From f61ecf1f9369d402e9abad15808229ce76d7cfa7 Mon Sep 17 00:00:00 2001
From: uncaught <uncaught42@gmail.com>
Date: Fri, 9 Sep 2022 14:52:26 +0200
Subject: [PATCH 1/3] Add support for client certificate instead of client
 secret (see https://github.com/TheNetworg/oauth2-azure/pull/170 for the
 respective PR on the provider).

---
 .../Providers/AzureProviderConfigurator.php   | 41 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/DependencyInjection/Providers/AzureProviderConfigurator.php b/src/DependencyInjection/Providers/AzureProviderConfigurator.php
index e9db09f4..6de142c1 100644
--- a/src/DependencyInjection/Providers/AzureProviderConfigurator.php
+++ b/src/DependencyInjection/Providers/AzureProviderConfigurator.php
@@ -12,11 +12,32 @@
 
 use Symfony\Component\Config\Definition\Builder\NodeBuilder;
 
-class AzureProviderConfigurator implements ProviderConfiguratorInterface
+class AzureProviderConfigurator implements ProviderConfiguratorInterface, ProviderWithoutClientSecretConfiguratorInterface
 {
+
+    public function needsClientSecret(): bool
+    {
+      //We define the `client_secret`-node ourselves to make it optional with certificate
+      return false;
+    }
+
     public function buildConfiguration(NodeBuilder $node)
     {
         $node
+            ->scalarNode('client_secret')
+              ->info('The shared client secret')
+              ->defaultValue('')
+            ->end()
+            ->scalarNode('client_certificate_private_key')
+              ->example('-----BEGIN RSA PRIVATE KEY-----\nMIIEog...G82ARGuI=\n-----END RSA PRIVATE KEY-----')
+              ->info('The contents of the client certificate private key')
+              ->defaultValue('')
+            ->end()
+            ->scalarNode('client_certificate_thumbprint')
+              ->example('B4A94A83092455AC4D3AC827F02B61646EAAC43D')
+              ->info('The hexadecimal thumbprint of the client certificate')
+              ->defaultValue('')
+            ->end()
             ->scalarNode('url_login')
                 ->info('Domain to build login URL')
                 ->example("url_login: 'https://login.microsoftonline.com/'")
@@ -65,6 +86,22 @@ public function buildConfiguration(NodeBuilder $node)
                 ->info('The endpoint version to run against')
                 ->defaultValue('1.0')
             ->end();
+
+      //Validate that either client_secret or client_certificate_private_key is set:
+      $node
+          ->end()
+            ->validate()
+              ->ifTrue(function($v) {
+                  return empty($v['client_secret']) && empty($v['client_certificate_private_key']);
+              })
+              ->thenInvalid('You have to define either client_secret or client_certificate_private_key')
+            ->end()
+              ->validate()
+              ->ifTrue(function($v) {
+                  return !empty($v['client_certificate_private_key']) && empty($v['client_certificate_thumbprint']);
+              })
+            ->thenInvalid('You have to define the client_certificate_thumbprint when using a certificate')
+          ->end();
     }
 
     public function getProviderClass(array $config)
@@ -75,6 +112,8 @@ public function getProviderClass(array $config)
     public function getProviderOptions(array $config)
     {
         return [
+            'clientCertificatePrivateKey' => $config['client_certificate_private_key'],
+            'clientCertificateThumbprint' => $config['client_certificate_thumbprint'],
             'clientId' => $config['client_id'],
             'clientSecret' => $config['client_secret'],
             'urlLogin' => $config['url_login'],

From 0d6f9dbb5f4269ed51ac19c370fa75d04f3e9193 Mon Sep 17 00:00:00 2001
From: uncaught <uncaught42@gmail.com>
Date: Sat, 1 Oct 2022 14:14:04 +0200
Subject: [PATCH 2/3] Add Azure client certificate configuration options to
 README.md.

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 55921829..8bc94909 100644
--- a/README.md
+++ b/README.md
@@ -694,7 +694,11 @@ knpu_oauth2_client:
             type: azure
             # add and set these environment variables in your .env files
             client_id: '%env(OAUTH_AZURE_CLIENT_ID)%'
+            # client_secret is optional if you use a client certificate
             client_secret: '%env(OAUTH_AZURE_CLIENT_SECRET)%'
+            # Using a client certificate requires thenetworg/oauth2-azure > 2.1.1:
+            # client_certificate_private_key: '%env(OAUTH_AZURE_CLIENT_CERTIFICATE_PRIVATE_KEY)%'
+            # client_certificate_thumbprint: '%env(OAUTH_AZURE_CLIENT_CERTIFICATE_THUMBPRINT)%'
             # a route name you'll create
             redirect_route: connect_azure_check
             redirect_params: {}

From c67ac0978ea372e32c46f653d18b7a7bde58df10 Mon Sep 17 00:00:00 2001
From: uncaught <uncaught42@gmail.com>
Date: Sat, 8 Oct 2022 10:07:45 +0200
Subject: [PATCH 3/3] Updated changes with php-cs-fixer and update_readme

