Version bump

Signed-off-by: Alex Bilbie <alex@alexbilbie.com>

.gitattributes

@@ -0,0 +1,4 @@
+tests/ export-ignore
+phpunit.xml export-ignore
+build.xml export-ignore
+test export-ignore

.gitignore

@@ -2,4 +2,5 @@
 /composer.lock
 /docs/build/
 /build/logs/
-/build/coverage/
+/build/coverage/
+test

README.md

@@ -38,6 +38,10 @@ The resource server allows you to secure your API endpoints by checking for a va
 * Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
 * Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
 
+### Client support
+
+* Merge in https://github.com/philsturgeon/codeigniter-oauth2
+
 ---
 
 This code will be developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which has been funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.

composer.json

@@ -1,14 +1,15 @@
 {
-	"name": "lncd/Oauth2",
+	"name": "lncd/oauth2",
 	"description": "OAuth 2.0 Framework",
-	"version": "0.2.1",
+	"version": "0.3.1",
 	"homepage": "https://github.com/lncd/OAuth2",
 	"license": "MIT",
 	"require": {
-		"php": ">=5.3.0"
+		"php": ">=5.3.0",
+		"guzzle/guzzle": "*"
 	},
 	"require-dev": {
-		"EHER/PHPUnit": "*"
+		"phpunit/phpunit": "*"
 	},
 	"repositories": [
 		{
@@ -27,7 +28,7 @@
 	"authors": [
 		{
 			"name": "Alex Bilbie",
-			"email": "oauth2server@alexbilbie.com",
+			"email": "hello@alexbilbie.com",
 			"homepage": "http://www.httpster.org",
 			"role": "Developer"
 		}
@@ -36,5 +37,8 @@
 		"psr-0": {
 			"Oauth2": "src/"
 		}
+	},
+	"suggest": {
+		"lncd/oauth2-facebook": "Adds support for Facebook as an IDP"
 	}
 }

src/Oauth2/Authentication/Server.php

@@ -2,17 +2,17 @@
 
 namespace Oauth2\Authentication;
 
-class OAuthServerClientException extends \Exception
+class ClientException extends \Exception
 {
 
 }
 
-class OAuthServerUserException extends \Exception
+class UserException extends \Exception
 {
 
 }
 
-class OAuthServerException extends \Exception
+class ServerException extends \Exception
 {
 
 }
@@ -127,46 +127,57 @@ class Server
         // Client ID
         if ( ! isset($authParams['client_id']) && ! isset($_GET['client_id'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
 
         } else {
 
-            $params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_GET['client_id'];
+            $params['client_id'] = (isset($authParams['client_id'])) ?
+                                            $authParams['client_id'] : 
+                                            $_GET['client_id'];
 
         }
 
         // Redirect URI
         if ( ! isset($authParams['redirect_uri']) && ! isset($_GET['redirect_uri'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
 
         } else {
 
-            $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_GET['redirect_uri'];
+            $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
+                                                $authParams['redirect_uri'] :
+                                                $_GET['redirect_uri'];
 
         }
 
         // Validate client ID and redirect URI
-        $clientDetails = $this->_dbCall('validateClient', $params['client_id'], null, $params['redirect_uri']);
+        $clientDetails = $this->_dbCall(
+            'validateClient',
+            $params['client_id'],
+            null,
+            $params['redirect_uri']
+        );
 
         if ($clientDetails === false) {
 
-            throw new OAuthServerClientException($this->errors['invalid_client'], 8);
+            throw new ClientException($this->errors['invalid_client'], 8);
         }
 
         // Response type
         if ( ! isset($authParams['response_type']) && ! isset($_GET['response_type'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'response_type'), 0);
 
         } else {
 
-            $params['response_type'] = (isset($authParams['response_type'])) ? $authParams['response_type'] : $_GET['response_type'];
+            $params['response_type'] = (isset($authParams['response_type'])) ?
+                                                $authParams['response_type'] :
+                                                $_GET['response_type'];
 
             // Ensure response type is one that is recognised
             if ( ! in_array($params['response_type'], $this->_responseTypes)) {
 
-                throw new OAuthServerClientException($this->errors['unsupported_response_type'], 3);
+                throw new ClientException($this->errors['unsupported_response_type'], 3);
 
             }
         }
@@ -174,12 +185,15 @@ class Server
         // Get and validate scopes
         if (isset($authParams['scope']) || isset($_GET['scope'])) {
 
-            $scopes = (isset($_GET['scope'])) ? $_GET['scope'] : $authParams['scope'];
+            $scopes = (isset($_GET['scope'])) ?
+                                $_GET['scope'] :
+                                $authParams['scope'];
 
             $scopes = explode($this->_config['scope_delimeter'], $scopes);
 
             // Remove any junk scopes
             for ($i = 0; $i < count($scopes); $i++) {
+
                 $scopes[$i] = trim($scopes[$i]);
 
                 if ($scopes[$i] === '') {
@@ -189,18 +203,21 @@ class Server
 
             if (count($scopes) === 0) {
 
-                throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
+                throw new ClientException(sprintf($this->errors['invalid_request'], 'scope'), 0);
             }
 
             $params['scopes'] = array();
 
             foreach ($scopes as $scope) {
 
-                $scopeDetails = $this->_dbCall('getScope', $scope);
+                $scopeDetails = $this->_dbCall(
+                    'getScope',
+                    $scope
+                );
                 
                 if ($scopeDetails === false) {
 
-                    throw new OAuthServerClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
+                    throw new ClientException(sprintf($this->errors['invalid_scope'], $scope), 4);
 
                 }
 
@@ -223,7 +240,8 @@ class Server
     public function newAuthoriseRequest($type, $typeId, $authoriseParams)
     {
         // Remove any old sessions the user might have
-        $this->_dbCall('deleteSession',
+        $this->_dbCall(
+            'deleteSession',
             $authoriseParams['client_id'],
             $type,
             $typeId
@@ -272,7 +290,8 @@ class Server
         // new authorisation code otherwise create a new session
         if ($accessToken !== null) {
 
-            $this->_dbCall('updateSession',
+            $this->_dbCall(
+                'updateSession',
                 $clientId,
                 $type,
                 $typeId,
@@ -287,7 +306,8 @@ class Server
             $this->_dbCall('deleteSession', $clientId, $type, $typeId);
                
