sk-eid / smart-id-php-client Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
The version has been updated but the examples linked to in README (in the wiki) are out of date.
Add Test CA root certificate to project, so validation won't fail on demo environment certificates
I'm not even trying to get the birthdate and I get the error when trying to authenticate the client.
This is the exception that comes externally from the request to SK - "Unable get birthdate from Latvian personal code 140400-2****"
Especially interested in checking the session in the new version?
Since SK uses IP whitelisting to authorize SmartID requests, it's important that in case of multiple IP addresses/interfaces on a server the request is made from the right IP.
In PHP/curl, this can be achieved by setting:
curl_setopt($ch,CURLOPT_INTERFACE,'1.2.3.4');
Would there be a possibility to add a setInterface() method to Sk\SmartId\Client that would then be passed on to the requests that set the correct interface?
Hi! Tring to use this library results in an "Undefined property (serialNumberHex)" exception.
"sk-id-solutions/smart-id-php-client": "~1.0"
php: 7.0.17
SmartIdAuthenticationResponse::authenticate()
having the parameters correctly setWhen SmartIdAuthenticationResponse::getCertificateInstance()
is called after AuthenticationRequestBuilder::authenticate()
then a new AuthenticationCertificate()
is called and PropertyMapper:fromArray()
tries to map serialNumberHex
as a class propery whitch does not exist. I personally see two solutions to this:
is_property()
checkserialNumberHex
property to the AuthenticationCertificate
classThanks in advance.
PHP 8 throws an exception:
Method ReflectionParameter::getClass() is deprecated
vendor/sk-id-solutions/smart-id-php-client/src/Sk/SmartId/Api/Data/PropertyMapper.php(134)
A new release to packagist.org would be great. The SID Demo SSL key pinning changes after v1.5.1 release have not reached there. Saves the other potential integrators a lot of time. Took me few hours to find out that the packagist
and github
latest do not match.
Lisage example "Example of configuring the client"
rida use Sk\SmartId\Exception\SmartIdException;
Is there a way to use Smart-ID in the same way as Mobile-ID, making polling calls from the frontend?
Mobile-ID works so that:
Currently, all examples like https://github.com/SK-EID/smart-id-php-client/wiki/Examples-of-using-it have implemented it so that the verification code is generated (and can then be shown to the user) and then a call is made to authenticate(), which ends up in SessionStatusPoller::pollForFinalSessionStatus(), which in turn implements a while loop until it gets back a success, error or a timeout.
This implementation has a dew drawbacks:
The SessionStatusPoller has all the methods needed to implement a Mobile-ID like solution, but they are all either private or protected, so cannot be called from the client implementation.
Is this intentional?
Hello there.
So basically I use 2 calls to identify a customer
1st I call session id with startAuthenticationAndReturnSessionId and semanticsIdentifier
Then continuously i check for session with createSessionStatusFetcher but when i get response and i try to validate it with authenticationResponseValidator i get runtime exception
An uncaught Exception was encountered
Type: RuntimeException
Message: Error! Response is not valid! Error(s): Signature verification failed.
And $authenticationResponse->getDocumentNumber() is empty
Path to trusted certificates is defined and when i use authenticate method everything is working correctly
For me it seems strange when i try to validate the session no the user i get issue with this
Thanks
Smart ID documentation covers HTTPS pinning. Unfortunately it is a little bit tricky and would be nice to have in this package.
I see that @andrevka has created a pullrequest #18 to address the issue. It is create work but has one drawback. It breaks the backward compatibility. Currently package supports PHP >= 5.6 but with proposed pull request the new minimum requirement is >= 7.0.7
I had an idea how to make it work even with PHP 5.6 and created a branch for this development: https://github.com/raigu/smart-id-php-client/commits/pinning
I have a question for maintainer. Is it important to keep backward compatibility? If yes, should I continue with the referred branch?
My proposed package is not finished. I made this issue to share my thought with @andrevka and maintainer and see if we have mutual interests and can cooperate. What I have not done yet:
Will wait feedback from maintainer or @andrevka. If there is interest I/we can continue.
Hi!
