mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-07 12:33:53 +05:30
Added scope parameter association for clientcredentials and password scope
TODO: Unit tests
This commit is contained in:
parent
542ca52d49
commit
a9a68a5cc8
@ -78,7 +78,7 @@ class ClientCredentials implements GrantTypeInterface {
|
|||||||
public function completeFlow($inputParams = null)
|
public function completeFlow($inputParams = null)
|
||||||
{
|
{
|
||||||
// Get the required params
|
// Get the required params
|
||||||
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'scope'), 'post', $inputParams);
|
$authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
|
||||||
|
|
||||||
if (is_null($authParams['client_id'])) {
|
if (is_null($authParams['client_id'])) {
|
||||||
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
throw new Exception\ClientException(sprintf(AuthServer::getExceptionMessage('invalid_request'), 'client_id'), 0);
|
||||||
@ -97,6 +97,27 @@ class ClientCredentials implements GrantTypeInterface {
|
|||||||
|
|
||||||
$authParams['client_details'] = $clientDetails;
|
$authParams['client_details'] = $clientDetails;
|
||||||
|
|
||||||
|
// Validate any scopes that are in the request
|
||||||
|
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
|
||||||
|
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
|
||||||
|
|
||||||
|
for ($i = 0; $i < count($scopes); $i++) {
|
||||||
|
$scopes[$i] = trim($scopes[$i]);
|
||||||
|
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||||
|
}
|
||||||
|
|
||||||
|
$authParams['scopes'] = array();
|
||||||
|
|
||||||
|
foreach ($scopes as $scope) {
|
||||||
|
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
|
||||||
|
|
||||||
|
if ($scopeDetails === false) {
|
||||||
|
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
$authParams['scopes'][] = $scopeDetails;
|
||||||
|
}
|
||||||
|
|
||||||
// Generate an access token
|
// Generate an access token
|
||||||
$accessToken = SecureKey::make();
|
$accessToken = SecureKey::make();
|
||||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||||
@ -108,7 +129,7 @@ class ClientCredentials implements GrantTypeInterface {
|
|||||||
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
|
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'client', $authParams['client_id']);
|
||||||
|
|
||||||
// Create a new session
|
// Create a new session
|
||||||
$this->authServer->getStorage('session')->createSession(
|
$sessionId = $this->authServer->getStorage('session')->createSession(
|
||||||
$authParams['client_id'],
|
$authParams['client_id'],
|
||||||
null,
|
null,
|
||||||
'client',
|
'client',
|
||||||
@ -120,6 +141,12 @@ class ClientCredentials implements GrantTypeInterface {
|
|||||||
'granted'
|
'granted'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Associate scopes with the new session
|
||||||
|
foreach ($authParams['scopes'] as $scope)
|
||||||
|
{
|
||||||
|
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||||
|
}
|
||||||
|
|
||||||
$response = array(
|
$response = array(
|
||||||
'access_token' => $accessToken,
|
'access_token' => $accessToken,
|
||||||
'token_type' => 'bearer',
|
'token_type' => 'bearer',
|
||||||
|
@ -140,6 +140,27 @@ class Password implements GrantTypeInterface {
|
|||||||
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
|
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate any scopes that are in the request
|
||||||
|
$scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
|
||||||
|
$scopes = explode($this->authServer->getScopeDelimeter(), $scope);
|
||||||
|
|
||||||
|
for ($i = 0; $i < count($scopes); $i++) {
|
||||||
|
$scopes[$i] = trim($scopes[$i]);
|
||||||
|
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
|
||||||
|
}
|
||||||
|
|
||||||
|
$authParams['scopes'] = array();
|
||||||
|
|
||||||
|
foreach ($scopes as $scope) {
|
||||||
|
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope);
|
||||||
|
|
||||||
|
if ($scopeDetails === false) {
|
||||||
|
throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_scope'], $scope), 4);
|
||||||
|
}
|
||||||
|
|
||||||
|
$authParams['scopes'][] = $scopeDetails;
|
||||||
|
}
|
||||||
|
|
||||||
// Generate an access token
|
// Generate an access token
|
||||||
$accessToken = SecureKey::make();
|
$accessToken = SecureKey::make();
|
||||||
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
$refreshToken = ($this->authServer->hasGrantType('refresh_token')) ? SecureKey::make() : null;
|
||||||
@ -151,7 +172,7 @@ class Password implements GrantTypeInterface {
|
|||||||
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
|
$this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $userId);
|
||||||
|
|
||||||
// Create a new session
|
// Create a new session
|
||||||
$this->authServer->getStorage('session')->createSession(
|
$sessionId = $this->authServer->getStorage('session')->createSession(
|
||||||
$authParams['client_id'],
|
$authParams['client_id'],
|
||||||
null,
|
null,
|
||||||
'user',
|
'user',
|
||||||
@ -163,6 +184,12 @@ class Password implements GrantTypeInterface {
|
|||||||
'granted'
|
'granted'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Associate scopes with the new session
|
||||||
|
foreach ($authParams['scopes'] as $scope)
|
||||||
|
{
|
||||||
|
$this->authServer->getStorage('session')->associateScope($sessionId, $scope['id']);
|
||||||
|
}
|
||||||
|
|
||||||
$response = array(
|
$response = array(
|
||||||
'access_token' => $accessToken,
|
'access_token' => $accessToken,
|
||||||
'token_type' => 'bearer',
|
'token_type' => 'bearer',
|
||||||
|
Loading…
Reference in New Issue
Block a user