$db
$db : \PDO
Simple PDO storage for all storage types
NOTE: This class is meant to get users started quickly. If your application requires further customization, extend this class or create your own.
NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application
checkClientCredentials(string $client_id, null|string $client_secret = null) : boolean
Make sure that the client credentials is valid.
| string | $client_id | Client identifier to be check with. |
| null|string | $client_secret | (optional) If a secret is required, check that they've given the right one. |
setClientDetails(string $client_id, null|string $client_secret = null, null|string $redirect_uri = null, null|array $grant_types = null, null|string $scope = null, null|string $user_id = null) : boolean
| string | $client_id | |
| null|string | $client_secret | |
| null|string | $redirect_uri | |
| null|array | $grant_types | |
| null|string | $scope | |
| null|string | $user_id |
setAccessToken(string $access_token, mixed $client_id, mixed $user_id, integer $expires, string $scope = null) : boolean
Store the supplied access token values to storage.
We need to store access token data as we create and verify tokens.
| string | $access_token | |
| mixed | $client_id |
|
| mixed | $user_id |
|
| integer | $expires |
|
| string | $scope |
|
getAuthorizationCode(string $code) : mixed
Fetch authorization code data (probably the most common grant type).
Retrieve the stored data for the given authorization code.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
| string | $code | Authorization code to be check with. |
setAuthorizationCode(string $code, mixed $client_id, mixed $user_id, string $redirect_uri, integer $expires, string $scope = null, string $id_token = null) : boolean|mixed
Take the provided authorization code values and store them somewhere.
This function should be the storage counterpart to getAuthCode().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
| string | $code |
|
| mixed | $client_id |
|
| mixed | $user_id |
|
| string | $redirect_uri |
|
| integer | $expires |
|
| string | $scope |
|
| string | $id_token |
checkUserCredentials(string $username, string $password) : boolean
Grant access tokens for basic user credentials.
Check the supplied username and password for validity.
You can also use the $client_id param to do any checks required based on a client, if you need that.
Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
| string | $username | Username to be check with. |
| string | $password | Password to be check with. |
getUserClaims(mixed $user_id, string $claims) : array|boolean
Return claims about the provided user id.
Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.
| mixed | $user_id |
|
| string | $claims |
setRefreshToken(string $refresh_token, mixed $client_id, mixed $user_id, string $expires, string $scope = null) : boolean
Take the provided refresh token values and store them somewhere.
This function should be the storage counterpart to getRefreshToken().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
| string | $refresh_token | Refresh token to be stored. |
| mixed | $client_id | Client identifier to be stored. |
| mixed | $user_id | User identifier to be stored. |
| string | $expires | Expiration timestamp to be stored. 0 if the token doesn't expire. |
| string | $scope | (optional) Scopes to be stored in space-separated string. |
unsetRefreshToken(string $refresh_token) : boolean
Expire a used refresh token.
This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
| string | $refresh_token | Refresh token to be expired. |
getDefaultScope(mixed $client_id = null) : null|string
The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes
| mixed | $client_id | An optional client id that can be used to return customized default scopes. |
getJti(mixed $client_id, $subject, $audience, $expires, $jti) : array|null
Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
| mixed | $client_id | Client identifier to match. |
| $subject | The subject to match. |
|
| $audience | The audience to match. |
|
| $expires | ||
| $jti | The jti to match. |
setJti(mixed $client_id, $subject, $audience, $expires, $jti) : boolean
Store a used jti so that we can check against it to prevent replay attacks.
| mixed | $client_id | Client identifier to insert. |
| $subject | The subject to insert. |
|
| $audience | The audience to insert. |
|
| $expires | ||
| $jti | The jti to insert. |
setAuthorizationCodeWithIdToken(string $code, mixed $client_id, mixed $user_id, string $redirect_uri, string $expires, string $scope = null, string $id_token = null) : boolean
| string | $code | |
| mixed | $client_id | |
| mixed | $user_id | |
| string | $redirect_uri | |
| string | $expires | |
| string | $scope | |
| string | $id_token |