PHP Class OAuth2\OAuth2

Afficher le fichier Open project: friendsofsymfony/oauth2-php Class Usage Examples

Protected Properties

Свойство Type Description
$conf Array of persistent variables stored.
$oldRefreshToken string Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.
$storage oauth2\IOAuth2Storage Storage engine for authentication server
$usedAuthCode OAuth2\Model\IOAuth2AuthCode Keep track of the used auth code. So we can mark it as used after successful authorization

Méthodes publiques

Méthode Description
__construct ( oauth2\IOAuth2Storage $storage, array $config = [] ) Creates an OAuth2.0 server-side instance.
createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string | null $scope = null, integer | null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer | null $refresh_token_lifetime = null ) : array Handle the creation of access token, also issue refresh token if support.
finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string | null $scope = null ) : Response Redirect the user appropriately after approval.
getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string | null This is a convenience function that can be used to get the token, which can then be passed to verifyAccessToken(). The constraints specified by the draft are attempted to be adheared to in this method.
getVariable ( string $name, mixed $default = null ) : mixed Returns a persistent variable.
grantAccessToken ( Request $request = null ) : Response Grant or deny a requested access token.
setVariable ( string $name, mixed $value ) : OAuth2 Sets a persistent variable.
verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken Check that a valid access token has been provided.

Méthodes protégées

Méthode Description
checkScope ( string $requiredScope, string $availableScope ) : boolean Check if everything in required scope is contained in available scope.
genAccessToken ( ) : string Generates an unique access token.
genAuthCode ( ) : string Generates an unique auth code.
getAuthorizationHeader ( Request $request ) : array Pull out the Authorization HTTP header and return it.
getAuthorizeParams ( Request $request = null ) : array Pull the authorization request data out of the HTTP $request.
getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string | null Get the token from url encoded entity-body.
getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string | null Get the access token from the header
getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string | null Get the token from the query string
getClientCredentials ( array $inputData, array $authHeaders ) : array Internal function used to get the client credentials from HTTP basic auth or POST data.
getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array | boolean
grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array | boolean
setDefaultOptions ( ) Default configuration options are specified here.
validateRedirectUri ( string $inputUri, string | array $storedUris ) : boolean Internal method for validating redirect URI supplied

Private Methods

Méthode Description
buildUri ( string $uri, array $params ) : string Build the absolute URI based on supplied URI and parameters.
createAuthCode ( OAuth2\Model\IOAuth2Client $client, mixed $data, string $redirectUri, string $scope = null ) : string Handle the creation of auth code.
createRedirectUriCallbackResponse ( string $redirectUri, array $params ) : Response Returns redirect response
getJsonHeaders ( ) : array Returns HTTP headers for JSON.

Method Details

__construct() public méthode

Creates an OAuth2.0 server-side instance.
public __construct ( oauth2\IOAuth2Storage $storage, array $config = [] )
$storage oauth2\IOAuth2Storage
$config array An associative array as below of config options. See CONFIG_* constants.

checkScope() protected méthode

Check if everything in required scope is contained in available scope.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7
protected checkScope ( string $requiredScope, string $availableScope ) : boolean
$requiredScope string Required scope to be check with.
$availableScope string Supported scopes.
Résultat boolean Return true if everything in required scope is contained in available scope or false if it isn't.

createAccessToken() public méthode

This belongs in a separate factory, but to keep it simple, I'm just keeping it here.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5
public createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string | null $scope = null, integer | null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer | null $refresh_token_lifetime = null ) : array
$client OAuth2\Model\IOAuth2Client
$data mixed
$scope string | null
$access_token_lifetime integer | null How long the access token should live in seconds
$issue_refresh_token boolean Issue a refresh tokeniIf true and the storage mechanism supports it
$refresh_token_lifetime integer | null How long the refresh token should life in seconds
Résultat array

finishClientAuthorization() public méthode

After the user has approved or denied the access request the authorization server should call this function to redirect the user appropriately.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4
public finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string | null $scope = null ) : Response
$isAuthorized boolean true or false depending on whether the user authorized the access.
$data mixed Application data
$request Symfony\Component\HttpFoundation\Request
$scope string | null
Résultat Symfony\Component\HttpFoundation\Response

genAccessToken() protected méthode

Implementing classes may want to override this function to implement other access token generation schemes.
See also: OAuth2::genAuthCode()
protected genAccessToken ( ) : string
Résultat string An unique access token.

genAuthCode() protected méthode

Implementing classes may want to override this function to implement other auth code generation schemes.
See also: OAuth2::genAccessToken()
protected genAuthCode ( ) : string
Résultat string An unique auth code.

getAuthorizationHeader() protected méthode

According to draft 20, standard basic authorization is the only header variable required (this does not apply to extended grant types). Implementing classes may need to override this function if need be.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1
protected getAuthorizationHeader ( Request $request ) : array
$request Symfony\Component\HttpFoundation\Request
Résultat array An array of the basic username and password provided.

