mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Make tokens, created by client credentials grant to live forever
This commit is contained in:
ErickSkrauch
@@ -4,6 +4,7 @@ declare(strict_types=1);
|
||||
namespace api\components\OAuth2;
|
||||
|
||||
use api\components\OAuth2\Keys\EmptyKey;
|
||||
use Carbon\CarbonInterval;
|
||||
use DateInterval;
|
||||
use League\OAuth2\Server\AuthorizationServer;
|
||||
use yii\base\Component as BaseComponent;
|
||||
@@ -24,7 +25,7 @@ class Component extends BaseComponent {
|
||||
$authCodesRepo = new Repositories\AuthCodeRepository();
|
||||
$refreshTokensRepo = new Repositories\RefreshTokenRepository();
|
||||
|
||||
$accessTokenTTL = new DateInterval('P1D');
|
||||
$accessTokenTTL = CarbonInterval::day();
|
||||
|
||||
$authServer = new AuthorizationServer(
|
||||
$clientsRepo,
|
||||
@@ -44,9 +45,8 @@ class Component extends BaseComponent {
|
||||
$authServer->enableGrantType($refreshTokenGrant);
|
||||
$refreshTokenGrant->setScopeRepository($publicScopesRepo); // Change repository after enabling
|
||||
|
||||
// TODO: make these access tokens live longer
|
||||
$clientCredentialsGrant = new Grants\ClientCredentialsGrant();
|
||||
$authServer->enableGrantType($clientCredentialsGrant, $accessTokenTTL);
|
||||
$authServer->enableGrantType($clientCredentialsGrant, CarbonInterval::create(-1)); // set negative value to make it non expiring
|
||||
$clientCredentialsGrant->setScopeRepository($internalScopesRepo); // Change repository after enabling
|
||||
|
||||
$this->_authServer = $authServer;
|
||||
|
||||
@@ -55,9 +55,11 @@ class Component extends BaseComponent {
|
||||
|
||||
public function create(array $payloads = [], array $headers = []): Token {
|
||||
$now = Carbon::now();
|
||||
$builder = (new Builder())
|
||||
->issuedAt($now->getTimestamp())
|
||||
->expiresAt($now->addHour()->getTimestamp());
|
||||
$builder = (new Builder())->issuedAt($now->getTimestamp());
|
||||
if (isset($payloads['exp'])) {
|
||||
$builder->expiresAt($payloads['exp']);
|
||||
}
|
||||
|
||||
foreach ($payloads as $claim => $value) {
|
||||
$builder->withClaim($claim, $this->prepareValue($value));
|
||||
}
|
||||
|
||||
@@ -8,6 +8,7 @@ use api\rbac\Roles as R;
|
||||
use Carbon\Carbon;
|
||||
use common\models\Account;
|
||||
use common\models\AccountSession;
|
||||
use DateTime;
|
||||
use Lcobucci\JWT\Token;
|
||||
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
|
||||
use League\OAuth2\Server\Entities\ScopeEntityInterface;
|
||||
@@ -21,8 +22,9 @@ class TokensFactory extends Component {
|
||||
|
||||
public function createForWebAccount(Account $account, AccountSession $session = null): Token {
|
||||
$payloads = [
|
||||
'ely-scopes' => R::ACCOUNTS_WEB_USER,
|
||||
'ely-scopes' => $this->prepareScopes([R::ACCOUNTS_WEB_USER]),
|
||||
'sub' => $this->buildSub($account->id),
|
||||
'exp' => Carbon::now()->addHour()->getTimestamp(),
|
||||
];
|
||||
if ($session === null) {
|
||||
// If we don't remember a session, the token should live longer
|
||||
@@ -38,11 +40,12 @@ class TokensFactory extends Component {
|
||||
public function createForOAuthClient(AccessTokenEntityInterface $accessToken): Token {
|
||||
$payloads = [
|
||||
'aud' => $this->buildAud($accessToken->getClient()->getIdentifier()),
|
||||
'ely-scopes' => $this->joinScopes(array_map(static function(ScopeEntityInterface $scope): string {
|
||||
return $scope->getIdentifier();
|
||||
}, $accessToken->getScopes())),
|
||||
'exp' => $accessToken->getExpiryDateTime()->getTimestamp(),
|
||||
'ely-scopes' => $this->prepareScopes($accessToken->getScopes()),
|
||||
];
|
||||
if ($accessToken->getExpiryDateTime() > new DateTime()) {
|
||||
$payloads['exp'] = $accessToken->getExpiryDateTime()->getTimestamp();
|
||||
}
|
||||
|
||||
if ($accessToken->getUserIdentifier() !== null) {
|
||||
$payloads['sub'] = $this->buildSub($accessToken->getUserIdentifier());
|
||||
}
|
||||
@@ -52,15 +55,26 @@ class TokensFactory extends Component {
|
||||
|
||||
public function createForMinecraftAccount(Account $account, string $clientToken): Token {
|
||||
return Yii::$app->tokens->create([
|
||||
'ely-scopes' => $this->joinScopes([P::MINECRAFT_SERVER_SESSION]),
|
||||
'ely-scopes' => $this->prepareScopes([P::MINECRAFT_SERVER_SESSION]),
|
||||
'ely-client-token' => new EncryptedValue($clientToken),
|
||||
'sub' => $this->buildSub($account->id),
|
||||
'exp' => Carbon::now()->addDays(2)->getTimestamp(),
|
||||
]);
|
||||
}
|
||||
|
||||
private function joinScopes(array $scopes): string {
|
||||
return implode(',', $scopes);
|
||||
/**
|
||||
* @param ScopeEntityInterface[]|string[] $scopes
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
private function prepareScopes(array $scopes): string {
|
||||
return implode(',', array_map(function($scope): string {
|
||||
if ($scope instanceof ScopeEntityInterface) {
|
||||
return $scope->getIdentifier();
|
||||
}
|
||||
|
||||
return $scope;
|
||||
}, $scopes));
|
||||
}
|
||||
|
||||
private function buildSub(int $accountId): string {
|
||||
|
||||
Reference in New Issue
Block a user