---
 README.md                                     | 11 +++---
 .../Providers/AzureProviderConfigurator.php   | 37 +++++++++----------
 2 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/README.md b/README.md
index 8bc94909..d92ceada 100644
--- a/README.md
+++ b/README.md
@@ -694,14 +694,15 @@ knpu_oauth2_client:
             type: azure
             # add and set these environment variables in your .env files
             client_id: '%env(OAUTH_AZURE_CLIENT_ID)%'
-            # client_secret is optional if you use a client certificate
-            client_secret: '%env(OAUTH_AZURE_CLIENT_SECRET)%'
-            # Using a client certificate requires thenetworg/oauth2-azure > 2.1.1:
-            # client_certificate_private_key: '%env(OAUTH_AZURE_CLIENT_CERTIFICATE_PRIVATE_KEY)%'
-            # client_certificate_thumbprint: '%env(OAUTH_AZURE_CLIENT_CERTIFICATE_THUMBPRINT)%'
             # a route name you'll create
             redirect_route: connect_azure_check
             redirect_params: {}
+            # The shared client secret if you don't use a certificate
+            # client_secret: ''
+            # The contents of the client certificate private key
+            # client_certificate_private_key: '-----BEGIN RSA PRIVATE KEY-----\nMIIEog...G82ARGuI=\n-----END RSA PRIVATE KEY-----'
+            # The hexadecimal thumbprint of the client certificate
+            # client_certificate_thumbprint: 'B4A94A83092455AC4D3AC827F02B61646EAAC43D'
             # Domain to build login URL
             # url_login: 'https://login.microsoftonline.com/'
             # Oauth path to authorize against
diff --git a/src/DependencyInjection/Providers/AzureProviderConfigurator.php b/src/DependencyInjection/Providers/AzureProviderConfigurator.php
index 6de142c1..58d9556b 100644
--- a/src/DependencyInjection/Providers/AzureProviderConfigurator.php
+++ b/src/DependencyInjection/Providers/AzureProviderConfigurator.php
@@ -14,27 +14,26 @@
 
 class AzureProviderConfigurator implements ProviderConfiguratorInterface, ProviderWithoutClientSecretConfiguratorInterface
 {
-
     public function needsClientSecret(): bool
     {
-      //We define the `client_secret`-node ourselves to make it optional with certificate
-      return false;
+        // We define the `client_secret`-node ourselves to make it optional with certificate
+        return false;
     }
 
     public function buildConfiguration(NodeBuilder $node)
     {
         $node
             ->scalarNode('client_secret')
-              ->info('The shared client secret')
+              ->info('The shared client secret if you don\'t use a certificate')
               ->defaultValue('')
             ->end()
             ->scalarNode('client_certificate_private_key')
-              ->example('-----BEGIN RSA PRIVATE KEY-----\nMIIEog...G82ARGuI=\n-----END RSA PRIVATE KEY-----')
+              ->example("client_certificate_private_key: '-----BEGIN RSA PRIVATE KEY-----\\nMIIEog...G82ARGuI=\\n-----END RSA PRIVATE KEY-----'")
               ->info('The contents of the client certificate private key')
               ->defaultValue('')
             ->end()
             ->scalarNode('client_certificate_thumbprint')
-              ->example('B4A94A83092455AC4D3AC827F02B61646EAAC43D')
+              ->example("client_certificate_thumbprint: 'B4A94A83092455AC4D3AC827F02B61646EAAC43D'")
               ->info('The hexadecimal thumbprint of the client certificate')
               ->defaultValue('')
             ->end()
@@ -87,21 +86,21 @@ public function buildConfiguration(NodeBuilder $node)
                 ->defaultValue('1.0')
             ->end();
 
-      //Validate that either client_secret or client_certificate_private_key is set:
-      $node
-          ->end()
-            ->validate()
-              ->ifTrue(function($v) {
-                  return empty($v['client_secret']) && empty($v['client_certificate_private_key']);
-              })
-              ->thenInvalid('You have to define either client_secret or client_certificate_private_key')
+        // Validate that either client_secret or client_certificate_private_key is set:
+        $node
             ->end()
               ->validate()
-              ->ifTrue(function($v) {
-                  return !empty($v['client_certificate_private_key']) && empty($v['client_certificate_thumbprint']);
-              })
-            ->thenInvalid('You have to define the client_certificate_thumbprint when using a certificate')
-          ->end();
+                ->ifTrue(function ($v) {
+                    return empty($v['client_secret']) && empty($v['client_certificate_private_key']);
+                })
+                ->thenInvalid('You have to define either client_secret or client_certificate_private_key')
+              ->end()
+                ->validate()
+                ->ifTrue(function ($v) {
+                    return !empty($v['client_certificate_private_key']) && empty($v['client_certificate_thumbprint']);
+                })
+              ->thenInvalid('You have to define the client_certificate_thumbprint when using a certificate')
+            ->end();
     }
 
     public function getProviderClass(array $config)