Merge pull request #918 from Sephster/fix-914

Fix empty issue in PHP 5.4

.gitignore

@@ -1,5 +1,15 @@
 /vendor
 /composer.lock
-/tests/coverage
+/build
 /docs
-/testing
+/testing
+/examples/relational/vendor
+/examples/relational/config/oauth2.sqlite3
+/examples/nosql/vendor
+/examples/nosql/config/oauth2.sqlite3
+/examples/relational/composer.lock
+/tests/codecept/tests/_log
+oauth2-server.paw
+/output_*/
+/_site
+.idea

.scrutinizer.yml

@@ -0,0 +1,36 @@
+filter:
+    excluded_paths:
+        - tests/*
+        - vendor/*
+        - examples/*
+checks:
+    php:
+        code_rating: true
+        remove_extra_empty_lines: true
+        remove_php_closing_tag: true
+        remove_trailing_whitespace: true
+        fix_use_statements:
+            remove_unused: true
+            preserve_multiple: false
+            preserve_blanklines: true
+            order_alphabetically: true
+        fix_php_opening_tag: true
+        fix_linefeed: true
+        fix_line_ending: true
+        fix_identation_4spaces: true
+        fix_doc_comments: true
+tools:
+    external_code_coverage:
+        timeout: 1800
+    php_code_coverage: false
+    php_code_sniffer:
+        config:
+            standard: PSR2
+        filter:
+            paths: ['src']
+    php_loc:
+        enabled: true
+        excluded_dirs: [vendor, tests, examples]
+    php_cpd:
+        enabled: true
+        excluded_dirs: [vendor, tests, examples]

.travis.yml

@@ -1,9 +1,56 @@
 language: php
 
+sudo: false
+
+cache:
+  directories:
+  - vendor
+
 php:
-  - 5.3
   - 5.4
   - 5.5
+  - 5.6
+  - 7.0
+  - hhvm
+  
+matrix:
+  allow_failures:
+    - php: 7.0
+  fast_finish: true
 
-before_script: composer install --prefer-source
-script: phpunit --configuration phpunit.xml.dist
+install:
+  - travis_retry composer install --no-interaction --prefer-source
+
+script:
+  - mkdir -p build/logs
+  - phpunit --coverage-text --verbose --coverage-clover=coverage.clover --coverage-html coverage
+
+after_script:
+  - bash -c 'if [ "$TRAVIS_PHP_VERSION" == "5.6" ]; then wget https://scrutinizer-ci.com/ocular.phar; fi;
+  - bash -c 'if [ "$TRAVIS_PHP_VERSION" == "5.6" ]; then php ocular.phar code-coverage:upload --format=php-clover coverage.clover; fi;
+  - git config --global user.email "travis@travis-ci.org"
+  - git config --global user.name "TravisCI"
+  - cp -R coverage ${HOME}/coverage
+  - cd ${HOME}
+  - git clone --quiet --branch=gh-pages https://${GITHUBTOKEN}@github.com/thephpleague/oauth2-server.git gh-pages > /dev/null
+  - cd gh-pages
+  - mkdir ${TRAVIS_BRANCH}
+  - cd ${TRAVIS_BRANCH}
+  - cp -Rf $HOME/coverage/* .
+  - git add -f .
+  - git commit -m "Travis pushed coverage of ${TRAVIS_COMMIT}@${TRAVIS_BRANCH} to gh-pages"
+  - git push -fq origin gh-pages > /dev/null
+branches:
+  only:
+    - master
+env:
+  global:
+    secure: "C4wD/BQefKSu9W594iyLp+IBCjlM8kKlmp+nXKXnZGi0L8IkV3m4mmNOb8PExxGMhZ3mlev5DnU4Uoh4oJaUxnkR1FpX4dSEpyzU3VknUzSE2yZOlL+bdCw3o85TGoCcp/+ReJCOw5sncxTskJKHlW1YMa33FznaXwLNoImpjTg="
+
+notifications:
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/7de0ca12596cd5268f30
+    on_success: always  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: false     # default: false

CHANGELOG.md

@@ -1,6 +1,108 @@
 # Changelog
 
-## 3.0 (released 2013-12-02)
+## 4.1.6 (released 2016-09-13)
+
+* Less restrictive on Authorization header check (Issue #652)
+
+## 4.1.5 (released 2016-01-04)
+
+* Enable Symfony 3.0 support (#412)
+
+## 4.1.4 (released 2015-11-13)
+
+* Fix for determining access token in header (Issue #328)
+* Refresh tokens are now returned for MAC responses (Issue #356)
+* Added integration list to readme (Issue #341)
+* Expose parameter passed to exceptions (Issue #345)
+* Removed duplicate routing setup code (Issue #346)
+* Docs fix (Issues #347, #360, #380)
+* Examples fix (Issues #348, #358)
+* Fix typo in docblock (Issue #352)
+* Improved timeouts for MAC tokens (Issue #364)
+* `hash_hmac()` should output raw binary data, not hexits (Issue #370)
+* Improved regex for matching all Base64 characters (Issue #371)
+* Fix incorrect signature parameter (Issue #372)
+* AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
+* Added priority argument to event listener (Issue #388)
+
+## 4.1.3 (released 2015-03-22)
+
+* Docblock, namespace and inconsistency fixes (Issue #303)
+* Docblock type fix (Issue #310)
+* Example bug fix (Issue #300)
+* Updated league/event to ~2.1 (Issue #311)
+* Fixed missing session scope (Issue #319)
+* Updated interface docs (Issue #323)
+* `.travis.yml` updates
+
+## 4.1.2 (released 2015-01-01)
+
+* Remove side-effects in hash_equals() implementation (Issue #290)
+
+## 4.1.1 (released 2014-12-31)
+
+* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
+
+## 4.1.0 (released 2014-12-27)
+
+* Added MAC token support (Issue #158)
+* Fixed example init code (Issue #280)
+* Toggle refresh token rotation (Issue #286)
+* Docblock fixes
+
+## 4.0.5 (released 2014-12-15)
+
+* Prevent duplicate session in auth code grant (Issue #282)
+
+## 4.0.4 (released 2014-12-03)
+
+* Ensure refresh token hasn't expired (Issue #270)
+
+## 4.0.3 (released 2014-12-02)
+
+* Fix bad type hintings (Issue #267)
+* Do not forget to set the expire time (Issue #268)
+
+## 4.0.2 (released 2014-11-21)
+
+* Improved interfaces (Issue #255)
+* Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
+* Docblock improvements (Issue #254)
+
+## 4.0.1 (released 2014-11-09)
+
+* Alias the master branch in composer.json (Issue #243)
+* Numerous PHP CodeSniffer fixes (Issue #244)
+* .travis.yml update (Issue #245)
+* The getAccessToken method should return an AccessTokenEntity object instead of a string in ResourceServer.php (#246)
+
+## 4.0.0 (released 2014-11-08)
+
+* Complete rewrite
+* Check out the documentation - [http://oauth2.thephpleague.com](http://oauth2.thephpleague.com)
+
+## 3.2.0 (released 2014-04-16)
+
+* Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
+
+## 3.1.2 (released 2014-02-26)
+
+* Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header)
+
+## 3.1.1 (released 2013-12-05)
+
+* Normalize headers when `getallheaders()` is available (Issues #108 and #114)
+
+## 3.1.0 (released 2013-12-05)
+
+* No longer necessary to inject the authorisation server into a grant, the server will inject itself
+* Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
+
+## 3.0.1 (released 2013-12-02)
+
+* Forgot to tell TravisCI from testing PHP 5.3
+
+## 3.0.0 (released 2013-12-02)
 
 * Fixed spelling of Implicit grant class (Issue #84)
 * Travis CI now tests for PHP 5.5

CONTRIBUTING.md

@@ -0,0 +1,15 @@
+Thanks for contributing to this project.
+
+
+**Please submit your pull request against the `develop` branch only.**
+
+
+Please ensure that you run `phpunit` from the project root after you've made any changes.
+
+If you've added something new please create a new unit test, if you've changed something please update any unit tests as appropritate.
+
+We're trying to ensure there is **100%** test code coverage (including testing PHP errors and exceptions) so please ensure any new/updated tests cover all of your changes.
+
+Thank you,
+
+@alexbilbie

README.md

@@ -1,82 +1,72 @@
-# PHP OAuth 2.0 Server
+# PHP OAuth 2.0 Server by [@alexbilbie](https://twitter.com/alexbilbie)
 
-A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.
+[![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
+[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
+[![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
+[![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
+[![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
+[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/thephpleague/oauth2-server?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
-## Package Installation
 
-The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
+A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
-```javascript
-{
-	"require": {
-		"league/oauth2-server": "2.*"
-	}
-}
-```
+It supports out of the box the following grants:
 
-#### Master branch
+* Authorization code grant
+* Client credentials grant
+* Resource owner password credentials grant
+* Refresh grant
 
-Latest stable version - [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server)
-Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/php-loep/oauth2-server?branch=master)
-Downloads - [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server)
+You can also define your own grants.
 
-#### Develop branch
+In addition it supports the following token types:
 
-Latest unstable version - [![Latest Unstable Version](https://poser.pugx.org/league/oauth2-server/v/unstable.png)](https://packagist.org/packages/league/oauth2-server)
-Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=develop)](https://coveralls.io/r/php-loep/oauth2-server?branch=develop)
+* Bearer tokens
+* MAC tokens
+* JSON web tokens (coming soon)
 
----
+You can also create you own tokens.
 
-The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
 
-## Current Features
+## Requirements
 
-### Authorization Server
+The following versions of PHP are supported:
 
-The authorization server is a flexible class and the following core specification grants are implemented:
+* PHP 5.4
+* PHP 5.5
+* PHP 5.6
+* HHVM
 
-* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
-* refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
-* client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
-* password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
+## Documentation
 
-An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).
+This library has [full documentation](http://oauth2.thephpleague.com), powered by [Jekyll](http://jekyllrb.com/).
 
-### Resource Server
-
-The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct scope(s) (i.e. permissions) to access resources.
-
-### Custom grants
-
-Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).
-
-### PDO driver
-
-If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).
-
-## Tutorials and documentation
-
-The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).
-
-A simple tutorial on how to use the authorization server can be found at [https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server](https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server).
-
-A simple tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).
+Contribute to this documentation in the [gh-pages branch](https://github.com/thephpleague/oauth2-server/tree/gh-pages/).
 
 ## Changelog
 
-[See the project releases page](https://github.com/php-loep/oauth2-server/releases)
+[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
 
 ## Contributing
 
-Please see [CONTRIBUTING](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md) for details.
+Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.
+
+## Integration
+
+- [CakePHP 3](https://github.com/uafrica/oauth-server)
+- [Laravel](https://github.com/lucadegasperi/oauth2-server-laravel)
 
 ## Support
 
-Bugs and feature request are tracked on [GitHub](https://github.com/php-loep/oauth2-server/issues)
+Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)
+
+## Security
+
+If you discover any security related issues, please email hello@alexbilbie.com instead of using the issue tracker.
 
 ## License
 
-This package is released under the MIT License. See the bundled [LICENSE](https://github.com/php-loep/oauth2-server/blob/master/LICENSE) file for details.
+This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.
 
 ## Credits
 
@@ -88,6 +78,6 @@ Special thanks to:
 * [Nick Jackson](https://github.com/jacksonj04)
 * [Michael Gooden](https://github.com/MichaelGooden)
 * [Phil Sturgeon](https://github.com/philsturgeon)
-* [and all the other contributors](https://github.com/php-loep/oauth2-server/contributors)
+* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)
 
-The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
+The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.

composer.json

@@ -1,27 +1,32 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "3.0",
-	"homepage": "https://github.com/php-loep/oauth2-server",
+	"homepage": "http://oauth2.thephpleague.com/",
 	"license": "MIT",
 	"require": {
-		"php": ">=5.4.0"
+		"php": ">=5.4.0",
+		"symfony/http-foundation": "~2.4|~3.0",
+		"league/event": "~2.1"
 	},
 	"require-dev": {
-		"mockery/mockery": ">=0.7.2",
-		"league/phpunit-coverage-listener": "~1.0"
+		"phpunit/phpunit": "4.3.*",
+		"mockery/mockery": "0.9.*"
 	},
 	"repositories": [
 		{
 			"type": "git",
-			"url": "https://github.com/php-loep/oauth2-server.git"
+			"url": "https://github.com/thephpleague/oauth2-server.git"
 		}
 	],
 	"keywords": [
 		"oauth",
 		"oauth2",
+		"oauth 2",
+		"oauth 2.0",
 		"server",
+		"auth",
 		"authorization",
+		"authorisation",
 		"authentication",
 		"resource",
 		"api",
@@ -42,11 +47,13 @@
 		"league/oauth2server": "*"
 	},
 	"autoload": {
-		"psr-0": {
-			"League\\OAuth2\\Server": "src/"
+		"psr-4": {
+			"League\\OAuth2\\Server\\": "src/"
 		}
 	},
-	"suggest": {
-
+	"autoload-dev": {
+		"psr-4": {
+			"LeagueTests\\": "tests/unit/"
+		}
 	}
-}
+}

examples/relational/Model/Users.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace RelationalExample\Model;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+class Users
+{
+    public function get($username = null)
+    {
+        $query = Capsule::table('users')->select(['username', 'password', 'name', 'email', 'photo']);
+
+        if ($username !== null) {
+            $query->where('username', '=', $username);
+        }
+
+        $result = $query->get();
+
+        if (count($result) > 0) {
+            return $result;
+        }
+
+        return;
+    }
+}

examples/relational/Storage/AccessTokenStorage.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+
+class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function get($token)
+    {
+        $result = Capsule::table('oauth_access_tokens')
+                            ->where('access_token', $token)
+                            ->get();
+
+        if (count($result) === 1) {
+            $token = (new AccessTokenEntity($this->server))
+                        ->setId($result[0]['access_token'])
+                        ->setExpireTime($result[0]['expire_time']);
+
+            return $token;
+        }
+
+        return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getScopes(AccessTokenEntity $token)
+    {
+        $result = Capsule::table('oauth_access_token_scopes')
+                                    ->select(['oauth_scopes.id', 'oauth_scopes.description'])
+                                    ->join('oauth_scopes', 'oauth_access_token_scopes.scope', '=', 'oauth_scopes.id')
+                                    ->where('access_token', $token->getId())
+                                    ->get();
+
+        $response = [];
+
+        if (count($result) > 0) {
+            foreach ($result as $row) {
+                $scope = (new ScopeEntity($this->server))->hydrate([
+                    'id'            =>  $row['id'],
+                    'description'   =>  $row['description'],
+                ]);
+                $response[] = $scope;
+            }
+        }
+
+        return $response;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function create($token, $expireTime, $sessionId)
+    {
+        Capsule::table('oauth_access_tokens')
+                    ->insert([
+                        'access_token'     =>  $token,
+                        'session_id'    =>  $sessionId,
+                        'expire_time'   =>  $expireTime,
+                    ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope)
+    {
+        Capsule::table('oauth_access_token_scopes')
+                    ->insert([
+                        'access_token'  =>  $token->getId(),
+                        'scope' =>  $scope->getId(),
+                    ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function delete(AccessTokenEntity $token)
+    {
+        Capsule::table('oauth_access_tokens')
+                    ->where('access_token', $token->getId())
+                    ->delete();
+    }
+}

examples/relational/Storage/AuthCodeStorage.php

@@ -0,0 +1,93 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\AuthCodeInterface;
+
+class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function get($code)
+    {
+        $result = Capsule::table('oauth_auth_codes')
+                            ->where('auth_code', $code)
+                            ->where('expire_time', '>=', time())
+                            ->get();
+
+        if (count($result) === 1) {
+            $token = new AuthCodeEntity($this->server);
+            $token->setId($result[0]['auth_code']);
+            $token->setRedirectUri($result[0]['client_redirect_uri']);
+            $token->setExpireTime($result[0]['expire_time']);
+
+            return $token;
+        }
+
+        return;
+    }
+
+    public function create($token, $expireTime, $sessionId, $redirectUri)
+    {
+        Capsule::table('oauth_auth_codes')
+                    ->insert([
+                        'auth_code'     =>  $token,
+                        'client_redirect_uri'  =>  $redirectUri,
+                        'session_id'    =>  $sessionId,
+                        'expire_time'   =>  $expireTime,
+                    ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getScopes(AuthCodeEntity $token)
+    {
+        $result = Capsule::table('oauth_auth_code_scopes')
+                                    ->select(['oauth_scopes.id', 'oauth_scopes.description'])
+                                    ->join('oauth_scopes', 'oauth_auth_code_scopes.scope', '=', 'oauth_scopes.id')
+                                    ->where('auth_code', $token->getId())
+                                    ->get();
+
+        $response = [];
+
+        if (count($result) > 0) {
+            foreach ($result as $row) {
+                $scope = (new ScopeEntity($this->server))->hydrate([
+                    'id'            =>  $row['id'],
+                    'description'   =>  $row['description'],
+                ]);
+                $response[] = $scope;
+            }
+        }
+
+        return $response;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function associateScope(AuthCodeEntity $token, ScopeEntity $scope)
+    {
+        Capsule::table('oauth_auth_code_scopes')
+                    ->insert([
+                        'auth_code' =>  $token->getId(),
+                        'scope'     =>  $scope->getId(),
+                    ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function delete(AuthCodeEntity $token)
+    {
+        Capsule::table('oauth_auth_codes')
+                    ->where('auth_code', $token->getId())
+                    ->delete();
+    }
+}

examples/relational/Storage/ClientStorage.php

@@ -0,0 +1,70 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ClientInterface;
+
+class ClientStorage extends AbstractStorage implements ClientInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null)
+    {
+        $query = Capsule::table('oauth_clients')
+                          ->select('oauth_clients.*')
+                          ->where('oauth_clients.id', $clientId);
+
+        if ($clientSecret !== null) {
+            $query->where('oauth_clients.secret', $clientSecret);
+        }
+
+        if ($redirectUri) {
+            $query->join('oauth_client_redirect_uris', 'oauth_clients.id', '=', 'oauth_client_redirect_uris.client_id')
+                  ->select(['oauth_clients.*', 'oauth_client_redirect_uris.*'])
+                  ->where('oauth_client_redirect_uris.redirect_uri', $redirectUri);
+        }
+
+        $result = $query->get();
+
+        if (count($result) === 1) {
+            $client = new ClientEntity($this->server);
+            $client->hydrate([
+                'id'    =>  $result[0]['id'],
+                'name'  =>  $result[0]['name'],
+            ]);
+
+            return $client;
+        }
+
+        return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getBySession(SessionEntity $session)
+    {
+        $result = Capsule::table('oauth_clients')
+                            ->select(['oauth_clients.id', 'oauth_clients.name'])
+                            ->join('oauth_sessions', 'oauth_clients.id', '=', 'oauth_sessions.client_id')
+                            ->where('oauth_sessions.id', $session->getId())
+                            ->get();
+
+        if (count($result) === 1) {
+            $client = new ClientEntity($this->server);
+            $client->hydrate([
+                'id'    =>  $result[0]['id'],
+                'name'  =>  $result[0]['name'],
+            ]);
+
+            return $client;
+        }
+
+        return;
+    }
+}

examples/relational/Storage/RefreshTokenStorage.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\RefreshTokenInterface;
+
+class RefreshTokenStorage extends AbstractStorage implements RefreshTokenInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function get($token)
+    {
+        $result = Capsule::table('oauth_refresh_tokens')
+                            ->where('refresh_token', $token)
+                            ->get();
+
+        if (count($result) === 1) {
+            $token = (new RefreshTokenEntity($this->server))
+                        ->setId($result[0]['refresh_token'])
+                        ->setExpireTime($result[0]['expire_time'])
+                        ->setAccessTokenId($result[0]['access_token']);
+
+            return $token;
+        }
+
+        return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function create($token, $expireTime, $accessToken)
+    {
+        Capsule::table('oauth_refresh_tokens')
+                    ->insert([
+                        'refresh_token'     =>  $token,
+                        'access_token'    =>  $accessToken,
+                        'expire_time'   =>  $expireTime,
+                    ]);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function delete(RefreshTokenEntity $token)
+    {
+        Capsule::table('oauth_refresh_tokens')
+                            ->where('refresh_token', $token->getId())
+                            ->delete();
+    }
+}

examples/relational/Storage/ScopeStorage.php

@@ -0,0 +1,30 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ScopeInterface;
+
+class ScopeStorage extends AbstractStorage implements ScopeInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function get($scope, $grantType = null, $clientId = null)
+    {
+        $result = Capsule::table('oauth_scopes')
+                                ->where('id', $scope)
+                                ->get();
+
+        if (count($result) === 0) {
+            return;
+        }
+
+        return (new ScopeEntity($this->server))->hydrate([
+            'id'            =>  $result[0]['id'],
+            'description'   =>  $result[0]['description'],
+        ]);
+    }
+}

examples/relational/Storage/SessionStorage.php

@@ -0,0 +1,109 @@
+<?php
+
+namespace RelationalExample\Storage;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\SessionInterface;
+
+class SessionStorage extends AbstractStorage implements SessionInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function getByAccessToken(AccessTokenEntity $accessToken)
+    {
+        $result = Capsule::table('oauth_sessions')
+                            ->select(['oauth_sessions.id', 'oauth_sessions.owner_type', 'oauth_sessions.owner_id', 'oauth_sessions.client_id', 'oauth_sessions.client_redirect_uri'])
+                            ->join('oauth_access_tokens', 'oauth_access_tokens.session_id', '=', 'oauth_sessions.id')
+                            ->where('oauth_access_tokens.access_token', $accessToken->getId())
+                            ->get();
+
+        if (count($result) === 1) {
+            $session = new SessionEntity($this->server);
+            $session->setId($result[0]['id']);
+            $session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
+
+            return $session;
+        }
+
+        return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getByAuthCode(AuthCodeEntity $authCode)
+    {
+        $result = Capsule::table('oauth_sessions')
+                            ->select(['oauth_sessions.id', 'oauth_sessions.owner_type', 'oauth_sessions.owner_id', 'oauth_sessions.client_id', 'oauth_sessions.client_redirect_uri'])
+                            ->join('oauth_auth_codes', 'oauth_auth_codes.session_id', '=', 'oauth_sessions.id')
+                            ->where('oauth_auth_codes.auth_code', $authCode->getId())
+                            ->get();
+
+        if (count($result) === 1) {
+            $session = new SessionEntity($this->server);
+            $session->setId($result[0]['id']);
+            $session->setOwner($result[0]['owner_type'], $result[0]['owner_id']);
+
+            return $session;
+        }
+
+        return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getScopes(SessionEntity $session)
+    {
+        $result = Capsule::table('oauth_sessions')
+                            ->select('oauth_scopes.*')
+                            ->join('oauth_session_scopes', 'oauth_sessions.id', '=', 'oauth_session_scopes.session_id')
+                            ->join('oauth_scopes', 'oauth_scopes.id', '=', 'oauth_session_scopes.scope')
+                            ->where('oauth_sessions.id', $session->getId())
+                            ->get();
+
+        $scopes = [];
+
+        foreach ($result as $scope) {
+            $scopes[] = (new ScopeEntity($this->server))->hydrate([
+                'id'            =>  $scope['id'],
+                'description'   =>  $scope['description'],
+            ]);
+        }
+
+        return $scopes;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null)
+    {
+        $id = Capsule::table('oauth_sessions')
+                        ->insertGetId([
+                            'owner_type'  =>    $ownerType,
+                            'owner_id'    =>    $ownerId,
+                            'client_id'   =>    $clientId,
+                        ]);
+
+        return $id;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function associateScope(SessionEntity $session, ScopeEntity $scope)
+    {
+        Capsule::table('oauth_session_scopes')
+                            ->insert([
+                                'session_id'    =>  $session->getId(),
+                                'scope'         =>  $scope->getId(),
+                            ]);
+    }
+}