             // Create a new session     
-            $sessionId = $this->_dbCall('newSession',
+            $sessionId = $this->_dbCall(
+                'newSession',
                 $clientId,
                 $redirectUri,
                 $type,
@@ -301,7 +321,11 @@ class Server
             // Add the scopes
             foreach ($scopes as $key => $scope) {
 
-                $this->_dbCall('addSessionScope', $sessionId, $scope['scope']);
+                $this->_dbCall(
+                    'addSessionScope',
+                    $sessionId,
+                    $scope['scope']
+                );
 
             }
 
@@ -325,16 +349,18 @@ class Server
 
         if ( ! isset($authParams['grant_type']) && ! isset($_POST['grant_type'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'grant_type'), 0);
 
         } else {
 
-            $params['grant_type'] = (isset($authParams['grant_type'])) ? $authParams['grant_type'] : $_POST['grant_type'];
+            $params['grant_type'] = (isset($authParams['grant_type'])) ?
+                                                $authParams['grant_type'] :
+                                                $_POST['grant_type'];
 
             // Ensure grant type is one that is recognised
             if ( ! in_array($params['grant_type'], $this->_grantTypes)) {
 
-                throw new OAuthServerClientException($this->errors['unsupported_grant_type'], 7);
+                throw new ClientException($this->errors['unsupported_grant_type'], 7);
 
             }
         }
@@ -350,7 +376,7 @@ class Server
             case 'password': // Resource owner password credentials grant
             case 'client_credentials': // Client credentials grant
             default: // Unsupported
-                throw new OAuthServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
+                throw new ServerException($this->errors['server_error'] . 'Tried to process an unsuppported grant type.', 5);
                 break;
         }
     }
@@ -370,38 +396,45 @@ class Server
         // Client ID
         if ( ! isset($authParams['client_id']) && ! isset($_POST['client_id'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_id'), 0);
 
         } else {
 
-            $params['client_id'] = (isset($authParams['client_id'])) ? $authParams['client_id'] : $_POST['client_id'];
+            $params['client_id'] = (isset($authParams['client_id'])) ?
+                                            $authParams['client_id'] :
+                                            $_POST['client_id'];
 
         }
 
         // Client secret
         if ( ! isset($authParams['client_secret']) && ! isset($_POST['client_secret'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'client_secret'), 0);
 
         } else {
 
-            $params['client_secret'] = (isset($authParams['client_secret'])) ? $authParams['client_secret'] : $_POST['client_secret'];
+            $params['client_secret'] = (isset($authParams['client_secret'])) ?
+                                                $authParams['client_secret'] :
+                                                $_POST['client_secret'];
 
         }
 
         // Redirect URI
         if ( ! isset($authParams['redirect_uri']) && ! isset($_POST['redirect_uri'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'redirect_uri'), 0);
 
         } else {
 
-            $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ? $authParams['redirect_uri'] : $_POST['redirect_uri'];
+            $params['redirect_uri'] = (isset($authParams['redirect_uri'])) ?
+                                                $authParams['redirect_uri'] :
+                                                $_POST['redirect_uri'];
 
         }
 
         // Validate client ID and redirect URI
-        $clientDetails = $this->_dbCall('validateClient',
+        $clientDetails = $this->_dbCall(
+            'validateClient',
             $params['client_id'],
             $params['client_secret'], 
             $params['redirect_uri']
@@ -409,23 +442,26 @@ class Server
 
         if ($clientDetails === false) {
 
-            throw new OAuthServerClientException($this->errors['invalid_client'], 8);
+            throw new ClientException($this->errors['invalid_client'], 8);
         }
 
         // The authorization code
         if ( ! isset($authParams['code']) && ! isset($_POST['code'])) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
+            throw new ClientException(sprintf($this->errors['invalid_request'], 'code'), 0);
 
         } else {
 
-            $params['code'] = (isset($authParams['code'])) ? $authParams['code'] : $_POST['code'];
+            $params['code'] = (isset($authParams['code'])) ?
+                                        $authParams['code'] :
+                                        $_POST['code'];
 
         }
 
         // Verify the authorization code matches the client_id and the
         //  request_uri
-        $session = $this->_dbCall('validateAuthCode',
+        $session = $this->_dbCall(
+            'validateAuthCode',
             $params['client_id'],
             $params['redirect_uri'],
             $params['code']
@@ -433,7 +469,7 @@ class Server
 
         if ( ! $session) {
 
-            throw new OAuthServerClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
+            throw new ClientException(sprintf($this->errors['invalid_grant'], 'code'), 9);
         
         } else {
 
@@ -442,9 +478,12 @@ class Server
 
             $accessToken = $this->generateCode();
 
-            $accessTokenExpires = ($this->_config['access_token_ttl'] === null) ? null : time() + $this->_config['access_token_ttl'];
+            $accessTokenExpires = ($this->_config['access_token_ttl'] === null) ?
+                                    null :
+                                    time() + $this->_config['access_token_ttl'];
 
-            $this->_dbCall('updateSession',
+            $this->_dbCall(
+                'updateSession',
                 $session['id'],
                 null,
                 $accessToken,
@@ -453,7 +492,8 @@ class Server
             );
 
             // Update the session's scopes to reference the access token
-            $this->_dbCall('updateSessionScopeAccessToken',
+            $this->_dbCall(
+                'updateSessionScopeAccessToken',
                 $session['id'],
                 $accessToken
             );
@@ -500,11 +540,11 @@ class Server
     private function _dbCall()
     {
         if ($this->_db === null) {
-            throw new OAuthServerException('No registered database abstractor');
+            throw new ServerException('No registered database abstractor');
         }
 
         if ( ! $this->_db instanceof Database) {
-            throw new OAuthServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
+            throw new ServerException('Registered database abstractor is not an instance of Oauth2\Authentication\Database');
         }
 
