WIP

cicnavi · cicnavi · commit 3b63f596271e · 2026-01-16T13:06:15.000+01:00
diff --git a/config/module_oidc.php.dist b/config/module_oidc.php.dist
diff --git a/docker/ssp/module_oidc.php b/docker/ssp/module_oidc.php
@@ -21,7 +21,7 @@
     ModuleConfig::OPTION_TOKEN_REFRESH_TOKEN_TTL => 'P1M',
     ModuleConfig::OPTION_TOKEN_ACCESS_TOKEN_TTL => 'PT1H',
 
-    ModuleConfig::OPTION_CONNECT_SIGNATURE_KEY_PAIRS => [
+    ModuleConfig::OPTION_PROTOCOL_SIGNATURE_KEY_PAIRS => [
         [
             ModuleConfig::KEY_ALGORITHM => \SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum::RS256,
             ModuleConfig::KEY_PRIVATE_KEY_FILENAME => ModuleConfig::DEFAULT_PKI_PRIVATE_KEY_FILENAME,
diff --git a/src/Controllers/JwksController.php b/src/Controllers/JwksController.php
@@ -38,7 +38,7 @@ public function __invoke(): JsonResponse
     {
         return new JsonResponse(
             $this->jwks->jwksDecoratorFactory()->fromJwkDecorators(
-                ...$this->moduleConfig->getConnectSignatureKeyPairBag()->getAllPublicKeys(),
+                ...$this->moduleConfig->getProtocolSignatureKeyPairBag()->getAllPublicKeys(),
             )->jsonSerialize(),
         );
     }
diff --git a/src/Entities/AccessTokenEntity.php b/src/Entities/AccessTokenEntity.php
@@ -156,7 +156,7 @@ public function toString(): ?string
      */
     protected function convertToJWT(): ParsedJws
     {
-        $protocolSignatureKeyPair = $this->moduleConfig->getConnectSignatureKeyPairBag()->getFirstOrFail();
+        $protocolSignatureKeyPair = $this->moduleConfig->getProtocolSignatureKeyPairBag()->getFirstOrFail();
         $currentTimestamp = $this->jws->helpers()->dateTime()->getUtc()->getTimestamp();
 
         $payload = array_filter([
diff --git a/src/Factories/CryptKeyFactory.php b/src/Factories/CryptKeyFactory.php
@@ -55,7 +55,7 @@ public function buildPublicKey(): CryptKey
      */
     protected function getDefaultProtocolSignatureKeyPairConfig(): array
     {
-        $defaultProtocolKeyPair = $this->moduleConfig->getConnectSignatureKeyPairs();
+        $defaultProtocolKeyPair = $this->moduleConfig->getProtocolSignatureKeyPairs();
 
         /** @psalm-suppress MixedAssignment */
         $defaultProtocolKeyPair = $defaultProtocolKeyPair[array_key_first($defaultProtocolKeyPair)];
diff --git a/src/ModuleConfig.php b/src/ModuleConfig.php
@@ -110,7 +110,7 @@ class ModuleConfig
     final public const OPTION_VCI_ALLOW_NON_REGISTERED_CLIENTS = 'vci_allow_non_registered_clients';
     final public const OPTION_VCI_ALLOWED_REDIRECT_URI_PREFIXES_FOR_NON_REGISTERED_CLIENTS =
     'vci_allowed_redirect_uri_prefixes_for_non_registered_clients';
-    final public const OPTION_CONNECT_SIGNATURE_KEY_PAIRS = 'connect_signature_key_pairs';
+    final public const OPTION_PROTOCOL_SIGNATURE_KEY_PAIRS = 'protocol_signature_key_pairs';
     final public const OPTION_FEDERATION_SIGNATURE_KEY_PAIRS = 'federation_signature_key_pairs';
     final public const OPTION_TIMESTAMP_VALIDATION_LEEWAY = 'timestamp_validation_leeway';
     final public const OPTION_VCI_SIGNATURE_KEY_PAIRS = 'vci_signature_key_pairs';
@@ -144,10 +144,11 @@ class ModuleConfig
      * @var Configuration SimpleSAMLphp configuration instance.
      */
     private readonly Configuration $sspConfig;
-    protected ?SignatureKeyPairBag $connectSignatureKeyPairBag = null;
-    protected ?SignatureKeyPairConfigBag $connectSignatureKeyPairConfigBag = null;
+    protected ?SignatureKeyPairBag $protocolSignatureKeyPairBag = null;
+    protected ?SignatureKeyPairConfigBag $protocolSignatureKeyPairConfigBag = null;
     protected ?SignatureKeyPairBag $federationSignatureKeyPairBag = null;
     protected ?SignatureKeyPairBag $vciSignatureKeyPairBag = null;
+    protected ?SignatureKeyPairConfigBag $vciSignatureKeyPairConfigBag = null;
 