examples/relational/api.php

@@ -0,0 +1,130 @@
+<?php
+
+use League\OAuth2\Server\ResourceServer;
+use Orno\Http\Exception\NotFoundException;
+use Orno\Http\Request;
+use Orno\Http\Response;
+use RelationalExample\Model;
+use RelationalExample\Storage;
+
+include __DIR__.'/vendor/autoload.php';
+
+// Set up the OAuth 2.0 resource server
+$sessionStorage = new Storage\SessionStorage();
+$accessTokenStorage = new Storage\AccessTokenStorage();
+$clientStorage = new Storage\ClientStorage();
+$scopeStorage = new Storage\ScopeStorage();
+
+$server = new ResourceServer(
+    $sessionStorage,
+    $accessTokenStorage,
+    $clientStorage,
+    $scopeStorage
+);
+
+// Routing setup
+$request = (new Request())->createFromGlobals();
+$router = new \Orno\Route\RouteCollection();
+
+// GET /tokeninfo
+$router->get('/tokeninfo', function (Request $request) use ($server) {
+
+    $accessToken = $server->getAccessToken();
+    $session = $server->getSessionStorage()->getByAccessToken($accessToken);
+    $token = [
+        'owner_id' => $session->getOwnerId(),
+        'owner_type' => $session->getOwnerType(),
+        'access_token' => $accessToken,
+        'client_id' => $session->getClient()->getId(),
+        'scopes' => $accessToken->getScopes(),
+    ];
+
+    return new Response(json_encode($token));
+
+});
+
+// GET /users
+$router->get('/users', function (Request $request) use ($server) {
+
+    $results = (new Model\Users())->get();
+
+    $users = [];
+
+    foreach ($results as $result) {
+        $user = [
+            'username'  =>  $result['username'],
+            'name'      =>  $result['name'],
+        ];
+
+        if ($server->getAccessToken()->hasScope('email')) {
+            $user['email'] = $result['email'];
+        }
+
+        if ($server->getAccessToken()->hasScope('photo')) {
+            $user['photo'] = $result['photo'];
+        }
+
+        $users[] = $user;
+    }
+
+    return new Response(json_encode($users));
+});
+
+// GET /users/{username}
+$router->get('/users/{username}', function (Request $request, Response $response, array $args) use ($server) {
+
+    $result = (new Model\Users())->get($args['username']);
+
+    if (count($result) === 0) {
+        throw new NotFoundException();
+    }
+
+    $user = [
+        'username'  =>  $result[0]['username'],
+        'name'      =>  $result[0]['name'],
+    ];
+
+    if ($server->getAccessToken()->hasScope('email')) {
+        $user['email'] = $result[0]['email'];
+    }
+
+    if ($server->getAccessToken()->hasScope('photo')) {
+        $user['photo'] = $result[0]['photo'];
+    }
+
+    return new Response(json_encode($user));
+});
+
+$dispatcher = $router->getDispatcher();
+
+try {
+    // Check that access token is present
+    $server->isValidRequest(false);
+
+    // A successful response
+    $response = $dispatcher->dispatch(
+        $request->getMethod(),
+        $request->getPathInfo()
+    );
+} catch (\Orno\Http\Exception $e) {
+    // A failed response
+    $response = $e->getJsonResponse();
+    $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
+} catch (\League\OAuth2\Server\Exception\OAuthException $e) {
+    $response = new Response(json_encode([
+        'error'     =>  $e->errorType,
+        'message'   =>  $e->getMessage(),
+    ]), $e->httpStatusCode);
+
+    foreach ($e->getHttpHeaders() as $header) {
+        $response->headers($header);
+    }
+} catch (\Exception $e) {
+    $response = new Orno\Http\Response();
+    $response->setStatusCode(500);
+    $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
+} finally {
+    // Return the response
+    $response->headers->set('Content-type', 'application/json');
+    $response->send();
+}

examples/relational/authcode_grant.php

@@ -0,0 +1,117 @@
+<?php
+
+use Orno\Http\Request;
+use Orno\Http\Response;
+use RelationalExample\Storage;
+
+include __DIR__.'/vendor/autoload.php';
+
+// Routing setup
+$request = (new Request())->createFromGlobals();
+$router = new \Orno\Route\RouteCollection();
+$router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
+
+// Set up the OAuth 2.0 authorization server
+$server = new \League\OAuth2\Server\AuthorizationServer();
+$server->setSessionStorage(new Storage\SessionStorage());
+$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
+$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
+$server->setClientStorage(new Storage\ClientStorage());
+$server->setScopeStorage(new Storage\ScopeStorage());
+$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
+
+$authCodeGrant = new \League\OAuth2\Server\Grant\AuthCodeGrant();
+$server->addGrantType($authCodeGrant);
+
+$refrehTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
+$server->addGrantType($refrehTokenGrant);
+
+// Routing setup
+$request = (new Request())->createFromGlobals();
+$router = new \Orno\Route\RouteCollection();
+
+$router->get('/authorize', function (Request $request) use ($server) {
+
+    // First ensure the parameters in the query string are correct
+
+    try {
+        $authParams = $server->getGrantType('authorization_code')->checkAuthorizeParams();
+    } catch (\Exception $e) {
+        return new Response(
+            json_encode([
+                'error'     =>  $e->errorType,
+                'message'   =>  $e->getMessage(),
+            ]),
+            $e->httpStatusCode,
+            $e->getHttpHeaders()
+        );
+    }
+
+    // Normally at this point you would show the user a sign-in screen and ask them to authorize the requested scopes
+
+    // ...
+
+    // ...
+
+    // ...
+
+    // Create a new authorize request which will respond with a redirect URI that the user will be redirected to
+
+    $redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', 1, $authParams);
+
+    $response = new Response('', 200, [
+        'Location'  =>  $redirectUri
+    ]);
+
+    return $response;
+});
+
+$router->post('/access_token', function (Request $request) use ($server) {
+
+    try {
+        $response = $server->issueAccessToken();
+
+        return new Response(json_encode($response), 200);
+    } catch (\Exception $e) {
+        return new Response(
+            json_encode([
+                'error'     =>  $e->errorType,
+                'message'   =>  $e->getMessage(),
+            ]),
+            $e->httpStatusCode,
+            $e->getHttpHeaders()
+        );
+    }
+
+});
+
+$dispatcher = $router->getDispatcher();
+
+try {
+    // A successful response
+    $response = $dispatcher->dispatch(
+        $request->getMethod(),
+        $request->getPathInfo()
+    );
+} catch (\Orno\Http\Exception $e) {
+    // A failed response
+    $response = $e->getJsonResponse();
+    $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
+} catch (\League\OAuth2\Server\Exception\OAuthException $e) {
+    $response = new Response(json_encode([
+        'error'     =>  $e->errorType,
+        'message'   =>  $e->getMessage(),
+    ]), $e->httpStatusCode);
+
+    foreach ($e->getHttpHeaders() as $header) {
+        $response->headers($header);
+    }
+} catch (\Exception $e) {
+    $response = new Orno\Http\Response();
+    $response->setStatusCode(500);
+    $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
+} finally {
+    // Return the response
+    $response->headers->set('Content-type', 'application/json');
+    $response->send();
+}

examples/relational/composer.json

@@ -0,0 +1,17 @@
+{
+    "require": {
+        "illuminate/database": "4.1.*",
+        "orno/route": "1.*",
+        "ircmaxell/password-compat": "1.0.2",
+        "league/event": "0.2.0"
+    },
+    "autoload": {
+        "psr-4": {
+            "League\\OAuth2\\Server\\": "../../src/",
+            "RelationalExample\\": "."
+        },
+        "files": [
+            "config/db.php"
+        ]
+    }
+}

examples/relational/config/db.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace RelationalExample\Config;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+include __DIR__.'/../vendor/autoload.php';
+
+$capsule = new Capsule();
+
+$capsule->addConnection([
+    'driver'    => 'sqlite',
+    'database'  => __DIR__.'/oauth2.sqlite3',
+    'charset'   => 'utf8',
+    'collation' => 'utf8_unicode_ci',
+]);
+
+$capsule->setAsGlobal();

examples/relational/config/init.php

@@ -0,0 +1,249 @@
+<?php
+
+namespace RelationalExample\Config;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+include __DIR__.'/../vendor/autoload.php';
+
+@unlink(__DIR__.'/oauth2.sqlite3');
+touch(__DIR__.'/oauth2.sqlite3');
+
+Capsule::statement('PRAGMA foreign_keys = ON');
+
+/******************************************************************************/
+
+print 'Creating users table'.PHP_EOL;
+
+Capsule::schema()->create('users', function ($table) {
+    $table->increments('id');
+    $table->string('username');
+    $table->string('password');
+    $table->string('name');
+    $table->string('email');
+    $table->string('photo');
+});
+
+Capsule::table('users')->insert([
+    'username'  =>  'alexbilbie',
+    'password'  =>  password_hash('whisky', PASSWORD_DEFAULT),
+    'name'      =>  'Alex Bilbie',
+    'email'     =>  'hello@alexbilbie.com',
+    'photo'     =>  'https://s.gravatar.com/avatar/14902eb1dac66b8458ebbb481d80f0a3',
+]);
+
+Capsule::table('users')->insert([
+    'username'  =>  'philsturgeon',
+    'password'  =>  password_hash('cider', PASSWORD_DEFAULT),
+    'name'      =>  'Phil Sturgeon',
+    'email'     =>  'email@philsturgeon.co.uk',
+    'photo'     =>  'https://s.gravatar.com/avatar/14df293d6c5cd6f05996dfc606a6a951',
+]);
+
+/******************************************************************************/
+
+print 'Creating clients table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_clients', function ($table) {
+    $table->string('id');
+    $table->string('secret');
+    $table->string('name');
+    $table->primary('id');
+});
+
+Capsule::table('oauth_clients')->insert([
+    'id'        =>  'testclient',
+    'secret'    =>  'secret',
+    'name'      =>  'Test Client',
+]);
+
+/******************************************************************************/
+
+print 'Creating client redirect uris table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_client_redirect_uris', function ($table) {
+    $table->increments('id');
+    $table->string('client_id');
+    $table->string('redirect_uri');
+});
+
+Capsule::table('oauth_client_redirect_uris')->insert([
+    'client_id'     =>  'testclient',
+    'redirect_uri'  =>  'http://example.com/redirect',
+]);
+
+/******************************************************************************/
+
+print 'Creating scopes table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_scopes', function ($table) {
+    $table->string('id');
+    $table->string('description');
+    $table->primary('id');
+});
+
+Capsule::table('oauth_scopes')->insert([
+    'id'            =>  'basic',
+    'description'   =>  'Basic details about your account',
+]);
+
+Capsule::table('oauth_scopes')->insert([
+    'id'            =>  'email',
+    'description'   =>  'Your email address',
+]);
+
+Capsule::table('oauth_scopes')->insert([
+    'id'            =>  'photo',
+    'description'   =>  'Your photo',
+]);
+
+/******************************************************************************/
+
+print 'Creating sessions table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_sessions', function ($table) {
+    $table->increments('id')->unsigned();
+    $table->string('owner_type');
+    $table->string('owner_id');
+    $table->string('client_id');
+    $table->string('client_redirect_uri')->nullable();
+
+    $table->foreign('client_id')->references('id')->on('oauth_clients')->onDelete('cascade');
+});
+
+Capsule::table('oauth_sessions')->insert([
+    'owner_type'    =>  'client',
+    'owner_id'      =>  'testclient',
+    'client_id'     =>  'testclient',
+]);
+
+Capsule::table('oauth_sessions')->insert([
+    'owner_type'    =>  'user',
+    'owner_id'      =>  '1',
+    'client_id'     =>  'testclient',
+]);
+
+Capsule::table('oauth_sessions')->insert([
+    'owner_type'    =>  'user',
+    'owner_id'      =>  '2',
+    'client_id'     =>  'testclient',
+]);
+
+/******************************************************************************/
+
+print 'Creating access tokens table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_access_tokens', function ($table) {
+    $table->string('access_token')->primary();
+    $table->integer('session_id')->unsigned();
+    $table->integer('expire_time');
+
+    $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');
+});
+
+Capsule::table('oauth_access_tokens')->insert([
+    'access_token'  =>  'iamgod',
+    'session_id'    =>  '1',
+    'expire_time'   =>  time() + 86400,
+]);
+
+Capsule::table('oauth_access_tokens')->insert([
+    'access_token'  =>  'iamalex',
+    'session_id'    =>  '2',
+    'expire_time'   =>  time() + 86400,
+]);
+
+Capsule::table('oauth_access_tokens')->insert([
+    'access_token'  =>  'iamphil',
+    'session_id'    =>  '3',
+    'expire_time'   =>  time() + 86400,
+]);
+
+/******************************************************************************/
+
+print 'Creating refresh tokens table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_refresh_tokens', function ($table) {
+    $table->string('refresh_token')->primary();
+    $table->integer('expire_time');
+    $table->string('access_token');
+
+    $table->foreign('access_token')->references('access_token')->on('oauth_access_tokens')->onDelete('cascade');
+});
+
+/******************************************************************************/
+
+print 'Creating auth codes table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_auth_codes', function ($table) {
+    $table->string('auth_code')->primary();
+    $table->integer('session_id')->unsigned();
+    $table->integer('expire_time');
+    $table->string('client_redirect_uri');
+
+    $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');
+});
+
+/******************************************************************************/
+
+print 'Creating oauth access token scopes table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_access_token_scopes', function ($table) {
+    $table->increments('id')->unsigned();
+    $table->string('access_token');
+    $table->string('scope');
+
+    $table->foreign('access_token')->references('access_token')->on('oauth_access_tokens')->onDelete('cascade');
+    $table->foreign('scope')->references('id')->on('oauth_scopes')->onDelete('cascade');
+});
+
+Capsule::table('oauth_access_token_scopes')->insert([
+    'access_token'  =>  'iamgod',
+    'scope'         =>  'basic',
+]);
+
+Capsule::table('oauth_access_token_scopes')->insert([
+    'access_token'  =>  'iamgod',
+    'scope'         =>  'email',
+]);
+
+Capsule::table('oauth_access_token_scopes')->insert([
+    'access_token'  =>  'iamgod',
+    'scope'         =>  'photo',
+]);
+
+Capsule::table('oauth_access_token_scopes')->insert([
+    'access_token'  =>  'iamphil',
+    'scope'         =>  'email',
+]);
+
+Capsule::table('oauth_access_token_scopes')->insert([
+    'access_token'  =>  'iamalex',
+    'scope'         =>  'photo',
+]);
+
+/******************************************************************************/
+
+print 'Creating oauth auth code scopes table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_auth_code_scopes', function ($table) {
+    $table->increments('id');
+    $table->string('auth_code');
+    $table->string('scope');
+
+    $table->foreign('auth_code')->references('auth_code')->on('oauth_auth_codes')->onDelete('cascade');
+    $table->foreign('scope')->references('id')->on('oauth_scopes')->onDelete('cascade');
+});
+
+/******************************************************************************/
+
+print 'Creating oauth session scopes table'.PHP_EOL;
+
+Capsule::schema()->create('oauth_session_scopes', function ($table) {
+    $table->increments('id')->unsigned();
+    $table->integer('session_id')->unsigned();
+    $table->string('scope');
+
+    $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');
+    $table->foreign('scope')->references('id')->on('oauth_scopes')->onDelete('cascade');
+});

examples/relational/other_grants.php

@@ -0,0 +1,97 @@
+<?php
+
+use Orno\Http\Request;
+use Orno\Http\Response;
+use RelationalExample\Model;
+use RelationalExample\Storage;
+
+include __DIR__.'/vendor/autoload.php';
+
+// Routing setup
+$request = (new Request())->createFromGlobals();
+$router = new \Orno\Route\RouteCollection();
+$router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
+
+// Set up the OAuth 2.0 authorization server
+$server = new \League\OAuth2\Server\AuthorizationServer();
+$server->setSessionStorage(new Storage\SessionStorage());
+$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
+$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
+$server->setClientStorage(new Storage\ClientStorage());
+$server->setScopeStorage(new Storage\ScopeStorage());
+$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
+
+$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant();
+$server->addGrantType($clientCredentials);
+
+$passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
+$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) {
+    $result = (new Model\Users())->get($username);
+    if (count($result) !== 1) {
+        return false;
+    }
+
+    if (password_verify($password, $result[0]['password'])) {
+        return $username;
+    }
+
+    return false;
+});
+$server->addGrantType($passwordGrant);
+
+$refrehTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
+$server->addGrantType($refrehTokenGrant);
+
+// Routing setup
+$request = (new Request())->createFromGlobals();
+$router = new \Orno\Route\RouteCollection();
+
+$router->post('/access_token', function (Request $request) use ($server) {
+
+    try {
+        $response = $server->issueAccessToken();
+
+        return new Response(json_encode($response), 200);
+    } catch (\Exception $e) {
+        return new Response(
+            json_encode([
+                'error'     =>  $e->errorType,
+                'message'   =>  $e->getMessage(),
+            ]),
+            $e->httpStatusCode,
+            $e->getHttpHeaders()
+        );
+    }
+
+});
+
+$dispatcher = $router->getDispatcher();
+
+try {
+    // A successful response
+    $response = $dispatcher->dispatch(
+        $request->getMethod(),
+        $request->getPathInfo()
+    );
+} catch (\Orno\Http\Exception $e) {
+    // A failed response
+    $response = $e->getJsonResponse();
+    $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
+} catch (\League\OAuth2\Server\Exception\OAuthException $e) {
+    $response = new Response(json_encode([
+        'error'     =>  $e->errorType,
+        'message'   =>  $e->getMessage(),
+    ]), $e->httpStatusCode);
+
+    foreach ($e->getHttpHeaders() as $header) {
+        $response->headers($header);
+    }
+} catch (\Exception $e) {
+    $response = new Orno\Http\Response();
+    $response->setStatusCode(500);
+    $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
+} finally {
+    // Return the response
+    $response->headers->set('Content-type', 'application/json');
+    $response->send();
+}

license.txt

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (C) 2013 PHP League of Extraordinary Packages
+Copyright (C) Alex Bilbie
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

phpunit.xml

@@ -1,27 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
+<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="true" stopOnFailure="true" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/unit/Bootstrap.php">
 	<testsuites>
-		<testsuite name="Authorization Server">
-			<directory suffix="Test.php">tests/authorization</directory>
-		</testsuite>
-		<testsuite name="Resource Server">
-			<directory suffix="Test.php">tests/resource</directory>
-		</testsuite>
-		<testsuite name="Utility Methods">
-			<directory suffix="Test.php">tests/util</directory>
-		</testsuite>
+		<testsuite name="Tests">
+		   <directory>./tests/unit/</directory>
+	   </testsuite>
 	</testsuites>
 	<filter>
-		<blacklist>
-			<directory suffix=".php">PEAR_INSTALL_DIR</directory>
-			<directory suffix=".php">PHP_LIBDIR</directory>
-			<directory suffix=".php">vendor</directory>
-			<directory suffix=".php">tests</directory>
-			<directory suffix=".php">testing</directory>
-		</blacklist>
+		<whitelist addUncoveredFilesFromWhitelist="true">
+			<directory suffix=".php">src</directory>
+		</whitelist>
 	</filter>
 	<logging>
-		<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="60" highLowerBound="99"/>
-        <log type="coverage-html" target="tests/coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="60" highLowerBound="99"/>
+		<!-- <log type="coverage-text" target="php://stdout" title="thephpleague/oauth2-server" charset="UTF-8" yui="true" highlight="true" lowUpperBound="60" highLowerBound="90"/> -->
+		<log type="coverage-html" target="build/coverage" title="thephpleague/oauth2-server" charset="UTF-8" yui="true" highlight="true" lowUpperBound="60" highLowerBound="90"/>
 	</logging>
 </phpunit>

phpunit.xml.dist

@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
-	<testsuites>
-		<testsuite name="Authorization Server">
-			<directory suffix="Test.php">tests/authorization</directory>
-		</testsuite>
-		<testsuite name="Resource Server">
-			<directory suffix="Test.php">tests/resource</directory>
-		</testsuite>
-		<testsuite name="Utility Methods">
-			<directory suffix="Test.php">tests/util</directory>
-		</testsuite>
-	</testsuites>
-	<filter>
-		<blacklist>
-			<directory suffix=".php">PEAR_INSTALL_DIR</directory>
-			<directory suffix=".php">PHP_LIBDIR</directory>
-			<directory suffix=".php">vendor</directory>
-			<directory suffix=".php">tests</directory>
-			<directory suffix=".php">testing</directory>
-		</blacklist>
-	</filter>
-	<logging>
-        <log type="coverage-clover" target="/tmp/coverage.xml"/>
-        <log type="coverage-text" target="php://stdout" showUncoveredFiles="false"/>
-    </logging>
-    <listeners>
-        <listener class="League\PHPUnitCoverageListener\Listener">
-            <arguments>
-                <array>
-                    <element key="printer">
-                      <object class="League\PHPUnitCoverageListener\Printer\StdOut"/>
-                    </element>
-                    <element key="hook">
-                      <object class="League\PHPUnitCoverageListener\Hook\Travis"/>
-                    </element>
-                    <element key="namespace">
-                        <string>League\OAuth2\Server</string>
-                    </element>
-                    <element key="repo_token">
-                        <string>DtNuuOrBh1QBXVyRqmVldC2Au11DVti9n</string>
-                    </element>
-                    <element key="target_url">
-                        <string>https://coveralls.io/api/v1/jobs</string>
-                    </element>
-                    <element key="coverage_dir">
-                        <string>/tmp</string>
-                    </element>
-                </array>
-            </arguments>
-        </listener>
-    </listeners>
-</phpunit>

sql/mysql.sql

@@ -1,95 +0,0 @@
-CREATE TABLE `oauth_clients` (
-  `id` CHAR(40) NOT NULL,
-  `secret` CHAR(40) NOT NULL,
-  `name` VARCHAR(255) NOT NULL,
-  `auto_approve` TINYINT(1) NOT NULL DEFAULT '0',
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`)
-) ENGINE=INNODB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_client_endpoints` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `client_id` char(40) NOT NULL,
-  `redirect_uri` varchar(255) NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `i_oaclen_clid` (`client_id`),
-  CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_sessions` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `client_id` char(40) NOT NULL,
-  `owner_type` enum('user','client') NOT NULL DEFAULT 'user',
-  `owner_id` varchar(255) NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`),
-  CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_access_tokens` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `session_id` int(10) unsigned NOT NULL,
-  `access_token` char(40) NOT NULL,
-  `access_token_expires` int(10) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`),
-  KEY `f_oaseto_seid` (`session_id`),
-  CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_authcodes` (
-  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `session_id` int(10) unsigned NOT NULL,
-  `auth_code` char(40) NOT NULL,
-  `auth_code_expires` int(10) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  KEY `session_id` (`session_id`),
-  CONSTRAINT `oauth_session_authcodes_ibfk_1` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_redirects` (
-  `session_id` int(10) unsigned NOT NULL,
-  `redirect_uri` varchar(255) NOT NULL,
-  PRIMARY KEY (`session_id`),
-  CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_refresh_tokens` (
-  `session_access_token_id` int(10) unsigned NOT NULL,
-  `refresh_token` char(40) NOT NULL,
-  `refresh_token_expires` int(10) unsigned NOT NULL,
-  `client_id` char(40) NOT NULL,
-  PRIMARY KEY (`session_access_token_id`),
-  KEY `client_id` (`client_id`),
-  CONSTRAINT `oauth_session_refresh_tokens_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE,
-  CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_scopes` (
-  `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
-  `scope` varchar(255) NOT NULL,
-  `name` varchar(255) NOT NULL,
-  `description` varchar(255) DEFAULT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `u_oasc_sc` (`scope`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_token_scopes` (
-  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
-  `session_access_token_id` int(10) unsigned DEFAULT NULL,
-  `scope_id` smallint(5) unsigned NOT NULL,
-  PRIMARY KEY (`id`),
-  UNIQUE KEY `u_setosc_setoid_scid` (`session_access_token_id`,`scope_id`),
-  KEY `f_oasetosc_scid` (`scope_id`),
-  CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION,
-  CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-CREATE TABLE `oauth_session_authcode_scopes` (
-  `oauth_session_authcode_id` int(10) unsigned NOT NULL,
-  `scope_id` smallint(5) unsigned NOT NULL,
-  KEY `oauth_session_authcode_id` (`oauth_session_authcode_id`),
-  KEY `scope_id` (`scope_id`),
-  CONSTRAINT `oauth_session_authcode_scopes_ibfk_2` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE,
-  CONSTRAINT `oauth_session_authcode_scopes_ibfk_1` FOREIGN KEY (`oauth_session_authcode_id`) REFERENCES `oauth_session_authcodes` (`id`) ON DELETE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;

