Success!! Patch -2 worked. Patch -3 resulted in "Invalid State".
I agree with your logic for Patch -3, if a "me" is returned then check to see if it matches.
I will continue to engage the discussion group about what is the correct thing here:
On a token request Post
- Is "me" required?
- Is "me" optional?
- Is "me" not allowed?
Thanks once again for your quick turn around on this.
Just installed 1.2.6 - Success!! Thank you for the quick turn around on this.
Just tried 1.2.5 . Still getting this
Problem 1
- ext-sodium is present at version 8.3.16 and cannot be modified by Composer
- Root composer.json requires drupal/indieweb ^1.25 -> satisfiable by drupal/indieweb[1.25.0].
- drupal/indieweb[1.25.0] cannot be installed as that would require removing ext-sodium[8.3.16]. drupal/indieweb replaces ext-sodium and thus cann
ot coexist with it.My php info shows
sodium support enabled
libsodium headers version 1.0.18
libsodium library version 1.0.18
Let me know if there is something else you'd like me to check.
Sorry,
my initial comment said you had to change your .info.yml file for D11, but that's not correct as Composer doesn't look at that. Its your composer.json that will need
"require": {
"drupal/core": "^10.3 || ^11"
},For D11. But I noticed most contrib modules do not declare a dependency on core in their composer.json files, so maybe you can just leave it out.
I will try installing the Dev release soon. Thanks.
I couldn't install dev either
composer require 'drupal/indieweb:1.x-dev@dev'
Problem 1
- ext-sodium is present at version 8.3.16 and cannot be modified by Composer
- Root composer.json requires drupal/indieweb 1.x-dev@dev -> satisfiable by drupal/indieweb[1.x-dev (alias of dev-1.x)].
- drupal/indieweb 1.x-dev is an alias of drupal/indieweb dev-1.x and thus requires it to be installed too.
- drupal/indieweb[dev-1.x, 1.x-dev] cannot be installed as that would require removing ext-sodium[8.3.16]. drupal/indieweb replaces ext-sodium and thus cannot coexist with it.As near as I can tell sodium is not a PHP module, but is baked in to PHP 8.3
This seems to work
protected function retrieveUncachedJwks(string $url) {
$local_path = $this->generateLocalCachePath($url);
$data = (string) \Drupal::httpClient()->get($url)->getBody();
dpm($data);
$file = \Drupal::service('file.repository')->writeData($data, $local_path, FileSystemInterface::EXISTS_REPLACE);
return $file->getFileUri();
/** @noinspection PhpUnnecessaryLocalVariableInspection
$saved_path =
system_retrieve_file(
$url,
$local_path,
FALSE,
FileSystemInterface::EXISTS_REPLACE
);
return $saved_path;
*/
}
I got it working with one mod
src/Plugin/Oauth2Client/Oauth2ClientPluginBase.php
public function getProvider(): AbstractProvider {
return new GenericProvider(
[
...
'pkceMethod' => \League\OAuth2\Client\Provider\GenericProvider::PKCE_METHOD_S256,
],However I am not storing and retrieving the code as per the documentation
From the documentation - https://oauth2-client.thephpleague.com/usage/
$provider = new \League\OAuth2\Client\Provider\GenericProvider([
// ...
// other options
// ...
'pkceMethod' => \League\OAuth2\Client\Provider\GenericProvider::PKCE_METHOD_S256
]);The PKCE code needs to be used between requests and therefore be saved and restored, usually via the session. In the example above this is done as follows:
// Store the PKCE code after the `getAuthorizationUrl()` call.
$_SESSION['oauth2pkceCode'] = $provider->getPkceCode();
// ...
// Restore the PKCE code before the `getAccessToken()` call.
$provider->setPkceCode($_SESSION['oauth2pkceCode']);