         $args = func_get_args();

src/Oauth2/Client/IDP.php

@@ -0,0 +1,230 @@
+<?php
+
+namespace OAuth2\Client;
+
+use Guzzle\Service\Client as GuzzleClient;
+
+class IDPException extends \Exception
+{
+    protected $result;
+
+    public function __construct($result)
+    {
+        $this->result = $result;
+
+        $code = isset($result['code']) ? $result['code'] : 0;
+
+        if (isset($result['error'])) {
+
+            // OAuth 2.0 Draft 10 style
+            $message = $result['error'];
+
+        } elseif (isset($result['message'])) {
+
+            // cURL style
+            $message = $result['message'];
+
+        } else {
+
+            $message = 'Unknown Error.';
+
+        }
+
+        parent::__construct($message['message'], $message['code']);
+    }
+
+    public function getType()
+    {
+        if (isset($this->result['error'])) {
+
+            $message = $this->result['error'];
+
+            if (is_string($message)) {
+                // OAuth 2.0 Draft 10 style
+                return $message;
+            }
+        }
+
+        return 'Exception';
+    }
+
+    /**
+     * To make debugging easier.
+     *
+     * @returns
+     *   The string representation of the error.
+     */
+    public function __toString()
+    {
+        $str = $this->getType() . ': ';
+
+        if ($this->code != 0) {
+            $str .= $this->code . ': ';
+        }
+
+        return $str . $this->message;
+    }
+
+}
+
+abstract class IDP {
+
+    public $clientId = '';
+
+    public $clientSecret = '';
+
+    public $redirectUri = '';
+
+    public $name;
+
+    public $uidKey = 'uid';
+
+    public $scopes = array();
+
+    public $method = 'post';
+
+    public $scopeSeperator = ',';
+
+    public $responseType = 'json';
+
+    public function __construct($options)
+    {
+        foreach ($options as $option => $value) {
+            if (isset($this->{$option})) {
+                $this->{$option} = $value;
+            }
+        }
+    }
+
+    abstract public function urlAuthorize();
+
+    abstract public function urlAccessToken();
+
+    abstract public function urlUserDetails(\Oauth2\Client\Token\Access $token);
+
+    abstract public function userDetails($response, \Oauth2\Client\Token\Access $token);
+
+    public function authorize($options = array())
+    {
+        $state = md5(uniqid(rand(), TRUE));
+        setcookie($this->name.'_authorize_state', $state);
+
+        $params = array(
+            'client_id'         => $this->clientId,
+            'redirect_uri'      => $this->redirectUri,
+            'state'             => $state,
+            'scope'             => is_array($this->scope) ? implode($this->scopeSeperator, $this->scope) : $this->scope,
+            'response_type'     => isset($options['response_type']) ? $options['response_type'] : 'code',
+            'approval_prompt'   => 'force' // - google force-recheck
+        );
+
+        header('Location: ' . $this->urlAuthorize().'?'.http_build_query($params));
+        exit;
+    }
+
+    public function getAccessToken($code = NULL, $options = array())
+    {
+        if ($code === NULL) {
+            throw new \BadMethodCallException('Missing authorization code');
+        }
+
+        $params = array(
+            'client_id'     => $this->clientId,
+            'client_secret' => $this->clientSecret,
+            'grant_type'    => isset($options['grantType']) ? $options['grantType'] : 'authorization_code',
+        );
+
+        switch ($params['grant_type']) {
+
+            case 'authorization_code':
+                $params['code'] = $code;
+                $params['redirect_uri'] = isset($options['redirectUri']) ? $options['redirectUri'] : $this->redirectUri;
+            break;
+
+            case 'refresh_token':
+                $params['refresh_token'] = $code;
+            break;
+
+        }
+
+        try {
+
+            switch ($this->method) {
+
+                case 'get':
+
+                    $client = new GuzzleClient($this->urlAccessToken() . '?' . http_build_query($params));
+                    $request = $client->send();
+                    $response = $request->getBody();
+
+                    break;
+
+                case 'post':
+
+                    $client = new GuzzleClient($this->urlAccessToken());
+                    $request = $client->post(null, null, $params)->send();
+                    $response = $request->getBody();
+
+                    break;
+
+            }
+
+        }
+
+        catch (\Guzzle\Http\Exception\BadResponseException $e)
+        {
+            $raw_response = explode("\n", $e->getResponse());
+            $response = end($raw_response);
+        }
+
+        switch ($this->responseType) {
+
+            case 'json':
+                $result = json_decode($response, true);
+            break;
+
+            case 'string':
+                parse_str($response, $result);
+            break;
+
+        }
+
+        if (isset($result['error']) && ! empty($result['error'])) {
+
+            throw new \Oauth2\Client\IDPException($result);
+
+        }
+
+        switch ($params['grant_type']) {
+
+            case 'authorization_code':
+                return \Oauth2\Client\Token::factory('access', $result);
+            break;
+
+            case 'refresh_token':
+                return \Oauth2\Client\Token::factory('refresh', $result);
+            break;
+
+        }
+    }
+
+    public function getUserDetails(\Oauth2\Client\Token\Access $token)
+    {
+        $url = $this->urlUserDetails($token);
+
+        try {
+            $client = new GuzzleClient($url);
+            $request = $client->get()->send();
+            $response = $request->getBody();
+
+            return $this->userDetails(json_decode($response), $token);
+        }
+
+        catch (\Guzzle\Http\Exception\BadResponseException $e)
+        {
+            $raw_response = explode("\n", $e->getResponse());
+            throw new \Oauth2\Client\IDPException(end($raw_response));
+        }
+    }
+
+}

src/Oauth2/Client/Provider.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace OAuth2\Client;
+
+class Provider
+{
+	private function __constuct() {}
+
+	public static function factory($name, array $options = null)
+	{
+		if ( ! class_exists($name)) {
+
+			throw new OAuth2\Client\Exception('There is no identity provider called: '.$name);
+
+		}
+
+		return new $name($options);
+	}
+}