I updated to version 2.2 and after some modifications I got stuck with following error:
Uncaught TypeError: Return value of Sk\SmartId\Api\Data\SessionStatus::getInteractionFlowUsed() must be of the type string, null returned in ../sk-id-solutions/smart-id-php-client/src/Sk/SmartId/Api/Data/SessionStatus.php:154
My authenticate code is as follows:
$authenticationResponse = $client->authentication()
->createAuthentication()
->withSemanticsIdentifier( $identity )
->withAuthenticationHash( $authenticationHash )
->withAllowedInteractionsOrder([Interaction::ofTypeDisplayTextAndPIN("Text and pin")])
->withCertificateLevel( CertificateLevelCode::QUALIFIED )
->authenticate();
If I add
private $interactionFlowUsed = "displayTextAndPin";
as default to SessionStatus class, it works.
not sure if this is a bug or not but when using this library against the Demo environment @ https://sid.demo.sk.ee/smart-id-rp/v1/
the method \Sk\SmartId\Api\AuthenticationResponseValidator::isCertificateTrusted
will fail
when replacing this foreach loop
foreach ( $this->trustedCACertificates as $trustedCACertificate )
{
if ( $this->verifyTrustedCACertificate( $certificateAsResource, $trustedCACertificate ) === true )
{
return true;
}
}
with the following code, will work and return true
if ( openssl_x509_checkpurpose( $certificateAsResource, X509_PURPOSE_ANY, $this->trustedCACertificates ) === true ) {
return true;
}
why is there a foreach loop anyway when the openssl_x509_checkpurpose can handle a path to certificates or an array of certificate paths
the certificates in use are
certificate returned from smart-id is
-----BEGIN CERTIFICATE-----
MIIHsDCCBZigAwIBAgIQAsVWZFnMDt1bVsjOrGXEDTANBgkqhkiG9w0BAQsFADBo
MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHDAaBgNVBAMME1RFU1Qgb2YgRUlE
LVNLIDIwMTYwHhcNMTgwNzI0MDYzNTU4WhcNMjEwNzI0MDYzNTU4WjBzMQswCQYD
VQQGEwJFRTEnMCUGA1UEAwweUEVOU0EsUk9OQUxELFBOT0VFLTM4NzAyMDQyNzU4
MQ4wDAYDVQQEDAVQRU5TQTEPMA0GA1UEKgwGUk9OQUxEMRowGAYDVQQFExFQTk9F
RS0zODcwMjA0Mjc1ODCCAyEwDQYJKoZIhvcNAQEBBQADggMOADCCAwkCggMAfuSS
hxudY2NtR0vYmJYiAvijFGYKhz3hQwOQo1K1J3HxjdsDtR8VRvrrr64X/AUTjpPk
FtD0ZL+THTSIo1lhRtW+5NyaqyNCAyL0sGXKkRb0q63xhensYT6ZNKNBOhLmYS5C
0wvabZih21jbJ31ewHAVbutVgNRkalNQDmkzJd8yiHXk3/0f3BZCWSMT85gZaFB9
S1mNqZFQkzFcCZMBWouRxUCYLx+7IIonItEfRXSgOf8YHnQtx1vFfnQp8Oix0rTL
UF+Cz9+1qnTiS3wX2ShB/iosch9HBty0UivIDFjvqgiyw+WuSZl4QiRYoK1aBEia
RlpXjNqiZf+qWu11D0dEKOeuQNpfkJ7KJZbl30vZcdgxpa/9mrNq4e02AefTaNRY
fK6vyfKLF1Ij+8R9LQHb4slLxczNoLt6X3wB87/Gk7p7t3mcOhRHHPc9Y+zcCBxN
fPxDLmHWn+V77Iz1p7We2sD/ZmFgHAhB3Pvreza3dJwyRq30n3q+/LK8UfEdDadT
5ENEaEvq0SFK65EJNk+lvSjlJQDnzWM3sailExxQDUF8ChyELtDWWvvB5CePxzN/
o3u8dCdzH5eyF4DFxstbkumBEO8bETi5tQGvOsnrv0+CV3Lg3um8Dw765sGLAb8j
Jm3Dj/oz4q35S0fLACrdczs2UjVokAdCbL10jtOV/1h+/Arzd9D75eJtGNth44Ac
dueG78oehA8N9ElP6sbuG1pJroZznK1VE9HI6Umsg1zjQXfk+LXDgYVzxJTA1lJL
l3WbddM0Ch5he28fc6edkaXx/o8TvyYWuyUUzPT+9co7A2YiBoBLjY080vsEDFLL
eHdD2AEvRcHtFMqk73K5Y5TJAmpT+QJVCSgEQzaRVLApJNxai3Q6b9Tum5rjsfRg