src/AbstractServer.php

@@ -0,0 +1,358 @@
+<?php
+/**
+ * OAuth 2.0 Abstract Server
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server;
+
+use League\Event\Emitter;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+use League\OAuth2\Server\Storage\AuthCodeInterface;
+use League\OAuth2\Server\Storage\ClientInterface;
+use League\OAuth2\Server\Storage\MacTokenInterface;
+use League\OAuth2\Server\Storage\RefreshTokenInterface;
+use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Storage\SessionInterface;
+use League\OAuth2\Server\TokenType\TokenTypeInterface;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * OAuth 2.0 Resource Server
+ */
+abstract class AbstractServer
+{
+    /**
+     * The request object
+     *
+     * @var \Symfony\Component\HttpFoundation\Request
+     */
+    protected $request;
+
+    /**
+     * Session storage
+     *
+     * @var \League\OAuth2\Server\Storage\SessionInterface
+     */
+    protected $sessionStorage;
+
+    /**
+     * Access token storage
+     *
+     * @var \League\OAuth2\Server\Storage\AccessTokenInterface
+     */
+    protected $accessTokenStorage;
+
+    /**
+     * Refresh token storage
+     *
+     * @var \League\OAuth2\Server\Storage\RefreshTokenInterface
+     */
+    protected $refreshTokenStorage;
+
+    /**
+     * Auth code storage
+     *
+     * @var \League\OAuth2\Server\Storage\AuthCodeInterface
+     */
+    protected $authCodeStorage;
+
+    /**
+     * Scope storage
+     *
+     * @var \League\OAuth2\Server\Storage\ScopeInterface
+     */
+    protected $scopeStorage;
+
+    /**
+     * Client storage
+     *
+     * @var \League\OAuth2\Server\Storage\ClientInterface
+     */
+    protected $clientStorage;
+
+    /**
+     * @var \League\OAuth2\Server\Storage\MacTokenInterface
+     */
+    protected $macStorage;
+
+    /**
+     * Token type
+     *
+     * @var \League\OAuth2\Server\TokenType\TokenTypeInterface
+     */
+    protected $tokenType;
+
+    /**
+     * Event emitter
+     *
+     * @var \League\Event\Emitter
+     */
+    protected $eventEmitter;
+
+    /**
+     * Abstract server constructor
+     */
+    public function __construct()
+    {
+        $this->setEventEmitter();
+    }
+
+    /**
+     * Set an event emitter
+     *
+     * @param object $emitter Event emitter object
+     */
+    public function setEventEmitter($emitter = null)
+    {
+        if ($emitter === null) {
+            $this->eventEmitter = new Emitter();
+        } else {
+            $this->eventEmitter = $emitter;
+        }
+    }
+
+    /**
+     * Add an event listener to the event emitter
+     *
+     * @param string   $eventName Event name
+     * @param callable $listener  Callable function or method
+     * @param int      $priority  Priority of event listener
+     */
+    public function addEventListener($eventName, callable $listener, $priority = Emitter::P_NORMAL)
+    {
+        $this->eventEmitter->addListener($eventName, $listener, $priority);
+    }
+
+    /**
+     * Returns the event emitter
+     *
+     * @return \League\Event\Emitter
+     */
+    public function getEventEmitter()
+    {
+        return $this->eventEmitter;
+    }
+
+    /**
+     * Sets the Request Object
+     *
+     * @param \Symfony\Component\HttpFoundation\Request The Request Object
+     *
+     * @return self
+     */
+    public function setRequest($request)
+    {
+        $this->request = $request;
+
+        return $this;
+    }
+
+    /**
+     * Gets the Request object. It will create one from the globals if one is not set.
+     *
+     * @return \Symfony\Component\HttpFoundation\Request
+     */
+    public function getRequest()
+    {
+        if ($this->request === null) {
+            $this->request = Request::createFromGlobals();
+        }
+
+        return $this->request;
+    }
+
+    /**
+     * Set the client storage
+     *
+     * @param \League\OAuth2\Server\Storage\ClientInterface $storage
+     *
+     * @return self
+     */
+    public function setClientStorage(ClientInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->clientStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Set the session storage
+     *
+     * @param \League\OAuth2\Server\Storage\SessionInterface $storage
+     *
+     * @return self
+     */
+    public function setSessionStorage(SessionInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->sessionStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Set the access token storage
+     *
+     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $storage
+     *
+     * @return self
+     */
+    public function setAccessTokenStorage(AccessTokenInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->accessTokenStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Set the refresh token storage
+     *
+     * @param \League\OAuth2\Server\Storage\RefreshTokenInterface $storage
+     *
+     * @return self
+     */
+    public function setRefreshTokenStorage(RefreshTokenInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->refreshTokenStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Set the auth code storage
+     *
+     * @param \League\OAuth2\Server\Storage\AuthCodeInterface $storage
+     *
+     * @return self
+     */
+    public function setAuthCodeStorage(AuthCodeInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->authCodeStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Set the scope storage
+     *
+     * @param \League\OAuth2\Server\Storage\ScopeInterface $storage
+     *
+     * @return self
+     */
+    public function setScopeStorage(ScopeInterface $storage)
+    {
+        $storage->setServer($this);
+        $this->scopeStorage = $storage;
+
+        return $this;
+    }
+
+    /**
+     * Return the client storage
+     *
+     * @return \League\OAuth2\Server\Storage\ClientInterface
+     */
+    public function getClientStorage()
+    {
+        return $this->clientStorage;
+    }
+
+    /**
+     * Return the scope storage
+     *
+     * @return \League\OAuth2\Server\Storage\ScopeInterface
+     */
+    public function getScopeStorage()
+    {
+        return $this->scopeStorage;
+    }
+
+    /**
+     * Return the session storage
+     *
+     * @return \League\OAuth2\Server\Storage\SessionInterface
+     */
+    public function getSessionStorage()
+    {
+        return $this->sessionStorage;
+    }
+
+    /**
+     * Return the refresh token storage
+     *
+     * @return \League\OAuth2\Server\Storage\RefreshTokenInterface
+     */
+    public function getRefreshTokenStorage()
+    {
+        return $this->refreshTokenStorage;
+    }
+
+    /**
+     * Return the access token storage
+     *
+     * @return \League\OAuth2\Server\Storage\AccessTokenInterface
+     */
+    public function getAccessTokenStorage()
+    {
+        return $this->accessTokenStorage;
+    }
+
+    /**
+     * Return the auth code storage
+     *
+     * @return \League\OAuth2\Server\Storage\AuthCodeInterface
+     */
+    public function getAuthCodeStorage()
+    {
+        return $this->authCodeStorage;
+    }
+
+    /**
+     * Set the access token type
+     *
+     * @param TokenTypeInterface $tokenType The token type
+     *
+     * @return void
+     */
+    public function setTokenType(TokenTypeInterface $tokenType)
+    {
+        $tokenType->setServer($this);
+        $this->tokenType = $tokenType;
+    }
+
+    /**
+     * Get the access token type
+     *
+     * @return TokenTypeInterface
+     */
+    public function getTokenType()
+    {
+        return $this->tokenType;
+    }
+
+    /**
+     * @return MacTokenInterface
+     */
+    public function getMacStorage()
+    {
+        return $this->macStorage;
+    }
+
+    /**
+     * @param MacTokenInterface $macStorage
+     */
+    public function setMacStorage(MacTokenInterface $macStorage)
+    {
+        $this->macStorage = $macStorage;
+    }
+}

src/AuthorizationServer.php

@@ -0,0 +1,295 @@
+<?php
+/**
+ * OAuth 2.0 Authorization Server
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server;
+
+use League\OAuth2\Server\Grant\GrantTypeInterface;
+use League\OAuth2\Server\TokenType\Bearer;
+
+/**
+ * OAuth 2.0 authorization server class
+ */
+class AuthorizationServer extends AbstractServer
+{
+    /**
+     * The delimiter between scopes specified in the scope query string parameter
+     * The OAuth 2 specification states it should be a space but most use a comma
+     *
+     * @var string
+     */
+    protected $scopeDelimiter = ' ';
+
+    /**
+     * The TTL (time to live) of an access token in seconds (default: 3600)
+     *
+     * @var integer
+     */
+    protected $accessTokenTTL = 3600;
+
+    /**
+     * The registered grant response types
+     *
+     * @var array
+     */
+    protected $responseTypes = [];
+
+    /**
+     * The registered grant types
+     *
+     * @var array
+     */
+    protected $grantTypes = [];
+
+    /**
+     * Require the "scope" parameter to be in checkAuthoriseParams()
+     *
+     * @var boolean
+     */
+    protected $requireScopeParam = false;
+
+    /**
+     * Default scope(s) to be used if none is provided
+     *
+     * @var string|array
+     */
+    protected $defaultScope;
+
+    /**
+     * Require the "state" parameter to be in checkAuthoriseParams()
+     *
+     * @var boolean
+     */
+    protected $requireStateParam = false;
+
+    /**
+     * Create a new OAuth2 authorization server
+     *
+     * @return self
+     */
+    public function __construct()
+    {
+        // Set Bearer as the default token type
+        $this->setTokenType(new Bearer());
+
+        parent::__construct();
+
+        return $this;
+    }
+
+    /**
+     * Enable support for a grant
+     *
+     * @param GrantTypeInterface $grantType  A grant class which conforms to Interface/GrantTypeInterface
+     * @param null|string        $identifier An identifier for the grant (autodetected if not passed)
+     *
+     * @return self
+     */
+    public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
+    {
+        if (is_null($identifier)) {
+            $identifier = $grantType->getIdentifier();
+        }
+
+        // Inject server into grant
+        $grantType->setAuthorizationServer($this);
+
+        $this->grantTypes[$identifier] = $grantType;
+
+        if (!is_null($grantType->getResponseType())) {
+            $this->responseTypes[] = $grantType->getResponseType();
+        }
+
+        return $this;
+    }
+
+    /**
+     * Check if a grant type has been enabled
+     *
+     * @param string $identifier The grant type identifier
+     *
+     * @return boolean Returns "true" if enabled, "false" if not
+     */
+    public function hasGrantType($identifier)
+    {
+        return (array_key_exists($identifier, $this->grantTypes));
+    }
+
+    /**
+     * Returns response types
+     *
+     * @return array
+     */
+    public function getResponseTypes()
+    {
+        return $this->responseTypes;
+    }
+
+    /**
+     * Require the "scope" parameter in checkAuthoriseParams()
+     *
+     * @param boolean $require
+     *
+     * @return self
+     */
+    public function requireScopeParam($require = true)
+    {
+        $this->requireScopeParam = $require;
+
+        return $this;
+    }
+
+    /**
+     * Is the scope parameter required?
+     *
+     * @return bool
+     */
+    public function scopeParamRequired()
+    {
+        return $this->requireScopeParam;
+    }
+
+    /**
+     * Default scope to be used if none is provided and requireScopeParam() is false
+     *
+     * @param string $default Name of the default scope
+     *
+     * @return self
+     */
+    public function setDefaultScope($default = null)
+    {
+        $this->defaultScope = $default;
+
+        return $this;
+    }
+
+    /**
+     * Default scope to be used if none is provided and requireScopeParam is false
+     *
+     * @return string|null
+     */
+    public function getDefaultScope()
+    {
+        return $this->defaultScope;
+    }
+
+    /**
+     * Require the "state" parameter in checkAuthoriseParams()
+     *
+     * @return bool
+     */
+    public function stateParamRequired()
+    {
+        return $this->requireStateParam;
+    }
+
+    /**
+     * Require the "state" parameter in checkAuthoriseParams()
+     *
+     * @param boolean $require
+     *
+     * @return self
+     */
+    public function requireStateParam($require = true)
+    {
+        $this->requireStateParam = $require;
+
+        return $this;
+    }
+
+    /**
+     * Get the scope delimiter
+     *
+     * @return string The scope delimiter (default: ",")
+     */
+    public function getScopeDelimiter()
+    {
+        return $this->scopeDelimiter;
+    }
+
+    /**
+     * Set the scope delimiter
+     *
+     * @param string $scopeDelimiter
+     *
+     * @return self
+     */
+    public function setScopeDelimiter($scopeDelimiter = ' ')
+    {
+        $this->scopeDelimiter = $scopeDelimiter;
+
+        return $this;
+    }
+
+    /**
+     * Get the TTL for an access token
+     *
+     * @return int The TTL
+     */
+    public function getAccessTokenTTL()
+    {
+        return $this->accessTokenTTL;
+    }
+
+    /**
+     * Set the TTL for an access token
+     *
+     * @param int $accessTokenTTL The new TTL
+     *
+     * @return self
+     */
+    public function setAccessTokenTTL($accessTokenTTL = 3600)
+    {
+        $this->accessTokenTTL = $accessTokenTTL;
+
+        return $this;
+    }
+
+    /**
+     * Issue an access token
+     *
+     * @return array Authorise request parameters
+     *
+     * @throws
+     */
+    public function issueAccessToken()
+    {
+        $grantType = $this->getRequest()->request->get('grant_type');
+        if (is_null($grantType)) {
+            throw new Exception\InvalidRequestException('grant_type');
+        }
+
+        // Ensure grant type is one that is recognised and is enabled
+        if (!in_array($grantType, array_keys($this->grantTypes))) {
+            throw new Exception\UnsupportedGrantTypeException($grantType);
+        }
+
+        // Complete the flow
+        return $this->getGrantType($grantType)->completeFlow();
+    }
+
+    /**
+     * Return a grant type class
+     *
+     * @param string $grantType The grant type identifier
+     *
+     * @return Grant\GrantTypeInterface
+     *
+     * @throws
+     */
+    public function getGrantType($grantType)
+    {
+        if (isset($this->grantTypes[$grantType])) {
+            return $this->grantTypes[$grantType];
+        }
+
+        throw new Exception\InvalidGrantException($grantType);
+    }
+}

src/Entity/AbstractTokenEntity.php

@@ -0,0 +1,209 @@
+<?php
+/**
+ * OAuth 2.0 Abstract token
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Util\SecureKey;
+
+/**
+ * Abstract token class
+ */
+abstract class AbstractTokenEntity
+{
+    /**
+     * Token identifier
+     *
+     * @var string
+     */
+    protected $id;
+
+    /**
+     * Associated session
+     *
+     * @var \League\OAuth2\Server\Entity\SessionEntity
+     */
+    protected $session;
+
+    /**
+     * Session scopes
+     *
+     * @var \League\OAuth2\Server\Entity\ScopeEntity[]
+     */
+    protected $scopes;
+
+    /**
+     * Token expire time
+     *
+     * @var int
+     */
+    protected $expireTime = 0;
+
+    /**
+     * Authorization or resource server
+     *
+     * @var \League\OAuth2\Server\AbstractServer
+     */
+    protected $server;
+
+    /**
+     * __construct
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function __construct(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Set session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     *
+     * @return self
+     */
+    public function setSession(SessionEntity $session)
+    {
+        $this->session = $session;
+
+        return $this;
+    }
+
+    /**
+     * Set the expire time of the token
+     *
+     * @param integer $expireTime Unix time stamp
+     *
+     * @return self
+     */
+    public function setExpireTime($expireTime)
+    {
+        $this->expireTime = $expireTime;
+
+        return $this;
+    }
+
+    /**
+     * Return token expire time
+     *
+     * @return int
+     */
+    public function getExpireTime()
+    {
+        return $this->expireTime;
+    }
+
+    /**
+     * Is the token expired?
+     *
+     * @return bool
+     */
+    public function isExpired()
+    {
+        return ((time() - $this->expireTime) > 0);
+    }
+
+    /**
+     * Set token ID
+     *
+     * @param string $id Token ID
+     *
+     * @return self
+     */
+    public function setId($id = null)
+    {
+        $this->id = ($id !== null) ? $id : SecureKey::generate();
+
+        return $this;
+    }
+
+    /**
+     * Get the token ID
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Associate a scope
+     *
+     * @param \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
+     * @return self
+     */
+    public function associateScope(ScopeEntity $scope)
+    {
+        if (!isset($this->scopes[$scope->getId()])) {
+            $this->scopes[$scope->getId()] = $scope;
+        }
+
+        return $this;
+    }
+
+    /**
+     * Format the local scopes array
+     *
+     * @param  \League\OAuth2\Server\Entity\ScopeEntity[]
+     *
+     * @return array
+     */
+    protected function formatScopes($unformatted = [])
+    {
+        if (is_null($unformatted)) {
+            return [];
+        }
+
+        $scopes = [];
+        foreach ($unformatted as $scope) {
+            if ($scope instanceof ScopeEntity) {
+                $scopes[$scope->getId()] = $scope;
+            }
+        }
+
+        return $scopes;
+    }
+
+    /**
+     * Returns the token as a string if the object is cast as a string
+     *
+     * @return string
+     */
+    public function __toString()
+    {
+        if ($this->id === null) {
+            return '';
+        }
+
+        return $this->id;
+    }
+
+    /**
+     * Expire the token
+     *
+     * @return void
+     */
+    abstract public function expire();
+
+    /**
+     * Save the token
+     *
+     * @return void
+     */
+    abstract public function save();
+}

src/Entity/AccessTokenEntity.php

@@ -0,0 +1,93 @@
+<?php
+/**
+ * OAuth 2.0 Access token entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+/**
+ * Access token entity class
+ */
+class AccessTokenEntity extends AbstractTokenEntity
+{
+    /**
+     * Get session
+     *
+     * @return \League\OAuth2\Server\Entity\SessionEntity
+     */
+    public function getSession()
+    {
+        if ($this->session instanceof SessionEntity) {
+            return $this->session;
+        }
+
+        $this->session = $this->server->getSessionStorage()->getByAccessToken($this);
+
+        return $this->session;
+    }
+
+    /**
+     * Check if access token has an associated scope
+     *
+     * @param string $scope Scope to check
+     *
+     * @return bool
+     */
+    public function hasScope($scope)
+    {
+        if ($this->scopes === null) {
+            $this->getScopes();
+        }
+
+        return isset($this->scopes[$scope]);
+    }
+
+    /**
+     * Return all scopes associated with the access token
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
+     */
+    public function getScopes()
+    {
+        if ($this->scopes === null) {
+            $this->scopes = $this->formatScopes(
+                $this->server->getAccessTokenStorage()->getScopes($this)
+            );
+        }
+
+        return $this->scopes;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function save()
+    {
+        $this->server->getAccessTokenStorage()->create(
+            $this->getId(),
+            $this->getExpireTime(),
+            $this->getSession()->getId()
+        );
+
+        // Associate the scope with the token
+        foreach ($this->getScopes() as $scope) {
+            $this->server->getAccessTokenStorage()->associateScope($this, $scope);
+        }
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function expire()
+    {
+        $this->server->getAccessTokenStorage()->delete($this);
+    }
+}

src/Entity/AuthCodeEntity.php

@@ -0,0 +1,128 @@
+<?php
+/**
+ * OAuth 2.0 Auth code entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+/**
+ * Auth Code entity class
+ */
+class AuthCodeEntity extends AbstractTokenEntity
+{
+    /**
+     * Redirect URI
+     *
+     * @var string
+     */
+    protected $redirectUri = '';
+
+    /**
+     * Set the redirect URI for the authorization request
+     *
+     * @param string $redirectUri
+     *
+     * @return self
+     */
+    public function setRedirectUri($redirectUri)
+    {
+        $this->redirectUri = $redirectUri;
+
+        return $this;
+    }
+
+    /**
+     * Get the redirect URI
+     *
+     * @return string
+     */
+    public function getRedirectUri()
+    {
+        return $this->redirectUri;
+    }
+
+    /**
+     * Generate a redirect URI
+     *
+     * @param string $state          The state parameter if set by the client
+     * @param string $queryDelimeter The query delimiter ('?' for auth code grant, '#' for implicit grant)
+     *
+     * @return string
+     */
+    public function generateRedirectUri($state = null, $queryDelimeter = '?')
+    {
+        $uri = $this->getRedirectUri();
+        $uri .= (strstr($this->getRedirectUri(), $queryDelimeter) === false) ? $queryDelimeter : '&';
+
+        return $uri.http_build_query([
+            'code'  =>  $this->getId(),
+            'state' =>  $state,
+        ]);
+    }
+
+    /**
+     * Get session
+     *
+     * @return \League\OAuth2\Server\Entity\SessionEntity
+     */
+    public function getSession()
+    {
+        if ($this->session instanceof SessionEntity) {
+            return $this->session;
+        }
+
+        $this->session = $this->server->getSessionStorage()->getByAuthCode($this);
+
+        return $this->session;
+    }
+
+    /**
+     * Return all scopes associated with the session
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
+     */
+    public function getScopes()
+    {
+        if ($this->scopes === null) {
+            $this->scopes = $this->formatScopes(
+                $this->server->getAuthCodeStorage()->getScopes($this)
+            );
+        }
+
+        return $this->scopes;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function save()
+    {
+        $this->server->getAuthCodeStorage()->create(
+            $this->getId(),
+            $this->getExpireTime(),
+            $this->getSession()->getId(),
+            $this->getRedirectUri()
+        );
+
+        // Associate the scope with the token
+        foreach ($this->getScopes() as $scope) {
+            $this->server->getAuthCodeStorage()->associateScope($this, $scope);
+        }
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function expire()
+    {
+        $this->server->getAuthCodeStorage()->delete($this);
+    }
+}

src/Entity/ClientEntity.php

@@ -0,0 +1,111 @@
+<?php
+/**
+ * OAuth 2.0 Client entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+use League\OAuth2\Server\AbstractServer;
+
+/**
+ * Client entity class
+ */
+class ClientEntity
+{
+    use EntityTrait;
+
+    /**
+     * Client identifier
+     *
+     * @var string
+     */
+    protected $id = null;
+
+    /**
+     * Client secret
+     *
+     * @var string
+     */
+    protected $secret = null;
+
+    /**
+     * Client name
+     *
+     * @var string
+     */
+    protected $name = null;
+
+    /**
+     * Client redirect URI
+     *
+     * @var string
+     */
+    protected $redirectUri = null;
+
+    /**
+     * Authorization or resource server
+     *
+     * @var \League\OAuth2\Server\AbstractServer
+     */
+    protected $server;
+
+    /**
+     * __construct
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function __construct(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Return the client identifier
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Return the client secret
+     *
+     * @return string
+     */
+    public function getSecret()
+    {
+        return $this->secret;
+    }
+
+    /**
+     * Get the client name
+     *
+     * @return string
+     */
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    /**
+     * Returnt the client redirect URI
+     *
+     * @return string
+     */
+    public function getRedirectUri()
+    {
+        return $this->redirectUri;
+    }
+}

src/Entity/EntityTrait.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * OAuth 2.0 Entity trait
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+trait EntityTrait
+{
+    /**
+     * Hydrate an entity with properites
+     *
+     * @param array $properties
+     *
+     * @return self
+     */
+    public function hydrate(array $properties)
+    {
+        foreach ($properties as $prop => $val) {
+            if (property_exists($this, $prop)) {
+                $this->{$prop} = $val;
+            }
+        }
+
+        return $this;
+    }
+}

src/Entity/RefreshTokenEntity.php

@@ -0,0 +1,94 @@
+<?php
+/**
+ * OAuth 2.0 Refresh token entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+/**
+ * Refresh token entity class
+ */
+class RefreshTokenEntity extends AbstractTokenEntity
+{
+    /**
+     * Access token associated to refresh token
+     *
+     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
+     */
+    protected $accessTokenEntity;
+
+    /**
+     * Id of the access token
+     *
+     * @var string
+     */
+    protected $accessTokenId;
+
+    /**
+     * Set the ID of the associated access token
+     *
+     * @param string $accessTokenId
+     *
+     * @return self
+     */
+    public function setAccessTokenId($accessTokenId)
+    {
+        $this->accessTokenId = $accessTokenId;
+
+        return $this;
+    }
+
+    /**
+     * Associate an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessTokenEntity
+     *
+     * @return self
+     */
+    public function setAccessToken(AccessTokenEntity $accessTokenEntity)
+    {
+        $this->accessTokenEntity = $accessTokenEntity;
+
+        return $this;
+    }
+
+    /**
+     * Return access token
+     *
+     * @return AccessTokenEntity
+     */
+    public function getAccessToken()
+    {
+        if (! $this->accessTokenEntity instanceof AccessTokenEntity) {
+            $this->accessTokenEntity = $this->server->getAccessTokenStorage()->get($this->accessTokenId);
+        }
+
+        return $this->accessTokenEntity;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function save()
+    {
+        $this->server->getRefreshTokenStorage()->create(
+            $this->getId(),
+            $this->getExpireTime(),
+            $this->getAccessToken()->getId()
+        );
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function expire()
+    {
+        $this->server->getRefreshTokenStorage()->delete($this);
+    }
+}

src/Entity/ScopeEntity.php

@@ -0,0 +1,90 @@
+<?php
+/**
+ * OAuth 2.0 scope entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+use League\OAuth2\Server\AbstractServer;
+
+/**
+ * Scope entity class
+ */
+class ScopeEntity implements \JsonSerializable
+{
+    use EntityTrait;
+
+    /**
+     * Scope identifier
+     *
+     * @var string
+     */
+    protected $id;
+
+    /**
+     * Scope description
+     *
+     * @var string
+     */
+    protected $description;
+
+    /**
+     * Authorization or resource server
+     *
+     * @var \League\OAuth2\Server\AbstractServer
+     */
+    protected $server;
+
+    /**
+     * __construct
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function __construct(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Return the scope identifer
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Return the scope's description
+     *
+     * @return string
+     */
+    public function getDescription()
+    {
+        return $this->description;
+    }
+
+    /**
+     * Returns a JSON object when entity is passed into json_encode
+     *
+     * @return array
+     */
+    public function jsonSerialize()
+    {
+        return [
+            'id'    =>  $this->getId(),
+            'description'   =>  $this->getDescription()
+        ];
+    }
+}

