JWT cleanup (#269)

Co-authored-by: Marty Mitchener <mmitchener@athenahealth.com>

CONTRIBUTING.md

@@ -17,14 +17,11 @@ Next, update your `composer.json` to include the psr-4 auto-loader location. You
 },
 ```
 
-Also add `"guzzlehttp/guzzle": ">6.0"` to the required section:
+Add required dependencies:
 ```
 "require": {
-    "php": "^7.1.3",
-    "fideloper/proxy": "^4.0",
-    "laravel/framework": "5.8.*",
-    "laravel/tinker": "^1.0",
-    "guzzlehttp/guzzle": ">6.0"
+    "firebase/php-jwt": "^5.2",
+    "nesbot/carbon": "^2.0"
 },
 ```
 
@@ -51,4 +48,4 @@ You'll also need to be in the forrest directory, not your root/project directory
 
 All test are located in the `spec` folder and have a similar namespace to the files in our `src` folder.
 
-If you add new test methods, please use descriptive method naming. For instance, `it_should_not_call_refresh_method_if_there_is_no_token` is a lot more helpful than `test1`
+If you add new test methods, please use descriptive method naming. For instance, `it_should_not_call_refresh_method_if_there_is_no_token`

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2019 Matthew Mitchener
+Copyright (c) 2020 Matthew Mitchener
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -5,7 +5,7 @@
 [![Latest Stable Version](https://img.shields.io/packagist/v/omniphx/forrest.svg?style=flat-square)](https://packagist.org/packages/omniphx/forrest)
 [![Total Downloads](https://img.shields.io/packagist/dt/omniphx/forrest.svg?style=flat-square)](https://packagist.org/packages/omniphx/forrest)
 [![License](https://img.shields.io/packagist/l/omniphx/forrest.svg?style=flat-square)](https://packagist.org/packages/omniphx/forrest)
-[![Build Status](https://img.shields.io/travis/omniphx/forrest.svg?style=flat-square)](https://travis-ci.org/omniphx/forrest)
+[![Actions Status](https://github.com/omniphx/forrest/workflows/Tests/badge.svg)](https://github.com/omniphx/forrest/actions)
 
 
 
@@ -85,7 +85,7 @@ After saving, you will now be given a Consumer Key and Consumer Secret. Update y
 ### Setup
 Creating authentication routes
 
-##### Web Server authentication flow
+#### Web Server authentication flow
 ```php
 Route::get('/authenticate', function()
 {
@@ -99,7 +99,8 @@ Route::get('/callback', function()
     return Redirect::to('/');
 });
 ```
-##### Username-Password authentication flow
+
+#### Username-Password authentication flow
 With the Username Password flow, you can directly authenticate with the `Forrest::authenticate()` method.
 
 >To use this authentication you must add your username, and password to the config file. Security token might need to be ammended to your password unless your IP address is whitelisted.
@@ -111,7 +112,8 @@ Route::get('/authenticate', function()
     return Redirect::to('/');
 });
 ```
-##### SOAP authentication flow
+
+#### SOAP authentication flow
 (When you cannot create a connected App in Salesforce)
 
