Updated grant examples

auth-server-auth-code.md

@@ -57,7 +57,6 @@ $scopeRepository = new ScopeRepository();
 $accessTokenRepository = new AccessTokenRepository();
 $authCodeRepository = new AuthCodeRepository();
 $refreshTokenRepository = new RefreshTokenRepository();
-$userRepository = new UserRepository();
 
 // Path to public and private keys
 $privateKey = 'file://path/to/private.key';
@@ -79,7 +78,6 @@ $server->enableGrantType(
     new \League\OAuth2\Server\Grant\AuthCodeGrant(
         $authCodeRepository,
         $refreshTokenRepository,
-        $userRepository,
         new \DateInterval('PT10M')
     ),
     new \DateInterval('PT1H')
@@ -88,17 +86,54 @@ $server->enableGrantType(
 
 ## Implementation
 
-The client will request an access token so create an `/oauth2` endpoint.
+The client will redirect the user to an authorization endpoint.
 
 {% highlight php %}
-$app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
+$app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
+    /* @var \League\OAuth2\Server\Server $server */
+    $server = $app->getContainer()->get(Server::class);
+    try {
+        // Validate the HTTP request and return an AuthorizationRequest object.
+        $authRequest = $server->validateAuthorizationRequest($request);
+        
+        // The auth request object can be serialized and saved into a user's session.
+        // You will probably want to redirect the user at this point to a login endpoint.
+        
+        // Once the user has logged in set the user on the AuthorizationRequest
+        $authRequest->setUser(new UserEntity());
+        
+        // At this point you should redirect the user to an authorization page.
+        // This form will ask the user to approve the client and the scopes requested.
+        
+        // Once the user has approved or denied the client update the status
+        // (true = approved, false = denied)
+        $authRequest->setAuthorizationApproved(true);
+        
+        // Return the HTTP redirect response
+        return $server->completeAuthorizationRequest($authRequest, $response);
+        
+    } catch (OAuthServerException $exception) {
+        return $exception->generateHttpResponse($response);
+        
+    } catch (\Exception $exception) {
+        $body = new Stream('php://temp', 'r+');
+        $body->write($exception->getMessage());
+        return $response->withStatus(500)->withBody($body);
+    }
+});
+{% endhighlight %}
+
+The client will request an access token using an authorization code so create an `/access_token` endpoint.
+
+{% highlight php %}
+$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
 
     /* @var \League\OAuth2\Server\Server $server */
     $server = $app->getContainer()->get(Server::class);
 
     // Try to respond to the request
     try {
-        return $server->respondToRequest($request, $response);
+        return $server->respondToAccessTokenRequest($request, $response);
 
     } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
         return $exception->generateHttpResponse($response);
@@ -111,65 +146,3 @@ $app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterfa
 });
 {% endhighlight %}
 
-## Modify the login and authorize pages
-
-You can easily modify the HTML pages used by the authorization server. The library comes with built-in support for Twig, Smarty, Mustache and Plates templates.
-
-The default implementation uses `league/plates` and has some [very basic HTML templates](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/TemplateRenderer/DefaultTemplates).
-
-The login template has the following variable available:
-
-* `error` (null or a string) - Set if there was an error with the login
-
-The form inputs must be called `username` and `password` and must be POSTed.
-
-The authorize template has the following variable available:
-
-* `client` - The name of the client the user is authorizing
-* `scopes` - An array of ScopeEntityInterface. Use `getIdentifier` to get a string you can print
-
-The form must be POSTed with an input named `action` with the value `approve` if the user approves the client.
-
-### Using Plates with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\PlatesRenderer(
-    new Engine('/path/to/templates'),
-    'login_template_name',
-    'authorize_template_name'
-);
-$authCodeGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Twig with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\TwigRenderer(
-    $environment, // instance of Twig_Environment
-    'login_template_name',
-    'authorize_template_name'
-);
-$authCodeGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Smarty with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\SmartyRenderer(
-    $smarty, // instance of \Smarty
-    'login_template_name',
-    'authorize_template_name'
-);
-$authCodeGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Mustache with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\MustacheRenderer(
-    $engine, // instance of \Mustache_Engine
-    'login_template_name',
-    'authorize_template_name'
-);
-$authCodeGrant->setTemplateRenderer($renderer);
-{% endhighlight %}

auth-server-client-credentials.md

@@ -67,7 +67,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
 
     // Try to respond to the request
     try {
-        return $server->respondToRequest($request, $response);
+        return $server->respondToAccessTokenRequest($request, $response);
 
     } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
         return $exception->generateHttpResponse($response);

auth-server-implicit.md

@@ -61,96 +61,44 @@ $server = new \League\OAuth2\Server\Server(
 );
 
 // Enable the implicit grant on the server with a token TTL of 1 hour
-$server->enableGrantType(
-    new ImplicitGrant($userRepository),
-    new \DateInterval('PT1H')
-);
+$server->enableGrantType(new ImplicitGrant(new \DateInterval('PT1H')));
 {% endhighlight %}
 
 ## Implementation
 
-The client will request an access token so create an `/oauth2` endpoint.
+The client will redirect the user to an authorization endpoint.
 