src/Entity/SessionEntity.php

@@ -0,0 +1,308 @@
+<?php
+/**
+ * OAuth 2.0 session entity
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Entity;
+
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Event\SessionOwnerEvent;
+
+/**
+ * Session entity grant
+ */
+class SessionEntity
+{
+    /**
+     * Session identifier
+     *
+     * @var string
+     */
+    protected $id;
+
+    /**
+     * Client identifier
+     *
+     * @var \League\OAuth2\Server\Entity\ClientEntity
+     */
+    protected $client;
+
+    /**
+     * Session owner identifier
+     *
+     * @var string
+     */
+    protected $ownerId;
+
+    /**
+     * Session owner type (e.g. "user")
+     *
+     * @var string
+     */
+    protected $ownerType;
+
+    /**
+     * Auth code
+     *
+     * @var \League\OAuth2\Server\Entity\AuthCodeEntity
+     */
+    protected $authCode;
+
+    /**
+     * Access token
+     *
+     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
+     */
+    protected $accessToken;
+
+    /**
+     * Refresh token
+     *
+     * @var \League\OAuth2\Server\Entity\RefreshTokenEntity
+     */
+    protected $refreshToken;
+
+    /**
+     * Session scopes
+     *
+     * @var \Symfony\Component\HttpFoundation\ParameterBag
+     */
+    protected $scopes;
+
+    /**
+     * Authorization or resource server
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer|\League\OAuth2\Server\ResourceServer
+     */
+    protected $server;
+
+    /**
+     * __construct
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function __construct(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Set the session identifier
+     *
+     * @param string $id
+     *
+     * @return self
+     */
+    public function setId($id)
+    {
+        $this->id = $id;
+
+        return $this;
+    }
+
+    /**
+     * Return the session identifier
+     *
+     * @return string
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * Associate a scope
+     *
+     * @param \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
+     * @return self
+     */
+    public function associateScope(ScopeEntity $scope)
+    {
+        if (!isset($this->scopes[$scope->getId()])) {
+            $this->scopes[$scope->getId()] = $scope;
+        }
+
+        return $this;
+    }
+
+    /**
+     * Check if access token has an associated scope
+     *
+     * @param string $scope Scope to check
+     *
+     * @return bool
+     */
+    public function hasScope($scope)
+    {
+        if ($this->scopes === null) {
+            $this->getScopes();
+        }
+
+        return isset($this->scopes[$scope]);
+    }
+
+    /**
+     * Return all scopes associated with the session
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
+     */
+    public function getScopes()
+    {
+        if ($this->scopes === null) {
+            $this->scopes = $this->formatScopes($this->server->getSessionStorage()->getScopes($this));
+        }
+
+        return $this->scopes;
+    }
+
+    /**
+     * Format the local scopes array
+     *
+     * @param  \League\OAuth2\Server\Entity\Scope[]
+     *
+     * @return array
+     */
+    private function formatScopes($unformatted = [])
+    {
+        $scopes = [];
+        if (is_array($unformatted)) {
+            foreach ($unformatted as $scope) {
+                if ($scope instanceof ScopeEntity) {
+                    $scopes[$scope->getId()] = $scope;
+                }
+            }
+        }
+
+        return $scopes;
+    }
+
+    /**
+     * Associate an access token with the session
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
+     *
+     * @return self
+     */
+    public function associateAccessToken(AccessTokenEntity $accessToken)
+    {
+        $this->accessToken = $accessToken;
+
+        return $this;
+    }
+
+    /**
+     * Associate a refresh token with the session
+     *
+     * @param \League\OAuth2\Server\Entity\RefreshTokenEntity $refreshToken
+     *
+     * @return self
+     */
+    public function associateRefreshToken(RefreshTokenEntity $refreshToken)
+    {
+        $this->refreshToken = $refreshToken;
+
+        return $this;
+    }
+
+    /**
+     * Associate a client with the session
+     *
+     * @param \League\OAuth2\Server\Entity\ClientEntity $client The client
+     *
+     * @return self
+     */
+    public function associateClient(ClientEntity $client)
+    {
+        $this->client = $client;
+
+        return $this;
+    }
+
+    /**
+     * Return the session client
+     *
+     * @return \League\OAuth2\Server\Entity\ClientEntity
+     */
+    public function getClient()
+    {
+        if ($this->client instanceof ClientEntity) {
+            return $this->client;
+        }
+
+        $this->client = $this->server->getClientStorage()->getBySession($this);
+
+        return $this->client;
+    }
+
+    /**
+     * Set the session owner
+     *
+     * @param string $type The type of the owner (e.g. user, app)
+     * @param string $id   The identifier of the owner
+     *
+     * @return self
+     */
+    public function setOwner($type, $id)
+    {
+        $this->ownerType = $type;
+        $this->ownerId = $id;
+
+        $this->server->getEventEmitter()->emit(new SessionOwnerEvent($this));
+
+        return $this;
+    }
+
+    /**
+     * Return session owner identifier
+     *
+     * @return string
+     */
+    public function getOwnerId()
+    {
+        return $this->ownerId;
+    }
+
+    /**
+     * Return session owner type
+     *
+     * @return string
+     */
+    public function getOwnerType()
+    {
+        return $this->ownerType;
+    }
+
+    /**
+     * Save the session
+     *
+     * @return void
+     */
+    public function save()
+    {
+        // Save the session and get an identifier
+        $id = $this->server->getSessionStorage()->create(
+            $this->getOwnerType(),
+            $this->getOwnerId(),
+            $this->getClient()->getId(),
+            $this->getClient()->getRedirectUri()
+        );
+
+        $this->setId($id);
+
+        // Associate the scope with the session
+        foreach ($this->getScopes() as $scope) {
+            $this->server->getSessionStorage()->associateScope($this, $scope);
+        }
+    }
+}

src/Event/ClientAuthenticationFailedEvent.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * OAuth 2.0 client authentication failed event
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Event;
+
+use League\Event\AbstractEvent;
+use Symfony\Component\HttpFoundation\Request;
+
+class ClientAuthenticationFailedEvent extends AbstractEvent
+{
+    /**
+     * Request
+     *
+     * @var \Symfony\Component\HttpFoundation\Request
+     */
+    private $request;
+
+    /**
+     * Init the event with a request
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     */
+    public function __construct(Request $request)
+    {
+        $this->request = $request;
+    }
+
+    /**
+     * The name of the event
+     *
+     * @return string
+     */
+    public function getName()
+    {
+        return 'error.auth.client';
+    }
+
+    /**
+     * Return request
+     *
+     * @return \Symfony\Component\HttpFoundation\Request
+     */
+    public function getRequest()
+    {
+        return $this->request;
+    }
+}

src/Event/SessionOwnerEvent.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * OAuth 2.0 session owner event
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Event;
+
+use League\Event\AbstractEvent;
+use League\OAuth2\Server\Entity\SessionEntity;
+
+class SessionOwnerEvent extends AbstractEvent
+{
+    /**
+     * Session entity
+     *
+     * @var \League\OAuth2\Server\Entity\SessionEntity
+     */
+    private $session;
+
+    /**
+     * Init the event with a session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     */
+    public function __construct(SessionEntity $session)
+    {
+        $this->session = $session;
+    }
+
+    /**
+     * The name of the event
+     *
+     * @return string
+     */
+    public function getName()
+    {
+        return 'session.owner';
+    }
+
+    /**
+     * Return session
+     *
+     * @return \League\OAuth2\Server\Entity\SessionEntity
+     */
+    public function getSession()
+    {
+        return $this->session;
+    }
+}

src/Event/UserAuthenticationFailedEvent.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * OAuth 2.0 user authentication failed event
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Event;
+
+use League\Event\AbstractEvent;
+use Symfony\Component\HttpFoundation\Request;
+
+class UserAuthenticationFailedEvent extends AbstractEvent
+{
+    /**
+     * Request
+     *
+     * @var \Symfony\Component\HttpFoundation\Request
+     */
+    private $request;
+
+    /**
+     * Init the event with a request
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     */
+    public function __construct(Request $request)
+    {
+        $this->request = $request;
+    }
+
+    /**
+     * The name of the event
+     *
+     * @return string
+     */
+    public function getName()
+    {
+        return 'error.auth.user';
+    }
+
+    /**
+     * Return request
+     *
+     * @return \Symfony\Component\HttpFoundation\Request
+     */
+    public function getRequest()
+    {
+        return $this->request;
+    }
+}

src/Exception/AccessDeniedException.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Access Denied Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class AccessDeniedException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 401;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'access_denied';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct('The resource owner or authorization server denied the request.');
+    }
+}

src/Exception/InvalidClientException.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Client Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidClientException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 401;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_client';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct('Client authentication failed.');
+    }
+}

src/Exception/InvalidCredentialsException.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Credentials Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidCredentialsException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 401;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_credentials';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct('The user credentials were incorrect.');
+    }
+}

src/Exception/InvalidGrantException.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Grant Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidGrantException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_grant';
+
+    /**
+     * {@inheritdoc}
+     */
+
+    public function __construct($parameter)
+    {
+        $this->parameter = $parameter;
+        parent::__construct(
+            sprintf(
+                'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.',
+                $parameter
+            )
+        );
+    }
+}

src/Exception/InvalidRefreshException.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Refresh Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidRefreshException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_request';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct('The refresh token is invalid.');
+    }
+}

src/Exception/InvalidRequestException.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Request Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidRequestException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_request';
+
+    /**
+     * {@inheritdoc}
+     */
+
+    public function __construct($parameter, $redirectUri = null)
+    {
+        $this->parameter = $parameter;
+        parent::__construct(
+            sprintf(
+                'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
+                $parameter
+            )
+        );
+
+        $this->redirectUri = $redirectUri;
+    }
+}

src/Exception/InvalidScopeException.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Scope Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class InvalidScopeException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'invalid_scope';
+
+    /**
+     * {@inheritdoc}
+     */
+
+    public function __construct($parameter, $redirectUri = null)
+    {
+        $this->parameter = $parameter;
+        parent::__construct(
+            sprintf(
+                'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',
+                $parameter
+            )
+        );
+
+        $this->redirectUri = $redirectUri;
+    }
+}

src/Exception/OAuthException.php

@@ -0,0 +1,145 @@
+<?php
+/**
+ * OAuth 2.0 Base Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+use League\OAuth2\Server\Util\RedirectUri;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Exception class
+ */
+class OAuthException extends \Exception
+{
+    /**
+     * The HTTP status code for this exception that should be sent in the response
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * Redirect URI if the server should redirect back to the client
+     *
+     * @var string|null
+     */
+    public $redirectUri = null;
+
+    /**
+     * The exception type
+     */
+    public $errorType = '';
+
+    /**
+     * Parameter eventually passed to Exception
+     */
+    public $parameter = '';
+
+    /**
+     * Throw a new exception
+     *
+     * @param string $msg Exception Message
+     */
+    public function __construct($msg = 'An error occured')
+    {
+        parent::__construct($msg);
+    }
+
+    /**
+     * Should the server redirect back to the client?
+     *
+     * @return bool
+     */
+    public function shouldRedirect()
+    {
+        return is_null($this->redirectUri) ? false : true;
+    }
+
+    /**
+     * Return redirect URI if set
+     *
+     * @return string|null
+     */
+    public function getRedirectUri()
+    {
+        return RedirectUri::make(
+            $this->redirectUri,
+            [
+                'error' =>  $this->errorType,
+                'message' =>  $this->getMessage(),
+            ]
+        );
+    }
+
+    /**
+     * Return parameter if set
+     *
+     * @return string
+     */
+    public function getParameter()
+    {
+        return $this->parameter;
+    }
+
+    /**
+     * Get all headers that have to be send with the error response
+     *
+     * @return array Array with header values
+     */
+    public function getHttpHeaders()
+    {
+        $headers = [];
+        switch ($this->httpStatusCode) {
+            case 401:
+                $headers[] = 'HTTP/1.1 401 Unauthorized';
+                break;
+            case 500:
+                $headers[] = 'HTTP/1.1 500 Internal Server Error';
+                break;
+            case 501:
+                $headers[] = 'HTTP/1.1 501 Not Implemented';
+                break;
+            case 400:
+            default:
+                $headers[] = 'HTTP/1.1 400 Bad Request';
+                break;
+        }
+
+        // Add "WWW-Authenticate" header
+        //
+        // RFC 6749, section 5.2.:
+        // "If the client attempted to authenticate via the 'Authorization'
+        // request header field, the authorization server MUST
+        // respond with an HTTP 401 (Unauthorized) status code and
+        // include the "WWW-Authenticate" response header field
+        // matching the authentication scheme used by the client.
+        // @codeCoverageIgnoreStart
+        if ($this->errorType === 'invalid_client') {
+            $authScheme = null;
+            $request = new Request();
+            if ($request->getUser() !== null) {
+                $authScheme = 'Basic';
+            } else {
+                $authHeader = $request->headers->get('Authorization');
+                if ($authHeader !== null) {
+                    if (strpos($authHeader, 'Bearer') === 0) {
+                        $authScheme = 'Bearer';
+                    } elseif (strpos($authHeader, 'Basic') === 0) {
+                        $authScheme = 'Basic';
+                    }
+                }
+            }
+            if ($authScheme !== null) {
+                $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
+            }
+        }
+        // @codeCoverageIgnoreEnd
+        return $headers;
+    }
+}

src/Exception/ServerErrorException.php

@@ -0,0 +1,39 @@
+<?php
+/**
+ * OAuth 2.0 Server Error Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class ServerErrorException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 500;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'server_error';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct($parameter = null)
+    {
+        $this->parameter = $parameter;
+        $parameter = is_null($parameter) ? 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.' : $parameter;
+        parent::__construct($parameter);
+
+    }
+}

src/Exception/UnauthorizedClientException.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Unauthorized Client Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class UnauthorizedClientException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'unauthorized_client';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct()
+    {
+        parent::__construct('The client is not authorized to request an access token using this method.');
+    }
+}

src/Exception/UnsupportedGrantTypeException.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * OAuth 2.0 Invalid Request Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class UnsupportedGrantTypeException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'unsupported_grant_type';
+
+    /**
+     * {@inheritdoc}
+     */
+
+    public function __construct($parameter)
+    {
+        $this->parameter = $parameter;
+        parent::__construct(
+            sprintf(
+                'The authorization grant type "%s" is not supported by the authorization server.',
+                $parameter
+            )
+        );
+    }
+}

src/Exception/UnsupportedResponseTypeException.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ * OAuth 2.0 Unsupported Response Type Exception
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * Exception class
+ */
+class UnsupportedResponseTypeException extends OAuthException
+{
+    /**
+     * {@inheritdoc}
+     */
+    public $httpStatusCode = 400;
+
+    /**
+     * {@inheritdoc}
+     */
+    public $errorType = 'unsupported_response_type';
+
+    /**
+     * {@inheritdoc}
+     */
+    public function __construct($parameter, $redirectUri = null)
+    {
+        $this->parameter = $parameter;
+        parent::__construct('The authorization server does not support obtaining an access token using this method.');
+        $this->redirectUri = $redirectUri;
+    }
+}

src/Grant/AbstractGrant.php

@@ -0,0 +1,197 @@
+<?php
+/**
+ * OAuth 2.0 Abstract grant
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Exception;
+
+/**
+ * Abstract grant class
+ */
+abstract class AbstractGrant implements GrantTypeInterface
+{
+    /**
+     * Grant identifier
+     *
+     * @var string
+     */
+    protected $identifier = '';
+
+    /**
+     * Response type
+     *
+     * @var string
+     */
+    protected $responseType;
+
+    /**
+     * Callback to authenticate a user's name and password
+     *
+     * @var callable
+     */
+    protected $callback;
+
+    /**
+     * AuthServer instance
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer
+     */
+    protected $server;
+
+    /**
+     * Access token expires in override
+     *
+     * @var int
+     */
+    protected $accessTokenTTL;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getIdentifier()
+    {
+        return $this->identifier;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setIdentifier($identifier)
+    {
+        $this->identifier = $identifier;
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getResponseType()
+    {
+        return $this->responseType;
+    }
+
+    /**
+     * Get the TTL for an access token
+     *
+     * @return int The TTL
+     */
+    public function getAccessTokenTTL()
+    {
+        if ($this->accessTokenTTL) {
+            return $this->accessTokenTTL;
+        }
+
+        return $this->server->getAccessTokenTTL();
+    }
+
+    /**
+     * Override the default access token expire time
+     *
+     * @param int $accessTokenTTL
+     *
+     * @return self
+     */
+    public function setAccessTokenTTL($accessTokenTTL)
+    {
+        $this->accessTokenTTL = $accessTokenTTL;
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setAuthorizationServer(AuthorizationServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Given a list of scopes, validate them and return an array of Scope entities
+     *
+     * @param string                                    $scopeParam  A string of scopes (e.g. "profile email birthday")
+     * @param \League\OAuth2\Server\Entity\ClientEntity $client      Client entity
+     * @param string|null                               $redirectUri The redirect URI to return the user to
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
+     *
+     * @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
+     * @throws
+     */
+    public function validateScopes($scopeParam = '', ClientEntity $client, $redirectUri = null)
+    {
+        $scopesList = explode($this->server->getScopeDelimiter(), $scopeParam);
+
+        for ($i = 0; $i < count($scopesList); $i++) {
+            $scopesList[$i] = trim($scopesList[$i]);
+            if ($scopesList[$i] === '') {
+                unset($scopesList[$i]); // Remove any junk scopes
+            }
+        }
+
+        if (
+            $this->server->scopeParamRequired() === true
+            && $this->server->getDefaultScope() === null
+            && count($scopesList) === 0
+        ) {
+            throw new Exception\InvalidRequestException('scope');
+        } elseif (count($scopesList) === 0 && $this->server->getDefaultScope() !== null) {
+            if (is_array($this->server->getDefaultScope())) {
+                $scopesList = $this->server->getDefaultScope();
+            } else {
+                $scopesList = [0 => $this->server->getDefaultScope()];
+            }
+        }
+
+        $scopes = [];
+
+        foreach ($scopesList as $scopeItem) {
+            $scope = $this->server->getScopeStorage()->get(
+                $scopeItem,
+                $this->getIdentifier(),
+                $client->getId()
+            );
+
+            if (($scope instanceof ScopeEntity) === false) {
+                throw new Exception\InvalidScopeException($scopeItem, $redirectUri);
+            }
+
+            $scopes[$scope->getId()] = $scope;
+        }
+
+        return $scopes;
+    }
+
+    /**
+     * Format the local scopes array
+     *
+     * @param  \League\OAuth2\Server\Entity\ScopeEntity[]
+     *
+     * @return array
+     */
+    protected function formatScopes($unformated = [])
+    {
+        $scopes = [];
+        foreach ($unformated as $scope) {
+            if ($scope instanceof ScopeEntity) {
+                $scopes[$scope->getId()] = $scope;
+            }
+        }
+
+        return $scopes;
+    }
+}

src/Grant/AuthCodeGrant.php

@@ -0,0 +1,303 @@
+<?php
+/**
+ * OAuth 2.0 Auth code grant
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
+
+/**
+ * Auth code grant class
+ */
+class AuthCodeGrant extends AbstractGrant
+{
+    /**
+     * Grant identifier
+     *
+     * @var string
+     */
+    protected $identifier = 'authorization_code';
+
+    /**
+     * Response type
+     *
+     * @var string
+     */
+    protected $responseType = 'code';
+
+    /**
+     * AuthServer instance
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer
+     */
+    protected $server = null;
+
+    /**
+     * Access token expires in override
+     *
+     * @var int
+     */
+    protected $accessTokenTTL = null;
+
+    /**
+     * The TTL of the auth token
+     *
+     * @var integer
+     */
+    protected $authTokenTTL = 600;
+
+    /**
+     * Whether to require the client secret when
+     * completing the flow.
+     *
+     * @var boolean
+     */
+    protected $requireClientSecret = true;
+
+    /**
+     * Override the default access token expire time
+     *
+     * @param int $authTokenTTL
+     *
+     * @return void
+     */
+    public function setAuthTokenTTL($authTokenTTL)
+    {
+        $this->authTokenTTL = $authTokenTTL;
+    }
+
+    /**
+     *
+     * @param bool $required True to require client secret during access
+     *                       token request. False if not. Default = true
+     */
+    public function setRequireClientSecret($required)
+    {
+        $this->requireClientSecret = $required;
+    }
+
+    /**
+     * True if client secret is required during
+     * access token request. False if it isn't.
+     *
+     * @return bool
+     */
+    public function shouldRequireClientSecret()
+    {
+        return $this->requireClientSecret;
+    }
+
+    /**
+     * Check authorize parameters
+     *
+     * @return array Authorize request parameters
+     *
+     * @throws
+     */
+    public function checkAuthorizeParams()
+    {
+        // Get required params
+        $clientId = $this->server->getRequest()->query->get('client_id', null);
+        if (is_null($clientId)) {
+            throw new Exception\InvalidRequestException('client_id');
+        }
+
+        $redirectUri = $this->server->getRequest()->query->get('redirect_uri', null);
+        if (is_null($redirectUri)) {
+            throw new Exception\InvalidRequestException('redirect_uri');
+        }
+
+        // Validate client ID and redirect URI
+        $client = $this->server->getClientStorage()->get(
+            $clientId,
+            null,
+            $redirectUri,
+            $this->getIdentifier()
+        );
+
+        if (($client instanceof ClientEntity) === false) {
+            $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidClientException();
+        }
+
+        $state = $this->server->getRequest()->query->get('state', null);
+        if ($this->server->stateParamRequired() === true && is_null($state)) {
+            throw new Exception\InvalidRequestException('state', $redirectUri);
+        }
+
+        $responseType = $this->server->getRequest()->query->get('response_type', null);
+        if (is_null($responseType)) {
+            throw new Exception\InvalidRequestException('response_type', $redirectUri);
+        }
+
+        // Ensure response type is one that is recognised
+        if (!in_array($responseType, $this->server->getResponseTypes())) {
+            throw new Exception\UnsupportedResponseTypeException($responseType, $redirectUri);
+        }
+
+        // Validate any scopes that are in the request
+        $scopeParam = $this->server->getRequest()->query->get('scope', '');
+        $scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
+
+        return [
+            'client'        => $client,
+            'redirect_uri'  => $redirectUri,
+            'state'         => $state,
+            'response_type' => $responseType,
+            'scopes'        => $scopes
+        ];
+    }
+
+    /**
+     * Parse a new authorize request
+     *
+     * @param string $type       The session owner's type
+     * @param string $typeId     The session owner's ID
+     * @param array  $authParams The authorize request $_GET parameters
+     *
+     * @return string An authorisation code
+     */
+    public function newAuthorizeRequest($type, $typeId, $authParams = [])
+    {
+        // Create a new session
+        $session = new SessionEntity($this->server);
+        $session->setOwner($type, $typeId);
+        $session->associateClient($authParams['client']);
+
+        // Create a new auth code
+        $authCode = new AuthCodeEntity($this->server);
+        $authCode->setId(SecureKey::generate());
+        $authCode->setRedirectUri($authParams['redirect_uri']);
+        $authCode->setExpireTime(time() + $this->authTokenTTL);
+
+        foreach ($authParams['scopes'] as $scope) {
+            $authCode->associateScope($scope);
+            $session->associateScope($scope);
+        }
+
+        $session->save();
+        $authCode->setSession($session);
+        $authCode->save();
+
+        return $authCode->generateRedirectUri($authParams['state']);
+    }
+
+    /**
+     * Complete the auth code grant
+     *
+     * @return array
+     *
+     * @throws
+     */
+    public function completeFlow()
+    {
+        // Get the required params
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
+        if (is_null($clientId)) {
+            throw new Exception\InvalidRequestException('client_id');
+        }
+
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
+        if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
+            throw new Exception\InvalidRequestException('client_secret');
+        }
+
+        $redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
+        if (is_null($redirectUri)) {
+            throw new Exception\InvalidRequestException('redirect_uri');
+        }
+
+        // Validate client ID and client secret
+        $client = $this->server->getClientStorage()->get(
+            $clientId,
+            $clientSecret,
+            $redirectUri,
+            $this->getIdentifier()
+        );
+
+        if (($client instanceof ClientEntity) === false) {
+            $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidClientException();
+        }
+
+        // Validate the auth code
+        $authCode = $this->server->getRequest()->request->get('code', null);
+        if (is_null($authCode)) {
+            throw new Exception\InvalidRequestException('code');
+        }
+
+        $code = $this->server->getAuthCodeStorage()->get($authCode);
+        if (($code instanceof AuthCodeEntity) === false) {
+            throw new Exception\InvalidRequestException('code');
+        }
+
+        // Ensure the auth code hasn't expired
+        if ($code->isExpired() === true) {
+            throw new Exception\InvalidRequestException('code');
+        }
+
+        // Check redirect URI presented matches redirect URI originally used in authorize request
+        if ($code->getRedirectUri() !== $redirectUri) {
+            throw new Exception\InvalidRequestException('redirect_uri');
+        }
+
+        $session = $code->getSession();
+        $session->associateClient($client);
+
+        $authCodeScopes = $code->getScopes();
+
+        // Generate the access token
+        $accessToken = new AccessTokenEntity($this->server);
+        $accessToken->setId(SecureKey::generate());
+        $accessToken->setExpireTime($this->getAccessTokenTTL() + time());
+
+        foreach ($authCodeScopes as $authCodeScope) {
+            $session->associateScope($authCodeScope);
+        }
+
+        foreach ($session->getScopes() as $scope) {
+            $accessToken->associateScope($scope);
+        }
+
+        $this->server->getTokenType()->setSession($session);
+        $this->server->getTokenType()->setParam('access_token', $accessToken->getId());
+        $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
+
+        // Associate a refresh token if set
+        if ($this->server->hasGrantType('refresh_token')) {
+            $refreshToken = new RefreshTokenEntity($this->server);
+            $refreshToken->setId(SecureKey::generate());
+            $refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
+            $this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
+        }
+
+        // Expire the auth code
+        $code->expire();
+
+        // Save all the things
+        $accessToken->setSession($session);
+        $accessToken->save();
+
+        if (isset($refreshToken) && $this->server->hasGrantType('refresh_token')) {
+            $refreshToken->setAccessToken($accessToken);
+            $refreshToken->save();
+        }
+
+        return $this->server->getTokenType()->generateResponse();
+    }
+}

src/Grant/ClientCredentialsGrant.php

@@ -0,0 +1,122 @@
+<?php
+/**
+ * OAuth 2.0 Client credentials grant
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
+
+/**
+ * Client credentials grant class
+ */
+class ClientCredentialsGrant extends AbstractGrant
+{
+    /**
+     * Grant identifier
+     *
+     * @var string
+     */
+    protected $identifier = 'client_credentials';
+
+    /**
+     * Response type
+     *
+     * @var string
+     */
+    protected $responseType = null;
+
+    /**
+     * AuthServer instance
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer
+     */
+    protected $server = null;
+
+    /**
+     * Access token expires in override
+     *
+     * @var int
+     */
+    protected $accessTokenTTL = null;
+
+    /**
+     * Complete the client credentials grant
+     *
+     * @return array
+     *
+     * @throws
+     */
+    public function completeFlow()
+    {
+        // Get the required params
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
+        if (is_null($clientId)) {
+            throw new Exception\InvalidRequestException('client_id');
+        }
+
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
+        if (is_null($clientSecret)) {
+            throw new Exception\InvalidRequestException('client_secret');
+        }
+
+        // Validate client ID and client secret
+        $client = $this->server->getClientStorage()->get(
+            $clientId,
+            $clientSecret,
+            null,
+            $this->getIdentifier()
+        );
+
+        if (($client instanceof ClientEntity) === false) {
+            $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidClientException();
+        }
+
+        // Validate any scopes that are in the request
+        $scopeParam = $this->server->getRequest()->request->get('scope', '');
+        $scopes = $this->validateScopes($scopeParam, $client);
+
+        // Create a new session
+        $session = new SessionEntity($this->server);
+        $session->setOwner('client', $client->getId());
+        $session->associateClient($client);
+
+        // Generate an access token
+        $accessToken = new AccessTokenEntity($this->server);
+        $accessToken->setId(SecureKey::generate());
+        $accessToken->setExpireTime($this->getAccessTokenTTL() + time());
+
+        // Associate scopes with the session and access token
+        foreach ($scopes as $scope) {
+            $session->associateScope($scope);
+        }
+
+        foreach ($session->getScopes() as $scope) {
+            $accessToken->associateScope($scope);
+        }
+
+        // Save everything
+        $session->save();
+        $accessToken->setSession($session);
+        $accessToken->save();
+
+        $this->server->getTokenType()->setSession($session);
+        $this->server->getTokenType()->setParam('access_token', $accessToken->getId());
+        $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
+
+        return $this->server->getTokenType()->generateResponse();
+    }
+}