getAuthorizeParams() protected méthode

- The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting CONFIG_ENFORCE_INPUT_REDIRECT to true. - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.1
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12
protected getAuthorizeParams ( Request $request = null ) : array
$request Symfony\Component\HttpFoundation\Request
Résultat array

getBearerToken() public méthode

As per the Bearer spec (draft 8, section 2) - there are three ways for a client to specify the bearer token, in order of preference: Authorization Header, POST and GET. NB: Resource servers MUST accept tokens via the Authorization scheme (http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2).
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.1
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.2
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.3
public getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
Résultat string | null

getBearerTokenFromFormEncodedBody() protected méthode

Get the token from url encoded entity-body.
See link: http://tools.ietf.org/html/rfc6750#section-2.2
protected getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
Résultat string | null

getBearerTokenFromHeaders() protected méthode

Old Android version bug (at least with version 2.2)
See also: http://code.google.com/p/android/issues/detail?id=6684
protected getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
Résultat string | null

getBearerTokenFromQuery() protected méthode

Get the token from the query string
protected getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
Résultat string | null

getClientCredentials() protected méthode

According to the spec (draft 20), the client_id can be provided in the Basic Authorization header (recommended) or via GET/POST.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1
protected getClientCredentials ( array $inputData, array $authHeaders ) : array
$inputData array
$authHeaders array
Résultat array A list containing the client identifier and password, for example

getRedirectUri() protected méthode

protected getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
$client OAuth2\Model\IOAuth2Client

getVariable() public méthode

Returns a persistent variable.
public getVariable ( string $name, mixed $default = null ) : mixed
$name string The name of the variable to return.
$default mixed The default value to use if this variable has never been set.
Résultat mixed The value of the variable.

grantAccessToken() public méthode

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want. Draft specifies that the authorization parameters should be retrieved from POST, but you can override to whatever method you like.
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.6
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.1.3
public grantAccessToken ( Request $request = null ) : Response
$request Symfony\Component\HttpFoundation\Request (optional) The request
Résultat Symfony\Component\HttpFoundation\Response

grantAccessTokenAuthCode() protected méthode

protected grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client OAuth2\Model\IOAuth2Client
$input array
Résultat array

grantAccessTokenClientCredentials() protected méthode

protected grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array | boolean
$client OAuth2\Model\IOAuth2Client
$input array
$clientCredentials array
Résultat array | boolean

grantAccessTokenExtension() protected méthode

protected grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
$client OAuth2\Model\IOAuth2Client
$inputData array
$authHeaders array

grantAccessTokenRefreshToken() protected méthode

protected grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client OAuth2\Model\IOAuth2Client
$input array
Résultat array

grantAccessTokenUserCredentials() protected méthode

protected grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array | boolean
$client OAuth2\Model\IOAuth2Client
$input array
Résultat array | boolean

setDefaultOptions() protected méthode

Default configuration options are specified here.
protected setDefaultOptions ( )

setVariable() public méthode

Sets a persistent variable.
public setVariable ( string $name, mixed $value ) : OAuth2
$name string The name of the variable to set.
$value mixed The value to set.
Résultat OAuth2 The application (for chained calls of this method)

validateRedirectUri() protected méthode

Internal method for validating redirect URI supplied
protected validateRedirectUri ( string $inputUri, string | array $storedUris ) : boolean
$inputUri string
$storedUris string | array
Résultat boolean

verifyAccessToken() public méthode

The token is returned (as an associative array) if valid. The scope parameter defines any required scope that the token must have. If a scope param is provided and the token does not have the required scope, we bounce the request. Some implementations may choose to return a subset of the protected resource (i.e. "public" data) if the user has not provided an access token or if the access token is invalid or expired. The IETF spec says that we should send a 401 Unauthorized header and bail immediately so that's what the defaults are set to. You can catch the exception thrown and behave differently if you like (log errors, allow public access for missing tokens, etc)
See also: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7
public verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken
$tokenParam string
$scope string A space-separated string of required scope(s), if you want to check for scope.
Résultat OAuth2\Model\IOAuth2AccessToken Token

Property Details

$conf protected_oe property

Array of persistent variables stored.
protected $conf

$oldRefreshToken protected_oe property

Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.
protected string $oldRefreshToken
Résultat string

$storage protected_oe property

Storage engine for authentication server
protected IOAuth2Storage,oauth2 $storage
Résultat oauth2\IOAuth2Storage

$usedAuthCode protected_oe property

Keep track of the used auth code. So we can mark it as used after successful authorization
protected IOAuth2AuthCode,OAuth2\Model $usedAuthCode
Résultat OAuth2\Model\IOAuth2AuthCode