\OAuth2Server

Server class for OAuth2 This class serves as a convience class which wraps the other Controller classes

Summary

Methods

Properties

Constants

__construct()
getAuthorizeController()
getTokenController()
getResourceController()
getUserInfoController()
setAuthorizeController()
setTokenController()
setResourceController()
setUserInfoController()
handleUserInfoRequest()
handleTokenRequest()
grantAccessToken()
handleRevokeRequest()
handleAuthorizeRequest()
validateAuthorizeRequest()
verifyResourceRequest()
getAccessTokenData()
addGrantType()
addStorage()
addResponseType()
getScopeUtil()
setScopeUtil()
getResponse()
getStorages()
getStorage()
getGrantTypes()
getGrantType()
getResponseTypes()
getResponseType()
getTokenType()
getClientAssertionType()
setConfig()
getConfig()

No public properties found

No constants found

createDefaultAuthorizeController()
createDefaultTokenController()
createDefaultResourceController()
createDefaultUserInfoController()
getDefaultTokenType()
getDefaultResponseTypes()
getDefaultGrantTypes()
getAccessTokenResponseType()
getIdTokenResponseType()
getIdTokenTokenResponseType()
createDefaultJwtAccessTokenStorage()
createDefaultJwtAccessTokenResponseType()
createDefaultAccessTokenResponseType()
createDefaultIdTokenResponseType()
createDefaultIdTokenTokenResponseType()
validateOpenIdConnect()
normalizeResponseType()

$response
$config
$storages
$authorizeController
$tokenController
$resourceController
$userInfoController
$grantTypes
$responseTypes
$tokenType
$scopeUtil
$clientAssertionType
$storageMap
$responseTypeMap

N/A

No private methods found

No private properties found

N/A

Properties

$response

$response : \OAuth2\ResponseInterface

Type

\OAuth2\ResponseInterface

$config

$config : array

Type

array

$storages

$storages : array

Type

array

$authorizeController

$authorizeController : \OAuth2\Controller\AuthorizeControllerInterface

Type

\OAuth2\Controller\AuthorizeControllerInterface

$tokenController

$tokenController : \OAuth2\Controller\TokenControllerInterface

Type

\OAuth2\Controller\TokenControllerInterface

$resourceController

$resourceController : \OAuth2\Controller\ResourceControllerInterface

Type

\OAuth2\Controller\ResourceControllerInterface

$userInfoController

$userInfoController : \OAuth2\OpenID\Controller\UserInfoControllerInterface

Type

\OAuth2\OpenID\Controller\UserInfoControllerInterface

$grantTypes

$grantTypes : array

Type

array

$responseTypes

$responseTypes : array

Type

array

$tokenType

$tokenType : \OAuth2\TokenType\TokenTypeInterface

Type

\OAuth2\TokenType\TokenTypeInterface

$scopeUtil

$scopeUtil : \OAuth2\ScopeInterface

Type

\OAuth2\ScopeInterface

$clientAssertionType

$clientAssertionType : \OAuth2\ClientAssertionType\ClientAssertionTypeInterface

Type

\OAuth2\ClientAssertionType\ClientAssertionTypeInterface

$storageMap

$storageMap : array

Type

array

$responseTypeMap

$responseTypeMap : array

Type

array

Methods

__construct()

__construct(mixed  $storage = array(), array  $config = array(), array  $grantTypes = array(), array  $responseTypes = array(), \OAuth2\TokenType\TokenTypeInterface  $tokenType = null, \OAuth2\ScopeInterface  $scopeUtil = null, \OAuth2\ClientAssertionType\ClientAssertionTypeInterface  $clientAssertionType = null)

Parameters

mixed	$storage	(array or OAuth2\Storage) - single object or array of objects implementing the required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
array	$config	specify a different token lifetime, token header name, etc
array	$grantTypes	An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
array	$responseTypes	Response types to use. array keys should be "code" and "token" for Access Token and Authorization Code response types
\OAuth2\TokenType\TokenTypeInterface	$tokenType	The token type object to use. Valid token types are "bearer" and "mac"
\OAuth2\ScopeInterface	$scopeUtil	The scope utility class to use to validate scope
\OAuth2\ClientAssertionType\ClientAssertionTypeInterface	$clientAssertionType	The method in which to verify the client identity. Default is HttpBasic

Inherited from: \OAuth2\Server

Tags

ingroup	oauth2_section_7

getAuthorizeController()

getAuthorizeController() : \OAuth2\Controller\AuthorizeControllerInterface

Returns

\OAuth2\Controller\AuthorizeControllerInterface

getTokenController()

getTokenController() : \OAuth2\Controller\TokenController

Returns

\OAuth2\Controller\TokenController

getResourceController()

getResourceController() : \OAuth2\Controller\ResourceControllerInterface

Returns

\OAuth2\Controller\ResourceControllerInterface

getUserInfoController()

getUserInfoController() : \OAuth2\OpenID\Controller\UserInfoControllerInterface

Returns

\OAuth2\OpenID\Controller\UserInfoControllerInterface

setAuthorizeController()

setAuthorizeController(\OAuth2\Controller\AuthorizeControllerInterface  $authorizeController)