src/Grant/GrantTypeInterface.php

@@ -0,0 +1,59 @@
+<?php
+/**
+ * OAuth 2.0 Grant type interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\AuthorizationServer;
+
+/**
+ * Grant type interface
+ */
+interface GrantTypeInterface
+{
+    /**
+     * Return the identifier
+     *
+     * @return string
+     */
+    public function getIdentifier();
+
+    /**
+     * Return the identifier
+     *
+     * @param string $identifier
+     *
+     * @return self
+     */
+    public function setIdentifier($identifier);
+
+    /**
+     * Return the response type
+     *
+     * @return string
+     */
+    public function getResponseType();
+
+    /**
+     * Inject the authorization server into the grant
+     *
+     * @param \League\OAuth2\Server\AuthorizationServer $server The authorization server instance
+     *
+     * @return self
+     */
+    public function setAuthorizationServer(AuthorizationServer $server);
+
+    /**
+     * Complete the grant flow
+     *
+     * @return array
+     */
+    public function completeFlow();
+}

src/Grant/PasswordGrant.php

@@ -0,0 +1,182 @@
+<?php
+/**
+ * OAuth 2.0 Password grant
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
+
+/**
+ * Password grant class
+ */
+class PasswordGrant extends AbstractGrant
+{
+    /**
+     * Grant identifier
+     *
+     * @var string
+     */
+    protected $identifier = 'password';
+
+    /**
+     * Response type
+     *
+     * @var string
+     */
+    protected $responseType;
+
+    /**
+     * Callback to authenticate a user's name and password
+     *
+     * @var callable
+     */
+    protected $callback;
+
+    /**
+     * Access token expires in override
+     *
+     * @var int
+     */
+    protected $accessTokenTTL;
+
+    /**
+     * Set the callback to verify a user's username and password
+     *
+     * @param callable $callback The callback function
+     *
+     * @return void
+     */
+    public function setVerifyCredentialsCallback(callable $callback)
+    {
+        $this->callback = $callback;
+    }
+
+    /**
+     * Return the callback function
+     *
+     * @return callable
+     *
+     * @throws
+     */
+    protected function getVerifyCredentialsCallback()
+    {
+        if (is_null($this->callback) || !is_callable($this->callback)) {
+            throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
+        }
+
+        return $this->callback;
+    }
+
+    /**
+     * Complete the password grant
+     *
+     * @return array
+     *
+     * @throws
+     */
+    public function completeFlow()
+    {
+        // Get the required params
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
+        if (is_null($clientId)) {
+            throw new Exception\InvalidRequestException('client_id');
+        }
+
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
+        if (is_null($clientSecret)) {
+            throw new Exception\InvalidRequestException('client_secret');
+        }
+
+        // Validate client ID and client secret
+        $client = $this->server->getClientStorage()->get(
+            $clientId,
+            $clientSecret,
+            null,
+            $this->getIdentifier()
+        );
+
+        if (($client instanceof ClientEntity) === false) {
+            $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidClientException();
+        }
+
+        $username = $this->server->getRequest()->request->get('username', null);
+        if (is_null($username)) {
+            throw new Exception\InvalidRequestException('username');
+        }
+
+        $password = $this->server->getRequest()->request->get('password', null);
+        if (is_null($password)) {
+            throw new Exception\InvalidRequestException('password');
+        }
+
+        // Check if user's username and password are correct
+        $userId = call_user_func($this->getVerifyCredentialsCallback(), $username, $password);
+
+        if ($userId === false) {
+            $this->server->getEventEmitter()->emit(new Event\UserAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidCredentialsException();
+        }
+
+        // Validate any scopes that are in the request
+        $scopeParam = $this->server->getRequest()->request->get('scope', '');
+        $scopes = $this->validateScopes($scopeParam, $client);
+
+        // Create a new session
+        $session = new SessionEntity($this->server);
+        $session->setOwner('user', $userId);
+        $session->associateClient($client);
+
+        // Generate an access token
+        $accessToken = new AccessTokenEntity($this->server);
+        $accessToken->setId(SecureKey::generate());
+        $accessToken->setExpireTime($this->getAccessTokenTTL() + time());
+
+        // Associate scopes with the session and access token
+        foreach ($scopes as $scope) {
+            $session->associateScope($scope);
+        }
+
+        foreach ($session->getScopes() as $scope) {
+            $accessToken->associateScope($scope);
+        }
+
+        $this->server->getTokenType()->setSession($session);
+        $this->server->getTokenType()->setParam('access_token', $accessToken->getId());
+        $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
+
+        // Associate a refresh token if set
+        if ($this->server->hasGrantType('refresh_token')) {
+            $refreshToken = new RefreshTokenEntity($this->server);
+            $refreshToken->setId(SecureKey::generate());
+            $refreshToken->setExpireTime($this->server->getGrantType('refresh_token')->getRefreshTokenTTL() + time());
+            $this->server->getTokenType()->setParam('refresh_token', $refreshToken->getId());
+        }
+
+        // Save everything
+        $session->save();
+        $accessToken->setSession($session);
+        $accessToken->save();
+
+        if ($this->server->hasGrantType('refresh_token')) {
+            $refreshToken->setAccessToken($accessToken);
+            $refreshToken->save();
+        }
+
+        return $this->server->getTokenType()->generateResponse();
+    }
+}

src/Grant/RefreshTokenGrant.php

@@ -0,0 +1,223 @@
+<?php
+/**
+ * OAuth 2.0 Refresh token grant
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
+
+/**
+ * Refresh token grant
+ */
+class RefreshTokenGrant extends AbstractGrant
+{
+    /**
+     * {@inheritdoc}
+     */
+    protected $identifier = 'refresh_token';
+
+    /**
+     * Refresh token TTL (default = 604800 | 1 week)
+     *
+     * @var integer
+     */
+    protected $refreshTokenTTL = 604800;
+
+    /**
+     * Rotate token (default = true)
+     *
+     * @var integer
+     */
+    protected $refreshTokenRotate = true;
+
+    /**
+     * Whether to require the client secret when
+     * completing the flow.
+     *
+     * @var boolean
+     */
+    protected $requireClientSecret = true;
+
+    /**
+     * Set the TTL of the refresh token
+     *
+     * @param int $refreshTokenTTL
+     *
+     * @return void
+     */
+    public function setRefreshTokenTTL($refreshTokenTTL)
+    {
+        $this->refreshTokenTTL = $refreshTokenTTL;
+    }
+
+    /**
+     * Get the TTL of the refresh token
+     *
+     * @return int
+     */
+    public function getRefreshTokenTTL()
+    {
+        return $this->refreshTokenTTL;
+    }
+
+    /**
+     * Set the rotation boolean of the refresh token
+     * @param bool $refreshTokenRotate
+     */
+    public function setRefreshTokenRotation($refreshTokenRotate = true)
+    {
+        $this->refreshTokenRotate = $refreshTokenRotate;
+    }
+
+    /**
+     * Get rotation boolean of the refresh token
+     *
+     * @return bool
+     */
+    public function shouldRotateRefreshTokens()
+    {
+        return $this->refreshTokenRotate;
+    }
+
+    /**
+     *
+     * @param bool $required True to require client secret during access
+     *                       token request. False if not. Default = true
+     */
+    public function setRequireClientSecret($required)
+    {
+        $this->requireClientSecret = $required;
+    }
+
+    /**
+     * True if client secret is required during
+     * access token request. False if it isn't.
+     *
+     * @return bool
+     */
+    public function shouldRequireClientSecret()
+    {
+        return $this->requireClientSecret;
+    }
+
+
+    /**
+     * {@inheritdoc}
+     */
+    public function completeFlow()
+    {
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
+        if (is_null($clientId)) {
+            throw new Exception\InvalidRequestException('client_id');
+        }
+
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
+        if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
+            throw new Exception\InvalidRequestException('client_secret');
+        }
+
+        // Validate client ID and client secret
+        $client = $this->server->getClientStorage()->get(
+            $clientId,
+            $clientSecret,
+            null,
+            $this->getIdentifier()
+        );
+
+        if (($client instanceof ClientEntity) === false) {
+            $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
+            throw new Exception\InvalidClientException();
+        }
+
+        $oldRefreshTokenParam = $this->server->getRequest()->request->get('refresh_token', null);
+        if ($oldRefreshTokenParam === null) {
+            throw new Exception\InvalidRequestException('refresh_token');
+        }
+
+        // Validate refresh token
+        $oldRefreshToken = $this->server->getRefreshTokenStorage()->get($oldRefreshTokenParam);
+
+        if (($oldRefreshToken instanceof RefreshTokenEntity) === false) {
+            throw new Exception\InvalidRefreshException();
+        }
+
+        // Ensure the old refresh token hasn't expired
+        if ($oldRefreshToken->isExpired() === true) {
+            throw new Exception\InvalidRefreshException();
+        }
+
+        $oldAccessToken = $oldRefreshToken->getAccessToken();
+
+        // Get the scopes for the original session
+        $session = $oldAccessToken->getSession();
+        $scopes = $this->formatScopes($session->getScopes());
+
+        // Get and validate any requested scopes
+        $requestedScopesString = $this->server->getRequest()->request->get('scope', '');
+        $requestedScopes = $this->validateScopes($requestedScopesString, $client);
+
+        // If no new scopes are requested then give the access token the original session scopes
+        if (count($requestedScopes) === 0) {
+            $newScopes = $scopes;
+        } else {
+            // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
+            //  the request doesn't include any new scopes
+            foreach ($requestedScopes as $requestedScope) {
+                if (!isset($scopes[$requestedScope->getId()])) {
+                    throw new Exception\InvalidScopeException($requestedScope->getId());
+                }
+            }
+
+            $newScopes = $requestedScopes;
+        }
+
+        // Generate a new access token and assign it the correct sessions
+        $newAccessToken = new AccessTokenEntity($this->server);
+        $newAccessToken->setId(SecureKey::generate());
+        $newAccessToken->setExpireTime($this->getAccessTokenTTL() + time());
+        $newAccessToken->setSession($session);
+
+        foreach ($newScopes as $newScope) {
+            $newAccessToken->associateScope($newScope);
+        }
+
+        // Expire the old token and save the new one
+        $oldAccessToken->expire();
+        $newAccessToken->save();
+
+        $this->server->getTokenType()->setSession($session);
+        $this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
+        $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
+
+        if ($this->shouldRotateRefreshTokens()) {
+            // Expire the old refresh token
+            $oldRefreshToken->expire();
+
+            // Generate a new refresh token
+            $newRefreshToken = new RefreshTokenEntity($this->server);
+            $newRefreshToken->setId(SecureKey::generate());
+            $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
+            $newRefreshToken->setAccessToken($newAccessToken);
+            $newRefreshToken->save();
+
+            $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+        } else {
+            $this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
+        }
+
+        return $this->server->getTokenType()->generateResponse();
+    }
+}

src/League/OAuth2/Server/Authorization.php

@@ -1,475 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Authorization Server
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server;
-
-use League\OAuth2\Server\Util\Request;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-use League\OAuth2\Server\Grant\GrantTypeInterface;
-
-/**
- * OAuth 2.0 authorization server class
- */
-class Authorization
-{
-    /**
-     * The delimeter between scopes specified in the scope query string parameter
-     *
-     * The OAuth 2 specification states it should be a space but most use a comma
-     * @var string
-     */
-    protected $scopeDelimeter = ' ';
-
-    /**
-     * The TTL (time to live) of an access token in seconds (default: 3600)
-     * @var integer
-     */
-    protected $accessTokenTTL = 3600;
-
-    /**
-     * The registered grant response types
-     * @var array
-     */
-    protected $responseTypes = array();
-
-    /**
-     * The client, scope and session storage classes
-     * @var array
-     */
-    protected $storages = array();
-
-    /**
-     * The registered grant types
-     * @var array
-     */
-    protected $grantTypes = array();
-
-    /**
-     * Require the "scope" parameter to be in checkAuthoriseParams()
-     * @var boolean
-     */
-    protected $requireScopeParam = false;
-
-    /**
-     * Default scope(s) to be used if none is provided
-     * @var string|array
-     */
-    protected $defaultScope = null;
-
-    /**
-     * Require the "state" parameter to be in checkAuthoriseParams()
-     * @var boolean
-     */
-    protected $requireStateParam = false;
-
-    /**
-     * The request object
-     * @var Util\RequestInterface
-     */
-    protected $request = null;
-
-    /**
-     * Exception error codes
-     * @var array
-     */
-    protected static $exceptionCodes = array(
-        0   =>  'invalid_request',
-        1   =>  'unauthorized_client',
-        2   =>  'access_denied',
-        3   =>  'unsupported_response_type',
-        4   =>  'invalid_scope',
-        5   =>  'server_error',
-        6   =>  'temporarily_unavailable',
-        7   =>  'unsupported_grant_type',
-        8   =>  'invalid_client',
-        9   =>  'invalid_grant'
-    );
-
-    /**
-     * Exception error messages
-     * @var array
-     */
-    protected static $exceptionMessages = array(
-        'invalid_request'           =>  'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
-        'unauthorized_client'       =>  'The client is not authorized to request an access token using this method.',
-        'access_denied'             =>  'The resource owner or authorization server denied the request.',
-        'unsupported_response_type' =>  'The authorization server does not support obtaining an access token using this method.',
-        'invalid_scope'             =>  'The requested scope is invalid, unknown, or malformed. Check the "%s" scope.',
-        'server_error'              =>  'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.',
-        'temporarily_unavailable'   =>  'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.',
-        'unsupported_grant_type'    =>  'The authorization grant type "%s" is not supported by the authorization server',
-        'invalid_client'            =>  'Client authentication failed',
-        'invalid_grant'             =>  'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. Check the "%s" parameter.',
-        'invalid_credentials'       =>  'The user credentials were incorrect.',
-        'invalid_refresh'           =>  'The refresh token is invalid.',
-    );
-
-    /**
-     * Exception error HTTP status codes
-     * @var array
-     *
-     * RFC 6749, section 4.1.2.1.:
-     * No 503 status code for 'temporarily_unavailable', because
-     * "a 503 Service Unavailable HTTP status code cannot be
-     * returned to the client via an HTTP redirect"
-     */
-    protected static $exceptionHttpStatusCodes = array(
-        'invalid_request'           =>  400,
-        'unauthorized_client'       =>  400,
-        'access_denied'             =>  401,
-        'unsupported_response_type' =>  400,
-        'invalid_scope'             =>  400,
-        'server_error'              =>  500,
-        'temporarily_unavailable'   =>  400,
-        'unsupported_grant_type'    =>  501,
-        'invalid_client'            =>  401,
-        'invalid_grant'             =>  400,
-        'invalid_credentials'       =>  400,
-        'invalid_refresh'           =>  400,
-    );
-
-    /**
-     * Get all headers that have to be send with the error response
-     *
-     * @param  string $error The error message key
-     * @return array         Array with header values
-     */
-    public static function getExceptionHttpHeaders($error)
-    {
-        $headers = array();
-        switch (self::$exceptionHttpStatusCodes[$error]) {
-            case 401:
-                $headers[] = 'HTTP/1.1 401 Unauthorized';
-                break;
-            case 500:
-                $headers[] = 'HTTP/1.1 500 Internal Server Error';
-                break;
-            case 501:
-                $headers[] = 'HTTP/1.1 501 Not Implemented';
-                break;
-            case 400:
-            default:
-                $headers[] = 'HTTP/1.1 400 Bad Request';
-        }
-
-        // Add "WWW-Authenticate" header
-        //
-        // RFC 6749, section 5.2.:
-        // "If the client attempted to authenticate via the 'Authorization'
-        // request header field, the authorization server MUST
-        // respond with an HTTP 401 (Unauthorized) status code and
-        // include the "WWW-Authenticate" response header field
-        // matching the authentication scheme used by the client.
-        // @codeCoverageIgnoreStart
-        if ($error === 'invalid_client') {
-            $authScheme = null;
-            $request = new Request();
-            if ($request->server('PHP_AUTH_USER') !== null) {
-                $authScheme = 'Basic';
-            } else {
-                $authHeader = $request->header('Authorization');
-                if ($authHeader !== null) {
-                    if (strpos($authHeader, 'Bearer') === 0) {
-                        $authScheme = 'Bearer';
-                    } elseif (strpos($authHeader, 'Basic') === 0) {
-                        $authScheme = 'Basic';
-                    }
-                }
-            }
-            if ($authScheme !== null) {
-                $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
-            }
-        }
-        // @codeCoverageIgnoreEnd
-
-        return $headers;
-    }
-
-    /**
-     * Get an exception message
-     *
-     * @param  string $error The error message key
-     * @return string        The error message
-     */
-    public static function getExceptionMessage($error = '')
-    {
-        return self::$exceptionMessages[$error];
-    }
-
-    /**
-     * Get an exception code
-     *
-     * @param  integer $code The exception code
-     * @return string        The exception code type
-     */
-    public static function getExceptionType($code = 0)
-    {
-        return self::$exceptionCodes[$code];
-    }
-
-    /**
-     * Create a new OAuth2 authorization server
-     *
-     * @param ClientInterface  $client  A class which inherits from Storage/ClientInterface
-     * @param SessionInterface $session A class which inherits from Storage/SessionInterface
-     * @param ScopeInterface   $scope   A class which inherits from Storage/ScopeInterface
-     */
-    public function __construct(ClientInterface $client, SessionInterface $session, ScopeInterface $scope)
-    {
-        $this->storages = array(
-            'client'    =>  $client,
-            'session'   =>  $session,
-            'scope' =>  $scope
-        );
-    }
-
-    /**
-     * Enable support for a grant
-     * @param GrantTypeInterface $grantType  A grant class which conforms to Interface/GrantTypeInterface
-     * @param null|string        $identifier An identifier for the grant (autodetected if not passed)
-     */
-    public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
-    {
-        if (is_null($identifier)) {
-            $identifier = $grantType->getIdentifier();
-        }
-        $this->grantTypes[$identifier] = $grantType;
-
-        if ( ! is_null($grantType->getResponseType())) {
-            $this->responseTypes[] = $grantType->getResponseType();
-        }
-    }
-
-    /**
-     * Check if a grant type has been enabled
-     * @param  string  $identifier The grant type identifier
-     * @return boolean             Returns "true" if enabled, "false" if not
-     */
-    public function hasGrantType($identifier)
-    {
-        return (array_key_exists($identifier, $this->grantTypes));
-    }
-
-    /**
-     * Returns response types
-     *
-     * @return array
-     */
-    public function getResponseTypes()
-    {
-        return $this->responseTypes;
-    }
-
-    /**
-     * Require the "scope" paremter in checkAuthoriseParams()
-     * @param  boolean $require
-     * @return void
-     */
-    public function requireScopeParam($require = true)
-    {
-        $this->requireScopeParam = $require;
-    }
-
-    /**
-     * Is the scope parameter required?
-     * @return bool
-     */
-    public function scopeParamRequired()
-    {
-        return $this->requireScopeParam;
-    }
-
-    /**
-     * Default scope to be used if none is provided and requireScopeParam is false
-     * @param string|array $default
-     */
-    public function setDefaultScope($default = null)
-    {
-        $this->defaultScope = $default;
-        return $this;
-    }
-
-    /**
-     * Default scope to be used if none is provided and requireScopeParam is false
-     * @return string|null
-     */
-    public function getDefaultScope()
-    {
-        return $this->defaultScope;
-    }
-
-    /**
-     * Require the "state" paremter in checkAuthoriseParams()
-     * @param  boolean $require
-     * @return void
-     */
-    public function stateParamRequired()
-    {
-        return $this->requireStateParam;
-    }
-
-    /**
-     * Require the "state" paremter in checkAuthoriseParams()
-     * @param  boolean $require
-     * @return void
-     */
-    public function requireStateParam($require = true)
-    {
-        $this->requireStateParam = $require;
-        return $this;
-    }
-
-    /**
-     * Get the scope delimeter
-     *
-     * @return string The scope delimiter (default: ",")
-     */
-    public function getScopeDelimeter()
-    {
-        return $this->scopeDelimeter;
-    }
-
-    /**
-     * Set the scope delimiter
-     *
-     * @param string $scopeDelimeter
-     */
-    public function setScopeDelimeter($scopeDelimeter = ' ')
-    {
-        $this->scopeDelimeter = $scopeDelimeter;
-        return $this;
-    }
-
-    /**
-     * Get the TTL for an access token
-     * @return int The TTL
-     */
-    public function getAccessTokenTTL()
-    {
-        return $this->accessTokenTTL;
-    }
-
-    /**
-     * Set the TTL for an access token
-     * @param int $accessTokenTTL The new TTL
-     */
-    public function setAccessTokenTTL($accessTokenTTL = 3600)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-        return $this;
-    }
-
-    /**
-     * Sets the Request Object
-     *
-     * @param Util\RequestInterface The Request Object
-     */
-    public function setRequest(Util\RequestInterface $request)
-    {
-        $this->request = $request;
-        return $this;
-    }
-
-    /**
-     * Gets the Request object.  It will create one from the globals if one is not set.
-     *
-     * @return Util\RequestInterface
-     */
-    public function getRequest()
-    {
-        if ($this->request === null) {
-            // @codeCoverageIgnoreStart
-            $this->request = Request::buildFromGlobals();
-        }
-        // @codeCoverageIgnoreEnd
-
-        return $this->request;
-    }
-
-    /**
-     * Return a storage class
-     * @param  string $obj The class required
-     * @return Storage\ClientInterface|Storage\ScopeInterface|Storage\SessionInterface
-     */
-    public function getStorage($obj)
-    {
-        return $this->storages[$obj];
-    }
-
-    /**
-     * Issue an access token
-     *
-     * @param  array $inputParams Optional array of parsed $_POST keys
-     * @return array             Authorise request parameters
-     */
-    public function issueAccessToken($inputParams = array())
-    {
-        $grantType = $this->getParam('grant_type', 'post', $inputParams);
-
-        if (is_null($grantType)) {
-            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'grant_type'), 0);
-        }
-
-        // Ensure grant type is one that is recognised and is enabled
-        if ( ! in_array($grantType, array_keys($this->grantTypes))) {
-            throw new Exception\ClientException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 7);
-        }
-
-        // Complete the flow
-        return $this->getGrantType($grantType)->completeFlow($inputParams);
-    }
-
-    /**
-     * Return a grant type class
-     * @param  string $grantType The grant type identifer
-     * @return Grant\AuthCode|Grant\ClientCredentials|Grant\Implict|Grant\Password|Grant\RefreshToken
-     */
-    public function getGrantType($grantType)
-    {
-        if (isset($this->grantTypes[$grantType])) {
-            return $this->grantTypes[$grantType];
-        }
-
-        throw new Exception\InvalidGrantTypeException(sprintf(self::$exceptionMessages['unsupported_grant_type'], $grantType), 9);
-        }
-
-    /**
-     * Get a parameter from passed input parameters or the Request class
-     * @param  string|array $param Required parameter
-     * @param  string $method      Get/put/post/delete
-     * @param  array  $inputParams Passed input parameters
-     * @return mixed               'Null' if parameter is missing
-     */
-    public function getParam($param = '', $method = 'get', $inputParams = array(), $default = null)
-    {
-        if (is_string($param)) {
-            if (isset($inputParams[$param])) {
-                return $inputParams[$param];
-            } elseif ($param === 'client_id' && ! is_null($clientId = $this->getRequest()->server('PHP_AUTH_USER'))) {
-                return $clientId;
-            } elseif ($param === 'client_secret' && ! is_null($clientSecret = $this->getRequest()->server('PHP_AUTH_PW'))) {
-                return $clientSecret;
-            } else {
-                return $this->getRequest()->{$method}($param, $default);
-            }
-        } else {
-            $response = array();
-            foreach ($param as $p) {
-                $response[$p] = $this->getParam($p, $method, $inputParams);
-            }
-            return $response;
-        }
-    }
-
-}

src/League/OAuth2/Server/Exception/ClientException.php

@@ -1,20 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Client Exception
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Exception;
-
-/**
- * ClientException Exception
- */
-class ClientException extends OAuth2Exception
-{
-
-}

src/League/OAuth2/Server/Exception/InvalidAccessTokenException.php

@@ -1,20 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Invalid Access Token Exception
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Exception;
-
-/**
- * InvalidAccessToken Exception
- */
-class InvalidAccessTokenException extends OAuth2Exception
-{
-
-}

src/League/OAuth2/Server/Exception/InvalidGrantTypeException.php

@@ -1,20 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Invalid Grant Type Exception
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Exception;
-
-/**
- * InvalidGrantTypeException Exception
- */
-class InvalidGrantTypeException extends OAuth2Exception
-{
-
-}

