PHP 클래스 OAuth2\OAuth2

파일 보기 프로젝트 열기: friendsofsymfony/oauth2-php 1 사용 예제들

보호된 프로퍼티들

프로퍼티 타입 설명
$conf Array of persistent variables stored.
$oldRefreshToken string Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.
$storage oauth2\IOAuth2Storage Storage engine for authentication server
$usedAuthCode OAuth2\Model\IOAuth2AuthCode Keep track of the used auth code. So we can mark it as used after successful authorization

공개 메소드들

메소드 설명
__construct ( oauth2\IOAuth2Storage $storage, array $config = [] ) Creates an OAuth2.0 server-side instance.
createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string | null $scope = null, integer | null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer | null $refresh_token_lifetime = null ) : array Handle the creation of access token, also issue refresh token if support.
finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string | null $scope = null ) : Response Redirect the user appropriately after approval.
getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string | null This is a convenience function that can be used to get the token, which can then be passed to verifyAccessToken(). The constraints specified by the draft are attempted to be adheared to in this method.
getVariable ( string $name, mixed $default = null ) : mixed Returns a persistent variable.
grantAccessToken ( Request $request = null ) : Response Grant or deny a requested access token.
setVariable ( string $name, mixed $value ) : OAuth2 Sets a persistent variable.
verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken Check that a valid access token has been provided.

보호된 메소드들

메소드 설명
checkScope ( string $requiredScope, string $availableScope ) : boolean Check if everything in required scope is contained in available scope.
genAccessToken ( ) : string Generates an unique access token.
genAuthCode ( ) : string Generates an unique auth code.
getAuthorizationHeader ( Request $request ) : array Pull out the Authorization HTTP header and return it.
getAuthorizeParams ( Request $request = null ) : array Pull the authorization request data out of the HTTP $request.
getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string | null Get the token from url encoded entity-body.
getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string | null Get the access token from the header
getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string | null Get the token from the query string
getClientCredentials ( array $inputData, array $authHeaders ) : array Internal function used to get the client credentials from HTTP basic auth or POST data.
getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array | boolean
grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array | boolean
setDefaultOptions ( ) Default configuration options are specified here.
validateRedirectUri ( string $inputUri, string | array $storedUris ) : boolean Internal method for validating redirect URI supplied

비공개 메소드들

메소드 설명
buildUri ( string $uri, array $params ) : string Build the absolute URI based on supplied URI and parameters.
createAuthCode ( OAuth2\Model\IOAuth2Client $client, mixed $data, string $redirectUri, string $scope = null ) : string Handle the creation of auth code.
createRedirectUriCallbackResponse ( string $redirectUri, array $params ) : Response Returns redirect response
getJsonHeaders ( ) : array Returns HTTP headers for JSON.

메소드 상세

__construct() 공개 메소드

Creates an OAuth2.0 server-side instance.
public __construct ( oauth2\IOAuth2Storage $storage, array $config = [] )
$storage oauth2\IOAuth2Storage
$config array An associative array as below of config options. See CONFIG_* constants.

checkScope() 보호된 메소드

Check if everything in required scope is contained in available scope.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7
protected checkScope ( string $requiredScope, string $availableScope ) : boolean
$requiredScope string Required scope to be check with.
$availableScope string Supported scopes.
리턴 boolean Return true if everything in required scope is contained in available scope or false if it isn't.

createAccessToken() 공개 메소드

This belongs in a separate factory, but to keep it simple, I'm just keeping it here.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5
public createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string | null $scope = null, integer | null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer | null $refresh_token_lifetime = null ) : array
$client OAuth2\Model\IOAuth2Client
$data mixed
$scope string | null
$access_token_lifetime integer | null How long the access token should live in seconds
$issue_refresh_token boolean Issue a refresh tokeniIf true and the storage mechanism supports it
$refresh_token_lifetime integer | null How long the refresh token should life in seconds
리턴 array

finishClientAuthorization() 공개 메소드

After the user has approved or denied the access request the authorization server should call this function to redirect the user appropriately.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4
public finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string | null $scope = null ) : Response
$isAuthorized boolean true or false depending on whether the user authorized the access.
$data mixed Application data
$request Symfony\Component\HttpFoundation\Request
$scope string | null
리턴 Symfony\Component\HttpFoundation\Response

genAccessToken() 보호된 메소드

Implementing classes may want to override this function to implement other access token generation schemes.
또한 보기: OAuth2::genAuthCode()
protected genAccessToken ( ) : string
리턴 string An unique access token.

genAuthCode() 보호된 메소드

Implementing classes may want to override this function to implement other auth code generation schemes.
또한 보기: OAuth2::genAccessToken()
protected genAuthCode ( ) : string
리턴 string An unique auth code.

getAuthorizationHeader() 보호된 메소드

According to draft 20, standard basic authorization is the only header variable required (this does not apply to extended grant types). Implementing classes may need to override this function if need be.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1
protected getAuthorizationHeader ( Request $request ) : array
$request Symfony\Component\HttpFoundation\Request
리턴 array An array of the basic username and password provided.

