PHP Класс OAuth2\OAuth2

Показать файл Открыть проект Примеры использования класса

Защищенные свойства (Protected)

Свойство	Тип	Описание
$conf		Array of persistent variables stored.
$oldRefreshToken	string	Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.
$storage	oauth2\IOAuth2Storage	Storage engine for authentication server
$usedAuthCode	OAuth2\Model\IOAuth2AuthCode	Keep track of the used auth code. So we can mark it as used after successful authorization

Открытые методы

Метод	Описание
__construct ( oauth2\IOAuth2Storage $storage, array $config = [] )	Creates an OAuth2.0 server-side instance.
createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string \| null $scope = null, integer \| null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer \| null $refresh_token_lifetime = null ) : array	Handle the creation of access token, also issue refresh token if support.
finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string \| null $scope = null ) : Response	Redirect the user appropriately after approval.
getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string \| null	This is a convenience function that can be used to get the token, which can then be passed to verifyAccessToken(). The constraints specified by the draft are attempted to be adheared to in this method.
getVariable ( string $name, mixed $default = null ) : mixed	Returns a persistent variable.
grantAccessToken ( Request $request = null ) : Response	Grant or deny a requested access token.
setVariable ( string $name, mixed $value ) : OAuth2	Sets a persistent variable.
verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken	Check that a valid access token has been provided.

Защищенные методы

Метод	Описание
checkScope ( string $requiredScope, string $availableScope ) : boolean	Check if everything in required scope is contained in available scope.
genAccessToken ( ) : string	Generates an unique access token.
genAuthCode ( ) : string	Generates an unique auth code.
getAuthorizationHeader ( Request $request ) : array	Pull out the Authorization HTTP header and return it.
getAuthorizeParams ( Request $request = null ) : array	Pull the authorization request data out of the HTTP $request.
getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string \| null	Get the token from url encoded entity-body.
getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string \| null	Get the access token from the header
getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string \| null	Get the token from the query string
getClientCredentials ( array $inputData, array $authHeaders ) : array	Internal function used to get the client credentials from HTTP basic auth or POST data.
getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array \| boolean
grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array \| boolean
setDefaultOptions ( )	Default configuration options are specified here.
validateRedirectUri ( string $inputUri, string \| array $storedUris ) : boolean	Internal method for validating redirect URI supplied

Приватные методы

Метод	Описание
buildUri ( string $uri, array $params ) : string	Build the absolute URI based on supplied URI and parameters.
createAuthCode ( OAuth2\Model\IOAuth2Client $client, mixed $data, string $redirectUri, string $scope = null ) : string	Handle the creation of auth code.
createRedirectUriCallbackResponse ( string $redirectUri, array $params ) : Response	Returns redirect response
getJsonHeaders ( ) : array	Returns HTTP headers for JSON.

Описание методов

__construct() публичный Метод

Creates an OAuth2.0 server-side instance.

public __construct ( oauth2\IOAuth2Storage $storage, array $config = [] )
$storage	oauth2\IOAuth2Storage
$config	array	An associative array as below of config options. See CONFIG_* constants.

checkScope() защищенный Метод

Check if everything in required scope is contained in available scope.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7

protected checkScope ( string $requiredScope, string $availableScope ) : boolean
$requiredScope	string	Required scope to be check with.
$availableScope	string	Supported scopes.
Результат	boolean	Return true if everything in required scope is contained in available scope or false if it isn't.