src/Oauth2/Client/Provider/Blooie.php

@@ -0,0 +1,42 @@
+<?php
+
+class Blooie extends Oauth2\Client\IDP
+{  
+	public $scope = array('user.profile', 'user.picture');
+
+	public $method = 'POST';
+
+	public function urlAuthorize()
+	{
+		return 'https://bloo.ie/oauth';	
+	}
+
+	public function urlAccessToken()
+	{
+		return 'https://bloo.ie/oauth/access_token';
+	}
+
+	public function getUserInfo(Oauth2\Token\Access $token)
+	{
+		$url = 'https://graph.facebook.com/me?'.http_build_query(array(
+			'access_token' => $token->access_token,
+		));
+
+		$user = json_decode(file_get_contents($url));
+
+		return array(
+			'uid' => $user->id,
+			'nickname' => $user->username,
+			'name' => $user->name,
+			'first_name' => $user->first_name,
+			'last_name' => $user->last_name,
+			'email' => isset($user->email) ? $user->email : null,
+			'location' => isset($user->hometown->name) ? $user->hometown->name : null,
+			'description' => isset($user->bio) ? $user->bio : null,
+			'image' => 'https://graph.facebook.com/me/picture?type=normal&access_token='.$token->access_token,
+			'urls' => array(
+			  'Facebook' => $user->link,
+			),
+		);
+	}
+}

src/Oauth2/Client/Provider/Facebook.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * Facebook OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class Facebook extends Oauth2\Client\IDP
+{
+	protected $scope = array('offline_access', 'email', 'read_stream');
+
+	public function urlAuthorize()
+	{
+		return 'https://www.facebook.com/dialog/oauth';
+	}
+
+	public function urlAccessToken()
+	{
+		return 'https://graph.facebook.com/oauth/access_token';
+	}
+
+	public function getUserInfo(Oauth2\Token\Access $token)
+	{
+		$url = 'https://graph.facebook.com/me?'.http_build_query(array(
+			'access_token' => $token->access_token,
+		));
+
+		$user = json_decode(file_get_contents($url));
+
+		return array(
+			'uid' => $user->id,
+			'nickname' => isset($user->username) ? $user->username : null,
+			'name' => $user->name,
+			'first_name' => $user->first_name,
+			'last_name' => $user->last_name,
+			'email' => isset($user->email) ? $user->email : null,
+			'location' => isset($user->hometown->name) ? $user->hometown->name : null,
+			'description' => isset($user->bio) ? $user->bio : null,
+			'image' => 'https://graph.facebook.com/me/picture?type=normal&access_token='.$token->access_token,
+			'urls' => array(
+			  'Facebook' => $user->link,
+			),
+		);
+	}
+}

src/Oauth2/Client/Provider/Foursquare.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * Foursquare OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class Foursquare extends Oauth2\Client\IDP
+{  
+	public $method = 'POST';
+
+	public function urlAuthorize()
+	{
+		return 'https://foursquare.com/oauth2/authenticate';
+	}
+
+	public function urlAccessToken()
+	{
+		return 'https://foursquare.com/oauth2/access_token';
+	}
+
+	public function getUserInfo(Oauth2\Token\Access $token)
+	{
+		$url = 'https://api.foursquare.com/v2/users/self?'.http_build_query(array(
+			'oauth_token' => $token->access_token,
+		));
+
+		$response = json_decode(file_get_contents($url));
+
+		$user = $response->response->user;
+
+		// Create a response from the request
+		return array(
+			'uid' => $user->id,
+			'name' => sprintf('%s %s', $user->firstName, $user->lastName),
+			'email' => $user->contact->email,
+			'image' => $user->photo,
+			'location' => $user->homeCity,
+		);
+	}
+}

src/Oauth2/Client/Provider/Github.php

@@ -0,0 +1,43 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * GitHub OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Github extends Oauth2\Client\IDP
+{
+	public function urlAuthorize()
+	{
+		return 'https://github.com/login/oauth/authorize';
+	}
+
+	public function urlAccessToken()
+	{
+		return 'https://github.com/login/oauth/access_token';
+	}
+
+	public function getUserInfo(Oauth\Token\Access $token)
+	{
+		$url = 'https://api.github.com/user?'.http_build_query(array(
+			'access_token' => $token->access_token,
+		));
+
+		$user = json_decode(file_get_contents($url));
+
+		return array(
+			'uid' => $user->id,
+			'nickname' => $user->login,
+			'name' => $user->name,
+			'email' => $user->email,
+			'urls' => array(
+			  'GitHub' => 'http://github.com/'.$user->login,
+			  'Blog' => $user->blog,
+			),
+		);
+	}
+}

src/Oauth2/Client/Provider/Google.php

@@ -0,0 +1,84 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Google OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Google extends OAuth2_Provider
+{
+	/**
+	 * @var  string  the method to use when requesting tokens
+	 */
+	public $method = 'POST';
+
+	/**
+	 * @var  string  scope separator, most use "," but some like Google are spaces
+	 */
+	public $scope_seperator = ' ';
+
+	public function url_authorize()
+	{
+		return 'https://accounts.google.com/o/oauth2/auth';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://accounts.google.com/o/oauth2/token';
+	}
+
+	public function __construct(array $options = array())
+	{
+		// Now make sure we have the default scope to get user data
+		empty($options['scope']) and $options['scope'] = array(
+			'https://www.googleapis.com/auth/userinfo.profile', 
+			'https://www.googleapis.com/auth/userinfo.email'
+		);
+	
+		// Array it if its string
+		$options['scope'] = (array) $options['scope'];
+		
+		parent::__construct($options);
+	}
+
+	/*
+	* Get access to the API
+	*
+	* @param	string	The access code
+	* @return	object	Success or failure along with the response details
+	*/	
+	public function access($code, $options = array())
+	{
+		if ($code === null)
+		{
+			throw new OAuth2_Exception(array('message' => 'Expected Authorization Code from '.ucfirst($this->name).' is missing'));
+		}
+
+		return parent::access($code, $options);
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$url = 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json&'.http_build_query(array(
+			'access_token' => $token->access_token,
+		));
+		
+		$user = json_decode(file_get_contents($url), true);
+		return array(
+			'uid' => $user['id'],
+			'nickname' => url_title($user['name'], '_', true),
+			'name' => $user['name'],
+			'first_name' => $user['given_name'],
+			'last_name' => $user['family_name'],
+			'email' => $user['email'],
+			'location' => null,
+			'image' => (isset($user['picture'])) ? $user['picture'] : null,
+			'description' => null,
+			'urls' => array(),
+		);
+	}
+}