     /**
      * @throws \Exception
@@ -377,10 +378,10 @@ public function getSupportedSerializers(): SupportedSerializers
      * @throws ConfigurationError
      * @return non-empty-array
      */
-    public function getConnectSignatureKeyPairs(): array
+    public function getProtocolSignatureKeyPairs(): array
     {
 
-        $signatureKeyPairs = $this->config()->getArray(ModuleConfig::OPTION_CONNECT_SIGNATURE_KEY_PAIRS);
+        $signatureKeyPairs = $this->config()->getArray(ModuleConfig::OPTION_PROTOCOL_SIGNATURE_KEY_PAIRS);
 
         if (empty($signatureKeyPairs)) {
             throw new ConfigurationError('At least one protocol signature key-pair pair must be provided.');
@@ -393,30 +394,30 @@ public function getConnectSignatureKeyPairs(): array
      * @throws \SimpleSAML\Error\ConfigurationError
      * @psalm-suppress MixedAssignment, ArgumentTypeCoercion
      */
-    public function getConnectSignatureKeyPairConfigBag(): SignatureKeyPairConfigBag
+    public function getProtocolSignatureKeyPairConfigBag(): SignatureKeyPairConfigBag
     {
-        if ($this->connectSignatureKeyPairConfigBag instanceof SignatureKeyPairConfigBag) {
-            return $this->connectSignatureKeyPairConfigBag;
+        if ($this->protocolSignatureKeyPairConfigBag instanceof SignatureKeyPairConfigBag) {
+            return $this->protocolSignatureKeyPairConfigBag;
         }
 
-        return $this->connectSignatureKeyPairConfigBag = $this->getSignatureKeyPairConfigBag(
-            $this->getConnectSignatureKeyPairs(),
+        return $this->protocolSignatureKeyPairConfigBag = $this->getSignatureKeyPairConfigBag(
+            $this->getProtocolSignatureKeyPairs(),
         );
     }
 
     /**
      * @throws \SimpleSAML\Error\ConfigurationError
      * @psalm-suppress MixedAssignment, ArgumentTypeCoercion
      */
-    public function getConnectSignatureKeyPairBag(): SignatureKeyPairBag
+    public function getProtocolSignatureKeyPairBag(): SignatureKeyPairBag
     {
-        if ($this->connectSignatureKeyPairBag instanceof SignatureKeyPairBag) {
-            return $this->connectSignatureKeyPairBag;
+        if ($this->protocolSignatureKeyPairBag instanceof SignatureKeyPairBag) {
+            return $this->protocolSignatureKeyPairBag;
         }
 
-        return $this->connectSignatureKeyPairBag = $this->valueAbstracts
+        return $this->protocolSignatureKeyPairBag = $this->valueAbstracts
             ->signatureKeyPairBagFactory()
-            ->fromConfig($this->getConnectSignatureKeyPairConfigBag());
+            ->fromConfig($this->getProtocolSignatureKeyPairConfigBag());
     }
 
     /**
@@ -836,6 +837,39 @@ public function getVerifiableCredentialEnabled(): bool
         return $this->config()->getOptionalBoolean(self::OPTION_VCI_ENABLED, false);
     }
 
+
+    /**
+     * @throws ConfigurationError
+     * @return non-empty-array
+     */
+    public function getVciSignatureKeyPairs(): array
+    {
+
+        $signatureKeyPairs = $this->config()->getArray(ModuleConfig::OPTION_VCI_SIGNATURE_KEY_PAIRS);
+
+        if (empty($signatureKeyPairs)) {
+            throw new ConfigurationError('At least one VCI signature key-pair pair must be provided.');
+        }
+
+        return $signatureKeyPairs;
+    }
+
+
+    /**
+     * @throws \SimpleSAML\Error\ConfigurationError
+     * @psalm-suppress MixedAssignment, ArgumentTypeCoercion
+     */
+    public function getVciSignatureKeyPairConfigBag(): SignatureKeyPairConfigBag
+    {
+        if ($this->vciSignatureKeyPairConfigBag instanceof SignatureKeyPairConfigBag) {
+            return $this->vciSignatureKeyPairConfigBag;
+        }
+
+        return $this->vciSignatureKeyPairConfigBag = $this->getSignatureKeyPairConfigBag(
+            $this->getVciSignatureKeyPairs(),
+        );
+    }
+
     /**
      * @throws \SimpleSAML\Error\ConfigurationError
      * @psalm-suppress MixedAssignment, ArgumentTypeCoercion
@@ -848,7 +882,7 @@ public function getVciSignatureKeyPairBag(): SignatureKeyPairBag
 