 1. Salesforce allows individual logins via a SOAP Login
@@ -142,7 +144,36 @@ Route::Post('/authenticate', function(Request $request)
 });
 ```
 
+#### JWT authentication flow
+Initial setup
+1. Set `authentication` to `OAuthJWT` in `config/forrest.php`
+2. Generate a key and cert: `openssl req -newkey rsa:2048 -nodes -keyout server.key -x509 -days 365 -out server.crt`
+3. Configure private key in `config/forrest.php` (e.g., `file_get_contents('./../server.key'),`)
+
+Setting up a Connected App
+1. App Manager > Create Connected App
+2. Enable Oauth Settings
+3. Check "Use digital signatures"
+4. Add `server.crt` or whatever you choose to name it
+5. Scope must includes "refresh_token, offline_access"
+6. Click Save
 
+Next you need to pre-authorize a profile (As of now, can only do this step in Classic but it's important)
+1. Manage Apps > Connected Apps
+2. Click 'Edit' next to your application
+3. Set 'Permitted Users' = 'Admin approved users are pre-authorized'
+4. Save
+5. Go to Settings > Manage Users > Profiles and edit the profile of the associated user (i.e., Salesforce Administrator)
+6. Under 'Connected App Access' check the corresponding app name
+
+The implementation is exactly the same as UserPassword
+```php
+Route::get('/authenticate', function()
+{
+    Forrest::authenticate();
+    return Redirect::to('/');
+});
+```
 
 #### Custom login urls
 Sometimes users will need to connect to a sandbox or custom url. To do this, simply pass the url as an argument for the authenticatation method:

spec/Omniphx/Forrest/Authentications/OAuthJWTSpec.php

@@ -67,7 +67,7 @@ class OAuthJWTSpec extends ObjectBehavior
         'authenticationFlow' => 'OAuthJWT',
         'credentials' => [
             'consumerKey'    => 'testingClientId',
-            'consumerSecret' => '-----BEGIN RSA PRIVATE KEY-----
+            'privateKey' => '-----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEAxxceYYRDCpErWPqwLE9DjvAmTDoIKmX1PxawLPLY9TPeFgrG
 FHEuf/BjP30z3RUcHclCYsNeMT33Ou/T7QHpgPG6b5Er2X0+xjj89YUhLj5T3tWG
 vUGtfpuortbLDdFKgVSZYk24P0L/pgRMOTmDSEMh+rLueio0YiGFc4aE0IEWNqOL
@@ -197,10 +197,7 @@ public function it_should_authenticate(
         $mockedHttpClient->request(
             'post',
             $url,
-            ['form_params' => [
-                'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
-                'assertion' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6eyJhbGciOiJSUzI1NiJ9fQ.eyJpc3MiOiJ0ZXN0aW5nQ2xpZW50SWQiLCJhdWQiOiJ1cmwiLCJzdWIiOiJ1c2VyQGVtYWlsLmNvbSIsImV4cCI6MTU3Nzg1ODU4MH0.ZVUg0DnDPwbevGBhxNn3q7WPXeJxp53Jls3I8e3TLq4JxPJbQ0KH9YagHK0rrVxtBzfxLbXJZ_EHPBGAfrj2Th1RfURFvs_padt6a1CgKiOaEqzNBNJPquGDm2I06afJsbcTXurD7BRmWWRqbW5Qd1jCyX0Lr_YZiynBoQ91N82ZEAn_IkJ6l9Yr50sMxkgunW9iB66Ah4Xj8RmQ743BNpeUUZXUMGPKJ63jwRlU-wrMyn5MGSb7iYBESvWbwTtR-EOPGBk7HWo__dRS-1J3xF5PdP41UZSPUV_mwLYyM42suTvf9H_tfbDnh6ggQQGKpJdgJOGbpSlNZOreJK7pwA'
-            ]])
+            Argument::any())
             ->shouldBeCalled()
             ->willReturn($mockedResponse);
 
@@ -255,10 +252,7 @@ public function it_should_refresh(
         $mockedHttpClient->request(
             'post',
             $url,
-            ['form_params' => [
-                'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
-                'assertion' => 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6eyJhbGciOiJSUzI1NiJ9fQ.eyJpc3MiOiJ0ZXN0aW5nQ2xpZW50SWQiLCJhdWQiOiJodHRwczpcL1wvbG9naW4uc2FsZXNmb3JjZS5jb21cL3NlcnZpY2VzXC9vYXV0aDJcL3Rva2VuIiwic3ViIjoidXNlckBlbWFpbC5jb20iLCJleHAiOjE1Nzc4NTg1ODB9.ldMUERKDZhZX9gSB8huX0Odqqs6EpOmB6Ow5URKxa6V65fOZ3fEVPrjSxTmzyIfDAShKfxFeuLIXHSanPYJzQ3C5bhP7S_HAFDHJnQFbVKPYp9IcmdJOj2U-JnMv7oDc5ejXMxF-CNzRQYN4ZOwONH7pEmW1-8QTwdFUck7QHdglWF1C6K6BLN0boyjCdrrdFCGtB-XfmxxJSfiT8MZY7uS3rWBXBLDNUx4Nn9qKiJQr5kxVY3g2zjzevR1xJgmrXZFZpw__SuQpY5F4CuLfPwcc7x9HPJCVdKsdnJKpZ4jkzb4zMocarN19bp_L2tPmjNVBQDyW6V16o1LN1pSbOg'
-            ]])
+            Argument::any())
             ->shouldBeCalled()
             ->willReturn($mockedResponse);
 

src/Omniphx/Forrest/Authentications/OAuthJWT.php

@@ -29,7 +29,7 @@ public function authenticate($url = null)
         // OAuth Client ID
         $consumerKey = $this->credentials['consumerKey'];
         // Private Key
-        $privateKey = $this->credentials['consumerSecret'];
+        $privateKey = $this->credentials['privateKey'];
 
         // Generate the form parameters
         $assertion = static::getJWT($consumerKey, $domain, $username, $privateKey);

src/config/config.php

@@ -18,7 +18,6 @@
     'credentials'    => [
         //Required:
         'consumerKey'    => env('SF_CONSUMER_KEY'),
-        // Consumer Secret or Private Key (if using OAuthJWT)
         'consumerSecret' => env('SF_CONSUMER_SECRET'),
         'callbackURI'    => env('SF_CALLBACK_URI'),
         'loginURL'       => env('SF_LOGIN_URL'),
@@ -27,6 +26,8 @@
         'username'       => env('SF_USERNAME'),
         // Security token might need to be ammended to password unless IP Address is whitelisted
         'password'       => env('SF_PASSWORD'),
+        // Only required for OAuthJWT authentication:
+        'privateKey'     => '',
     ],
 
     /*