src/Oauth2/Client/Provider/Instagram.php

@@ -0,0 +1,48 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Instagram OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Instagram extends OAuth2_Provider
+{
+	/**
+	 * @var  string  scope separator, most use "," but some like Google are spaces
+	 */
+	public $scope_seperator = '+';
+
+	/**
+	 * @var  string  the method to use when requesting tokens
+	 */
+	public $method = 'POST';
+
+	public function url_authorize()
+	{
+		return 'https://api.instagram.com/oauth/authorize';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://api.instagram.com/oauth/access_token';
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$user = $token->user;
+
+		return array(
+			'uid' => $user->id,
+			'nickname' => $user->username,
+			'name' => $user->full_name,
+			'image' => $user->profile_picture,
+			'urls' => array(
+			  'website' => $user->website,
+			),
+		);
+	}
+}

src/Oauth2/Client/Provider/Mailchimp.php

@@ -0,0 +1,36 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Mailchimp OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Mailchimp extends OAuth2_Provider
+{
+	/**
+	 * @var  string  the method to use when requesting tokens
+	 */
+	protected $method = 'POST';
+
+	public function url_authorize()
+	{
+		return 'https://login.mailchimp.com/oauth2/authorize';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://login.mailchimp.com/oauth2/token';
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		// Create a response from the request
+		return array(
+			'uid' => $token->access_token,
+		);
+	}
+}

src/Oauth2/Client/Provider/Mailru.php

@@ -0,0 +1,73 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Mailru OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Lavr Lyndin
+ */
+
+class OAuth2_Provider_Mailru extends OAuth2_Provider
+{
+	public $method = 'POST';
+
+	public function url_authorize()
+	{
+		return 'https://connect.mail.ru/oauth/authorize';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://connect.mail.ru/oauth/token';
+	}
+	
+	protected function sign_server_server(array $request_params, $secret_key)
+	{
+		ksort($request_params);
+		$params = '';
+		foreach ($request_params as $key => $value) {
+			$params .= "$key=$value";
+		}
+		return md5($params . $secret_key);
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$request_params = array(
+			'app_id' => $this->client_id,
+			'method' => 'users.getInfo',
+			'uids' => $token->uid,
+			'access_token' => $token->access_token,
+			'secure' => 1
+		);
+		
+		$sig = $this->sign_server_server($request_params,$this->client_secret);
+		$url = 'http://www.appsmail.ru/platform/api?'.http_build_query($request_params).'&sig='.$sig;
+
+		$user = json_decode(file_get_contents($url));
+
+		return array(
+			'uid' => $user[0]->uid,
+			'nickname' => $user[0]->nick,
+			'name' => $user[0]->first_name.' '.$user[0]->last_name,
+			'first_name' => $user[0]->first_name,
+			'last_name' => $user[0]->last_name,
+			'email' => isset($user[0]->email) ? $user[0]->email : null,
+			'image' => isset($user[0]->pic_big) ? $user[0]->pic_big : null,
+		);
+	}
+	
+	public function authorize($options = array())
+	{
+		$state = md5(uniqid(rand(), TRUE));
+		get_instance()->session->set_userdata('state', $state);
+
+		$params = array(
+			'client_id' 		=> $this->client_id,
+			'redirect_uri' 		=> isset($options['redirect_uri']) ? $options['redirect_uri'] : $this->redirect_uri,
+			'response_type' 	=> 'code',
+		);
+
+		redirect($this->url_authorize().'?'.http_build_query($params));
+	}
+}

src/Oauth2/Client/Provider/Paypal.php

@@ -0,0 +1,59 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * PayPal OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Paypal extends OAuth2_Provider
+{
+    /**
+     * @var  string  default scope (useful if a scope is required for user info)
+     */
+    protected $scope = array('https://identity.x.com/xidentity/resources/profile/me');
+
+    /**
+     * @var  string  the method to use when requesting tokens
+     */
+    protected $method = 'POST';
+
+    public function url_authorize()
+    {
+        return 'https://identity.x.com/xidentity/resources/authorize';
+    }
+
+    public function url_access_token()
+    {
+        return 'https://identity.x.com/xidentity/oauthtokenservice';
+    }
+
+    public function get_user_info(OAuth2_Token_Access $token)
+    {
+        $url = 'https://identity.x.com/xidentity/resources/profile/me?' . http_build_query(array(
+            'oauth_token' => $token->access_token
+        ));
+
+        $user = json_decode(file_get_contents($url));
+		$user = $user->identity;
+
+		return array(
+            'uid' => $user['userId'],
+            'nickname' => url_title($user['fullName'], '_', true),
+            'name' => $user['fullName'],
+            'first_name' => $user['firstName'],
+            'last_name' => $user['lastName'],
+            'email' => $user['emails'][0],
+            'location' => $user->addresses[0],
+            'image' => null,
+            'description' => null,
+            'urls' => array(
+				'PayPal' => null
+			)
+        );
+    }
+
+}

src/Oauth2/Client/Provider/Soundcloud.php

@@ -0,0 +1,51 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Soundcloud OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Soundcloud extends OAuth2_Provider
+{	
+	/**
+	 * @var  string  the method to use when requesting tokens
+	 */
+	protected $method = 'POST';
+
+	public function url_authorize()
+	{
+		return 'https://soundcloud.com/connect';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://api.soundcloud.com/oauth2/token';
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$url = 'https://api.soundcloud.com/me.json?'.http_build_query(array(
+			'oauth_token' => $token->access_token,
+		));
+
+		$user = json_decode(file_get_contents($url));
+
+		// Create a response from the request
+		return array(
+			'uid' => $user->id,
+			'nickname' => $user->username,
+			'name' => $user->full_name,
+			'location' => $user->country.' ,'.$user->country,
+			'description' => $user->description,
+			'image' => $user->avatar_url,
+			'urls' => array(
+				'MySpace' => $user->myspace_name,
+				'Website' => $user->website,
+			),
+		);
+	}
+}