         return $this->vciSignatureKeyPairBag = $this->valueAbstracts
             ->signatureKeyPairBagFactory()
-            ->fromConfig($this->getConnectSignatureKeyPairConfigBag());
+            ->fromConfig($this->getVciSignatureKeyPairConfigBag());
     }
 
     public function getVciCredentialConfigurationsSupported(): array
diff --git a/src/Server/RequestRules/Rules/IdTokenHintRule.php b/src/Server/RequestRules/Rules/IdTokenHintRule.php
@@ -66,7 +66,7 @@ public function checkRule(
         }
 
         $jwks = $this->jwks->jwksDecoratorFactory()->fromJwkDecorators(
-            ...$this->moduleConfig->getConnectSignatureKeyPairBag()->getAllPublicKeys(),
+            ...$this->moduleConfig->getProtocolSignatureKeyPairBag()->getAllPublicKeys(),
         )->jsonSerialize();
 
         $idTokenHint = $this->core->idTokenFactory()->fromToken($idTokenHintParam);
diff --git a/src/Server/Validators/BearerTokenValidator.php b/src/Server/Validators/BearerTokenValidator.php
@@ -84,7 +84,7 @@ public function validateAuthorization(ServerRequestInterface $request): ServerRe
         try {
             // Attempt to validate the JWT
             $jwks = $this->jwks->jwksDecoratorFactory()->fromJwkDecorators(
-                ...$this->moduleConfig->getConnectSignatureKeyPairBag()->getAllPublicKeys(),
+                ...$this->moduleConfig->getProtocolSignatureKeyPairBag()->getAllPublicKeys(),
             )->jsonSerialize();
             $token->verifyWithKeySet($jwks);
         } catch (JwsException) {
diff --git a/src/Services/IdTokenBuilder.php b/src/Services/IdTokenBuilder.php
@@ -50,7 +50,7 @@ public function buildFor(
             throw new RuntimeException('Client is expected to be instance of ' . ClientEntity::class);
         }
 
-        $protocolSignatureKeyPairBag = $this->moduleConfig->getConnectSignatureKeyPairBag();
+        $protocolSignatureKeyPairBag = $this->moduleConfig->getProtocolSignatureKeyPairBag();
         $protocolSignatureKeyPair = $protocolSignatureKeyPairBag->getFirstOrFail();
 
         // ID Token signing algorithm that the client wants.
diff --git a/src/Services/LogoutTokenBuilder.php b/src/Services/LogoutTokenBuilder.php
@@ -35,7 +35,7 @@ public function __construct(
      */
     public function forRelyingPartyAssociation(RelyingPartyAssociationInterface $relyingPartyAssociation): string
     {
-        $protocolSignatureKeyPairBag = $this->moduleConfig->getConnectSignatureKeyPairBag();
+        $protocolSignatureKeyPairBag = $this->moduleConfig->getProtocolSignatureKeyPairBag();
         $protocolSignatureKeyPair = $protocolSignatureKeyPairBag->getFirstOrFail();
 
         // ID Token signing algorithm that the client wants. As per spec, the
diff --git a/src/Services/OpMetadataService.php b/src/Services/OpMetadataService.php
@@ -39,7 +39,7 @@ private function initMetadata(): void
     {
         // Signature algorithms that this OP can use to sign JWS artifacts.
         $protocolSignatureAlgorithmNames = $this->moduleConfig
-            ->getConnectSignatureKeyPairBag()
+            ->getProtocolSignatureKeyPairBag()
             ->getAllAlgorithmNamesUnique();
 
         // Signature algorithms that this OP can use to validate signature on
diff --git a/tests/integration/src/Repositories/AccessTokenRepositoryTest.php b/tests/integration/src/Repositories/AccessTokenRepositoryTest.php
@@ -4,7 +4,6 @@
 
 namespace SimpleSAML\Test\Module\oidc\integration\Repositories;
 
