diff --git a/examples/README.md b/examples/README.md index e4a30a73..35fdc516 100644 --- a/examples/README.md +++ b/examples/README.md @@ -16,10 +16,10 @@ Send the following cURL request: curl -X "POST" "http://localhost:4444/client_credentials.php/access_token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Accept: 1.0" \ + --data-urlencode "grant_type=client_credentials" \ --data-urlencode "client_id=myawesomeapp" \ - --data-urlencode "scope=basic email" \ --data-urlencode "client_secret=abc123" \ - --data-urlencode "grant_type=client_credentials" + --data-urlencode "scope=basic email" ``` ## Testing the password grant example @@ -30,12 +30,12 @@ Send the following cURL request: curl -X "POST" "http://localhost:4444/password.php/access_token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Accept: 1.0" \ + --data-urlencode "grant_type=password" \ --data-urlencode "client_id=myawesomeapp" \ - --data-urlencode "scope=basic email" \ + --data-urlencode "client_secret=abc123" \ --data-urlencode "username=alex" \ --data-urlencode "password=whisky" \ - --data-urlencode "client_secret=abc123" \ - --data-urlencode "grant_type=password" + --data-urlencode "scope=basic email" ``` ## Testing the refresh token grant example @@ -51,4 +51,3 @@ curl -X "POST" "http://localhost:4444/refresh_token.php/access_token" \ --data-urlencode "client_secret=abc123" \ --data-urlencode "refresh_token={{REFRESH_TOKEN}}" ``` - diff --git a/examples/public/auth_code.php b/examples/public/auth_code.php index 761f7ae3..357fc626 100644 --- a/examples/public/auth_code.php +++ b/examples/public/auth_code.php @@ -3,31 +3,31 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\AuthCodeGrant; use League\OAuth2\Server\Server; - use OAuth2ServerExamples\Repositories\AccessTokenRepository; use OAuth2ServerExamples\Repositories\AuthCodeRepository; use OAuth2ServerExamples\Repositories\ClientRepository; use OAuth2ServerExamples\Repositories\RefreshTokenRepository; use OAuth2ServerExamples\Repositories\ScopeRepository; use OAuth2ServerExamples\Repositories\UserRepository; - +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; use Slim\App; -use Slim\Http\Request; -use Slim\Http\Response; +use Zend\Diactoros\Stream; include(__DIR__ . '/../vendor/autoload.php'); -// App $app = new App([ + 'settings' => [ + 'displayErrorDetails' => true, + ], Server::class => function () { - // Init our repositories $clientRepository = new ClientRepository(); $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); - $userRepository = new UserRepository(); - $refreshTokenRepository = new RefreshTokenRepository(); $authCodeRepository = new AuthCodeRepository(); + $refreshTokenRepository = new RefreshTokenRepository(); + $userRepository = new UserRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; @@ -41,7 +41,7 @@ $app = new App([ $publicKeyPath ); - // Enable the password grant on the server with a token TTL of 1 hour + // Enable the authentication code grant on the server with a token TTL of 1 hour $server->enableGrantType( new AuthCodeGrant( $authCodeRepository, @@ -56,27 +56,19 @@ $app = new App([ }, ]); -$app->any('/authorize', function (Request $request, Response $response) { - /** @var Server $server */ - $server = $this->get(Server::class); - try { - return $server->respondToRequest($request, $response); - } catch (OAuthServerException $e) { - return $e->generateHttpResponse($response); - } catch (\Exception $e) { - return $response->withStatus(500)->write($e->getMessage()); - } -}); +$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { + /* @var \League\OAuth2\Server\Server $server */ + $server = $app->getContainer()->get(Server::class); -$app->post('/access_token', function (Request $request, Response $response) { - /** @var Server $server */ - $server = $this->get(Server::class); try { return $server->respondToRequest($request, $response); - } catch (OAuthServerException $e) { - return $e->generateHttpResponse($response); - } catch (\Exception $e) { - return $response->withStatus(500)->write($e->getMessage()); + } catch (OAuthServerException $exception) { + return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); + + return $response->withStatus(500)->withBody($body); } }); diff --git a/examples/public/client_credentials.php b/examples/public/client_credentials.php index 684e3003..b6a1600a 100644 --- a/examples/public/client_credentials.php +++ b/examples/public/client_credentials.php @@ -3,25 +3,25 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\ClientCredentialsGrant; use League\OAuth2\Server\Server; - use OAuth2ServerExamples\Repositories\AccessTokenRepository; use OAuth2ServerExamples\Repositories\ClientRepository; use OAuth2ServerExamples\Repositories\ScopeRepository; - +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; use Slim\App; -use Slim\Http\Request; -use Slim\Http\Response; +use Zend\Diactoros\Stream; include(__DIR__ . '/../vendor/autoload.php'); -// App $app = new App([ + 'settings' => [ + 'displayErrorDetails' => true, + ], Server::class => function () { - // Init our repositories $clientRepository = new ClientRepository(); - $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); + $scopeRepository = new ScopeRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; @@ -36,21 +36,28 @@ $app = new App([ ); // Enable the client credentials grant on the server with a token TTL of 1 hour - $server->enableGrantType(new ClientCredentialsGrant(), new \DateInterval('PT1H')); + $server->enableGrantType( + new ClientCredentialsGrant(), + new \DateInterval('PT1H') + ); return $server; } ]); -$app->post('/access_token', function (Request $request, Response $response) { - /** @var Server $server */ - $server = $this->get(Server::class); +$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { + /* @var \League\OAuth2\Server\Server $server */ + $server = $app->getContainer()->get(Server::class); + try { return $server->respondToRequest($request, $response); - } catch (OAuthServerException $e) { - return $e->generateHttpResponse($response); - } catch (\Exception $e) { - return $response->withStatus(500)->write($e->getMessage()); + } catch (OAuthServerException $exception) { + return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); + + return $response->withStatus(500)->withBody($body); } }); diff --git a/examples/public/middleware_authentication.php b/examples/public/middleware.php similarity index 52% rename from examples/public/middleware_authentication.php rename to examples/public/middleware.php index d928e19d..3ace6072 100644 --- a/examples/public/middleware_authentication.php +++ b/examples/public/middleware.php @@ -1,33 +1,35 @@ [ 'displayErrorDetails' => true, ], Server::class => function () { - // Init our repositories $clientRepository = new ClientRepository(); $accessTokenRepository = new AccessTokenRepository(); $scopeRepository = new ScopeRepository(); - $userRepository = new UserRepository(); + $authCodeRepository = new AuthCodeRepository(); $refreshTokenRepository = new RefreshTokenRepository(); + $userRepository = new UserRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; @@ -41,21 +43,53 @@ $app = new App([ $publicKeyPath ); - // Enable the grants + // Enable the authentication code grant on the server with a token TTL of 1 hour $server->enableGrantType( - new PasswordGrant($userRepository, $refreshTokenRepository), + new AuthCodeGrant( + $authCodeRepository, + $refreshTokenRepository, + $userRepository, + new \DateInterval('PT10M') + ), new \DateInterval('PT1H') ); + + // Enable the refresh token grant on the server with a token TTL of 1 month $server->enableGrantType( new RefreshTokenGrant($refreshTokenRepository), - new \DateInterval('PT1H') + new \DateInterval('PT1M') ); return $server; } ]); +// Access token issuer $app->post('/access_token', function () { })->add(new AuthenticationServerMiddleware($app->getContainer()->get(Server::class))); +// Secured API +$app->group('/api', function() { + $this->get('/user', function (ServerRequestInterface $request, ResponseInterface $response) { + $params = []; + + if (in_array('basic', $request->getAttribute('oauth_scopes', []))) { + $params = [ + 'id' => 1, + 'name' => 'Alex', + 'city' => 'London' + ]; + } + + if (in_array('email', $request->getAttribute('oauth_scopes', []))) { + $params['email'] = 'alex@example.com'; + } + + $body = new Stream('php://temp', 'r+'); + $body->write(json_encode($params)); + + return $response->withBody($body); + }); +})->add(new ResourceServerMiddleware($app->getContainer()->get(Server::class))); + $app->run(); diff --git a/examples/public/password.php b/examples/public/password.php index 036d1b4f..72992536 100644 --- a/examples/public/password.php +++ b/examples/public/password.php @@ -3,27 +3,27 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\PasswordGrant; use League\OAuth2\Server\Server; - use OAuth2ServerExamples\Repositories\AccessTokenRepository; use OAuth2ServerExamples\Repositories\ClientRepository; use OAuth2ServerExamples\Repositories\RefreshTokenRepository; use OAuth2ServerExamples\Repositories\ScopeRepository; use OAuth2ServerExamples\Repositories\UserRepository; - +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; use Slim\App; -use Slim\Http\Request; -use Slim\Http\Response; +use Zend\Diactoros\Stream; include(__DIR__ . '/../vendor/autoload.php'); -// App $app = new App([ + 'settings' => [ + 'displayErrorDetails' => true, + ], Server::class => function () { - // Init our repositories $clientRepository = new ClientRepository(); - $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); + $scopeRepository = new ScopeRepository(); $userRepository = new UserRepository(); $refreshTokenRepository = new RefreshTokenRepository(); @@ -49,15 +49,19 @@ $app = new App([ } ]); -$app->post('/access_token', function (Request $request, Response $response) { - /** @var Server $server */ - $server = $this->get(Server::class); +$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { + /* @var \League\OAuth2\Server\Server $server */ + $server = $app->getContainer()->get(Server::class); + try { return $server->respondToRequest($request, $response); - } catch (OAuthServerException $e) { - return $e->generateHttpResponse($response); - } catch (\Exception $e) { - return $response->withStatus(500)->write($e->getMessage()); + } catch (OAuthServerException $exception) { + return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); + + return $response->withStatus(500)->withBody($body); } }); diff --git a/examples/public/refresh_token.php b/examples/public/refresh_token.php index ad9bf0cb..041131b5 100644 --- a/examples/public/refresh_token.php +++ b/examples/public/refresh_token.php @@ -3,57 +3,63 @@ use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Grant\RefreshTokenGrant; use League\OAuth2\Server\Server; - use OAuth2ServerExamples\Repositories\AccessTokenRepository; use OAuth2ServerExamples\Repositories\ClientRepository; use OAuth2ServerExamples\Repositories\RefreshTokenRepository; use OAuth2ServerExamples\Repositories\ScopeRepository; - +use Psr\Http\Message\ResponseInterface; +use Psr\Http\Message\ServerRequestInterface; use Slim\App; -use Slim\Http\Request; -use Slim\Http\Response; +use Zend\Diactoros\Stream; include(__DIR__ . '/../vendor/autoload.php'); +$app = new App([ + 'settings' => [ + 'displayErrorDetails' => true, + ], + Server::class => function () { + // Init our repositories + $clientRepository = new ClientRepository(); + $accessTokenRepository = new AccessTokenRepository(); + $scopeRepository = new ScopeRepository(); + $refreshTokenRepository = new RefreshTokenRepository(); + $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; + $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; -// App -$app = new App([Server::class => function () { - // Init our repositories - $clientRepository = new ClientRepository(); - $scopeRepository = new ScopeRepository(); - $accessTokenRepository = new AccessTokenRepository(); - $refreshTokenRepository = new RefreshTokenRepository(); + // Setup the authorization server + $server = new Server( + $clientRepository, + $accessTokenRepository, + $scopeRepository, + $privateKeyPath, + $publicKeyPath + ); - $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; - $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; + // Enable the refresh token grant on the server with a token TTL of 1 hour + $server->enableGrantType( + new RefreshTokenGrant($refreshTokenRepository), + new \DateInterval('PT1H') + ); - // Setup the authorization server - $server = new Server( - $clientRepository, - $accessTokenRepository, - $scopeRepository, - $privateKeyPath, - $publicKeyPath - ); + return $server; + } +]); - // Enable the refresh token grant on the server - $server->enableGrantType(new RefreshTokenGrant($refreshTokenRepository), new \DateInterval('PT1H')); +$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { + /* @var \League\OAuth2\Server\Server $server */ + $server = $app->getContainer()->get(Server::class); - return $server; -}]); - -$app->post('/access_token', function (Request $request, Response $response) { - /** @var Server $server */ - $server = $this->get(Server::class); try { return $server->respondToRequest($request, $response); - } catch (OAuthServerException $e) { - return $e->generateHttpResponse($response); - } catch (\Exception $e) { - return $response->withStatus(500)->write( - sprintf('

%s

%s

', get_class($e), $e->getMessage()) - ); + } catch (OAuthServerException $exception) { + return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + $body = new Stream('php://temp', 'r+'); + $body->write($exception->getMessage()); + + return $response->withStatus(500)->withBody($body); } }); diff --git a/examples/public/protected_api.php b/examples/public/secured_route.php similarity index 61% rename from examples/public/protected_api.php rename to examples/public/secured_route.php index f7362d63..c98a8313 100644 --- a/examples/public/protected_api.php +++ b/examples/public/secured_route.php @@ -1,48 +1,54 @@ [ 'displayErrorDetails' => true, ], Server::class => function () { - // Init our repositories $clientRepository = new ClientRepository(); - $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); + $scopeRepository = new ScopeRepository(); $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // Setup the authorization server - $server = new Server( + return new Server( $clientRepository, $accessTokenRepository, $scopeRepository, $privateKeyPath, $publicKeyPath ); - - return $server; } ]); -$app->add(new ResourceServerMiddleware($app->getContainer()->get(Server::class))); -$app->post('/api/example', function (Request $request, Response $response) { +$app->get('/user', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { + $server = $app->getContainer()->get(Server::class); + $body = new Stream('php://temp', 'r+'); + + try { + $request = $server->validateRequest($request); + } catch (OAuthServerException $exception) { + return $exception->generateHttpResponse($response); + } catch (\Exception $exception) { + $body->write($exception->getMessage()); + + return $response->withStatus(500)->withBody($body); + } $params = []; @@ -58,9 +64,9 @@ $app->post('/api/example', function (Request $request, Response $response) { $params['email'] = 'alex@example.com'; } - $response->getBody()->write(json_encode($params)); + $body->write(json_encode($params)); - return $response; + return $response->withBody($body); }); $app->run();