src/Oauth2/Client/Provider/Vkontakte.php

@@ -0,0 +1,54 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Vkontakte OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Lavr Lyndin
+ */
+
+class OAuth2_Provider_Vkontakte extends OAuth2_Provider
+{
+	protected $method = 'POST';
+	public $uid_key = 'user_id';
+
+	public function url_authorize()
+	{
+		return 'http://oauth.vk.com/authorize';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://oauth.vk.com/access_token';
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$scope = array('nickname', 'screen_name','photo_big');
+		$url = 'https://api.vk.com/method/users.get?'.http_build_query(array(
+			'uids' => $token->uid,
+			'fields' => implode(",",$scope),
+			'access_token' => $token->access_token,
+		));
+
+		$user = json_decode(file_get_contents($url))->response;
+
+		if(sizeof($user)==0)
+			return null;
+		else
+			$user = $user[0];
+
+		return array(
+			'uid' => $user->uid,
+			'nickname' => isset($user->nickname) ? $user->nickname : null,
+			'name' => isset($user->name) ? $user->name : null,
+			'first_name' => isset($user->first_name) ? $user->first_name : null,
+			'last_name' => isset($user->last_name) ? $user->last_name : null,
+			'email' => null,
+			'location' => null,
+			'description' => null,
+			'image' => isset($user->photo_big) ? $user->photo_big : null,
+			'urls' => array(),
+		);
+	}
+}

src/Oauth2/Client/Provider/Windowslive.php

@@ -0,0 +1,60 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Windows Live OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2012 HappyNinjas Ltd
+ * @license    http://philsturgeon.co.uk/code/dbad-license
+ */
+
+class OAuth2_Provider_Windowslive extends OAuth2_Provider
+{	
+	protected $scope = array('wl.basic', 'wl.emails');
+	
+	/**
+	 * @var  string  the method to use when requesting tokens
+	 */
+	protected $method = 'POST';
+	
+	// authorise url
+	public function url_authorize()
+	{
+		return 'https://oauth.live.com/authorize';
+	}
+	
+	// access token url
+	public function url_access_token()
+	{
+		return 'https://oauth.live.com/token';
+	}
+	
+	// get basic user information
+	/********************************
+	** this can be extended through the 
+	** use of scopes, check out the document at
+	** http://msdn.microsoft.com/en-gb/library/hh243648.aspx#user
+	*********************************/
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		// define the get user information token
+		$url = 'https://apis.live.net/v5.0/me?'.http_build_query(array(
+			'access_token' => $token->access_token,
+		));
+		
+		// perform network request
+		$user = json_decode(file_get_contents($url));
+
+		// create a response from the request and return it
+		return array(
+			'uid' 		=> $user->id,
+			'name' 		=> $user->name,
+			'nickname' 	=> url_title($user->name, '_', true),
+//			'location' 	=> $user[''], # scope wl.postal_addresses is required
+										  # but won't be implemented by default
+			'locale' 	=> $user->locale,
+			'urls' 		=> array('Windows Live' => $user->link),
+		);
+	}
+}

src/Oauth2/Client/Provider/Yandex.php

@@ -0,0 +1,115 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * Yandex OAuth2 Provider
+ *
+ * @package    CodeIgniter/OAuth2
+ * @category   Provider
+ * @author     Lavr Lyndin
+ */
+
+class OAuth2_Provider_Yandex extends OAuth2_Provider
+{
+	public $method = 'POST';
+	
+	public function url_authorize()
+	{
+		return 'https://oauth.yandex.ru/authorize';
+	}
+
+	public function url_access_token()
+	{
+		return 'https://oauth.yandex.ru/token';
+	}
+
+	public function get_user_info(OAuth2_Token_Access $token)
+	{
+		$opts = array(
+			'http' => array(
+				'method' => 'GET',
+				'header' => 'Authorization: OAuth '.$token->access_token
+			)
+		);
+		$_default_opts = stream_context_get_params(stream_context_get_default());
+		
+		$opts = array_merge_recursive($_default_opts['options'], $opts);
+		$context = stream_context_create($opts);
+		$url = 'http://api-yaru.yandex.ru/me/?format=json';
+
+		$user = json_decode(file_get_contents($url,false,$context));
+
+		preg_match("/\d+$/",$user->id,$uid);
+		
+		return array(
+			'uid' => $uid[0],
+			'nickname' => isset($user->name) ? $user->name : null,
+			'name' => isset($user->name) ? $user->name : null,
+			'first_name' => isset($user->first_name) ? $user->first_name : null,
+			'last_name' => isset($user->last_name) ? $user->last_name : null,
+			'email' => isset($user->email) ? $user->email : null,
+			'location' => isset($user->hometown->name) ? $user->hometown->name : null,
+			'description' => isset($user->bio) ? $user->bio : null,
+			'image' => $user->links->userpic,
+		);
+	}
+	
+	public function access($code, $options = array())
+	{
+		$params = array(
+			'client_id' 	=> $this->client_id,
+			'client_secret' => $this->client_secret,
+			'grant_type' 	=> isset($options['grant_type']) ? $options['grant_type'] : 'authorization_code',
+		);
+
+		switch ($params['grant_type'])
+		{
+			case 'authorization_code':
+				$params['code'] = $code;
+				$params['redirect_uri'] = isset($options['redirect_uri']) ? $options['redirect_uri'] : $this->redirect_uri;
+			break;
+
+			case 'refresh_token':
+				$params['refresh_token'] = $code;
+			break;
+		}
+
+		$response = null;	
+		$url = $this->url_access_token();
+
+		$curl = curl_init($url);
+
+		$headers[] = 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8;';
+		curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
+
+//		curl_setopt($curl, CURLOPT_USERAGENT, 'yamolib-php');
+		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);
+		curl_setopt($curl, CURLOPT_TIMEOUT, 80);
+		curl_setopt($curl, CURLOPT_POST, true);
+		curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($params));
+		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
+		//        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
+		//        curl_setopt($curl, CURLOPT_CAINFO, dirname(__FILE__) . '/../data/ca-certificate.crt');
+
+		$response = curl_exec($curl);
+		curl_close($curl);
+
+		$return = json_decode($response, true);
+
+		if ( ! empty($return['error']))
+		{
+			throw new OAuth2_Exception($return);
+		}
+
+		switch ($params['grant_type'])
+		{
+			case 'authorization_code':
+				return OAuth2_Token::factory('access', $return);
+			break;
+
+			case 'refresh_token':
+				return OAuth2_Token::factory('refresh', $return);
+			break;
+		}
+	}
+
+}