createAccessToken() публичный Метод

This belongs in a separate factory, but to keep it simple, I'm just keeping it here.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5

public createAccessToken ( OAuth2\Model\IOAuth2Client $client, mixed $data, string \| null $scope = null, integer \| null $access_token_lifetime = null, boolean $issue_refresh_token = true, integer \| null $refresh_token_lifetime = null ) : array
$client	OAuth2\Model\IOAuth2Client
$data	mixed
$scope	string \| null
$access_token_lifetime	integer \| null	How long the access token should live in seconds
$issue_refresh_token	boolean	Issue a refresh tokeniIf true and the storage mechanism supports it
$refresh_token_lifetime	integer \| null	How long the refresh token should life in seconds
Результат	array

finishClientAuthorization() публичный Метод

After the user has approved or denied the access request the authorization server should call this function to redirect the user appropriately.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4

public finishClientAuthorization ( boolean $isAuthorized, mixed $data = null, Request $request = null, string \| null $scope = null ) : Response
$isAuthorized	boolean	true or false depending on whether the user authorized the access.
$data	mixed	Application data
$request	Symfony\Component\HttpFoundation\Request
$scope	string \| null
Результат	Symfony\Component\HttpFoundation\Response

genAccessToken() защищенный Метод

Implementing classes may want to override this function to implement other access token generation schemes.

См. также: OAuth2::genAuthCode()

protected genAccessToken ( ) : string
Результат	string	An unique access token.

genAuthCode() защищенный Метод

Implementing classes may want to override this function to implement other auth code generation schemes.

См. также: OAuth2::genAccessToken()

protected genAuthCode ( ) : string
Результат	string	An unique auth code.

getAuthorizationHeader() защищенный Метод

According to draft 20, standard basic authorization is the only header variable required (this does not apply to extended grant types). Implementing classes may need to override this function if need be.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1

protected getAuthorizationHeader ( Request $request ) : array
$request	Symfony\Component\HttpFoundation\Request
Результат	array	An array of the basic username and password provided.

getAuthorizeParams() защищенный Метод

- The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting CONFIG_ENFORCE_INPUT_REDIRECT to true. - The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the CONFIG_ENFORCE_STATE to true.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1.1

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.12

protected getAuthorizeParams ( Request $request = null ) : array
$request	Symfony\Component\HttpFoundation\Request
Результат	array

getBearerToken() публичный Метод

As per the Bearer spec (draft 8, section 2) - there are three ways for a client to specify the bearer token, in order of preference: Authorization Header, POST and GET. NB: Resource servers MUST accept tokens via the Authorization scheme (http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2).

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.1

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.2

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08#section-2.3

public getBearerToken ( Request $request = null, boolean $removeFromRequest = false ) : string \| null
$request	Symfony\Component\HttpFoundation\Request
$removeFromRequest	boolean
Результат	string \| null

getBearerTokenFromFormEncodedBody() защищенный Метод

Get the token from url encoded entity-body.

См. ссылку: http://tools.ietf.org/html/rfc6750#section-2.2

protected getBearerTokenFromFormEncodedBody ( Request $request, boolean $removeFromRequest ) : string \| null
$request	Symfony\Component\HttpFoundation\Request
$removeFromRequest	boolean
Результат	string \| null

getBearerTokenFromHeaders() защищенный Метод

Old Android version bug (at least with version 2.2)

См. также: http://code.google.com/p/android/issues/detail?id=6684

protected getBearerTokenFromHeaders ( Request $request, boolean $removeFromRequest ) : string \| null
$request	Symfony\Component\HttpFoundation\Request
$removeFromRequest	boolean
Результат	string \| null

getBearerTokenFromQuery() защищенный Метод

Get the token from the query string

protected getBearerTokenFromQuery ( Request $request, boolean $removeFromRequest ) : string \| null
$request	Symfony\Component\HttpFoundation\Request
$removeFromRequest	boolean
Результат	string \| null

getClientCredentials() защищенный Метод

According to the spec (draft 20), the client_id can be provided in the Basic Authorization header (recommended) or via GET/POST.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-2.4.1

protected getClientCredentials ( array $inputData, array $authHeaders ) : array
$inputData	array
$authHeaders	array
Результат	array	A list containing the client identifier and password, for example

getRedirectUri() защищенный Метод

protected getRedirectUri ( $redirectUri, OAuth2\Model\IOAuth2Client $client )
$client	OAuth2\Model\IOAuth2Client

getVariable() публичный Метод

Returns a persistent variable.

public getVariable ( string $name, mixed $default = null ) : mixed
$name	string	The name of the variable to return.
$default	mixed	The default value to use if this variable has never been set.
Результат	mixed	The value of the variable.

grantAccessToken() публичный Метод

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want. Draft specifies that the authorization parameters should be retrieved from POST, but you can override to whatever method you like.