src/League/OAuth2/Server/Exception/OAuth2Exception.php

@@ -1,20 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Base Exception
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Exception;
-
-/**
- * Exception class
- */
-class OAuth2Exception extends \Exception
-{
-
-}

src/League/OAuth2/Server/Grant/AuthCode.php

@@ -1,269 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Auth code grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-/**
- * Auth code grant class
- */
-class AuthCode implements GrantTypeInterface {
-
-    use GrantTrait;
-
-    /**
-     * Grant identifier
-     * @var string
-     */
-    protected $identifier = 'authorization_code';
-
-    /**
-     * Response type
-     * @var string
-     */
-    protected $responseType = 'code';
-
-    /**
-     * AuthServer instance
-     * @var AuthServer
-     */
-    protected $authServer = null;
-
-    /**
-     * Access token expires in override
-     * @var int
-     */
-    protected $accessTokenTTL = null;
-
-    /**
-     * The TTL of the auth token
-     * @var integer
-     */
-    protected $authTokenTTL = 600;
-
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $authTokenTTL
-     * @return void
-     */
-    public function setAuthTokenTTL($authTokenTTL)
-    {
-        $this->authTokenTTL = $authTokenTTL;
-    }
-
-    /**
-     * Check authorise parameters
-     *
-     * @param  array $inputParams Optional array of parsed $_GET keys
-     * @throws \OAuth2\Exception\ClientException
-     * @return array             Authorise request parameters
-     */
-    public function checkAuthoriseParams($inputParams = array())
-    {
-        // Auth params
-        $authParams = $this->authServer->getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
-
-        if (is_null($authParams['client_id'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
-        }
-
-        if (is_null($authParams['redirect_uri'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
-        }
-
-        if ($this->authServer->stateParamRequired() === true && is_null($authParams['state'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'state'), 0);
-        }
-
-        // Validate client ID and redirect URI
-        $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], null, $authParams['redirect_uri'], $this->identifier);
-
-        if ($clientDetails === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
-        }
-
-        $authParams['client_details'] = $clientDetails;
-
-        if (is_null($authParams['response_type'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'response_type'), 0);
-        }
-
-        // Ensure response type is one that is recognised
-        if ( ! in_array($authParams['response_type'], $this->authServer->getResponseTypes())) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('unsupported_response_type'), 3);
-        }
-
-        // Validate scopes
-        $scopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
-
-        for ($i = 0; $i < count($scopes); $i++) {
-            $scopes[$i] = trim($scopes[$i]);
-            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
-        }
-
-        if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
-            if (is_array($this->authServer->getDefaultScope())) {
-                $scopes = $this->authServer->getDefaultScope();
-            } else {
-                $scopes = array($this->authServer->getDefaultScope());
-            }
-        }
-
-        $authParams['scopes'] = array();
-
-        foreach ($scopes as $scope) {
-            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
-
-            if ($scopeDetails === false) {
-                throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
-            }
-
-            $authParams['scopes'][] = $scopeDetails;
-        }
-
-        return $authParams;
-    }
-
-    /**
-     * Parse a new authorise request
-     *
-     * @param  string $type        The session owner's type
-     * @param  string $typeId      The session owner's ID
-     * @param  array  $authParams  The authorise request $_GET parameters
-     * @return string              An authorisation code
-     */
-    public function newAuthoriseRequest($type, $typeId, $authParams = array())
-    {
-        // Generate an auth code
-        $authCode = SecureKey::make();
-
-        // Remove any old sessions the user might have
-        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], $type, $typeId);
-
-        // Create a new session
-        $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], $type, $typeId);
-
-        // Associate a redirect URI
-        $this->authServer->getStorage('session')->associateRedirectUri($sessionId, $authParams['redirect_uri']);
-
-        // Associate the auth code
-        $authCodeId = $this->authServer->getStorage('session')->associateAuthCode($sessionId, $authCode, time() + $this->authTokenTTL);
-
-        // Associate the scopes to the auth code
-        foreach ($authParams['scopes'] as $scope) {
-            $this->authServer->getStorage('session')->associateAuthCodeScope($authCodeId, $scope['id']);
-        }
-
-        return $authCode;
-    }
-
-    /**
-     * Complete the auth code grant
-     * @param  null|array $inputParams
-     * @return array
-     */
-    public function completeFlow($inputParams = null)
-    {
-        // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'redirect_uri', 'code'), 'post', $inputParams);
-
-        if (is_null($authParams['client_id'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
-        }
-
-        if (is_null($authParams['client_secret'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
-        }
-
-        if (is_null($authParams['redirect_uri'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'redirect_uri'), 0);
-        }
-
-        // Validate client ID and redirect URI
-        $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], $authParams['redirect_uri'], $this->identifier);
-
-        if ($clientDetails === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
-        }
-
-        $authParams['client_details'] = $clientDetails;
-
-        // Validate the authorization code
-        if (is_null($authParams['code'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'code'), 0);
-        }
-
-        // Verify the authorization code matches the client_id and the request_uri
-        $authCodeDetails = $this->authServer->getStorage('session')->validateAuthCode($authParams['client_id'], $authParams['redirect_uri'], $authParams['code']);
-
-        if ( ! $authCodeDetails) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_grant'), 'code'), 9);
-        }
-
-        // Get any associated scopes
-        $scopes = $this->authServer->getStorage('session')->getAuthCodeScopes($authCodeDetails['authcode_id']);
-
-        // A session ID was returned so update it with an access token and remove the authorisation code
-        $accessToken = SecureKey::make();
-        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
-        $accessTokenExpires = time() + $accessTokenExpiresIn;
-
-        // Remove the auth code
-        $this->authServer->getStorage('session')->removeAuthCode($authCodeDetails['session_id']);
-
-        // Create an access token
-        $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($authCodeDetails['session_id'], $accessToken, $accessTokenExpires);
-
-        // Associate scopes with the access token
-        if (count($scopes) > 0) {
-            foreach ($scopes as $scope) {
-                $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['scope_id']);
-            }
-        }
-
-        $response = array(
-            'access_token'  =>  $accessToken,
-            'token_type'    =>  'Bearer',
-            'expires'       =>  $accessTokenExpires,
-            'expires_in'    =>  $accessTokenExpiresIn
-        );
-
-        // Associate a refresh token if set
-        if ($this->authServer->hasGrantType('refresh_token')) {
-            $refreshToken = SecureKey::make();
-            $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
-            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
-            $response['refresh_token'] = $refreshToken;
-        }
-
-        return $response;
-    }
-
-}

src/League/OAuth2/Server/Grant/ClientCredentials.php

@@ -1,176 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Client credentials grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-/**
- * Client credentials grant class
- */
-class ClientCredentials implements GrantTypeInterface {
-
-    use GrantTrait;
-
-    /**
-     * Grant identifier
-     * @var string
-     */
-    protected $identifier = 'client_credentials';
-
-    /**
-     * Response type
-     * @var string
-     */
-    protected $responseType = null;
-
-    /**
-     * AuthServer instance
-     * @var AuthServer
-     */
-    protected $authServer = null;
-
-    /**
-     * Access token expires in override
-     * @var int
-     */
-    protected $accessTokenTTL = null;
-
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $accessTokenTTL
-     * @return void
-     */
-    public function setAccessTokenTTL($accessTokenTTL)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-    }
-
-    /**
-     * Complete the client credentials grant
-     * @param  null|array $inputParams
-     * @return array
-     */
-    public function completeFlow($inputParams = null)
-    {
-         // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret'), 'post', $inputParams);
-
-        if (is_null($authParams['client_id'])) {
-            throw new Exception\ClientException(sprintf(Authorization::getExceptionMessage('invalid_request'), 'client_id'), 0);
-        }
-
-        if (is_null($authParams['client_secret'])) {
-            throw new Exception\ClientException(sprintf(Authorization::getExceptionMessage('invalid_request'), 'client_secret'), 0);
-        }
-
-        // Validate client ID and client secret
-        $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
-
-        if ($clientDetails === false) {
-            throw new Exception\ClientException(Authorization::getExceptionMessage('invalid_client'), 8);
-        }
-
-        $authParams['client_details'] = $clientDetails;
-
-        // Validate any scopes that are in the request
-        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
-        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
-
-        for ($i = 0; $i < count($scopes); $i++) {
-            $scopes[$i] = trim($scopes[$i]);
-            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
-        }
-
-        if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
-            if (is_array($this->authServer->getDefaultScope())) {
-                $scopes = $this->authServer->getDefaultScope();
-            } else {
-                $scopes = array($this->authServer->getDefaultScope());
-            }
-        }
-
-        $authParams['scopes'] = array();
-
-        foreach ($scopes as $scope) {
-            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
-
-            if ($scopeDetails === false) {
-                throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
-            }
-
-            $authParams['scopes'][] = $scopeDetails;
-        }
-
-        // Generate an access token
-        $accessToken = SecureKey::make();
-        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
-        $accessTokenExpires = time() + $accessTokenExpiresIn;
-
-        // Create a new session
-        $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'client', $authParams['client_id']);
-
-        // Add the access token
-        $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
-
-        // Associate scopes with the new session
-        foreach ($authParams['scopes'] as $scope)
-        {
-            $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
-        }
-
-        $response = array(
-            'access_token'  =>  $accessToken,
-            'token_type'    =>  'Bearer',
-            'expires'       =>  $accessTokenExpires,
-            'expires_in'    =>  $accessTokenExpiresIn
-        );
-
-        return $response;
-    }
-
-}

src/League/OAuth2/Server/Grant/GrantTrait.php

@@ -1,45 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Client credentials grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-trait GrantTrait {
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $accessTokenTTL
-     * @return self
-     */
-    public function setAccessTokenTTL($accessTokenTTL)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-        return $this;
-    }
-
-}

src/League/OAuth2/Server/Grant/GrantTypeInterface.php

@@ -1,49 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Grant type interface
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-interface GrantTypeInterface
-{
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer);
-
-    /**
-     * Complete the grant flow
-     *
-     * Example response:
-     * <code>
-     * 	array(
-     *  	'access_token'  =>  (string),	// The access token
-     *      'refresh_token' =>  (string),	// The refresh token (only set if the refresh token grant is enabled)
-     *      'token_type'    =>  'bearer',	// Almost always "bearer" (exceptions: JWT, SAML)
-     *      'expires'       =>  (int),		// The timestamp of when the access token will expire
-     *      'expires_in'    =>  (int)		// The number of seconds before the access token will expire
-     *  )
-     * </code>
-     *
-     * @param  null|array $inputParams Null unless the input parameters have been manually set
-     * @return array                   An array of parameters to be passed back to the client
-     */
-    public function completeFlow($inputParams = null);
-}

src/League/OAuth2/Server/Grant/Implicit.php

@@ -1,101 +0,0 @@
-<?php
-/**
- * OAuth 2.0 implicit grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-/**
- * Client credentials grant class
- */
-class Implicit implements GrantTypeInterface {
-
-    use GrantTrait;
-
-    /**
-     * Grant identifier
-     * @var string
-     */
-    protected $identifier = 'implicit';
-
-    /**
-     * Response type
-     * @var string
-     */
-    protected $responseType = 'token';
-
-    /**
-     * AuthServer instance
-     * @var AuthServer
-     */
-    protected $authServer = null;
-
-    /**
-     * Access token expires in override
-     * @var int
-     */
-    protected $accessTokenTTL = null;
-
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Complete the client credentials grant
-     * @param  null|array $inputParams
-     * @return array
-     */
-    public function completeFlow($authParams = null)
-    {
-        // Remove any old sessions the user might have
-        $this->authServer->getStorage('session')->deleteSession($authParams['client_id'], 'user', $authParams['user_id']);
-
-        // Generate a new access token
-        $accessToken = SecureKey::make();
-
-        // Compute expiry time
-        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
-        $accessTokenExpires = time() + $accessTokenExpiresIn;
-
-        // Create a new session
-        $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $authParams['user_id']);
-
-        // Create an access token
-        $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
-
-        // Associate scopes with the access token
-        foreach ($authParams['scopes'] as $scope) {
-            $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
-        }
-
-        $response = array(
-            'access_token'  =>  $accessToken,
-            'token_type'    =>  'Bearer',
-            'expires'       =>  $accessTokenExpires,
-            'expires_in'    =>  $accessTokenExpiresIn,
-        );
-
-        return $response;
-    }
-
-}

src/League/OAuth2/Server/Grant/Password.php

@@ -1,199 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Password grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-/**
- * Password grant class
- */
-class Password implements GrantTypeInterface {
-
-    use GrantTrait;
-
-    /**
-     * Grant identifier
-     * @var string
-     */
-    protected $identifier = 'password';
-
-    /**
-     * Response type
-     * @var string
-     */
-    protected $responseType = null;
-
-    /**
-     * Callback to authenticate a user's name and password
-     * @var function
-     */
-    protected $callback = null;
-
-    /**
-     * AuthServer instance
-     * @var AuthServer
-     */
-    protected $authServer = null;
-
-    /**
-     * Access token expires in override
-     * @var int
-     */
-    protected $accessTokenTTL = null;
-
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Set the callback to verify a user's username and password
-     * @param callable $callback The callback function
-     * @return void
-     */
-    public function setVerifyCredentialsCallback($callback)
-    {
-        $this->callback = $callback;
-    }
-
-    /**
-     * Return the callback function
-     * @return callable
-     */
-    protected function getVerifyCredentialsCallback()
-    {
-        if (is_null($this->callback) || ! is_callable($this->callback)) {
-            throw new Exception\InvalidGrantTypeException('Null or non-callable callback set');
-        }
-
-        return $this->callback;
-    }
-
-    /**
-     * Complete the password grant
-     * @param  null|array $inputParams
-     * @return array
-     */
-    public function completeFlow($inputParams = null)
-    {
-        // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams);
-
-        if (is_null($authParams['client_id'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
-        }
-
-        if (is_null($authParams['client_secret'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
-        }
-
-        // Validate client credentials
-        $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
-
-        if ($clientDetails === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
-        }
-
-        $authParams['client_details'] = $clientDetails;
-
-        if (is_null($authParams['username'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'username'), 0);
-        }
-
-        if (is_null($authParams['password'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'password'), 0);
-        }
-
-        // Check if user's username and password are correct
-        $userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
-
-        if ($userId === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0);
-        }
-
-        // Validate any scopes that are in the request
-        $scope = $this->authServer->getParam('scope', 'post', $inputParams, '');
-        $scopes = explode($this->authServer->getScopeDelimeter(), $scope);
-
-        for ($i = 0; $i < count($scopes); $i++) {
-            $scopes[$i] = trim($scopes[$i]);
-            if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes
-        }
-
-        if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-        } elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) {
-            if (is_array($this->authServer->getDefaultScope())) {
-                $scopes = $this->authServer->getDefaultScope();
-            } else {
-                $scopes = array($this->authServer->getDefaultScope());
-            }
-        }
-
-        $authParams['scopes'] = array();
-
-        foreach ($scopes as $scope) {
-            $scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier);
-
-            if ($scopeDetails === false) {
-                throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4);
-            }
-
-            $authParams['scopes'][] = $scopeDetails;
-        }
-
-        // Generate an access token
-        $accessToken = SecureKey::make();
-        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
-        $accessTokenExpires = time() + $accessTokenExpiresIn;
-
-        // Create a new session
-        $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $userId);
-
-        // Associate an access token with the session
-        $accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires);
-
-        // Associate scopes with the access token
-        foreach ($authParams['scopes'] as $scope) {
-            $this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']);
-        }
-
-        $response = array(
-            'access_token'  =>  $accessToken,
-            'token_type'    =>  'Bearer',
-            'expires'       =>  $accessTokenExpires,
-            'expires_in'    =>  $accessTokenExpiresIn
-        );
-
-        // Associate a refresh token if set
-        if ($this->authServer->hasGrantType('refresh_token')) {
-            $refreshToken = SecureKey::make();
-            $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
-            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
-            $response['refresh_token'] = $refreshToken;
-        }
-
-        return $response;
-    }
-
-}

src/League/OAuth2/Server/Grant/RefreshToken.php

@@ -1,217 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Refresh token grant
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Grant;
-
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Authorization;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-/**
- * Referesh token grant
- */
-class RefreshToken implements GrantTypeInterface {
-
-    use GrantTrait;
-
-    /**
-     * Grant identifier
-     * @var string
-     */
-    protected $identifier = 'refresh_token';
-
-    /**
-     * Response type
-     * @var string
-     */
-    protected $responseType = null;
-
-    /**
-     * AuthServer instance
-     * @var AuthServer
-     */
-    protected $authServer = null;
-
-    /**
-     * Access token expires in override
-     * @var int
-     */
-    protected $accessTokenTTL = null;
-
-    /**
-     * Refresh token TTL
-     * @var integer
-     */
-    protected $refreshTokenTTL = 604800;
-
-    /**
-     * Rotate refresh tokens
-     * @var boolean
-     */
-    protected $rotateRefreshTokens = false;
-
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Set the TTL of the refresh token
-     * @param int $refreshTokenTTL
-     * @return void
-     */
-    public function setRefreshTokenTTL($refreshTokenTTL)
-    {
-        $this->refreshTokenTTL = $refreshTokenTTL;
-    }
-
-    /**
-     * Get the TTL of the refresh token
-     * @return int
-     */
-    public function getRefreshTokenTTL()
-    {
-        return $this->refreshTokenTTL;
-    }
-
-    /**
-     * When a new access is token, expire the refresh token used and issue a new one.
-     * @param  boolean $rotateRefreshTokens Set to true to enable (default = false)
-     * @return void
-     */
-    public function rotateRefreshTokens($rotateRefreshTokens = false)
-    {
-        $this->rotateRefreshTokens = $rotateRefreshTokens;
-    }
-
-    /**
-     * Complete the refresh token grant
-     * @param  null|array $inputParams
-     * @return array
-     */
-    public function completeFlow($inputParams = null)
-    {
-        // Get the required params
-        $authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'refresh_token', 'scope'), 'post', $inputParams);
-
-        if (is_null($authParams['client_id'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0);
-        }
-
-        if (is_null($authParams['client_secret'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0);
-        }
-
-        // Validate client ID and client secret
-        $clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier);
-
-        if ($clientDetails === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8);
-        }
-
-        $authParams['client_details'] = $clientDetails;
-
-        if (is_null($authParams['refresh_token'])) {
-            throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'refresh_token'), 0);
-        }
-
-        // Validate refresh token
-        $accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']);
-
-        if ($accessTokenId === false) {
-            throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
-        }
-
-        // Get the existing access token
-        $accessTokenDetails = $this->authServer->getStorage('session')->getAccessToken($accessTokenId);
-
-        // Get the scopes for the existing access token
-        $scopes = $this->authServer->getStorage('session')->getScopes($accessTokenDetails['access_token']);
-
-        // Generate new tokens and associate them to the session
-        $accessToken = SecureKey::make();
-        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
-        $accessTokenExpires = time() + $accessTokenExpiresIn;
-
-        // Associate the new access token with the session
-        $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
-
-        if ($this->rotateRefreshTokens === true) {
-
-            // Generate a new refresh token
-            $refreshToken = SecureKey::make();
-            $refreshTokenExpires = time() + $this->getRefreshTokenTTL();
-
-            // Revoke the old refresh token
-            $this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
-
-            // Associate the new refresh token with the new access token
-            $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
-        }
-
-        // There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
-        if ( ! isset($authParams['scope'])) {
-
-            foreach ($scopes as $scope) {
-                $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
-            }
-
-        } elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
-
-            // The request is asking for reduced scopes and rotate tokens is enabled
-            $reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
-
-            for ($i = 0; $i < count($reqestedScopes); $i++) {
-                $reqestedScopes[$i] = trim($reqestedScopes[$i]);
-                if ($reqestedScopes[$i] === '') unset($reqestedScopes[$i]); // Remove any junk scopes
-            }
-
-            // Check that there aren't any new scopes being included
-            $existingScopes = array();
-            foreach ($scopes as $s) {
-                $existingScopes[] = $s['scope'];
-            }
-
-            foreach ($reqestedScopes as $reqScope) {
-                if ( ! in_array($reqScope, $existingScopes)) {
-                    throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0);
-                }
-
-                // Associate with the new access token
-                $scopeDetails = $this->authServer->getStorage('scope')->getScope($reqScope, $authParams['client_id'], $this->identifier);
-                $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scopeDetails['id']);
-            }
-        }
-
-        $response = array(
-            'access_token'  =>  $accessToken,
-            'token_type'    =>  'bearer',
-            'expires'       =>  $accessTokenExpires,
-            'expires_in'    =>  $accessTokenExpiresIn
-        );
-
-        if ($this->rotateRefreshTokens === true) {
-            $response['refresh_token'] = $refreshToken;
-        }
-
-        return $response;
-    }
-
-}

src/League/OAuth2/Server/Resource.php

@@ -1,275 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Resource Server
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server;
-
-use OutOfBoundsException;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Util\RequestInterface;
-use League\OAuth2\Server\Util\Request;
-
-/**
- * OAuth 2.0 Resource Server
- */
-class Resource
-{
-    /**
-     * The access token
-     * @var string
-     */
-    protected $accessToken = null;
-
-    /**
-     * The session ID
-     * @var string
-     */
-    protected $sessionId = null;
-
-    /**
-     * The type of the owner of the access token
-     * @var string
-     */
-    protected $ownerType = null;
-
-    /**
-     * The ID of the owner of the access token
-     * @var string
-     */
-    protected $ownerId = null;
-
-    /**
-     * The scopes associated with the access token
-     * @var array
-     */
-    protected $sessionScopes = array();
-
-    /**
-     * The client, scope and session storage classes
-     * @var array
-     */
-    protected $storages = array();
-
-    /**
-     * The request object
-     * @var Util\RequestInterface
-     */
-    protected $request = null;
-
-    /**
-     * The query string key which is used by clients to present the access token (default: access_token)
-     * @var string
-     */
-    protected $tokenKey = 'access_token';
-
-    /**
-     * The client ID
-     * @var string
-     */
-    protected $clientId = null;
-
-    /**
-     * Sets up the Resource
-     *
-     * @param SessionInterface  The Session Storage Object
-     */
-    public function __construct(SessionInterface $session)
-    {
-        $this->storages['session'] = $session;
-    }
-
-    /**
-     * Sets the Request Object
-     *
-     * @param  RequestInterface The Request Object
-     */
-    public function setRequest(RequestInterface $request)
-    {
-        $this->request = $request;
-        return $this;
-    }
-
-    /**
-     * Gets the Request object.  It will create one from the globals if one is not set.
-     *
-     * @return Util\RequestInterface
-     */
-    public function getRequest()
-    {
-        if ($this->request === null) {
-            // @codeCoverageIgnoreStart
-            $this->request = Request::buildFromGlobals();
-        }
-        // @codeCoverageIgnoreEnd
-
-        return $this->request;
-    }
-
-    /**
-     * Returns the query string key for the access token.
-     *
-     * @return string
-     */
-    public function getTokenKey()
-    {
-        return $this->tokenKey;
-    }
-
-    /**
-     * Sets the query string key for the access token.
-     *
-     * @param $key The new query string key
-     */
-    public function setTokenKey($key)
-    {
-        $this->tokenKey = $key;
-        return $this;
-    }
-
-    /**
-     * Gets the access token owner ID.
-     *
-     * @return string
-     */
-    public function getOwnerId()
-    {
-        return $this->ownerId;
-    }
-
-    /**
-     * Gets the owner type.
-     *
-     * @return string
-     */
-    public function getOwnerType()
-    {
-        return $this->ownerType;
-    }
-
-    /**
-     * Gets the access token.
-     *
-     * @return string
-     */
-    public function getAccessToken()
-    {
-        return $this->accessToken;
-    }
-
-    /**
-     * Gets the client ID that created the session
-     * @return string
-     */
-    public function getClientId()
-    {
-        return $this->clientId;
-    }
-
-    /**
-     * Checks if the access token is valid or not.
-     *
-     * @param $headersOnly Limit Access Token to Authorization header only
-     * @throws Exception\InvalidAccessTokenException Thrown if the presented access token is not valid
-     * @return bool
-     */
-    public function isValid($headersOnly = false)
-    {
-        $accessToken = $this->determineAccessToken($headersOnly);
-
-        $result = $this->storages['session']->validateAccessToken($accessToken);
-
-        if ( ! $result) {
-            throw new Exception\InvalidAccessTokenException('Access token is not valid');
-        }
-
-        $this->accessToken = $accessToken;
-        $this->sessionId = $result['session_id'];
-        $this->clientId = $result['client_id'];
-        $this->ownerType = $result['owner_type'];
-        $this->ownerId = $result['owner_id'];
-
-        $sessionScopes = $this->storages['session']->getScopes($this->accessToken);
-        foreach ($sessionScopes as $scope) {
-            $this->sessionScopes[] = $scope['scope'];
-        }
-
-        return true;
-    }
-
-    /**
-     * Get the session scopes
-     * @return array
-     */
-    public function getScopes()
-    {
-        return $this->sessionScopes;
-    }
-
-    /**
-     * Checks if the presented access token has the given scope(s).
-     *
-     * @param array|string  An array of scopes or a single scope as a string
-     * @return bool         Returns bool if all scopes are found, false if any fail
-     */
-    public function hasScope($scopes)
-    {
-        if (is_string($scopes)) {
-            if (in_array($scopes, $this->sessionScopes)) {
-                return true;
-            }
-            return false;
-        } elseif (is_array($scopes)) {
-            foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
-                    return false;
-                }
-            }
-            return true;
-        }
-
-        return false;
-    }
-
-    /**
-     * Reads in the access token from the headers.
-     *
-     * @param $headersOnly Limit Access Token to Authorization header only
-     * @throws Exception\MissingAccessTokenException  Thrown if there is no access token presented
-     * @return string
-     */
-    public function determineAccessToken($headersOnly = false)
-    {
-        if ($header = $this->getRequest()->header('Authorization')) {
-            // Check for special case, because cURL sometimes does an
-            // internal second request and doubles the authorization header,
-            // which always resulted in an error.
-            //
-            // 1st request: Authorization: Bearer XXX
-            // 2nd request: Authorization: Bearer XXX, Bearer XXX
-            if (strpos($header, ',') !== false) {
-                $headerPart = explode(',', $header);
-                $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $headerPart[0]));
-            } else {
-                $accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
-            }
-            $accessToken = ($accessToken === 'Bearer') ? '' : $accessToken;
-        } elseif ($headersOnly === false) {
-            $method = $this->getRequest()->server('REQUEST_METHOD');
-            $accessToken = $this->getRequest()->{$method}($this->tokenKey);
-        }
-
-        if (empty($accessToken)) {
-            throw new Exception\InvalidAccessTokenException('Access token is missing');
-        }
-
-        return $accessToken;
-    }
-
-}