src/Oauth2/Client/Token.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Oauth2\Client;
+
+abstract class Token
+{
+
+	/**
+	 * Create a new token object.
+	 *
+	 * @param   string  token type
+	 * @param   array   token options
+	 * @return  Token
+	 */
+	public static function factory($name = 'access', array $options = null)
+	{
+		include_once 'Token/'.ucfirst(strtolower($name)).'.php';
+
+		$class = 'Oauth2\Client\Token\\'.ucfirst($name);
+
+		return new $class($options);
+	}
+
+	/**
+	 * Return the value of any protected class variable.
+	 *
+	 * @param   string  variable name
+	 * @return  mixed
+	 */
+	public function __get($key)
+	{
+		return $this->$key;
+	}
+
+	/**
+	 * Return a boolean if the property is set
+	 *
+	 * @param   string  variable name
+	 * @return  bool
+	 */
+	public function __isset($key)
+	{
+		return isset($this->$key);
+	}
+
+} // End Token

src/Oauth2/Client/Token/Access.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace Oauth2\Client\Token;
+
+/**
+ * OAuth2 Token
+ *
+ * @package    OAuth2
+ * @category   Token
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2011 HappyNinjas Ltd
+ */
+
+class Access extends \Oauth2\Client\Token
+{
+	/**
+	 * @var  string  accessToken
+	 */
+	protected $accessToken;
+
+	/**
+	 * @var  int  expires
+	 */
+	protected $expires;
+
+	/**
+	 * @var  string  refreshToken
+	 */
+	protected $refreshToken;
+
+	/**
+	 * @var  string  uid
+	 */
+	protected $uid;
+
+	/**
+	 * Sets the token, expiry, etc values.
+	 *
+	 * @param   array   token options
+	 * @return  void
+	 */
+	public function __construct(array $options = null)
+	{
+		if ( ! isset($options['access_token'])) {
+			throw new \BadMethodCallException('Required option not passed: access_token'.PHP_EOL.print_r($options, true));
+		}
+
+		$this->accessToken = $options['access_token'];
+
+		// Some providers (not many) give the uid here, so lets take it
+		isset($options['uid']) and $this->uid = $options['uid'];
+
+		//Vkontakte uses user_id instead of uid
+		isset($options['user_id']) and $this->uid = $options['user_id'];
+
+		//Mailru uses x_mailru_vid instead of uid
+		isset($options['x_mailru_vid']) and $this->uid = $options['x_mailru_vid'];
+
+		// We need to know when the token expires, add num. seconds to current time
+		isset($options['expires_in']) and $this->expires = time() + ((int) $options['expires_in']);
+
+		// Facebook is just being a spec ignoring jerk
+		isset($options['expires']) and $this->expires = time() + ((int) $options['expires']);
+
+		// Grab a refresh token so we can update access tokens when they expires
+		isset($options['refresh_token']) and $this->refreshToken = $options['refresh_token'];
+	}
+
+	/**
+	 * Returns the token key.
+	 *
+	 * @return  string
+	 */
+	public function __toString()
+	{
+		return (string) $this->accessToken;
+	}
+
+}

src/Oauth2/Client/Token/Authorize.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * OAuth2 Token
+ *
+ * @package    OAuth2
+ * @category   Token
+ * @author     Phil Sturgeon
+ * @copyright  (c) 2011 HappyNinjas Ltd
+ */
+
+class Authorize extends \Oauth2\Client\Token
+{
+	/**
+	 * @var  string  code
+	 */
+	protected $code;
+
+	/**
+	 * @var  string  redirect_uri
+	 */
+	protected $redirectUri;
+
+	/**
+	 * Sets the token, expiry, etc values.
+	 *
+	 * @param   array   token options
+	 * @return  void
+	 */
+	public function __construct(array $options)
+	{
+		if ( ! isset($options['code'])) {
+
+            throw new Exception('Required option not passed: code');
+
+        } elseif ( ! isset($options['redirect_uri'])) {
+
+            throw new Exception('Required option not passed: redirect_uri');
+
+        }
+
+		$this->code = $options['code'];
+		$this->redirectUri = $options['redirect_uri'];
+	}
+
+	/**
+	 * Returns the token key.
+	 *
+	 * @return  string
+	 */
+	public function __toString()
+	{
+		return (string) $this->code;
+	}
+
+}

src/Oauth2/Resource/Server.php

@@ -2,7 +2,12 @@
 
 namespace Oauth2\Resource;
 
-class OAuthResourceServerException extends \Exception
+class ServerException extends \Exception
+{
+
+}
+
+class ClientException extends \Exception
 {
 
 }
@@ -49,19 +54,21 @@ class Server
 
     /**
      * Error codes.
-     * 
+     *
      * To provide i8ln errors just overwrite the keys
-     * 
+     *
      * @var array
      */
     public $errors = array(
         'missing_access_token'  =>  'An access token was not presented with the request',
-        'invalid_access_token'  =>  'The access token is not registered with the resource server'
+        'invalid_access_token'  =>  'The access token is not registered with the resource server',
+        'missing_access_token_details'  =>  'The registered database abstractor did not return a valid access token details response',
+        'invalid_access_token_scopes'   =>  'The registered database abstractor did not return a valid access token scopes response',
     );
 
     /**
      * Constructor
-     * 
+     *
      * @access public
      * @return void
      */
@@ -85,7 +92,7 @@ class Server
             if ($this->_type === strtolower(substr($method, 2))) {
                 return $this->_typeId;
             }
-            
+
             return false;
         }
 
@@ -94,7 +101,7 @@ class Server
 
     /**
      * Register a database abstrator class
-     * 
+     *
      * @access public
      * @param  object $db A class that implements OAuth2ServerDatabase
      * @return void
@@ -103,10 +110,10 @@ class Server
     {
         $this->_db = $db;
     }
-    
+
     /**
      * Init function
-     * 
+     *
      * @access public
      * @return void
      */
@@ -114,18 +121,23 @@ class Server
     {
         $accessToken = null;
 
-        
-        $_SERVER['REQUEST_METHOD'] = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : null;
+        $_SERVER['REQUEST_METHOD'] = isset($_SERVER['REQUEST_METHOD']) ?
+                                                $_SERVER['REQUEST_METHOD'] :
+                                                null;
 