-use League\OAuth2\Server\CryptKey;
 use PDO;
 use PHPUnit\Framework\Attributes\CoversClass;
 use PHPUnit\Framework\Attributes\DataProvider;
@@ -28,7 +27,7 @@
 use SimpleSAML\Module\oidc\Repositories\ClientRepository;
 use SimpleSAML\Module\oidc\Repositories\UserRepository;
 use SimpleSAML\Module\oidc\Services\DatabaseMigration;
-use SimpleSAML\Module\oidc\Services\JsonWebTokenBuilderService;
+use SimpleSAML\OpenID\Jws;
 use Testcontainers\Container\MySQLContainer;
 use Testcontainers\Container\PostgresContainer;
 use Testcontainers\Wait\WaitForHealthCheck;
@@ -66,7 +65,8 @@ class AccessTokenRepositoryTest extends TestCase
     protected MockObject $accessTokenEntityMock;
     protected array $accessTokenState;
     protected AccessTokenEntityFactory $accessTokenEntityFactory;
-    protected CryptKey $privateKey;
+    protected MockObject $jwsMock;
+    protected MockObject $moduleConfigMock;
 
     public static function setUpBeforeClass(): void
     {
@@ -125,14 +125,15 @@ public function setUp(): void
 
         $this->accessTokenEntityMock = $this->createMock(AccessTokenEntity::class);
         $this->accessTokenEntityFactoryMock = $this->createMock(AccessTokenEntityFactory::class);
-        $certFolder = dirname(__DIR__, 4) . '/docker/ssp/';
-        $privateKeyPath = $certFolder . ModuleConfig::DEFAULT_PKI_PRIVATE_KEY_FILENAME;
-        $this->privateKey = new CryptKey($privateKeyPath);
+
+        $this->jwsMock = $this->createMock(Jws::class);
+        $this->moduleConfigMock = $this->createMock(ModuleConfig::class);
+
         $this->accessTokenEntityFactory = new AccessTokenEntityFactory(
             new Helpers(),
-            $this->privateKey,
-            $this->createMock(JsonWebTokenBuilderService::class),
             new ScopeEntityFactory(),
+            $this->jwsMock,
+            $this->moduleConfigMock,
         );
     }
 
diff --git a/tests/unit/src/Entities/AccessTokenEntityTest.php b/tests/unit/src/Entities/AccessTokenEntityTest.php
@@ -80,7 +80,7 @@ protected function setUp(): void
         $this->signatureKeyPairBagMock->method('getFirstOrFail')
             ->willReturn($this->signatureKeyPairMock);
 
-        $this->moduleConfigMock->method('getConnectSignatureKeyPairBag')
+        $this->moduleConfigMock->method('getProtocolSignatureKeyPairBag')
             ->willReturn($this->signatureKeyPairBagMock);
     }
 
diff --git a/tests/unit/src/Server/ResponseTypes/TokenResponseTest.php b/tests/unit/src/Server/ResponseTypes/TokenResponseTest.php
@@ -55,7 +55,7 @@ class TokenResponseTest extends TestCase
     protected Stub $claimSetEntityFactoryStub;
     protected MockObject $loggerMock;
     protected MockObject $coreMock;
-    protected MockObject $connectSignatureKeyPairBagMock;
+    protected MockObject $protocolSignatureKeyPairBagMock;
     protected MockObject $idTokenFactoryMock;
     protected MockObject $idTokenMock;
     protected MockObject $signatureKeyPairMock;
@@ -120,15 +120,15 @@ protected function setUp(): void
 
         $this->loggerMock = $this->createMock(LoggerService::class);
 
-        $this->connectSignatureKeyPairBagMock = $this->createMock(SignatureKeyPairBag::class);
+        $this->protocolSignatureKeyPairBagMock = $this->createMock(SignatureKeyPairBag::class);
         $this->signatureKeyPairMock = $this->createMock(SignatureKeyPair::class);
         $this->signatureKeyPairMock->method('getSignatureAlgorithm')
             ->willReturn(SignatureAlgorithmEnum::RS256);
-        $this->connectSignatureKeyPairBagMock->method('getFirstOrFail')
+        $this->protocolSignatureKeyPairBagMock->method('getFirstOrFail')
             ->willReturn($this->signatureKeyPairMock);
 