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-10.6

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-21#section-4.1.3

public grantAccessToken ( Request $request = null ) : Response
$request	Symfony\Component\HttpFoundation\Request	(optional) The request
Результат	Symfony\Component\HttpFoundation\Response

grantAccessTokenAuthCode() защищенный Метод

protected grantAccessTokenAuthCode ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client	OAuth2\Model\IOAuth2Client
$input	array
Результат	array

grantAccessTokenClientCredentials() защищенный Метод

protected grantAccessTokenClientCredentials ( OAuth2\Model\IOAuth2Client $client, array $input, array $clientCredentials ) : array \| boolean
$client	OAuth2\Model\IOAuth2Client
$input	array
$clientCredentials	array
Результат	array \| boolean

grantAccessTokenExtension() защищенный Метод

protected grantAccessTokenExtension ( OAuth2\Model\IOAuth2Client $client, array $inputData, array $authHeaders )
$client	OAuth2\Model\IOAuth2Client
$inputData	array
$authHeaders	array

grantAccessTokenRefreshToken() защищенный Метод

protected grantAccessTokenRefreshToken ( OAuth2\Model\IOAuth2Client $client, array $input ) : array
$client	OAuth2\Model\IOAuth2Client
$input	array
Результат	array

grantAccessTokenUserCredentials() защищенный Метод

protected grantAccessTokenUserCredentials ( OAuth2\Model\IOAuth2Client $client, array $input ) : array \| boolean
$client	OAuth2\Model\IOAuth2Client
$input	array
Результат	array \| boolean

setDefaultOptions() защищенный Метод

Default configuration options are specified here.

protected setDefaultOptions ( )

setVariable() публичный Метод

Sets a persistent variable.

public setVariable ( string $name, mixed $value ) : OAuth2
$name	string	The name of the variable to set.
$value	mixed	The value to set.
Результат	OAuth2	The application (for chained calls of this method)

validateRedirectUri() защищенный Метод

Internal method for validating redirect URI supplied

protected validateRedirectUri ( string $inputUri, string \| array $storedUris ) : boolean
$inputUri	string
$storedUris	string \| array
Результат	boolean

verifyAccessToken() публичный Метод

The token is returned (as an associative array) if valid. The scope parameter defines any required scope that the token must have. If a scope param is provided and the token does not have the required scope, we bounce the request. Some implementations may choose to return a subset of the protected resource (i.e. "public" data) if the user has not provided an access token or if the access token is invalid or expired. The IETF spec says that we should send a 401 Unauthorized header and bail immediately so that's what the defaults are set to. You can catch the exception thrown and behave differently if you like (log errors, allow public access for missing tokens, etc)

См. также: http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-7

public verifyAccessToken ( string $tokenParam, string $scope = null ) : OAuth2\Model\IOAuth2AccessToken
$tokenParam	string
$scope	string	A space-separated string of required scope(s), if you want to check for scope.
Результат	OAuth2\Model\IOAuth2AccessToken	Token

Описание свойств

$conf защищенное свойство

Array of persistent variables stored.

protected $conf

$oldRefreshToken защищенное свойство

Keep track of the old refresh token. So we can unset the old refresh tokens when a new one is issued.

protected string $oldRefreshToken
Результат	string

$storage защищенное свойство

Storage engine for authentication server

protected IOAuth2Storage,oauth2 $storage
Результат	oauth2\IOAuth2Storage

$usedAuthCode защищенное свойство

Keep track of the used auth code. So we can mark it as used after successful authorization

protected IOAuth2AuthCode,OAuth2\Model $usedAuthCode
Результат	OAuth2\Model\IOAuth2AuthCode