\OAuth2\StorageMongo

Simple MongoDB storage for all storage types

NOTE: This class is meant to get users started quickly. If your application requires further customization, extend this class or create your own.

NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application

Summary

Methods

Properties

Constants

__construct()
checkClientCredentials()
isPublicClient()
getClientDetails()
setClientDetails()
checkRestrictedGrantType()
getAccessToken()
setAccessToken()
unsetAccessToken()
getAuthorizationCode()
setAuthorizationCode()
expireAuthorizationCode()
checkUserCredentials()
getUserDetails()
getRefreshToken()
setRefreshToken()
unsetRefreshToken()
getUser()
setUser()
getClientKey()
getClientScope()
getJti()
setJti()
getPublicKey()
getPrivateKey()
getEncryptionAlgorithm()

No public properties found

No constants found

collection()
checkPassword()

$db
$config

N/A

No private methods found

No private properties found

N/A

File: oauth2-server-php/src/OAuth2/Storage/Mongo.php
Package: Default
Class hierarchy: \OAuth2\Storage\Mongo
Implements: \OAuth2\Storage\AuthorizationCodeInterface; \OAuth2\Storage\AccessTokenInterface; \OAuth2\Storage\ClientCredentialsInterface; \OAuth2\Storage\UserCredentialsInterface; \OAuth2\Storage\RefreshTokenInterface; \OAuth2\Storage\JwtBearerInterface; \OAuth2\Storage\PublicKeyInterface; \OAuth2\OpenID\Storage\AuthorizationCodeInterface

Properties

$db

$db :

Type

$config

$config :

Type

Methods

__construct()

__construct(  $connection,   $config = array())

Parameters

	$connection
	$config

checkClientCredentials()

checkClientCredentials(  $client_id,   $client_secret = null) : TRUE

Make sure that the client credentials is valid.

Parameters

	$client_id	Client identifier to be check with.
	$client_secret	(optional) If a secret is required, check that they've given the right one.

Returns

TRUE —

if the client credentials are valid, and MUST return FALSE if it isn't.

isPublicClient()

isPublicClient(  $client_id) : TRUE

Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types

Parameters

$client_id

Client identifier to be check with.

Returns

TRUE —

if the client is public, and FALSE if it isn't.

getClientDetails()

getClientDetails(  $client_id)

Parameters

$client_id

setClientDetails()

setClientDetails(  $client_id,   $client_secret = null,   $redirect_uri = null,   $grant_types = null,   $scope = null,   $user_id = null)

Parameters

	$client_id
	$client_secret
	$redirect_uri
	$grant_types
	$scope
	$user_id

checkRestrictedGrantType()

checkRestrictedGrantType(  $client_id,   $grant_type)

Parameters

	$client_id
	$grant_type

getAccessToken()

getAccessToken(  $access_token) : array|null

Look up the supplied oauth_token from storage.

We need to retrieve access token data as we create and verify tokens.

Parameters

$access_token

Returns

array|null —

An associative array as below, and return NULL if the supplied oauth_token is invalid:

setAccessToken()

setAccessToken(  $access_token, mixed  $client_id, mixed  $user_id, integer  $expires, string  $scope = null)

Store the supplied access token values to storage.

We need to store access token data as we create and verify tokens.

Parameters

	$access_token
mixed	$client_id	client identifier to be stored.
mixed	$user_id	user identifier to be stored.
integer	$expires	expiration to be stored as a Unix timestamp.
string	$scope	OPTIONAL Scopes to be stored in space-separated string.

unsetAccessToken()

unsetAccessToken(  $access_token)

Parameters

$access_token

getAuthorizationCode()

getAuthorizationCode(  $code) : \OAuth2\Storage\An

Fetch authorization code data (probably the most common grant type).

Retrieve the stored data for the given authorization code.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

$code

Authorization code to be check with.

Returns

\OAuth2\Storage\An —

associative array as below, and NULL if the code is invalid

setAuthorizationCode()

setAuthorizationCode(string  $code, mixed  $client_id, mixed  $user_id, string  $redirect_uri, integer  $expires, string  $scope = null,   $id_token = null)

Take the provided authorization code values and store them somewhere.