         // Try and get the access token via an access_token or oauth_token parameter
         switch ($_SERVER['REQUEST_METHOD'])
-        {           
+        {
             case 'POST':
-                $accessToken = isset($_POST[$this->_config['token_key']]) ? $_POST[$this->_config['token_key']] : null;
+                $accessToken = isset($_POST[$this->_config['token_key']]) ?
+                                        $_POST[$this->_config['token_key']] :
+                                        null;
                 break;
 
             default:
-            $accessToken = isset($_GET[$this->_config['token_key']]) ? $_GET[$this->_config['token_key']] : null;
+            $accessToken = isset($_GET[$this->_config['token_key']]) ?
+                                        $_GET[$this->_config['token_key']] :
+                                        null;
                 break;
         }
 
@@ -133,47 +145,60 @@ class Server
         if (function_exists('getallheaders')) {
 
             $headers = getallheaders();
-            
+
             if (isset($headers['Authorization'])) {
 
                 $rawToken = trim(str_replace('Bearer', '', $headers['Authorization']));
 
                 if ( ! empty($rawToken)) {
-                    $accessToken = base64_decode($rawToken);
+                    $accessToken = $rawToken;
                 }
             }
         }
-        
+
         if ($accessToken) {
 
             $result = $this->_dbCall('validateAccessToken', $accessToken);
 
             if ($result === false) {
 
-                throw new OAuthResourceServerException($this->errors['invalid_access_token']);
+                throw new ClientException($this->errors['invalid_access_token']);
 
             } else {
 
+                if ( ! array_key_exists('id', $result) ||
+                     ! array_key_exists('owner_id', $result) ||
+                     ! array_key_exists('owner_type', $result)) {
+                    throw new ServerException($this->errors['missing_access_token_details']);
+                }
+
                 $this->_accessToken = $accessToken;
                 $this->_type = $result['owner_type'];
                 $this->_typeId = $result['owner_id'];
 
                 // Get the scopes
-                $this->_scopes = $this->_dbCall('sessionScopes', $result['id']);
+                $scopes = $this->_dbCall('sessionScopes', $result['id']);
+
+                if ( ! is_array($scopes))
+                {
+                    throw new ServerException($this->errors['invalid_access_token_scopes']);
+                }
+
+                $this->_scopes = $scopes;
             }
 
         } else {
 
-            throw new OAuthResourceServerException($this->errors['missing_access_token']);
+            throw new ClientException($this->errors['missing_access_token']);
 
         }
     }
-    
+
     /**
      * Test if the access token has a specific scope
-     * 
+     *
      * @param mixed $scopes Scope(s) to check
-     * 
+     *
      * @access public
      * @return string|bool
      */
@@ -184,7 +209,7 @@ class Server
             if (in_array($scopes, $this->_scopes)) {
                 return true;
             }
-            
+
             return false;
 
         } elseif (is_array($scopes)) {
@@ -196,26 +221,26 @@ class Server
                 }
 
             }
-            
+
             return true;
         }
-        
+
         return false;
     }
 
     /**
      * Call database methods from the abstractor
-     * 
+     *
      * @return mixed The query result
      */
     private function _dbCall()
     {
         if ($this->_db === null) {
-            throw new OAuthResourceServerException('No registered database abstractor');
+            throw new ServerException('No registered database abstractor');
         }
 
         if ( ! $this->_db instanceof Database) {
-            throw new OAuthResourceServerException('Registered database abstractor is not an instance of Oauth2\Resource\Database');
+            throw new ServerException('The registered database abstractor is not an instance of Oauth2\Resource\Database');
         }
 
         $args = func_get_args();

test

@@ -1 +0,0 @@
-vendor/bin/phpunit --coverage-text --configuration build/phpunit.xml

tests/authentication/server_test.php

@@ -90,7 +90,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingClientId()
@@ -99,7 +99,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingRedirectUri()
@@ -110,7 +110,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingResponseType()
@@ -122,7 +122,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_checkClientAuthoriseParams_missingScopes()
@@ -136,7 +136,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    4
 	 */
 	function test_checkClientAuthoriseParams_invalidScopes()
@@ -247,7 +247,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_issueAccessToken_missingGrantType()
@@ -256,7 +256,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    7
 	 */
 	function test_issueAccessToken_unsupportedGrantType()
@@ -267,7 +267,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingClientId()
@@ -280,7 +280,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingClientSecret()
@@ -295,7 +295,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingRedirectUri()
@@ -311,7 +311,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    8
 	 */
 	function test_completeAuthCodeGrant_invalidClient()
@@ -328,7 +328,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    0
 	 */
 	function test_completeAuthCodeGrant_missingCode()
@@ -345,7 +345,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerClientException
+	 * @expectedException        Oauth2\Authentication\ClientException
 	 * @expectedExceptionCode    9
 	 */
 	function test_completeAuthCodeGrant_invalidCode()
@@ -363,7 +363,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerException
+	 * @expectedException        Oauth2\Authentication\ServerException
 	 * @expectedExceptionMessage No registered database abstractor
 	 */
 	function test_noRegisteredDatabaseAbstractor()
@@ -380,7 +380,7 @@ class Authentication_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        Oauth2\Authentication\OAuthServerException
+	 * @expectedException        Oauth2\Authentication\ServerException
 	 * @expectedExceptionMessage Registered database abstractor is not an instance of Oauth2\Authentication\Database
 	 */
 	function test_invalidRegisteredDatabaseAbstractor()

tests/resource/server_test.php

@@ -72,7 +72,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        \Oauth2\Resource\OAuthResourceServerException
+	 * @expectedException        \Oauth2\Resource\ClientException
 	 * @expectedExceptionMessage An access token was not presented with the request
 	 */
 	function test_init_missingToken()
@@ -81,7 +81,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase {
 	}
 
 	/**
-	 * @expectedException        \Oauth2\Resource\OAuthResourceServerException
+	 * @expectedException        \Oauth2\Resource\ClientException
 	 * @expectedExceptionMessage The access token is not registered with the resource server
 	 */
 	function test_init_wrongToken()