-        $this->moduleConfigMock->method('getConnectSignatureKeyPairBag')
-            ->willReturn($this->connectSignatureKeyPairBagMock);
+        $this->moduleConfigMock->method('getProtocolSignatureKeyPairBag')
+            ->willReturn($this->protocolSignatureKeyPairBagMock);
 
         $this->idTokenMock = $this->createMock(IdToken::class);
     }
diff --git a/tests/unit/src/Services/LogoutTokenBuilderTest.php b/tests/unit/src/Services/LogoutTokenBuilderTest.php
@@ -48,7 +48,7 @@ class LogoutTokenBuilderTest extends TestCase
     private MockObject $relyingPartyAssociationMock;
     private MockObject $loggerServiceMock;
     private MockObject $coreFactoryMock;
-    private MockObject $connectSignatureKeyPairBagMock;
+    private MockObject $protocolSignatureKeyPairBagMock;
     private MockObject $signatureKeyPairMock;
     private MockObject $coreMock;
     private MockObject $logoutTokenFactoryMock;
@@ -75,7 +75,7 @@ public function setUp(): void
 
         $this->coreFactoryMock = $this->createMock(CoreFactory::class);
 
-        $this->connectSignatureKeyPairBagMock = $this->createMock(SignatureKeyPairBag::class);
+        $this->protocolSignatureKeyPairBagMock = $this->createMock(SignatureKeyPairBag::class);
 
         $this->signatureKeyPairMock = $this->createMock(SignatureKeyPair::class);
         $this->signatureKeyPairMock->method('getSignatureAlgorithm')
@@ -117,10 +117,10 @@ public function testCanCreateInstance(): void
     public function testForRelyingPartyAssociationCallsLogoutTokenFactory(): void
     {
         $this->moduleConfigMock->expects($this->once())
-            ->method('getConnectSignatureKeyPairBag')
-            ->willReturn($this->connectSignatureKeyPairBagMock);
+            ->method('getProtocolSignatureKeyPairBag')
+            ->willReturn($this->protocolSignatureKeyPairBagMock);
 
-        $this->connectSignatureKeyPairBagMock->expects($this->once())
+        $this->protocolSignatureKeyPairBagMock->expects($this->once())
             ->method('getFirstOrFail')
             ->willReturn($this->signatureKeyPairMock);
 
@@ -143,10 +143,10 @@ public function testForRelyingPartyAssociationCallsLogoutTokenFactory(): void
     public function testForRelyingPartyAssociationUsesNegotiatedSignatureKeyPair(): void
     {
         $this->moduleConfigMock->expects($this->once())
-            ->method('getConnectSignatureKeyPairBag')
-            ->willReturn($this->connectSignatureKeyPairBagMock);
+            ->method('getProtocolSignatureKeyPairBag')
+            ->willReturn($this->protocolSignatureKeyPairBagMock);
 
-        $this->connectSignatureKeyPairBagMock->expects($this->once())
+        $this->protocolSignatureKeyPairBagMock->expects($this->once())
             ->method('getFirstOrFail')
             ->willReturn($this->signatureKeyPairMock);
 
@@ -158,7 +158,7 @@ public function testForRelyingPartyAssociationUsesNegotiatedSignatureKeyPair():
         $negotiatedSignatureKeyPairMock->method('getSignatureAlgorithm')
             ->willReturn(SignatureAlgorithmEnum::ES256);
 
-        $this->connectSignatureKeyPairBagMock->expects($this->once())
+        $this->protocolSignatureKeyPairBagMock->expects($this->once())
             ->method('getFirstByAlgorithmOrFail')
             ->with(SignatureAlgorithmEnum::ES256)
             ->willReturn($negotiatedSignatureKeyPairMock);
diff --git a/tests/unit/src/Services/OpMetadataServiceTest.php b/tests/unit/src/Services/OpMetadataServiceTest.php
@@ -77,7 +77,7 @@ public function setUp(): void
         $this->signatureKeyPairBagMock->method('getAllAlgorithmNamesUnique')
             ->willReturn(['RS256']);
 
