Merge pull request #79 from jolelievre/improve-doc

Improve doc
PrestaShop · Nov 28, 2024 · fd16533 · fd16533
2 parents 26d98e8 + 4c17d9a
commit fd16533
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -14,9 +14,9 @@ A keycloak docker is available in this module, along with a realm containing def
 To start the docker container run this command from the root folder of this module:
 
 ```bash
-docker-composer up
+docker compose up
 # OR if you want keycloak to keep running in background
-docker-composer up -d
+docker compose up -d
 ```
 
 You will then have access to the server administration via `http://localhost:8003` where you will find a realm named `prestashop`

diff --git a/src/OAuth2/KeycloakAuthorizationServer.php b/src/OAuth2/KeycloakAuthorizationServer.php
@@ -71,18 +71,21 @@ public function __construct(
 
     public function isTokenValid(Request $request): bool
     {
+        // Parses the JWT Token and check if it's valid
         $token = $this->getTokenFromRequest($request);
         if ($token === null) {
             return false;
         }
 
+        // Fetch the list of allowed issuers from the configuration
         $allowedIssuers = $this->getKeycloakAllowedIssuers();
         if (empty($allowedIssuers)) {
             $this->logger->debug('KeycloakAuthorizationServer: no allowed issuers defined');
 
             return false;
         }
 
+        // If the Token issuer matches one of the allowed ones
         $tokenIssuerAllowed = false;
         foreach ($allowedIssuers as $allowedIssuer) {
             if ($token->hasBeenIssuedBy($allowedIssuer)) {
@@ -97,13 +100,15 @@ public function isTokenValid(Request $request): bool
             return false;
         }
 
+        // Fetch the URL realm from the configuration
         $certsUrl = $this->getKeycloakRealmUrl();
         if (empty($certsUrl)) {
             $this->logger->debug('KeycloakAuthorizationServer: no certs URL detected');
 
             return false;
         }
 
+        // Download the certificates from the authorization server
         $certs = $this->getServerCertificates($certsUrl);
         if ($certs === null) {
             return false;
@@ -114,9 +119,20 @@ public function isTokenValid(Request $request): bool
             return false;
         }
 
+        // Check if the JWT token was correctly signed based on the public certificate
         return $this->getValidator()->validate($token, ...$this->getValidationConstraints($certificate));
     }
 
+    /**
+     * Parses the JWT token from the request, it should contain these claims
+     *   - clientId: The used client ID to get the access token
+     *   - scope: a list of scope separated by spaces
+     *   - iss: the issuer that granted the access token
+     *
+     * @param Request $request
+     *
+     * @return JwtTokenUser|null
+     */
     public function getJwtTokenUser(Request $request): ?JwtTokenUser
     {
         /** @var UnencryptedToken|null $token */