o2Caq16rqQNsECi+CHSfiF1YdeZWg8j3JAXH5mip7Y9QLzGPEs6wx9uzIn8UgUTe
eydTeE9b2onUZprcHiU6Y1cdV5r3bArQMrCzT9PwkMuyDD+J7TETeK3qejFvAgMB
AAGjggFKMIIBRjAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIEsDBVBgNVHSAETjBM
MEAGCisGAQQBzh8DEQIwMjAwBggrBgEFBQcCARYkaHR0cHM6Ly93d3cuc2suZWUv
ZW4vcmVwb3NpdG9yeS9DUFMvMAgGBgQAj3oBAjAdBgNVHQ4EFgQUusO3JVkj1/EY
MTg9ajd8m2TAXVYwHwYDVR0jBBgwFoAUrrDq4Tb4JqulzAtmVf46HQK/ErQwEwYD
VR0lBAwwCgYIKwYBBQUHAwIwfQYIKwYBBQUHAQEEcTBvMCkGCCsGAQUFBzABhh1o
dHRwOi8vYWlhLmRlbW8uc2suZWUvZWlkMjAxNjBCBggrBgEFBQcwAoY2aHR0cHM6
Ly9zay5lZS91cGxvYWQvZmlsZXMvVEVTVF9vZl9FSUQtU0tfMjAxNi5kZXIuY3J0
MA0GCSqGSIb3DQEBCwUAA4ICAQBJY1Q1ZpW8FYlocMyn9mwrM5EvNV/5NandtHFw
cbngrw+moB0e8ExAWftm0sOAdTxYPvB411yJ/Rk+Tk4THZtUkVbiZv2iToBT1aAP
Oms/cG1i6UNminRPpQU//V7WTkus/97UlyXhfqiCf8DSCpX9yfRVI0h/gQwMKn1R
S6FgvEyV6r4T4TT9u/r2QjtdcmgdF/XyTohfqzCBgRTvOZW6ARZQDPgE70pmtu13
sYoqRBvgzIehkvCy//FriSBw48J052PVJN4t7Qvl1vQhR4X4FUZqCGMGsigMq399
nIzg3ZshEnfhThEoXJp0GTU4sPGQKFGfw0x+49GzR0UYtfjy7OGvvf42rcCFng1B
rJEDn/yXmey8nULgZoYEuebJNz4EuYKKCN1Z9aZGaqG0pRQxj5o3uDXvWSm+GLSN
DObtFzNI5FXSMsKwfIKEIuhdWwLWfT7Fmziw1bnEyq8QTRkrlZIyEYdCKhO8C1VW
gPyicSNWW5f+w0H6rtLrWi9RC5Yq8IisycjvJd8Oo+/NwvAhs4J5cNF5i7Cvvq3U
CCyyH7s2ZYYAv7wDPn89q/SeU2vFX21D1wn/jl0YUxiPTnoukvdPDE6X92fVGkl+
A32W+0r+VA4lxdxQvjt8HO4yUG8E6sNXFE9oSqMxsTBy/920fQMyM+R+5s1sh3wm
i4cDsw==
-----END CERTIFICATE-----
Hi. My team is currently trying to implement SmartId authentication but he have run into a problem with SemanticsIdentifier and LV (Latvia) personal codes.
Sk\SmartId\Api\Data\SemanticsIdentifier validate function wants $semanticsIdentifier to match this regex: /^[A-Z]{5}-[a-zA-Z\d]{5,30}$/ but this regex doesn't match LV code.
For example, taking this LV code 030303-10012 (demo account code) and PNO type, validation expects PNOLV-03030310012, but in reallity it is PNOLV-030303-10012 which fails. Going with PNOLV-03030310012 is not an option as that fails later on with user not found exception (as expected).
For now we are going with extending validate on our end to match LV code, but I think this should be fixed here. Or at least some config parameter added so this regex could be overwritten without extension.
The current example how to implement "Authenticating with semantics identifier" (https://github.com/SK-EID/smart-id-php-client#authenticating-with-semantics-identifier) merges 2 steps into a single flow which is a bit misleading when considering a real-world use case that IMHO is split into following steps:
It is not so straight-forward to split the example into 2 steps as objects are passed along, not simple data like strings (like authenticationHash, which would happen in a realistic use case when data is moving between the backend and the client between those steps).
I do understand that readme should show a simple use-case however it would make sense in my mind to make it more that can be used in a real application.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.