getAuthorizeParams() 보호된 메소드

- The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting CONFIG_ENFORCE_INPUT_REDIRECT to true. - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.1
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12
protected getAuthorizeParams ( Request $request = null ) : array
$request Symfony\Component\HttpFoundation\Request
리턴 array

getBearerToken() 공개 메소드

As per the Bearer spec (draft 8, section 2) - there are three ways for a client to specify the bearer token, in order of preference: Authorization Header, POST and GET. NB: Resource servers MUST accept tokens via the Authorization scheme (http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2).
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.1
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.2
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.3
public getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
리턴 string | null

getBearerTokenFromFormEncodedBody() 보호된 메소드

Get the token from url encoded entity-body.
protected getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
리턴 string | null

getBearerTokenFromHeaders() 보호된 메소드

Old Android version bug (at least with version 2.2)
또한 보기: http://code.google.com/p/android/issues/detail?id=6684
protected getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
리턴 string | null

getBearerTokenFromQuery() 보호된 메소드

Get the token from the query string
protected getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string | null
$request Symfony\Component\HttpFoundation\Request
$removeFromRequest boolean
리턴 string | null

getClientCredentials() 보호된 메소드

According to the spec (draft 20), the client_id can be provided in the Basic Authorization header (recommended) or via GET/POST.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1
protected getClientCredentials ( array $inputData, array $authHeaders ) : array
$inputData array
$authHeaders array
리턴 array A list containing the client identifier and password, for example

getRedirectUri() 보호된 메소드

protected getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
$client OAuth2\Model\IOAuth2Client

getVariable() 공개 메소드

Returns a persistent variable.
public getVariable ( string $name, mixed $default = null ) : mixed
$name string The name of the variable to return.
$default mixed The default value to use if this variable has never been set.
리턴 mixed The value of the variable.

grantAccessToken() 공개 메소드

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want. Draft specifies that the authorization parameters should be retrieved from POST, but you can override to whatever method you like.
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.6
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.1.3
public grantAccessToken ( Request $request = null ) : Response
$request Symfony\Component\HttpFoundation\Request (optional) The request
리턴 Symfony\Component\HttpFoundation\Response

grantAccessTokenAuthCode() 보호된 메소드

protected grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client OAuth2\Model\IOAuth2Client
$input array
리턴 array

grantAccessTokenClientCredentials() 보호된 메소드

protected grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array | boolean
$client OAuth2\Model\IOAuth2Client
$input array
$clientCredentials array
리턴 array | boolean

grantAccessTokenExtension() 보호된 메소드

protected grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
$client OAuth2\Model\IOAuth2Client
$inputData array
$authHeaders array

grantAccessTokenRefreshToken() 보호된 메소드

protected grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client OAuth2\Model\IOAuth2Client
$input array
리턴 array

grantAccessTokenUserCredentials() 보호된 메소드

protected grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array | boolean
$client OAuth2\Model\IOAuth2Client
$input array
리턴 array | boolean

setDefaultOptions() 보호된 메소드

Default configuration options are specified here.
protected setDefaultOptions ( )

setVariable() 공개 메소드

Sets a persistent variable.
public setVariable ( string $name, mixed $value ) : OAuth2
$name string The name of the variable to set.
$value mixed The value to set.
리턴 OAuth2 The application (for chained calls of this method)

validateRedirectUri() 보호된 메소드

Internal method for validating redirect URI supplied
protected validateRedirectUri ( string $inputUri, string | array $storedUris ) : boolean
$inputUri string
$storedUris string | array
리턴 boolean

verifyAccessToken() 공개 메소드

The token is returned (as an associative array) if valid. The scope parameter defines any required scope that the token must have. If a scope param is provided and the token does not have the required scope, we bounce the request. Some implementations may choose to return a subset of the protected resource (i.e. "public" data) if the user has not provided an access token or if the access token is invalid or expired. The IETF spec says that we should send a 401 Unauthorized header and bail immediately so that's what the defaults are set to. You can catch the exception thrown and behave differently if you like (log errors, allow public access for missing tokens, etc)
또한 보기: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7
public verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken
$tokenParam string
$scope string A space-separated string of required scope(s), if you want to check for scope.
리턴 OAuth2\Model\IOAuth2AccessToken Token

프로퍼티 상세

$conf 보호되어 있는 프로퍼티

Array of persistent variables stored.
protected $conf

$oldRefreshToken 보호되어 있는 프로퍼티

Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.
protected string $oldRefreshToken
리턴 string

$storage 보호되어 있는 프로퍼티

Storage engine for authentication server
protected IOAuth2Storage,oauth2 $storage
리턴 oauth2\IOAuth2Storage

$usedAuthCode 보호되어 있는 프로퍼티

Keep track of the used auth code. So we can mark it as used after successful authorization
protected IOAuth2AuthCode,OAuth2\Model $usedAuthCode
리턴 OAuth2\Model\IOAuth2AuthCode