Parameters

\OAuth2\Controller\AuthorizeControllerInterface

$authorizeController

setTokenController()

setTokenController(\OAuth2\Controller\TokenControllerInterface  $tokenController)

Parameters

\OAuth2\Controller\TokenControllerInterface

$tokenController

setResourceController()

setResourceController(\OAuth2\Controller\ResourceControllerInterface  $resourceController)

Parameters

\OAuth2\Controller\ResourceControllerInterface

$resourceController

setUserInfoController()

setUserInfoController(\OAuth2\OpenID\Controller\UserInfoControllerInterface  $userInfoController)

Parameters

\OAuth2\OpenID\Controller\UserInfoControllerInterface

$userInfoController

handleUserInfoRequest()

handleUserInfoRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : \OAuth2\ResponseInterface

Return claims about the authenticated end-user.

This would be called from the "/UserInfo" endpoint as defined in the spec.

Parameters

\OAuth2\RequestInterface	$request	Request object to grant access token
\OAuth2\ResponseInterface	$response	Response object containing error messages (failure) or user claims (success)

Throws

\InvalidArgumentException
\LogicException

Returns

\OAuth2\ResponseInterface

handleTokenRequest()

handleTokenRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : \OAuth2\ResponseInterface

Grant or deny a requested access token.

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want.

Parameters

\OAuth2\RequestInterface	$request	Request object to grant access token
\OAuth2\ResponseInterface	$response	Response object containing error messages (failure) or access token (success)

Throws

\InvalidArgumentException
\LogicException

Returns

\OAuth2\ResponseInterface

Inherited from: \OAuth2\Server
See also: http://tools.ietf.org/html/rfc6749#section-4; http://tools.ietf.org/html/rfc6749#section-10.6; http://tools.ietf.org/html/rfc6749#section-4.1.3

Tags

ingroup	oauth2_section_4

grantAccessToken()

grantAccessToken(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : mixed

Grant or deny a requested access token.

This would be called from the "/token" endpoint as defined in the spec. You can call your endpoint whatever you want.

Parameters

\OAuth2\RequestInterface	$request	Request object to grant access token
\OAuth2\ResponseInterface	$response	Response object

Returns

mixed

handleRevokeRequest()

handleRevokeRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : \OAuth2\Response|\OAuth2\ResponseInterface

Handle a revoke token request This would be called from the "/revoke" endpoint as defined in the draft Token Revocation spec

Parameters

\OAuth2\RequestInterface	$request
\OAuth2\ResponseInterface	$response

Returns

\OAuth2\Response|\OAuth2\ResponseInterface

handleAuthorizeRequest()

handleAuthorizeRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response, boolean  $is_authorized, mixed  $user_id = null) : \OAuth2\ResponseInterface

Redirect the user appropriately after approval.

After the user has approved or denied the resource request the authorization server should call this function to redirect the user appropriately.

Parameters

\OAuth2\RequestInterface	$request	The request should have the follow parameters set in the querystring: response_type: The requested response: an access token, an authorization code, or both. client_id: The client identifier as described in Section 2. redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed. scope: (optional) The scope of the resource request expressed as a list of space-delimited strings. state: (optional) An opaque value used by the client to maintain state between the request and callback.
\OAuth2\ResponseInterface	$response	Response object
boolean	$is_authorized	TRUE or FALSE depending on whether the user authorized the access.
mixed	$user_id	Identifier of user who authorized the client

Returns

\OAuth2\ResponseInterface

Inherited from: \OAuth2\Server
See also: http://tools.ietf.org/html/rfc6749#section-4

Tags

ingroup	oauth2_section_4

validateAuthorizeRequest()

validateAuthorizeRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : boolean

Pull the authorization request data out of the HTTP request.

The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting $config['enforce_redirect'] to true.
The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.

The draft specifies that the parameters should be retrieved from GET, override the Response object to change this

Parameters

\OAuth2\RequestInterface	$request	Request object
\OAuth2\ResponseInterface	$response	Response object

Returns

boolean —

The authorization parameters so the authorization server can prompt the user for approval if valid.

Inherited from: \OAuth2\Server
See also: http://tools.ietf.org/html/rfc6749#section-4.1.1; http://tools.ietf.org/html/rfc6749#section-10.12

Tags

ingroup	oauth2_section_3

verifyResourceRequest()

verifyResourceRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null, string  $scope = null) : mixed

Verify the resource request

Parameters

\OAuth2\RequestInterface	$request	Request object
\OAuth2\ResponseInterface	$response	Response object
string	$scope	Scope

Returns

mixed

getAccessTokenData()

getAccessTokenData(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : mixed

Get access token data.

