diff --git a/examples/public/api.php b/examples/public/api.php index 2df5d1cf..c386363c 100644 --- a/examples/public/api.php +++ b/examples/public/api.php @@ -1,11 +1,4 @@ - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * - * @link https://github.com/thephpleague/oauth2-server - */ use League\OAuth2\Server\ResourceServer; use OAuth2ServerExamples\Repositories\AccessTokenRepository; @@ -16,63 +9,65 @@ use Slim\App; include __DIR__ . '/../vendor/autoload.php'; $app = new App([ - 'settings' => [ - 'displayErrorDetails' => true, - ], + // Add the resource server to the DI container ResourceServer::class => function () { - // Setup the authorization server $server = new ResourceServer( - new AccessTokenRepository(), - 'file://' . __DIR__ . '/../public.key' + new AccessTokenRepository(), // instance of AccessTokenRepositoryInterface + 'file://' . __DIR__ . '/../public.key' // the authorization server's public key ); return $server; }, ]); +// Add the resource server middleware which will intercept and validate requests $app->add( new \League\OAuth2\Server\Middleware\ResourceServerMiddleware( $app->getContainer()->get(ResourceServer::class) ) ); -$app->get('/users', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { +// An example endpoint secured with OAuth 2.0 +$app->get( + '/users', + function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { - $users = [ - [ - 'id' => 123, - 'name' => 'Alex', - 'email' => 'alex@thephpleague.com', - ], - [ - 'id' => 124, - 'name' => 'Frank', - 'email' => 'frank@thephpleague.com', - ], - [ - 'id' => 125, - 'name' => 'Phil', - 'email' => 'phil@thephpleague.com', - ], - ]; + $users = [ + [ + 'id' => 123, + 'name' => 'Alex', + 'email' => 'alex@thephpleague.com', + ], + [ + 'id' => 124, + 'name' => 'Frank', + 'email' => 'frank@thephpleague.com', + ], + [ + 'id' => 125, + 'name' => 'Phil', + 'email' => 'phil@thephpleague.com', + ], + ]; - // If the access token doesn't have the `basic` scope hide users' names - if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) { - for ($i = 0; $i < count($users); $i++) { - unset($users[$i]['name']); + // If the access token doesn't have the `basic` scope hide users' names + if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) { + for ($i = 0; $i < count($users); $i++) { + unset($users[$i]['name']); + } } - } - // If the access token doesn't have the `emal` scope hide users' email addresses - if (in_array('email', $request->getAttribute('oauth_scopes')) === false) { - for ($i = 0; $i < count($users); $i++) { - unset($users[$i]['email']); + // If the access token doesn't have the `email` scope hide users' email addresses + if (in_array('email', $request->getAttribute('oauth_scopes')) === false) { + for ($i = 0; $i < count($users); $i++) { + unset($users[$i]['email']); + } } + + $response->getBody()->write(json_encode($users)); + + return $response->withStatus(200); } +); - $response->getBody()->write(json_encode($users)); - - return $response->withStatus(200); -}); - -$app->run(); +$app->run(); \ No newline at end of file diff --git a/examples/public/password.php b/examples/public/password.php index 18eb6ddf..f2ac480d 100644 --- a/examples/public/password.php +++ b/examples/public/password.php @@ -1,11 +1,4 @@ - * @copyright Copyright (c) Alex Bilbie - * @license http://mit-license.org/ - * - * @link https://github.com/thephpleague/oauth2-server - */ use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\Exception\OAuthServerException; @@ -18,58 +11,64 @@ use OAuth2ServerExamples\Repositories\UserRepository; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Slim\App; -use Zend\Diactoros\Stream; include __DIR__ . '/../vendor/autoload.php'; $app = new App([ - 'settings' => [ - 'displayErrorDetails' => true, - ], + // Add the authorization server to the DI container AuthorizationServer::class => function () { - // Init our repositories - $clientRepository = new ClientRepository(); - $accessTokenRepository = new AccessTokenRepository(); - $scopeRepository = new ScopeRepository(); - $userRepository = new UserRepository(); - $refreshTokenRepository = new RefreshTokenRepository(); - - $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; - $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; // Setup the authorization server $server = new AuthorizationServer( - $clientRepository, - $accessTokenRepository, - $scopeRepository, - $privateKeyPath, - $publicKeyPath + new ClientRepository(), // instance of ClientRepositoryInterface + new AccessTokenRepository(), // instance of AccessTokenRepositoryInterface + new ScopeRepository(), // instance of ScopeRepositoryInterface + 'file://'.__DIR__.'/../private.key', // path to private key + 'file://'.__DIR__.'/../public.key' // path to public key ); + $grant = new PasswordGrant( + new UserRepository(), // instance of UserRepositoryInterface + new RefreshTokenRepository() // instance of RefreshTokenRepositoryInterface + ); + $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month + // Enable the password grant on the server with a token TTL of 1 hour $server->enableGrantType( - new PasswordGrant($userRepository, $refreshTokenRepository), - new \DateInterval('PT1H') + $grant, + new \DateInterval('PT1H') // access tokens will expire after 1 month ); return $server; }, ]); -$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { - /* @var \League\OAuth2\Server\AuthorizationServer $server */ - $server = $app->getContainer()->get(AuthorizationServer::class); +$app->post( + '/access_token', + function (ServerRequestInterface $request, ResponseInterface $response) use ($app) { - try { - return $server->respondToAccessTokenRequest($request, $response); - } catch (OAuthServerException $exception) { - return $exception->generateHttpResponse($response); - } catch (\Exception $exception) { - $body = new Stream('php://temp', 'r+'); - $body->write($exception->getMessage()); + /* @var \League\OAuth2\Server\AuthorizationServer $server */ + $server = $app->getContainer()->get(AuthorizationServer::class); - return $response->withStatus(500)->withBody($body); + try { + + // Try to respond to the access token request + return $server->respondToAccessTokenRequest($request, $response); + + } catch (OAuthServerException $exception) { + + // All instances of OAuthServerException can be converted to a PSR-7 response + return $exception->generateHttpResponse($response); + + } catch (\Exception $exception) { + + // Catch unexpected exceptions + $body = $response->getBody(); + $body->write($exception->getMessage()); + return $response->withStatus(500)->withBody($body); + + } } -}); +); $app->run();