src/League/OAuth2/Server/Storage/ClientInterface.php

@@ -1,60 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Client storage interface
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Storage;
-
-interface ClientInterface
-{
-    /**
-     * Validate a client
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * # Client ID + redirect URI
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name,
-     * oauth_clients.auto_approve
-     *  FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id
-     *  WHERE oauth_clients.id = :clientId AND oauth_client_endpoints.redirect_uri = :redirectUri
-     *
-     * # Client ID + client secret
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name, oauth_clients.auto_approve FROM oauth_clients 
-     * WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret
-     *
-     * # Client ID + client secret + redirect URI
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name,
-     * oauth_clients.auto_approve FROM oauth_clients LEFT JOIN oauth_client_endpoints 
-     * ON oauth_client_endpoints.client_id = oauth_clients.id
-     * WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND
-     * oauth_client_endpoints.redirect_uri = :redirectUri
-     * </code>
-     *
-     * Response:
-     *
-     * <code>
-     * Array
-     * (
-     *     [client_id] => (string) The client ID
-     *     [client secret] => (string) The client secret
-     *     [redirect_uri] => (string) The redirect URI used in this request
-     *     [name] => (string) The name of the client
-     *     [auto_approve] => (bool) Whether the client should auto approve
-     * )
-     * </code>
-     *
-     * @param  string     $clientId     The client's ID
-     * @param  string     $clientSecret The client's secret (default = "null")
-     * @param  string     $redirectUri  The client's redirect URI (default = "null")
-     * @param  string     $grantType    The grant type used in the request (default = "null")
-     * @return bool|array               Returns false if the validation fails, array on success
-     */
-    public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
-}

src/League/OAuth2/Server/Storage/ScopeInterface.php

@@ -1,43 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Scope storage interface
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Storage;
-
-interface ScopeInterface
-{
-    /**
-     * Return information about a scope
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT * FROM oauth_scopes WHERE scope = :scope
-     * </code>
-     *
-     * Response:
-     *
-     * <code>
-     * Array
-     * (
-     *     [id] => (int) The scope's ID
-     *     [scope] => (string) The scope itself
-     *     [name] => (string) The scope's name
-     *     [description] => (string) The scope's description
-     * )
-     * </code>
-     *
-     * @param  string     $scope     The scope
-     * @param  string     $clientId  The client ID (default = "null")
-     * @param  string     $grantType The grant type used in the request (default = "null")
-     * @return bool|array If the scope doesn't exist return false
-     */
-    public function getScope($scope, $clientId = null, $grantType = null);
-}

src/League/OAuth2/Server/Storage/SessionInterface.php

@@ -1,332 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Session storage interface
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Storage;
-
-interface SessionInterface
-{
-    /**
-     * Create a new session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO oauth_sessions (client_id, owner_type,  owner_id)
-     *  VALUE (:clientId, :ownerType, :ownerId)
-     * </code>
-     *
-     * @param  string $clientId  The client ID
-     * @param  string $ownerType The type of the session owner (e.g. "user")
-     * @param  string $ownerId   The ID of the session owner (e.g. "123")
-     * @return int               The session ID
-     */
-    public function createSession($clientId, $ownerType, $ownerId);
-
-    /**
-     * Delete a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * DELETE FROM oauth_sessions WHERE client_id = :clientId AND owner_type = :type AND owner_id = :typeId
-     * </code>
-     *
-     * @param  string $clientId  The client ID
-     * @param  string $ownerType The type of the session owner (e.g. "user")
-     * @param  string $ownerId   The ID of the session owner (e.g. "123")
-     * @return void
-     */
-    public function deleteSession($clientId, $ownerType, $ownerId);
-
-    /**
-     * Associate a redirect URI with a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO oauth_session_redirects (session_id, redirect_uri) VALUE (:sessionId, :redirectUri)
-     * </code>
-     *
-     * @param  int    $sessionId   The session ID
-     * @param  string $redirectUri The redirect URI
-     * @return void
-     */
-    public function associateRedirectUri($sessionId, $redirectUri);
-
-    /**
-     * Associate an access token with a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires)
-     *  VALUE (:sessionId, :accessToken, :accessTokenExpire)
-     * </code>
-     *
-     * @param  int    $sessionId   The session ID
-     * @param  string $accessToken The access token
-     * @param  int    $expireTime  Unix timestamp of the access token expiry time
-     * @return int                 The access token ID
-     */
-    public function associateAccessToken($sessionId, $accessToken, $expireTime);
-
-    /**
-     * Associate a refresh token with a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token, refresh_token_expires,
-     *  client_id) VALUE (:accessTokenId, :refreshToken, :expireTime, :clientId)
-     * </code>
-     *
-     * @param  int    $accessTokenId The access token ID
-     * @param  string $refreshToken  The refresh token
-     * @param  int    $expireTime    Unix timestamp of the refresh token expiry time
-     * @param  string $clientId      The client ID
-     * @return void
-     */
-    public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime, $clientId);
-
-    /**
-     * Assocate an authorization code with a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires)
-     *  VALUE (:sessionId, :authCode, :authCodeExpires)
-     * </code>
-     *
-     * @param  int    $sessionId  The session ID
-     * @param  string $authCode   The authorization code
-     * @param  int    $expireTime Unix timestamp of the access token expiry time
-     * @return int                The auth code ID
-     */
-    public function associateAuthCode($sessionId, $authCode, $expireTime);
-
-    /**
-     * Remove an associated authorization token from a session
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId
-     * </code>
-     *
-     * @param  int    $sessionId   The session ID
-     * @return void
-     */
-    public function removeAuthCode($sessionId);
-
-    /**
-     * Validate an authorization code
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id FROM oauth_sessions
-     *  JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id` = oauth_sessions.id
-     *  JOIN oauth_session_redirects ON oauth_session_redirects.`session_id` = oauth_sessions.id WHERE
-     * oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code` = :authCode
-     *  AND `oauth_session_authcodes`.`auth_code_expires` >= :time AND
-     *  `oauth_session_redirects`.`redirect_uri` = :redirectUri
-     * </code>
-     *
-     * Expected response:
-     *
-     * <code>
-     * array(
-     *     'session_id' =>  (int)
-     *     'authcode_id'  =>  (int)
-     * )
-     * </code>
-     *
-     * @param  string     $clientId    The client ID
-     * @param  string     $redirectUri The redirect URI
-     * @param  string     $authCode    The authorization code
-     * @return array|bool              False if invalid or array as above
-     */
-    public function validateAuthCode($clientId, $redirectUri, $authCode);
-
-    /**
-     * Validate an access token
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type`
-     *  FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE
-     *  access_token = :accessToken AND access_token_expires >= UNIX_TIMESTAMP(NOW())
-     * </code>
-     *
-     * Expected response:
-     *
-     * <code>
-     * array(
-     *     'session_id' =>  (int),
-     *     'client_id'  =>  (string),
-     *     'owner_id'   =>  (string),
-     *     'owner_type' =>  (string)
-     * )
-     * </code>
-     *
-     * @param  string     $accessToken The access token
-     * @return array|bool              False if invalid or an array as above
-     */
-    public function validateAccessToken($accessToken);
-
-    /**
-     * Removes a refresh token
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * DELETE FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
-     * </code>
-     *
-     * @param  string $refreshToken The refresh token to be removed
-     * @return void
-     */
-    public function removeRefreshToken($refreshToken);
-
-    /**
-     * Validate a refresh token
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken
-     *  AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId
-     * </code>
-     *
-     * @param  string   $refreshToken The access token
-     * @param  string   $clientId     The client ID
-     * @return int|bool               The ID of the access token the refresh token is linked to (or false if invalid)
-     */
-    public function validateRefreshToken($refreshToken, $clientId);
-
-    /**
-     * Get an access token by ID
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId
-     * </code>
-     *
-     * Expected response:
-     *
-     * <code>
-     * array(
-     *     'id' =>  (int),
-     *     'session_id' =>  (int),
-     *     'access_token'   =>  (string),
-     *     'access_token_expires'   =>  (int)
-     * )
-     * </code>
-     *
-     * @param  int    $accessTokenId The access token ID
-     * @return array
-     */
-    public function getAccessToken($accessTokenId);
-
-    /**
-     * Associate scopes with an auth code (bound to the session)
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES
-     *  (:authCodeId, :scopeId)
-     * </code>
-     *
-     * @param  int $authCodeId The auth code ID
-     * @param  int $scopeId    The scope ID
-     * @return void
-     */
-    public function associateAuthCodeScope($authCodeId, $scopeId);
-
-    /**
-     * Get the scopes associated with an auth code
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId
-     * </code>
-     *
-     * Expected response:
-     *
-     * <code>
-     * array(
-     *     array(
-     *         'scope_id' => (int)
-     *     ),
-     *     array(
-     *         'scope_id' => (int)
-     *     ),
-     *     ...
-     * )
-     * </code>
-     *
-     * @param  int   $oauthSessionAuthCodeId The session ID
-     * @return array
-     */
-    public function getAuthCodeScopes($oauthSessionAuthCodeId);
-
-    /**
-     * Associate a scope with an access token
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`) VALUE (:accessTokenId, :scopeId)
-     * </code>
-     *
-     * @param  int    $accessTokenId The ID of the access token
-     * @param  int    $scopeId       The ID of the scope
-     * @return void
-     */
-    public function associateScope($accessTokenId, $scopeId);
-
-    /**
-     * Get all associated access tokens for an access token
-     *
-     * Example SQL query:
-     *
-     * <code>
-     * SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens
-     *  ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id`
-     *  JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id`
-     *  WHERE access_token = :accessToken
-     * </code>
-     *
-     * Expected response:
-     *
-     * <code>
-     * array (
-     *     array(
-     *         'id'     =>  (int),
-     *         'scope'  =>  (string),
-     *         'name'   =>  (string),
-     *         'description'    =>  (string)
-     *     ),
-     *     ...
-     *     ...
-     * )
-     * </code>
-     *
-     * @param  string $accessToken The access token
-     * @return array
-     */
-    public function getScopes($accessToken);
-}

src/League/OAuth2/Server/Util/RedirectUri.php

@@ -1,31 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Redirect URI generator
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Util;
-
-/**
- * RedirectUri class
- */
-class RedirectUri
-{
-	/**
-	 * Generate a new redirect uri
-	 * @param  string $uri            The base URI
-	 * @param  array  $params         The query string parameters
-	 * @param  string $queryDelimeter The query string delimeter (default: "?")
-	 * @return string                 The updated URI
-	 */
-    public static function make($uri, $params = array(), $queryDelimeter = '?')
-    {
-        $uri .= (strstr($uri, $queryDelimeter) === false) ? $queryDelimeter : '&';
-        return $uri.http_build_query($params);
-    }
-}

src/League/OAuth2/Server/Util/Request.php

@@ -1,146 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Request class
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Util;
-
-use OutOfBoundsException;
-use InvalidMethodCallException;
-use InvalidArgumentException;
-
-class Request implements RequestInterface
-{
-    protected $get = array();
-    protected $post = array();
-    protected $cookies = array();
-    protected $files = array();
-    protected $server = array();
-    protected $headers = array();
-
-    public static function buildFromGlobals()
-    {
-        return new static($_GET, $_POST, $_COOKIE, $_FILES, $_SERVER);
-    }
-
-    public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array())
-    {
-        $this->get = $get;
-        $this->post = $post;
-        $this->cookies = $cookies;
-        $this->files = $files;
-        $this->server = $server;
-
-        if (empty($headers)) {
-            $this->headers = $this->readHeaders();
-        } else {
-            $this->headers = $this->normalizeHeaders($headers);
-        }
-    }
-
-    public function get($index = null, $default = null)
-    {
-        return $this->getPropertyValue('get', $index, $default);
-    }
-
-    public function post($index = null, $default = null)
-    {
-        return $this->getPropertyValue('post', $index, $default);
-    }
-
-    public function file($index = null, $default = null)
-    {
-        return $this->getPropertyValue('files', $index, $default);
-    }
-
-    public function cookie($index = null, $default = null)
-    {
-        return $this->getPropertyValue('cookies', $index, $default);
-    }
-
-    public function server($index = null, $default = null)
-    {
-        return $this->getPropertyValue('server', $index, $default);
-    }
-
-    public function header($index = null, $default = null)
-    {
-        return $this->getPropertyValue('headers', $index, $default);
-    }
-
-    protected function readHeaders()
-    {
-        if (function_exists('getallheaders')) {
-            // @codeCoverageIgnoreStart
-            $headers = getallheaders();
-        } else {
-            // @codeCoverageIgnoreEnd
-            $headers = array();
-            foreach ($this->server() as $name => $value) {
-                if (substr($name, 0, 5) == 'HTTP_') {
-                    $name = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))));
-                    $headers[$name] = $value;
-                }
-            }
-        }
-
-        return $this->normalizeHeaders($headers);
-   }
-
-    protected function getPropertyValue($property, $index = null, $default = null)
-    {
-        if ( ! isset($this->{$property})) {
-            throw new InvalidArgumentException("Property '$property' does not exist.");
-        }
-        if (is_null($index)) {
-            return $this->{$property};
-        }
-
-        if ( ! array_key_exists($index, $this->{$property})) {
-            return $default;
-        }
-
-        return $this->{$property}[$index];
-    }
-
-    /**
-     * Takes all of the headers and normalizes them in a canonical form.
-     *
-     * @param  array  $headers The request headers.
-     * @return array           An arry of headers with the header name normalized
-     */
-    protected function normalizeHeaders(array $headers)
-    {
-        $normalized = array();
-        foreach ($headers as $key => $value) {
-            $normalized[$this->normalizeKey($key)] = $value;
-        }
-
-        return $normalized;
-    }
-
-    /**
-     * Transform header name into canonical form
-     *
-     * Taken from the Slim codebase...
-     *
-     * @param  string $key
-     * @return string
-     */
-    protected function normalizeKey($key)
-    {
-        $key = strtolower($key);
-        $key = str_replace(array('-', '_'), ' ', $key);
-        $key = preg_replace('#^http #', '', $key);
-        $key = ucwords($key);
-        $key = str_replace(' ', '-', $key);
-
-        return $key;
-    }
-}

src/League/OAuth2/Server/Util/RequestInterface.php

@@ -1,29 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Request class interface
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Util;
-
-interface RequestInterface
-{
-
-    public function get($index = null);
-
-    public function post($index = null);
-
-    public function cookie($index = null);
-
-    public function file($index = null);
-
-    public function server($index = null);
-
-    public function header($index = null);
-
-}

src/League/OAuth2/Server/Util/SecureKey.php

@@ -1,40 +0,0 @@
-<?php
-/**
- * OAuth 2.0 Secure key generator
- *
- * @package     php-loep/oauth2-server
- * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
- * @license     http://mit-license.org/
- * @link        http://github.com/php-loep/oauth2-server
- */
-
-namespace League\OAuth2\Server\Util;
-
-/**
- * SecureKey class
- */
-class SecureKey
-{
-    /**
-     * Generate a new unique code
-     * @param  integer $len Length of the generated code
-     * @return string
-     */
-    public static function make($len = 40)
-    {
-        // We generate twice as many bytes here because we want to ensure we have
-        // enough after we base64 encode it to get the length we need because we
-        // take out the "/", "+", and "=" characters.
-        $bytes = openssl_random_pseudo_bytes($len * 2, $strong);
-
-        // We want to stop execution if the key fails because, well, that is bad.
-        if ($bytes === false || $strong === false) {
-            // @codeCoverageIgnoreStart
-            throw new \Exception('Error Generating Key');
-            // @codeCoverageIgnoreEnd
-        }
-
-        return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
-    }
-}

src/ResourceServer.php

@@ -0,0 +1,157 @@
+<?php
+/**
+ * OAuth 2.0 Resource Server
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Exception\AccessDeniedException;
+use League\OAuth2\Server\Exception\InvalidRequestException;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+use League\OAuth2\Server\Storage\ClientInterface;
+use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Storage\SessionInterface;
+use League\OAuth2\Server\TokenType\Bearer;
+use League\OAuth2\Server\TokenType\MAC;
+
+/**
+ * OAuth 2.0 Resource Server
+ */
+class ResourceServer extends AbstractServer
+{
+    /**
+     * The access token
+     *
+     * @var \League\OAuth2\Server\Entity\AccessTokenEntity
+     */
+    protected $accessToken;
+
+    /**
+     * The query string key which is used by clients to present the access token (default: access_token)
+     *
+     * @var string
+     */
+    protected $tokenKey = 'access_token';
+
+    /**
+     * Initialise the resource server
+     *
+     * @param \League\OAuth2\Server\Storage\SessionInterface     $sessionStorage
+     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $accessTokenStorage
+     * @param \League\OAuth2\Server\Storage\ClientInterface      $clientStorage
+     * @param \League\OAuth2\Server\Storage\ScopeInterface       $scopeStorage
+     *
+     * @return self
+     */
+    public function __construct(
+        SessionInterface $sessionStorage,
+        AccessTokenInterface $accessTokenStorage,
+        ClientInterface $clientStorage,
+        ScopeInterface $scopeStorage
+    ) {
+        $this->setSessionStorage($sessionStorage);
+        $this->setAccessTokenStorage($accessTokenStorage);
+        $this->setClientStorage($clientStorage);
+        $this->setScopeStorage($scopeStorage);
+
+        // Set Bearer as the default token type
+        $this->setTokenType(new Bearer());
+
+        parent::__construct();
+
+        return $this;
+    }
+
+    /**
+     * Sets the query string key for the access token.
+     *
+     * @param string $key The new query string key
+     *
+     * @return self
+     */
+    public function setIdKey($key)
+    {
+        $this->tokenKey = $key;
+
+        return $this;
+    }
+
+    /**
+     * Gets the access token
+     *
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
+     */
+    public function getAccessToken()
+    {
+        return $this->accessToken;
+    }
+
+    /**
+     * Checks if the access token is valid or not
+     *
+     * @param bool                                                $headerOnly Limit Access Token to Authorization header
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity|null $accessToken Access Token
+     *
+     * @throws \League\OAuth2\Server\Exception\AccessDeniedException
+     * @throws \League\OAuth2\Server\Exception\InvalidRequestException
+     *
+     * @return bool
+     */
+    public function isValidRequest($headerOnly = true, $accessToken = null)
+    {
+        $accessTokenString = ($accessToken !== null)
+                                ? $accessToken
+                                : $this->determineAccessToken($headerOnly);
+
+        // Set the access token
+        $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString);
+
+        // Ensure the access token exists
+        if (!$this->accessToken instanceof AccessTokenEntity) {
+            throw new AccessDeniedException();
+        }
+
+        // Check the access token hasn't expired
+        // Ensure the auth code hasn't expired
+        if ($this->accessToken->isExpired() === true) {
+            throw new AccessDeniedException();
+        }
+
+        return true;
+    }
+
+    /**
+     * Reads in the access token from the headers
+     *
+     * @param bool $headerOnly Limit Access Token to Authorization header
+     *
+     * @throws \League\OAuth2\Server\Exception\InvalidRequestException Thrown if there is no access token presented
+     *
+     * @return string
+     */
+    public function determineAccessToken($headerOnly = false)
+    {
+	$authHeader = $this->getRequest()->headers->get('Authorization');
+
+        if (!empty($authHeader)) {
+            $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest());
+        } elseif ($headerOnly === false && (! $this->getTokenType() instanceof MAC)) {
+            $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET')
+                                ? $this->getRequest()->query->get($this->tokenKey)
+                                : $this->getRequest()->request->get($this->tokenKey);
+        }
+
+        if (empty($accessToken)) {
+            throw new InvalidRequestException('access token');
+        }
+
+        return $accessToken;
+    }
+}

src/Storage/AbstractStorage.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * OAuth 2.0 abstract storage
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\AbstractServer;
+
+/**
+ * Abstract storage class
+ */
+abstract class AbstractStorage implements StorageInterface
+{
+    /**
+     * Server
+     *
+     * @var \League\OAuth2\Server\AbstractServer $server
+     */
+    protected $server;
+
+    /**
+     * Set the server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function setServer(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * Return the server
+     *
+     * @return \League\OAuth2\Server\AbstractServer
+     */
+    protected function getServer()
+    {
+        return $this->server;
+    }
+}

src/Storage/AccessTokenInterface.php

@@ -0,0 +1,69 @@
+<?php
+/**
+ * OAuth 2.0 Access token storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+
+/**
+ * Access token interface
+ */
+interface AccessTokenInterface extends StorageInterface
+{
+    /**
+     * Get an instance of Entity\AccessTokenEntity
+     *
+     * @param string $token The access token
+     *
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity | null
+     */
+    public function get($token);
+
+    /**
+     * Get the scopes for an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
+     */
+    public function getScopes(AccessTokenEntity $token);
+
+    /**
+     * Creates a new access token
+     *
+     * @param string         $token      The access token
+     * @param integer        $expireTime The expire time expressed as a unix timestamp
+     * @param string|integer $sessionId  The session ID
+     *
+     * @return void
+     */
+    public function create($token, $expireTime, $sessionId);
+
+    /**
+     * Associate a scope with an acess token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
+     * @param \League\OAuth2\Server\Entity\ScopeEntity       $scope The scope
+     *
+     * @return void
+     */
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope);
+
+    /**
+     * Delete an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete
+     *
+     * @return void
+     */
+    public function delete(AccessTokenEntity $token);
+}

src/Storage/AuthCodeInterface.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * OAuth 2.0 Auth code storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+
+/**
+ * Auth code storage interface
+ */
+interface AuthCodeInterface extends StorageInterface
+{
+    /**
+     * Get the auth code
+     *
+     * @param string $code
+     *
+     * @return \League\OAuth2\Server\Entity\AuthCodeEntity | null
+     */
+    public function get($code);
+
+    /**
+     * Create an auth code.
+     *
+     * @param string  $token       The token ID
+     * @param integer $expireTime  Token expire time
+     * @param integer $sessionId   Session identifier
+     * @param string  $redirectUri Client redirect uri
+     *
+     * @return void
+     */
+    public function create($token, $expireTime, $sessionId, $redirectUri);
+
+    /**
+     * Get the scopes for an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
+     */
+    public function getScopes(AuthCodeEntity $token);
+
+    /**
+     * Associate a scope with an acess token
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     * @param \League\OAuth2\Server\Entity\ScopeEntity    $scope The scope
+     *
+     * @return void
+     */
+    public function associateScope(AuthCodeEntity $token, ScopeEntity $scope);
+
+    /**
+     * Delete an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The access token to delete
+     *
+     * @return void
+     */
+    public function delete(AuthCodeEntity $token);
+}

src/Storage/ClientInterface.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * OAuth 2.0 Client storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\Entity\SessionEntity;
+
+/**
+ * Client storage interface
+ */
+interface ClientInterface extends StorageInterface
+{
+    /**
+     * Validate a client
+     *
+     * @param string $clientId     The client's ID
+     * @param string $clientSecret The client's secret (default = "null")
+     * @param string $redirectUri  The client's redirect URI (default = "null")
+     * @param string $grantType    The grant type used (default = "null")
+     *
+     * @return \League\OAuth2\Server\Entity\ClientEntity | null
+     */
+    public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
+
+    /**
+     * Get the client associated with a session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
+     *
+     * @return \League\OAuth2\Server\Entity\ClientEntity | null
+     */
+    public function getBySession(SessionEntity $session);
+}

src/Storage/MacTokenInterface.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * OAuth 2.0 MAC Token Interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+
+/**
+ * MacTokenInterface
+ */
+interface MacTokenInterface extends StorageInterface
+{
+    /**
+     * Create a MAC key linked to an access token
+     * @param  string $macKey
+     * @param  string $accessToken
+     * @return void
+     */
+    public function create($macKey, $accessToken);
+
+    /**
+     * Get a MAC key by access token
+     * @param  string $accessToken
+     * @return string
+     */
+    public function getByAccessToken($accessToken);
+}

src/Storage/RefreshTokenInterface.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * OAuth 2.0 Refresh token storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+
+/**
+ * Refresh token interface
+ */
+interface RefreshTokenInterface extends StorageInterface
+{
+    /**
+     * Return a new instance of \League\OAuth2\Server\Entity\RefreshTokenEntity
+     *
+     * @param string $token
+     *
+     * @return \League\OAuth2\Server\Entity\RefreshTokenEntity | null
+     */
+    public function get($token);
+
+    /**
+     * Create a new refresh token_name
+     *
+     * @param string  $token
+     * @param integer $expireTime
+     * @param string  $accessToken
+     *
+     * @return \League\OAuth2\Server\Entity\RefreshTokenEntity
+     */
+    public function create($token, $expireTime, $accessToken);
+
+    /**
+     * Delete the refresh token
+     *
+     * @param \League\OAuth2\Server\Entity\RefreshTokenEntity $token
+     *
+     * @return void
+     */
+    public function delete(RefreshTokenEntity $token);
+}