Parameters

\OAuth2\RequestInterface	$request	Request object
\OAuth2\ResponseInterface	$response	Response object

Returns

mixed

addGrantType()

addGrantType(\OAuth2\GrantType\GrantTypeInterface  $grantType, mixed  $identifier = null)

Parameters

\OAuth2\GrantType\GrantTypeInterface	$grantType
mixed	$identifier

addStorage()

addStorage(object  $storage, mixed  $key = null)

Set a storage object for the server

Parameters

object	$storage	An object implementing one of the Storage interfaces
mixed	$key	If null, the storage is set to the key of each storage interface it implements

Throws

\InvalidArgumentException

addResponseType()

addResponseType(\OAuth2\ResponseType\ResponseTypeInterface  $responseType, mixed  $key = null)

Parameters

\OAuth2\ResponseType\ResponseTypeInterface	$responseType
mixed	$key

Throws

\InvalidArgumentException

getScopeUtil()

getScopeUtil() : \OAuth2\ScopeInterface

Returns

\OAuth2\ScopeInterface

setScopeUtil()

setScopeUtil(\OAuth2\ScopeInterface  $scopeUtil)

Parameters

\OAuth2\ScopeInterface

$scopeUtil

getResponse()

getResponse() : mixed

Returns

mixed

getStorages()

getStorages() : array

Returns

array

getStorage()

getStorage(string  $name) : object|null

Parameters

string

$name

Returns

object|null

getGrantTypes()

getGrantTypes() : array

Returns

array

getGrantType()

getGrantType(string  $name) : object|null

Parameters

string

$name

Returns

object|null

getResponseTypes()

getResponseTypes() : array

Returns

array

getResponseType()

getResponseType(string  $name) : object|null

Parameters

string

$name

Returns

object|null

getTokenType()

getTokenType() : \OAuth2\TokenType\TokenTypeInterface

Returns

\OAuth2\TokenType\TokenTypeInterface

getClientAssertionType()

getClientAssertionType() : \OAuth2\ClientAssertionType\ClientAssertionTypeInterface

Returns

\OAuth2\ClientAssertionType\ClientAssertionTypeInterface

setConfig()

setConfig(string  $name, mixed  $value)

Parameters

string	$name
mixed	$value

getConfig()

getConfig(string  $name, mixed  $default = null) : mixed

Parameters

string	$name
mixed	$default

Returns

mixed

createDefaultAuthorizeController()

createDefaultAuthorizeController() : \OAuth2\Controller\AuthorizeControllerInterface

Throws

\LogicException

Returns

\OAuth2\Controller\AuthorizeControllerInterface

createDefaultTokenController()

createDefaultTokenController() : \OAuth2\Controller\TokenControllerInterface

Throws

\LogicException

Returns

\OAuth2\Controller\TokenControllerInterface

createDefaultResourceController()

createDefaultResourceController() : \OAuth2\Controller\ResourceControllerInterface

Throws

\LogicException

Returns

\OAuth2\Controller\ResourceControllerInterface

createDefaultUserInfoController()

createDefaultUserInfoController() : \OAuth2\OpenID\Controller\UserInfoControllerInterface

Throws

\LogicException

Returns

\OAuth2\OpenID\Controller\UserInfoControllerInterface

getDefaultTokenType()

getDefaultTokenType() : \OAuth2\TokenType\Bearer

Returns

\OAuth2\TokenType\Bearer

getDefaultResponseTypes()

getDefaultResponseTypes() : array

Throws

\LogicException

Returns

array

getDefaultGrantTypes()

getDefaultGrantTypes() : array

Throws

\LogicException

Returns

array

getAccessTokenResponseType()

getAccessTokenResponseType() : \OAuth2\ResponseType\AccessToken

Returns

\OAuth2\ResponseType\AccessToken

getIdTokenResponseType()

getIdTokenResponseType() : \OAuth2\OpenID\ResponseType\IdToken

Returns

\OAuth2\OpenID\ResponseType\IdToken

getIdTokenTokenResponseType()

getIdTokenTokenResponseType() : \OAuth2\OpenID\ResponseType\IdTokenToken

Returns

\OAuth2\OpenID\ResponseType\IdTokenToken

createDefaultJwtAccessTokenStorage()

createDefaultJwtAccessTokenStorage() : \OAuth2\Storage\JwtAccessToken

For Resource Controller

Throws

\LogicException

Returns

\OAuth2\Storage\JwtAccessToken

createDefaultJwtAccessTokenResponseType()

createDefaultJwtAccessTokenResponseType() : \OAuth2\ResponseType\JwtAccessToken

For Authorize and Token Controllers

Throws

\LogicException

Returns

\OAuth2\ResponseType\JwtAccessToken

createDefaultAccessTokenResponseType()

createDefaultAccessTokenResponseType() : \OAuth2\ResponseType\AccessToken

Throws

\LogicException

Returns

\OAuth2\ResponseType\AccessToken

createDefaultIdTokenResponseType()

createDefaultIdTokenResponseType() : \OAuth2\OpenID\ResponseType\IdToken

Throws

\LogicException

Returns

\OAuth2\OpenID\ResponseType\IdToken

createDefaultIdTokenTokenResponseType()

createDefaultIdTokenTokenResponseType() : \OAuth2\OpenID\ResponseType\IdTokenToken

Returns

\OAuth2\OpenID\ResponseType\IdTokenToken

validateOpenIdConnect()

validateOpenIdConnect()

Throws

\InvalidArgumentException

normalizeResponseType()

normalizeResponseType(string  $name) : string

Parameters

string

$name

Returns

string