diff --git a/_data/menu.yml b/_data/menu.yml index 1873b0e5..79982a65 100644 --- a/_data/menu.yml +++ b/_data/menu.yml @@ -18,8 +18,9 @@ Authorization Server: Resource Server: 'Securing your API': '/resource-server/securing-your-api/' Respository Interfaces: - 'Client Repository Interface': '/a' - 'Refresh Token Repository Interface': '/a' 'Scope Repository Interface': '/a' 'Auth Code Repository Interface': '/a' 'User Repository Interface': '/a' 'Access Token Repository Interface': '/access-token-repository-interface/' + 'Access Token Repository Interface': '/access-token-repository-interface/' + 'Client Repository Interface': '/client-repository-interface/' + 'Refresh Token Repository Interface': '/refresh-token-repository-interface/' diff --git a/repository-interface-access-token.md b/repository-interface-access-token.md new file mode 100644 index 00000000..64ab08fd --- /dev/null +++ b/repository-interface-access-token.md @@ -0,0 +1,29 @@ +--- +layout: default +title: AccessTokenRepositoryInterface documentation +permalink: /access-token-repository-interface/ +--- + +# Access Token Repository Interface + +## persistNewAccessToken() : void + +When a new access token is created this method will be called. You don't have to do anything here but for auditing you probably want to. + +The access token entity passed in has a number of methods you can call which contain data worth saving to a database: + +* `getIdentifier() : string` this is randomly generated unique identifier (of 80+ characters in length) for the access token. +* `getExpiryDateTime() : \DateTime` the expiry date and time of the access token. +* `getUserIdentifier() : string|null` the user identifier represented by the access token. +* `getScopes() : ScopeEntityInterface[]` an array of scope entities +* `getClient()->getIdentifier() : string` the identifier of the client who requested the access token. + +JWT access tokens contain an expiry date and so will be rejected automatically when used. You can safely clean up expired access tokens from your database. + +## revokeAccessToken() : void + +This method is called when a refresh token is used to reissue an access token. The original access token is revoked a new access token is issued. + +## isAccessTokenRevoked() : boolean + +This method is called when an access token is validated by the resource server middleware. Return `true` if the access token has been manually revoked before it expired. If the token is still valid return `false`. \ No newline at end of file diff --git a/repository-interface-client.md b/repository-interface-client.md new file mode 100644 index 00000000..6bb2290c --- /dev/null +++ b/repository-interface-client.md @@ -0,0 +1,19 @@ +--- +layout: default +title: ClientRepositoryInterface documentation +permalink: /client-repository-interface/ +--- + +# Client Repository Interface + +## getClientEntity() : ClientEntityInterface + +This method is called to validate a client's credentials. + +The client secret may or may not be provided depending on the request sent by the client. If the client secret is sent it must be validated. + +If the grant type is equal to `client_credentials` you should always validate the client secret. + +You can use the grant type to determine if the client is permitted to use the grant type. + +If the client's credentials are validated you should return an instance of `\League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface` \ No newline at end of file diff --git a/repository-interface-refresh-token.md b/repository-interface-refresh-token.md new file mode 100644 index 00000000..aee599be --- /dev/null +++ b/repository-interface-refresh-token.md @@ -0,0 +1,27 @@ +--- +layout: default +title: RefreshTokenRepositoryInterface documentation +permalink: /refresh-token-repository-interface/ +--- + +# Refresh Token Repository Interface + +## persistNewRefreshToken() : void + +When a new refresh token is created this method will be called. You don't have to do anything here but for auditing you might want to. + +The refresh token entity passed in has a number of methods you can call which contain data worth saving to a database: + +* `getIdentifier() : string` this is randomly generated unique identifier (of 80+ characters in length) for the refresh token. +* `getExpiryDateTime() : \DateTime` the expiry date and time of the access token. +* `getAccessToken()->getIdentifier() : string` the linked access token's identifier. + +JWT access tokens contain an expiry date and so will be rejected automatically when used. You can safely clean up expired access tokens from your database. + +## revokeRefreshToken() : void + +This method is called when a refresh token is used to reissue an access token. The original refresh token is revoked a new refresh token is issued. + +## isRefreshTokenRevoked() : boolean + +This method is called when an refresh token is used to issue a new access token. Return `true` if the refresh token has been manually revoked before it expired. If the token is still valid return `false`. \ No newline at end of file