-            if (!class_exists(HttpClient::class)) {
-                throw new LogicException(sprintf('You cannot use "%s" as the HttpClient component is not installed. Try running "composer require symfony/http-client".', __CLASS__));
-            }
-            $httpClient = HttpClient::create();
-            $response = $httpClient->request(
-                'GET',
-                $config['jwks_url']
-            );
-            $jwkDefinition = (new ChildDefinition('security.access_token_handler.oidc.jwk_set'))
-                ->replaceArgument(0, $response->getContent());
-        } elseif (isset($config['key'])) {
-            $jwkDefinition = (new ChildDefinition('security.access_token_handler.oidc.jwk'))
-                ->replaceArgument(0, $config['key']);
-        }
-
-        $tokenHandlerDefinition->replaceArgument(1, $jwkDefinition);
+        $tokenHandlerDefinition->replaceArgument(1, (new ChildDefinition('security.access_token_handler.oidc.jwk'))
+            ->replaceArgument(0, $config['key'])
+        );
     }
 
     public function getKey(): string
@@ -106,9 +91,6 @@ public function addConfiguration(NodeBuilder $node): void
                     ->scalarNode('key')
                         ->info('JSON-encoded JWK used to sign the token (must contain a "kty" key).')
                     ->end()
-                    ->scalarNode('jwks_url')
-                        ->info('Url to retrieve JWKSet JSON-encoded (must contain a "keys" key).')
-                    ->end()
                 ->end()
             ->end()
         ;

src/Symfony/Bundle/SecurityBundle/Resources/config/security_authenticator_access_token.php

@@ -14,7 +14,6 @@
 use Jose\Component\Core\Algorithm;
 use Jose\Component\Core\AlgorithmManager;
 use Jose\Component\Core\JWK;
-use Jose\Component\Core\JWKSet;
 use Jose\Component\Signature\Algorithm\ES256;
 use Jose\Component\Signature\Algorithm\ES384;
 use Jose\Component\Signature\Algorithm\ES512;
@@ -84,13 +83,6 @@
                 abstract_arg('signature key'),
             ])
 
-        ->set('security.access_token_handler.oidc.jwk_set', JWKSet::class)
-            ->abstract()
-            ->factory([JWKSet::class, 'createFromJson'])
-            ->args([
-                abstract_arg('signature keys'),
-            ])
-
         ->set('security.access_token_handler.oidc.signature', Algorithm::class)
             ->abstract()
             ->factory([SignatureAlgorithmFactory::class, 'create'])