UML-3056 initial code and working test

service-api/app/src/App/src/Handler/AuthRedirectHandler.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Handler;
+
+use App\Exception\BadRequestException;
+use App\Service\Authentication\AuthenticationService;
+use Exception;
+use Laminas\Diactoros\Response\JsonResponse;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+/**
+ * Class AuthRedirectHandler
+ *
+ * @package App\Handler
+ * @codeCoverageIgnore
+ */
+class AuthRedirectHandler implements RequestHandlerInterface
+{
+    public function __construct(
+        private AuthenticationService $authenticationService,
+    ) {
+    }
+
+    /**
+     * Handles a request and produces a response.
+     *
+     * May call other collaborating code to generate the response.
+     *
+     * @param ServerRequestInterface $request
+     *
+     * @return ResponseInterface
+     * @throws Exception
+     */
+    public function handle(ServerRequestInterface $request): ResponseInterface
+    {
+        $params = $request->getParsedBody();
+
+        if (empty($params['ui_locale'])) {
+            throw new BadRequestException('Ui locale must be provided');
+        }
+
+        $authorisationUri = $this->authenticationService->redirect($params['ui_locale']);
+
+        return new JsonResponse($authorisationUri);
+    }
+}

service-api/app/src/App/src/Service/Authentication/AuthenticationService.php

@@ -0,0 +1,70 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Service\Authentication;
+
+use function Facile\OpenIDClient\base64url_encode;
+use Facile\OpenIDClient\Client\ClientBuilder;
+use Facile\OpenIDClient\Client\Metadata\ClientMetadata;
+use Facile\OpenIDClient\Issuer\IssuerBuilder;
+use Facile\OpenIDClient\Service\Builder\AuthorizationServiceBuilder;
+use Psr\Log\InvalidArgumentException;
+use Psr\Log\LoggerInterface;
+
+class AuthenticationService
+{
+    public function __construct(private JWKFactory $JWKFactory, private LoggerInterface $logger)
+    {
+    }
+
+    public function redirect(string $uiLocale): string
+    {
+        //TODO UML-3080 Configure cache
+
+        $issuer = (new IssuerBuilder())
+            ->build('http://mock-one-login:8080/.well-known/openid-configuration');
+
+
+//        $key = $this->JWKFactory->invoke();
+
+        $clientMetadata = ClientMetadata::fromArray([
+            'client_id'                  => 'client-id',
+            'client_secret'              => 'my-client-secret',
+            'token_endpoint_auth_method' => 'private_key_jwt',
+            'redirect_uri'               => '/lpa/dashboard',
+//            'jwks'                       => [
+//                'keys' => [
+////                    $key,
+//                ],
+//            ],
+                                                    ]);
+
+        $client = (new ClientBuilder())
+            ->setIssuer($issuer)
+            ->setClientMetadata($clientMetadata)
+            ->build();
+
+        $authorisationService = (new AuthorizationServiceBuilder())->build();
+
+        $redirectAuthorisationUri = '';
+        try {
+            $redirectAuthorisationUri = $authorisationService->getAuthorizationUri(
+                $client,
+                [
+                    'scope'      => 'openid email',
+                    'state'      => base64url_encode(random_bytes(12)),
+                    'nonce'      => openssl_digest(base64url_encode(random_bytes(12)), 'sha256'),
+                    'vtr'        => '["Cl.Cm.P2"]',
+                    'ui_locales' => $uiLocale,
+                    'claims'     => '{"userinfo":{"https://vocab.account.gov.uk/v1/coreIdentityJWT": null}}',
+                ]
+            );
+        } catch (InvalidArgumentException $e) {
+            $this->logger->error('Unable to get authorisation uri: ' . $e->getMessage());
+            throw $e;
+        }
+
+        return $redirectAuthorisationUri;
+    }
+}

service-api/app/test/AppTest/Service/Authentication/AuthenticationServiceTest.php

@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace AppTest\Service\Authentication;
+
+use App\Service\Authentication\AuthenticationService;
+use App\Service\Authentication\JWKFactory;
+use App\Service\Authentication\KeyPairManager;
+use PHPUnit\Framework\TestCase;
+use Prophecy\PhpUnit\ProphecyTrait;
+use Prophecy\Prophecy\ObjectProphecy;
+use Psr\Log\LoggerInterface;
+
+class AuthenticationServiceTest extends TestCase
+{
+    use ProphecyTrait;
+
+    private ObjectProphecy|JWKFactory $JWKFactory;
+    private ObjectProphecy|LoggerInterface $logger;
+
+    public function setup(): void
+    {
+        $this->keyPairManager = $this->prophesize(KeyPairManager::class);
+        $this->JWKFactory = new JWKFactory($this->keyPairManager->reveal());
+        $this->logger     = $this->prophesize(LoggerInterface::class);
+    }
+
+    /**
+     * @test
+     */
+    public function getRedirectUri(): void
+    {
+        $authenticationService = new AuthenticationService($this->JWKFactory, $this->logger->reveal());
+        $redirectUri           = $authenticationService->redirect('en');
+        $this->assertStringContainsString('client_id=client-id', $redirectUri);
+        $this->assertStringContainsString('scope=openid+email', $redirectUri);
+        $this->assertStringContainsString('vtr=%5B%22Cl.Cm.P2%22%5D', $redirectUri);
+    }
+}