-        $this->moduleConfigMock->method('getConnectSignatureKeyPairBag')
+        $this->moduleConfigMock->method('getProtocolSignatureKeyPairBag')
             ->willReturn($this->signatureKeyPairBagMock);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`ModuleConfig::OPTION_TOKEN_REFRESH_TOKEN_TTL => 'P1M',`
`22`	`22`	`ModuleConfig::OPTION_TOKEN_ACCESS_TOKEN_TTL => 'PT1H',`
`23`	`23`
`24`		`- ModuleConfig::OPTION_CONNECT_SIGNATURE_KEY_PAIRS => [`
	`24`	`+ ModuleConfig::OPTION_PROTOCOL_SIGNATURE_KEY_PAIRS => [`
`25`	`25`	`[`
`26`	`26`	`ModuleConfig::KEY_ALGORITHM => \SimpleSAML\OpenID\Algorithms\SignatureAlgorithmEnum::RS256,`
`27`	`27`	`ModuleConfig::KEY_PRIVATE_KEY_FILENAME => ModuleConfig::DEFAULT_PKI_PRIVATE_KEY_FILENAME,`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function __invoke(): JsonResponse`
`38`	`38`	`{`
`39`	`39`	`return new JsonResponse(`
`40`	`40`	`$this->jwks->jwksDecoratorFactory()->fromJwkDecorators(`
`41`		`- ...$this->moduleConfig->getConnectSignatureKeyPairBag()->getAllPublicKeys(),`
	`41`	`+ ...$this->moduleConfig->getProtocolSignatureKeyPairBag()->getAllPublicKeys(),`
`42`	`42`	`)->jsonSerialize(),`
`43`	`43`	`);`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ public function toString(): ?string`
`156`	`156`	`*/`
`157`	`157`	`protected function convertToJWT(): ParsedJws`
`158`	`158`	`{`
`159`		`- $protocolSignatureKeyPair = $this->moduleConfig->getConnectSignatureKeyPairBag()->getFirstOrFail();`
	`159`	`+ $protocolSignatureKeyPair = $this->moduleConfig->getProtocolSignatureKeyPairBag()->getFirstOrFail();`
`160`	`160`	`$currentTimestamp = $this->jws->helpers()->dateTime()->getUtc()->getTimestamp();`
`161`	`161`
`162`	`162`	`$payload = array_filter([`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ public function buildPublicKey(): CryptKey`
`55`	`55`	`*/`
`56`	`56`	`protected function getDefaultProtocolSignatureKeyPairConfig(): array`
`57`	`57`	`{`
`58`		`- $defaultProtocolKeyPair = $this->moduleConfig->getConnectSignatureKeyPairs();`
	`58`	`+ $defaultProtocolKeyPair = $this->moduleConfig->getProtocolSignatureKeyPairs();`
`59`	`59`
`60`	`60`	`/** @psalm-suppress MixedAssignment */`
`61`	`61`	`$defaultProtocolKeyPair = $defaultProtocolKeyPair[array_key_first($defaultProtocolKeyPair)];`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ public function checkRule(`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`$jwks = $this->jwks->jwksDecoratorFactory()->fromJwkDecorators(`
`69`		`- ...$this->moduleConfig->getConnectSignatureKeyPairBag()->getAllPublicKeys(),`
	`69`	`+ ...$this->moduleConfig->getProtocolSignatureKeyPairBag()->getAllPublicKeys(),`
`70`	`70`	`)->jsonSerialize();`
`71`	`71`
`72`	`72`	`$idTokenHint = $this->core->idTokenFactory()->fromToken($idTokenHintParam);`
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public function buildFor(`
`50`	`50`	`throw new RuntimeException('Client is expected to be instance of ' . ClientEntity::class);`
`51`	`51`	`}`
`52`	`52`
`53`		`- $protocolSignatureKeyPairBag = $this->moduleConfig->getConnectSignatureKeyPairBag();`
	`53`	`+ $protocolSignatureKeyPairBag = $this->moduleConfig->getProtocolSignatureKeyPairBag();`
`54`	`54`	`$protocolSignatureKeyPair = $protocolSignatureKeyPairBag->getFirstOrFail();`
`55`	`55`
`56`	`56`	`// ID Token signing algorithm that the client wants.`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ public function __construct(`
`35`	`35`	`*/`
`36`	`36`	`public function forRelyingPartyAssociation(RelyingPartyAssociationInterface $relyingPartyAssociation): string`
`37`	`37`	`{`
`38`		`- $protocolSignatureKeyPairBag = $this->moduleConfig->getConnectSignatureKeyPairBag();`
	`38`	`+ $protocolSignatureKeyPairBag = $this->moduleConfig->getProtocolSignatureKeyPairBag();`
`39`	`39`	`$protocolSignatureKeyPair = $protocolSignatureKeyPairBag->getFirstOrFail();`
`40`	`40`
`41`	`41`	`// ID Token signing algorithm that the client wants. As per spec, the`