Revert "encrypt / decrypt the device code"

This reverts commit c9639be.

Author: hafezdivandari

CHANGELOG.md

@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Support for PHP 8.4 (PR #1454)
 
 ### Fixed
-- Fixed device code encryption / decryption and bug where scopes were not set on access token when using device authorization grant (PR #1412)
+- Fixed bug where scopes were not set on access token when using device authorization grant (PR #1412)
 
 ## [9.0.1] - released 2024-10-14
 ### Fixed

examples/src/Repositories/DeviceCodeRepository.php

@@ -17,6 +17,7 @@
 use League\OAuth2\Server\Repositories\DeviceCodeRepositoryInterface;
 use OAuth2ServerExamples\Entities\ClientEntity;
 use OAuth2ServerExamples\Entities\DeviceCodeEntity;
+use OAuth2ServerExamples\Entities\ScopeEntity;
 
 class DeviceCodeRepository implements DeviceCodeRepositoryInterface
 {
@@ -49,6 +50,14 @@ public function getDeviceCodeEntityByDeviceCode($deviceCode): ?DeviceCodeEntityI
         $deviceCodeEntity->setIdentifier($deviceCode);
         $deviceCodeEntity->setExpiryDateTime(new DateTimeImmutable('now +1 hour'));
         $deviceCodeEntity->setClient($clientEntity);
+        $deviceCodeEntity->setLastPolledAt(new DateTimeImmutable());
+
+        $scopes = [];
+        foreach ($scopes as $scope) {
+            $scopeEntity = new ScopeEntity();
+            $scopeEntity->setIdentifier($scope);
+            $deviceCodeEntity->addScope($scopeEntity);
+        }
 
         // The user identifier should be set when the user authenticates on the
         // OAuth server, along with whether they approved the request

src/Grant/DeviceCodeGrant.php

@@ -28,7 +28,6 @@
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\ResponseTypes\DeviceCodeResponse;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
-use LogicException;
 use Psr\Http\Message\ServerRequestInterface;
 use TypeError;
 
@@ -97,7 +96,6 @@ public function respondToDeviceAuthorizationRequest(ServerRequestInterface $requ
         );
 
         $response = new DeviceCodeResponse();
-        $response->setEncryptionKey($this->encryptionKey);
 
         if ($this->includeVerificationUriComplete === true) {
             $response->includeVerificationUriComplete();
@@ -179,58 +177,38 @@ public function respondToAccessTokenRequest(
      */
     protected function validateDeviceCode(ServerRequestInterface $request, ClientEntityInterface $client): DeviceCodeEntityInterface
     {
-        $encryptedDeviceCode = $this->getRequestParameter('device_code', $request);
+        $deviceCode = $this->getRequestParameter('device_code', $request);
 
-        if (is_null($encryptedDeviceCode)) {
+        if (is_null($deviceCode)) {
             throw OAuthServerException::invalidRequest('device_code');
         }
 
-        try {
-            $deviceCodePayload = json_decode($this->decrypt($encryptedDeviceCode));
-        } catch (LogicException $e) {
-            throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the device code', $e);
-        }
+        $deviceCodeEntity = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode(
+            $deviceCode
+        );
 
-        if (!property_exists($deviceCodePayload, 'device_code_id')) {
-            throw OAuthServerException::invalidRequest('device_code', 'Device code malformed');
+        if ($deviceCodeEntity instanceof DeviceCodeEntityInterface === false) {
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
+
+            throw OAuthServerException::invalidGrant();
         }
 
-        if (time() > $deviceCodePayload->expire_time) {
+        if (time() > $deviceCodeEntity->getExpiryDateTime()->getTimestamp()) {
             throw OAuthServerException::expiredToken('device_code');
         }
 
-        if ($this->deviceCodeRepository->isDeviceCodeRevoked($deviceCodePayload->device_code_id) === true) {
+        if ($this->deviceCodeRepository->isDeviceCodeRevoked($deviceCode) === true) {
             throw OAuthServerException::invalidRequest('device_code', 'Device code has been revoked');
         }
 
-        if ($deviceCodePayload->client_id !== $client->getIdentifier()) {
+        if ($deviceCodeEntity->getClient()->getIdentifier() !== $client->getIdentifier()) {
             throw OAuthServerException::invalidRequest('device_code', 'Device code was not issued to this client');
         }
 
-        $deviceCodeEntity = $this->deviceCodeRepository->getDeviceCodeEntityByDeviceCode(
-            $deviceCodePayload->device_code_id
-        );
-
-        if ($deviceCodeEntity instanceof DeviceCodeEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
-
-            throw OAuthServerException::invalidGrant();
-        }
-
         if ($this->deviceCodePolledTooSoon($deviceCodeEntity->getLastPolledAt()) === true) {
             throw OAuthServerException::slowDown();
         }
 
-        $deviceCodeEntity->setIdentifier($deviceCodePayload->device_code_id);
-        $deviceCodeEntity->setClient($client);
-        $deviceCodeEntity->setExpiryDateTime((new DateTimeImmutable())->setTimestamp($deviceCodePayload->expire_time));
-
-        $scopes = $this->validateScopes($deviceCodePayload->scopes);
-
-        foreach ($scopes as $scope) {
-            $deviceCodeEntity->addScope($scope);
-        }
-
         return $deviceCodeEntity;
     }
 

src/ResponseTypes/DeviceCodeResponse.php

@@ -34,21 +34,8 @@ public function generateHttpResponse(ResponseInterface $response): ResponseInter
     {
         $expireDateTime = $this->deviceCodeEntity->getExpiryDateTime()->getTimestamp();
 
-        $payload = [
-            'client_id'             => $this->deviceCodeEntity->getClient()->getIdentifier(),
-            'device_code_id'        => $this->deviceCodeEntity->getIdentifier(),
-            'scopes'                => $this->deviceCodeEntity->getScopes(),
-            'expire_time'           => $expireDateTime,
-        ];
-
-        $jsonPayload = json_encode($payload);
-
-        if ($jsonPayload === false) {
-            throw new LogicException('An error was encountered when JSON encoding the device code request response');
-        }
-
         $responseParams = [
-            'device_code' => $this->encrypt($jsonPayload),
+            'device_code' => $this->deviceCodeEntity->getIdentifier(),
             'user_code' => $this->deviceCodeEntity->getUserCode(),
             'verification_uri' => $this->deviceCodeEntity->getVerificationUri(),
             'expires_in'   => $expireDateTime - time(),