 {% highlight php %}
-$app->post('/oauth2', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-
+$app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
     /* @var \League\OAuth2\Server\Server $server */
     $server = $app->getContainer()->get(Server::class);
-
-    // Try to respond to the request
     try {
-        return $server->respondToRequest($request, $response);
-
-    } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
+        // Validate the HTTP request and return an AuthorizationRequest object.
+        $authRequest = $server->validateAuthorizationRequest($request);
+        
+        // The auth request object can be serialized and saved into a user's session.
+        // You will probably want to redirect the user at this point to a login endpoint.
+        
+        // Once the user has logged in set the user on the AuthorizationRequest
+        $authRequest->setUser(new UserEntity());
+        
+        // At this point you should redirect the user to an authorization page.
+        // This form will ask the user to approve the client and the scopes requested.
+        
+        // Once the user has approved or denied the client update the status
+        // (true = approved, false = denied)
+        $authRequest->setAuthorizationApproved(true);
+        
+        // Return the HTTP redirect response
+        return $server->completeAuthorizationRequest($authRequest, $response);
+        
+    } catch (OAuthServerException $exception) {
         return $exception->generateHttpResponse($response);
-
+        
     } catch (\Exception $exception) {
         $body = new Stream('php://temp', 'r+');
         $body->write($exception->getMessage());
         return $response->withStatus(500)->withBody($body);
     }
 });
-{% endhighlight %}
-
-## Modify the login and authorize pages
-
-You can easily modify the HTML pages used by the authorization server. The library comes with built-in support for Twig, Smarty, Mustache and Plates templates.
-
-The default implementation uses `league/plates` and has some [very basic HTML templates](https://github.com/thephpleague/oauth2-server/tree/V5-WIP/src/TemplateRenderer/DefaultTemplates).
-
-The login template has the following variable available:
-
-* `error` (null or a string) - Set if there was an error with the login
-
-The form inputs must be called `username` and `password` and must be POSTed.
-
-The authorize template has the following variable available:
-
-* `client` - The name of the client the user is authorizing
-* `scopes` - An array of ScopeEntityInterface. Use `getIdentifier` to get a string you can print
-
-The form must be POSTed with an input named `action` with the value `approve` if the user approves the client.
-
-### Using Plates with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\PlatesRenderer(
-    new Engine('/path/to/templates'),
-    'login_template_name',
-    'authorize_template_name'
-);
-$implicitGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Twig with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\TwigRenderer(
-    $environment, // instance of Twig_Environment
-    'login_template_name',
-    'authorize_template_name'
-);
-$implicitGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Smarty with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\SmartyRenderer(
-    $smarty, // instance of \Smarty
-    'login_template_name',
-    'authorize_template_name'
-);
-$implicitGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
-
-### Using Mustache with custom templates
-
-{% highlight php %}
-$renderer = new \League\OAuth2\Server\TemplateRenderer\MustacheRenderer(
-    $engine, // instance of \Mustache_Engine
-    'login_template_name',
-    'authorize_template_name'
-);
-$implicitGrant->setTemplateRenderer($renderer);
-{% endhighlight %}
+{% endhighlight %}

auth-server-password.md

@@ -77,7 +77,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
 
     // Try to respond to the request
     try {
-        return $server->respondToRequest($request, $response);
+        return $server->respondToAccessTokenRequest($request, $response);
 
     } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
         return $exception->generateHttpResponse($response);

auth-server-refresh-token.md

@@ -69,7 +69,7 @@ $app->post('/access_token', function (ServerRequestInterface $request, ResponseI
 
     // Try to respond to the request
     try {
-        return $server->respondToRequest($request, $response);
+        return $server->respondToAccessTokenRequest($request, $response);
 
     } catch (\League\OAuth2\Server\Exception\OAuthServerException $exception) {
         return $exception->generateHttpResponse($response);