This function should be the storage counterpart to getAuthCode().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

string	$code	Authorization code to be stored.
mixed	$client_id	Client identifier to be stored.
mixed	$user_id	User identifier to be stored.
string	$redirect_uri	Redirect URI(s) to be stored in a space-separated string.
integer	$expires	Expiration to be stored as a Unix timestamp.
string	$scope	OPTIONAL Scopes to be stored in space-separated string.
	$id_token

expireAuthorizationCode()

expireAuthorizationCode(  $code)

once an Authorization Code is used, it must be expired

Parameters

$code

checkUserCredentials()

checkUserCredentials(  $username,   $password) : TRUE

Grant access tokens for basic user credentials.

Check the supplied username and password for validity.

You can also use the $client_id param to do any checks required based on a client, if you need that.

Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.

Parameters

	$username	Username to be check with.
	$password	Password to be check with.

Returns

TRUE —

if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to

getUserDetails()

getUserDetails(string  $username) : array|false

Parameters

string

$username

username to get details for

Returns

array|false —

the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes.

getRefreshToken()

getRefreshToken(  $refresh_token) : \OAuth2\Storage\An

Grant refresh access tokens.

Retrieve the stored data for the given refresh token.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be check with.

Returns

\OAuth2\Storage\An —

associative array as below, and NULL if the refresh_token is invalid:

refresh_token: Refresh token identifier.
client_id: Client identifier.
user_id: User identifier.
expires: Expiration unix timestamp, or 0 if the token doesn't expire.
scope: (optional) Scope values in space-separated string.

setRefreshToken()

setRefreshToken(  $refresh_token,   $client_id,   $user_id,   $expires,   $scope = null)

Take the provided refresh token values and store them somewhere.

This function should be the storage counterpart to getRefreshToken().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

	$refresh_token	Refresh token to be stored.
	$client_id	Client identifier to be stored.
	$user_id	User identifier to be stored.
	$expires	Expiration timestamp to be stored. 0 if the token doesn't expire.
	$scope	(optional) Scopes to be stored in space-separated string.

unsetRefreshToken()

unsetRefreshToken(  $refresh_token)

Expire a used refresh token.

This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Parameters

$refresh_token

Refresh token to be expired.

getUser()

getUser(  $username)

Parameters

$username

setUser()

setUser(  $username,   $password,   $firstName = null,   $lastName = null)

Parameters

	$username
	$password
	$firstName
	$lastName

getClientKey()

getClientKey(  $client_id,   $subject) : STRING

Get the public key associated with a client_id

Parameters

	$client_id	Client identifier to be checked with.
	$subject

Returns

STRING —

Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.

getClientScope()

getClientScope(  $client_id)

Parameters

$client_id

getJti()

getJti(  $client_id,   $subject,   $audience,   $expiration,   $jti) : \OAuth2\Storage\An

Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.

Parameters

	$client_id	Client identifier to match.
	$subject	The subject to match.
	$audience	The audience to match.
	$expiration	The expiration of the jti.
	$jti	The jti to match.

Returns

\OAuth2\Storage\An —

associative array as below, and return NULL if the jti does not exist.

issuer: Stored client identifier.
subject: Stored subject.
audience: Stored audience.
expires: Stored expiration in unix timestamp.
jti: The stored jti.

setJti()

setJti(  $client_id,   $subject,   $audience,   $expiration,   $jti)

Store a used jti so that we can check against it to prevent replay attacks.

Parameters

	$client_id	Client identifier to insert.
	$subject	The subject to insert.
	$audience	The audience to insert.
	$expiration	The expiration of the jti.
	$jti	The jti to insert.

getPublicKey()

getPublicKey(mixed  $client_id = null) : mixed

Parameters

mixed

$client_id

Returns

mixed

getPrivateKey()

getPrivateKey(mixed  $client_id = null) : mixed

Parameters

mixed

$client_id

Returns

mixed

getEncryptionAlgorithm()

getEncryptionAlgorithm(mixed  $client_id = null) : mixed

Parameters

mixed

$client_id

Returns

mixed

collection()

collection(  $name)

Parameters

$name

checkPassword()

checkPassword(  $user,   $password)

Parameters

	$user
	$password