Create a gist now

Instantly share code, notes, and snippets.

@bradleybeddoes /routes.php Secret
Last active Dec 20, 2015

What would you like to do?
PHP example of AAF Rapid Connect in Laravel framework
<?php
use JWT\Authentication\JWT;
Route::get('/', function()
{
return View::make('root');
});
Route::get('/welcome', function()
{
$jwt = Session::get('jwt');
$jws = Session::get('jws');
$attributes = $jwt->{'https://aaf.edu.au/attributes'};
return View::make('welcome', array('jws' => $jws, 'jwt' => $jwt, 'attributes' => $attributes));
});
Route::get('/logout', function()
{
Session::flush();
return Redirect::to('https://aaf-echo.gopagoda.com');
});
Route::post('/auth/jwt', function()
{
$jws = Input::get('assertion');
$jwt = JWT::decode($jws, 'SECRET');
# In a complete app we'd also store and validate the jti value to ensure there is no replay attack
$now = strtotime("now");
if( $jwt->iss == 'https://rapid.aaf.edu.au' &&
$jwt->aud == 'https://aaf-echo.gopagoda.com' && $now > $jwt->nbf && $now < $jwt->exp) {
Session::put('jws', $jws);
Session::put('jwt', $jwt);
return Redirect::to('https://aaf-echo.gopagoda.com/welcome');
} else {
App::abort(403,"JWS was invalid");
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment