diff --git a/README.md b/README.md index 81a92cb..82283f8 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ If you add environment values to your `.env` as exactly shown below, you do not ``` // other values above OPENSHIFT_URL=https://api.xyz.com +OPENSHIFT_CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt OPENSHIFT_OAUTH_CLIENT_ID=yourkeyfortheservice OPENSHIFT_OAUTH_CLIENT_SECRET=yoursecretfortheservice ``` @@ -62,6 +63,7 @@ You do not need to add this if you add the values to the `.env` exactly as shown 'client_id' => env('OPENSHIFT_OAUTH_CLIENT_ID'), 'client_secret' => env('OPENSHIFT_OAUTH_CLIENT_SECRET'), 'url' => env('OPENSHIFT_URL'), + 'ca' => env('OPENSHIFT_CA'), 'redirect' => env('APP_URL').'/login/callback', ], ``` diff --git a/composer.json b/composer.json index 577203e..7296484 100644 --- a/composer.json +++ b/composer.json @@ -8,7 +8,8 @@ }], "require": { "php": ">=5.5.9", - "socialiteproviders/manager": "3.*" + "socialiteproviders/manager": "3.*", + "guzzlehttp/guzzle": "~6.0" }, "autoload": { "psr-4": { diff --git a/src/Provider.php b/src/Provider.php index 23aa86e..4e57589 100644 --- a/src/Provider.php +++ b/src/Provider.php @@ -2,6 +2,7 @@ namespace Andrewklau\Socialite\OpenShift; +use GuzzleHttp\Client; use Laravel\Socialite\Two\ProviderInterface; use SocialiteProviders\Manager\OAuth2\AbstractProvider; use SocialiteProviders\Manager\OAuth2\User; @@ -13,11 +14,33 @@ class Provider extends AbstractProvider implements ProviderInterface */ const IDENTIFIER = 'OPENSHIFT'; + /** + * The HTTP Client instance. + * + * @var \GuzzleHttp\Client + */ + protected $httpClient; + /** * {@inheritdoc} */ protected $scopes = []; + /** + * Get a instance of the Guzzle HTTP client. + * + * @return \GuzzleHttp\Client + */ + protected function getHttpClient() + { + if (is_null($this->httpClient)) { + $this->httpClient = new Client([ + 'verify' => config('services.openshift.ca') ?: '', + ]); + } + return $this->httpClient; + } + /** * Get the authentication URL for the provider. * @@ -52,8 +75,9 @@ protected function getUserByToken($token) $url = config('services.openshift.url').'oapi/v1/users/~'; $response = $this->getHttpClient()->get($url, [ - 'headers' => [ - 'Accept' => 'application/json', + 'verify' => config('services.openshift.ca') ?: '', + 'headers' => [ + 'Accept' => 'application/json', 'Authorization' => 'Bearer '.$token, ], ]);