src/Storage/ScopeInterface.php

@@ -0,0 +1,29 @@
+<?php
+/**
+ * OAuth 2.0 Scope storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+/**
+ * Scope interface
+ */
+interface ScopeInterface extends StorageInterface
+{
+    /**
+     * Return information about a scope
+     *
+     * @param string $scope     The scope
+     * @param string $grantType The grant type used in the request (default = "null")
+     * @param string $clientId  The client sending the request (default = "null")
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity | null
+     */
+    public function get($scope, $grantType = null, $clientId = null);
+}

src/Storage/SessionInterface.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * OAuth 2.0 Session storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+
+/**
+ * Session storage interface
+ */
+interface SessionInterface extends StorageInterface
+{
+    /**
+     * Get a session from an access token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
+     *
+     * @return \League\OAuth2\Server\Entity\SessionEntity | null
+     */
+    public function getByAccessToken(AccessTokenEntity $accessToken);
+
+    /**
+     * Get a session from an auth code
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code
+     *
+     * @return \League\OAuth2\Server\Entity\SessionEntity | null
+     */
+    public function getByAuthCode(AuthCodeEntity $authCode);
+
+    /**
+     * Get a session's scopes
+     *
+     * @param  \League\OAuth2\Server\Entity\SessionEntity
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[] Array of \League\OAuth2\Server\Entity\ScopeEntity
+     */
+    public function getScopes(SessionEntity $session);
+
+    /**
+     * Create a new session
+     *
+     * @param string $ownerType         Session owner's type (user, client)
+     * @param string $ownerId           Session owner's ID
+     * @param string $clientId          Client ID
+     * @param string $clientRedirectUri Client redirect URI (default = null)
+     *
+     * @return integer The session's ID
+     */
+    public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null);
+
+    /**
+     * Associate a scope with a session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
+     * @param \League\OAuth2\Server\Entity\ScopeEntity   $scope   The scope
+     *
+     * @return void
+     */
+    public function associateScope(SessionEntity $session, ScopeEntity $scope);
+}

src/Storage/StorageInterface.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * OAuth 2.0 Storage interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+use League\OAuth2\Server\AbstractServer;
+
+/**
+ * Storage interface
+ */
+interface StorageInterface
+{
+    /**
+     * Set the server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     */
+    public function setServer(AbstractServer $server);
+}

src/TokenType/AbstractTokenType.php

@@ -0,0 +1,75 @@
+<?php
+/**
+ * OAuth 2.0 Abstract Token Type
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\TokenType;
+
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Entity\SessionEntity;
+
+abstract class AbstractTokenType
+{
+    /**
+     * Response array
+     *
+     * @var array
+     */
+    protected $response = [];
+
+    /**
+     * Server
+     *
+     * @var \League\OAuth2\Server\AbstractServer $server
+     */
+    protected $server;
+
+    /**
+     * Server
+     *
+     * @var \League\OAuth2\Server\Entity\SessionEntity $session
+     */
+    protected $session;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setServer(AbstractServer $server)
+    {
+        $this->server = $server;
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setSession(SessionEntity $session)
+    {
+        $this->session = $session;
+
+        return $this;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setParam($key, $value)
+    {
+        $this->response[$key] = $value;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getParam($key)
+    {
+        return isset($this->response[$key]) ? $this->response[$key] : null;
+    }
+}

src/TokenType/Bearer.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * OAuth 2.0 Bearer Token Type
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\TokenType;
+
+use Symfony\Component\HttpFoundation\Request;
+
+class Bearer extends AbstractTokenType implements TokenTypeInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function generateResponse()
+    {
+        $return = [
+            'access_token'  =>  $this->getParam('access_token'),
+            'token_type'    =>  'Bearer',
+            'expires_in'    =>  $this->getParam('expires_in'),
+        ];
+
+        if (!is_null($this->getParam('refresh_token'))) {
+            $return['refresh_token'] = $this->getParam('refresh_token');
+        }
+
+        return $return;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function determineAccessTokenInHeader(Request $request)
+    {
+        if ($request->headers->has('Authorization') === false) {
+            return;
+        }
+
+        $header = $request->headers->get('Authorization');
+
+        if (substr($header, 0, 7) !== 'Bearer ') {
+            return;
+        }
+
+        return trim(substr($header, 7));
+    }
+}

src/TokenType/MAC.php

@@ -0,0 +1,156 @@
+<?php
+/**
+ * OAuth 2.0 MAC Token Type
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\TokenType;
+
+use League\OAuth2\Server\Util\SecureKey;
+use Symfony\Component\HttpFoundation\ParameterBag;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * MAC Token Type
+ */
+class MAC extends AbstractTokenType implements TokenTypeInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function generateResponse()
+    {
+        $macKey = SecureKey::generate();
+        $this->server->getMacStorage()->create($macKey, $this->getParam('access_token'));
+
+        $response = [
+            'access_token'  =>  $this->getParam('access_token'),
+            'token_type'    =>  'mac',
+            'expires_in'    =>  $this->getParam('expires_in'),
+            'mac_key'       =>  $macKey,
+            'mac_algorithm' =>  'hmac-sha-256',
+        ];
+
+        if (!is_null($this->getParam('refresh_token'))) {
+            $response['refresh_token'] = $this->getParam('refresh_token');
+        }
+
+        return $response;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function determineAccessTokenInHeader(Request $request)
+    {
+        if ($request->headers->has('Authorization') === false) {
+            return;
+        }
+
+        $header = $request->headers->get('Authorization');
+
+        if (substr($header, 0, 4) !== 'MAC ') {
+            return;
+        }
+
+        // Find all the parameters expressed in the header
+        $paramsRaw = explode(',', substr($header, 4));
+        $params = new ParameterBag();
+
+        array_map(function ($param) use (&$params) {
+            $param = trim($param);
+
+            preg_match_all('/([a-zA-Z]*)="([\w=\/+]*)"/', $param, $matches);
+
+            // @codeCoverageIgnoreStart
+            if (count($matches) !== 3) {
+                return;
+            }
+            // @codeCoverageIgnoreEnd
+
+            $key = reset($matches[1]);
+            $value = trim(reset($matches[2]));
+
+            if (empty($value)) {
+                return;
+            }
+
+            $params->set($key, $value);
+        }, $paramsRaw);
+
+        // Validate parameters
+        if ($params->has('id') === false || $params->has('ts') === false || $params->has('nonce') === false || $params->has('mac') === false) {
+            return;
+        }
+
+        if (abs($params->get('ts') - time()) > 300) {
+            return;
+        }
+
+        $accessToken = $params->get('id');
+        $timestamp = (int) $params->get('ts');
+        $nonce = $params->get('nonce');
+        $signature = $params->get('mac');
+
+        // Try to find the MAC key for the access token
+        $macKey = $this->server->getMacStorage()->getByAccessToken($accessToken);
+
+        if ($macKey === null) {
+            return;
+        }
+
+        // Calculate and compare the signature
+        $calculatedSignatureParts = [
+            $timestamp,
+            $nonce,
+            strtoupper($request->getMethod()),
+            $request->getRequestUri(),
+            $request->getHost(),
+            $request->getPort(),
+        ];
+
+        if ($params->has('ext')) {
+            $calculatedSignatureParts[] = $params->get('ext');
+        }
+
+        $calculatedSignature = base64_encode(
+            hash_hmac(
+                'sha256',
+                implode("\n", $calculatedSignatureParts),
+                $macKey,
+                true  // raw_output: outputs raw binary data
+            )
+        );
+
+        // Return the access token if the signature matches
+        return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;
+    }
+
+    /**
+     * Prevent timing attack
+     * @param  string $knownString
+     * @param  string $userString
+     * @return bool
+     */
+    private function hash_equals($knownString, $userString)
+    {
+        if (function_exists('\hash_equals')) {
+            return \hash_equals($knownString, $userString);
+        }
+        if (strlen($knownString) !== strlen($userString)) {
+            return false;
+        }
+        $len = strlen($knownString);
+        $result = 0;
+        for ($i = 0; $i < $len; $i++) {
+            $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
+        }
+        // They are only identical strings if $result is exactly 0...
+        return 0 === $result;
+    }
+}

src/TokenType/TokenTypeInterface.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ * OAuth 2.0 Token Type Interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\TokenType;
+
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Entity\SessionEntity;
+use Symfony\Component\HttpFoundation\Request;
+
+interface TokenTypeInterface
+{
+    /**
+     * Generate a response
+     *
+     * @return array
+     */
+    public function generateResponse();
+
+    /**
+     * Set the server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function setServer(AbstractServer $server);
+
+    /**
+     * Set a key/value response pair
+     *
+     * @param string $key
+     * @param mixed  $value
+     */
+    public function setParam($key, $value);
+
+    /**
+     * Get a key from the response array
+     *
+     * @param string $key
+     *
+     * @return mixed
+     */
+    public function getParam($key);
+
+    /**
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     *
+     * @return self
+     */
+    public function setSession(SessionEntity $session);
+
+    /**
+     * Determine the access token in the authorization header
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     *
+     * @return string
+     */
+    public function determineAccessTokenInHeader(Request $request);
+}

src/Util/KeyAlgorithm/DefaultAlgorithm.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * OAuth 2.0 Secure key interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util\KeyAlgorithm;
+
+class DefaultAlgorithm implements KeyAlgorithmInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function generate($len = 40)
+    {
+        $stripped = '';
+        do {
+            $bytes = openssl_random_pseudo_bytes($len, $strong);
+
+            // We want to stop execution if the key fails because, well, that is bad.
+            if ($bytes === false || $strong === false) {
+                // @codeCoverageIgnoreStart
+                throw new \Exception('Error Generating Key');
+                // @codeCoverageIgnoreEnd
+            }
+            $stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
+        } while (strlen($stripped) < $len);
+
+        return substr($stripped, 0, $len);
+    }
+}

src/Util/KeyAlgorithm/KeyAlgorithmInterface.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * OAuth 2.0 Secure key interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util\KeyAlgorithm;
+
+interface KeyAlgorithmInterface
+{
+    /**
+     * Generate a new unique code
+     *
+     * @param integer $len Length of the generated code
+     *
+     * @return string
+     */
+    public function generate($len);
+}

src/Util/RedirectUri.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * OAuth 2.0 Redirect URI generator
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util;
+
+/**
+ * RedirectUri class
+ */
+class RedirectUri
+{
+    /**
+     * Generate a new redirect uri
+     *
+     * @param string $uri            The base URI
+     * @param array  $params         The query string parameters
+     * @param string $queryDelimeter The query string delimeter (default: "?")
+     *
+     * @return string The updated URI
+     */
+    public static function make($uri, $params = [], $queryDelimeter = '?')
+    {
+        $uri .= (strstr($uri, $queryDelimeter) === false) ? $queryDelimeter : '&';
+
+        return $uri.http_build_query($params);
+    }
+}

src/Util/SecureKey.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * OAuth 2.0 Secure key generator
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util;
+
+use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm;
+use League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface;
+
+/**
+ * SecureKey class
+ */
+class SecureKey
+{
+    protected static $algorithm;
+
+    /**
+     * Generate a new unique code
+     *
+     * @param integer $len Length of the generated code
+     *
+     * @return string
+     */
+    public static function generate($len = 40)
+    {
+        return self::getAlgorithm()->generate($len);
+    }
+
+    /**
+     * @param KeyAlgorithmInterface $algorithm
+     */
+    public static function setAlgorithm(KeyAlgorithmInterface $algorithm)
+    {
+        self::$algorithm = $algorithm;
+    }
+
+    /**
+     * @return KeyAlgorithmInterface
+     */
+    public static function getAlgorithm()
+    {
+        if (is_null(self::$algorithm)) {
+            self::$algorithm = new DefaultAlgorithm();
+        }
+
+        return self::$algorithm;
+    }
+}

tests/authorization/AuthCodeGrantTest.php

@@ -1,412 +0,0 @@
-<?php
-
-use \Mockery as m;
-
-class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
-{
-    private $client;
-    private $session;
-    private $scope;
-
-    public function setUp()
-    {
-        $this->client = M::mock('League\OAuth2\Server\Storage\ClientInterface');
-        $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-        $this->scope = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
-    }
-
-    private function returnDefault()
-    {
-        return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
-    }
-
-    public function test_setAuthTokenTTL()
-    {
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\AuthCode($a);
-        $grant->setAuthTokenTTL(30);
-
-        $reflector = new ReflectionClass($grant);
-        $requestProperty = $reflector->getProperty('authTokenTTL');
-        $requestProperty->setAccessible(true);
-        $v = $requestProperty->getValue($grant);
-
-        $this->assertEquals(30, $v);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_checkAuthoriseParams_noClientId()
-    {
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $g->checkAuthoriseParams();
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_checkAuthoriseParams_noRedirectUri()
-    {
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_checkAuthoriseParams_noRequiredState()
-    {
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->requireStateParam(true);
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect'
-        ));
-    }
-
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    8
-     */
-    public function test_checkAuthoriseParams_badClient()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_checkAuthoriseParams_missingResponseType()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    3
-     */
-    public function test_checkAuthoriseParams_badResponseType()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'foo'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_checkAuthoriseParams_missingScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->requireScopeParam(true);
-
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'code',
-            'scope' =>  ''
-        ));
-    }
-
-    public function test_checkAuthoriseParams_defaultScope()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->setDefaultScope('test.scope');
-        $a->requireScopeParam(false);
-
-        $params = $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'code',
-            'scope'    =>  ''
-        ));
-
-        $this->assertArrayHasKey('scopes', $params);
-        $this->assertEquals(1, count($params['scopes']));
-    }
-
-    public function test_checkAuthoriseParams_defaultScopeArray()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->setDefaultScope(array('test.scope', 'test.scope2'));
-        $a->requireScopeParam(false);
-
-        $params = $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'code',
-            'scope'    =>  ''
-        ));
-
-        $this->assertArrayHasKey('scopes', $params);
-        $this->assertEquals(2, count($params['scopes']));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    4
-     */
-    public function test_checkAuthoriseParams_badScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->scope->shouldReceive('getScope')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'code',
-            'scope' =>  'foo'
-        ));
-    }
-
-    public function test_checkAuthoriseParams_passedInput()
-    {
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $v = $g->checkAuthoriseParams(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'response_type' =>  'code',
-            'scope' =>  'foo',
-            'state' =>  'xyz'
-        ));
-
-        $this->assertEquals(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'client_details' => array(
-                'client_id' => 1234,
-                'client_secret' => 5678,
-                'redirect_uri' => 'http://foo/redirect',
-                'name' => 'Example Client'
-            ),
-            'response_type' =>  'code',
-            'scopes'    =>  array(
-                array(
-                    'id'    =>  1,
-                    'scope' =>  'foo',
-                    'name'  =>  'Foo Name',
-                    'description'   =>  'Foo Name Description'
-                )
-            ),
-            'scope' =>  'foo',
-            'state' =>  'xyz'
-        ), $v);
-    }
-
-    public function test_checkAuthoriseParams()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $_GET['client_id'] = 1234;
-        $_GET['redirect_uri'] = 'http://foo/redirect';
-        $_GET['response_type'] = 'code';
-        $_GET['scope'] = 'foo';
-        $_GET['state'] = 'xyz';
-
-        $request = new League\OAuth2\Server\Util\Request($_GET);
-        $a->setRequest($request);
-
-        $v = $g->checkAuthoriseParams();
-
-        $this->assertEquals(array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'client_details' => array(
-                'client_id' => 1234,
-                'client_secret' => 5678,
-                'redirect_uri' => 'http://foo/redirect',
-                'name' => 'Example Client'
-            ),
-            'response_type' =>  'code',
-            'scopes'    =>  array(
-                array(
-                    'id'    =>  1,
-                    'scope' =>  'foo',
-                    'name'  =>  'Foo Name',
-                    'description'   =>  'Foo Name Description'
-                )
-            ),
-            'scope' =>  'foo',
-            'state' =>  'xyz'
-        ), $v);
-    }
-
-
-    function test_newAuthoriseRequest()
-    {
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateRedirectUri')->andReturn(null);
-        $this->session->shouldReceive('associateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('associateAuthCodeScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
-        $a->addGrantType($g);
-
-        $params = array(
-            'client_id' =>  1234,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'client_details' => array(
-                'client_id' => 1234,
-                'client_secret' => 5678,
-                'redirect_uri' => 'http://foo/redirect',
-                'name' => 'Example Client'
-            ),
-            'response_type' =>  'code',
-            'scopes'    =>  array(
-                array(
-                    'id'    =>  1,
-                    'scope' =>  'foo',
-                    'name'  =>  'Foo Name',
-                    'description'   =>  'Foo Name Description'
-                )
-            )
-        );
-
-        $v = $g->newAuthoriseRequest('user', 123, $params);
-
-        $this->assertEquals(40, strlen($v));
-    }
-
-
-}

tests/authorization/AuthServerTest.php

@@ -1,514 +0,0 @@
-<?php
-
-use \Mockery as m;
-
-class Authorization_Server_test extends PHPUnit_Framework_TestCase
-{
-    private $client;
-    private $session;
-    private $scope;
-
-    public function setUp()
-    {
-        $this->client = M::mock('League\OAuth2\Server\Storage\ClientInterface');
-        $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-        $this->scope = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
-    }
-
-    private function returnDefault()
-    {
-        return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
-    }
-
-    /**
-     * @expectedException PHPUnit_Framework_Error
-     */
-    public function test__construct_NoStorage()
-    {
-        new League\OAuth2\Server\Authorization;
-    }
-
-    public function test__contruct_WithStorage()
-    {
-        $this->returnDefault();
-    }
-
-    public function test_getExceptionMessage()
-    {
-        $m = League\OAuth2\Server\Authorization::getExceptionMessage('access_denied');
-
-        $reflector = new ReflectionClass($this->returnDefault());
-        $exceptionMessages = $reflector->getProperty('exceptionMessages');
-        $exceptionMessages->setAccessible(true);
-        $v = $exceptionMessages->getValue();
-
-        $this->assertEquals($v['access_denied'], $m);
-    }
-
-    public function test_getExceptionCode()
-    {
-        $this->assertEquals('access_denied', League\OAuth2\Server\Authorization::getExceptionType(2));
-    }
-
-    public function test_getExceptionHttpHeaders()
-    {
-        $this->assertEquals(array('HTTP/1.1 401 Unauthorized'), League\OAuth2\Server\Authorization::getExceptionHttpHeaders('access_denied'));
-        $this->assertEquals(array('HTTP/1.1 500 Internal Server Error'), League\OAuth2\Server\Authorization::getExceptionHttpHeaders('server_error'));
-        $this->assertEquals(array('HTTP/1.1 501 Not Implemented'), League\OAuth2\Server\Authorization::getExceptionHttpHeaders('unsupported_grant_type'));
-        $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Authorization::getExceptionHttpHeaders('invalid_refresh'));
-    }
-
-    public function test_hasGrantType()
-    {
-        $a = $this->returnDefault();
-        $this->assertFalse($a->hasGrantType('test'));
-    }
-
-    public function test_addGrantType()
-    {
-        $a = $this->returnDefault();
-        $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
-        $grant->shouldReceive('getResponseType')->andReturn('test');
-        $a->addGrantType($grant, 'test');
-
-        $this->assertTrue($a->hasGrantType('test'));
-    }
-
-    public function test_addGrantType_noIdentifier()
-    {
-        $a = $this->returnDefault();
-        $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
-        $grant->shouldReceive('getIdentifier')->andReturn('test');
-        $grant->shouldReceive('getResponseType')->andReturn('test');
-        $a->addGrantType($grant);
-
-        $this->assertTrue($a->hasGrantType('test'));
-    }
-
-    public function test_getScopeDelimeter()
-    {
-        $a = $this->returnDefault();
-        $this->assertEquals(' ', $a->getScopeDelimeter());
-    }
-
-    public function test_setScopeDelimeter()
-    {
-        $a = $this->returnDefault();
-        $a->setScopeDelimeter(',');
-        $this->assertEquals(',', $a->getScopeDelimeter());
-    }
-
-    public function test_requireScopeParam()
-    {
-        $a = $this->returnDefault();
-        $a->requireScopeParam(false);
-
-        $reflector = new ReflectionClass($a);
-        $requestProperty = $reflector->getProperty('requireScopeParam');
-        $requestProperty->setAccessible(true);
-        $v = $requestProperty->getValue($a);
-
-        $this->assertFalse($v);
-    }
-
-    public function test_scopeParamRequired()
-    {
-        $a = $this->returnDefault();
-        $a->requireScopeParam(false);
-
-        $this->assertFalse($a->scopeParamRequired());
-    }
-
-    public function test_setDefaultScope()
-    {
-        $a = $this->returnDefault();
-        $a->setDefaultScope('test.default');
-
-        $reflector = new ReflectionClass($a);
-        $requestProperty = $reflector->getProperty('defaultScope');
-        $requestProperty->setAccessible(true);
-        $v = $requestProperty->getValue($a);
-
-        $this->assertEquals('test.default', $v);
-    }
-
-    public function test_getDefaultScope()
-    {
-        $a = $this->returnDefault();
-        $a->setDefaultScope('test.default');
-        $this->assertEquals('test.default', $a->getDefaultScope());
-    }
-
-    public function test_requireStateParam()
-    {
-        $a = $this->returnDefault();
-        $a->requireStateParam(true);
-
-        $reflector = new ReflectionClass($a);
-        $requestProperty = $reflector->getProperty('requireStateParam');
-        $requestProperty->setAccessible(true);
-        $v = $requestProperty->getValue($a);
-
-        $this->assertTrue($v);
-    }
-
-    public function test_getAccessTokenTTL()
-    {
-        $a = $this->returnDefault();
-        $a->setAccessTokenTTL(7200);
-        $this->assertEquals(7200, $a->getAccessTokenTTL());
-    }
-
-    public function test_setAccessTokenTTL()
-    {
-        $a = $this->returnDefault();
-        $a->setScopeDelimeter(';');
-        $this->assertEquals(';', $a->getScopeDelimeter());
-    }
-
-    public function test_setRequest()
-    {
-        $a = $this->returnDefault();
-        $request = new League\OAuth2\Server\Util\Request();
-        $a->setRequest($request);
-
-        $reflector = new ReflectionClass($a);
-        $requestProperty = $reflector->getProperty('request');
-        $requestProperty->setAccessible(true);
-        $v = $requestProperty->getValue($a);
-
-        $this->assertTrue($v instanceof League\OAuth2\Server\Util\RequestInterface);
-    }
-
-    public function test_getRequest()
-    {
-        $a = $this->returnDefault();
-        $request = new League\OAuth2\Server\Util\Request();
-        $a->setRequest($request);
-        $v = $a->getRequest();
-
-        $this->assertTrue($v instanceof League\OAuth2\Server\Util\RequestInterface);
-    }
-
-    public function test_getStorage()
-    {
-        $a = $this->returnDefault();
-        $this->assertTrue($a->getStorage('session') instanceof League\OAuth2\Server\Storage\SessionInterface);
-    }
-
-    public function test_getGrantType()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $reflector = new ReflectionClass($a);
-        $method = $reflector->getMethod('getGrantType');
-        $method->setAccessible(true);
-
-        $result = $method->invoke($a, 'authorization_code');
-
-        $this->assertTrue($result instanceof League\OAuth2\Server\Grant\GrantTypeInterface);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\InvalidGrantTypeException
-     * @expectedExceptionCode    9
-     */
-    public function test_getGrantType_fail()
-    {
-        $a = $this->returnDefault();
-        $a->getGrantType('blah');
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_missingGrantType()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken();
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    7
-     */
-    public function test_issueAccessToken_badGrantType()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array('grant_type' => 'foo'));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_missingClientId()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_missingClientSecret()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_missingRedirectUri()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    8
-     */
-    public function test_issueAccessToken_badClient()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_missingCode()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array());
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    9
-     */
-    public function test_issueAccessToken_badCode()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array());
-        $this->session->shouldReceive('validateAuthCode')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'code'  =>  'foobar'
-        ));
-    }
-
-    public function test_issueAccessToken_passedInput()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(array(
-            'session_id'    =>  1,
-            'authcode_id' =>  1
-        ));
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('removeAuthCode')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'authorization_code',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'code'  =>  'foobar'
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function test_issueAccessToken()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('removeAuthCode')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $_POST['grant_type'] = 'authorization_code';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['redirect_uri'] = 'http://foo/redirect';
-        $_POST['code'] = 'foobar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function test_issueAccessToken_customExpiresIn()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('removeAuthCode')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\AuthCode($a);
-        $grant->setAccessTokenTTL(30);
-        $a->addGrantType($grant);
-
-        $_POST['grant_type'] = 'authorization_code';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['redirect_uri'] = 'http://foo/redirect';
-        $_POST['code'] = 'foobar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertNotEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertNotEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-        $this->assertEquals(30, $v['expires_in']);
-        $this->assertEquals(time()+30, $v['expires']);
-    }
-
-    public function test_issueAccessToken_HTTP_auth()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('removeAuthCode')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-
-        $_POST['grant_type'] = 'authorization_code';
-        $_SERVER['PHP_AUTH_USER'] = 1234;
-        $_SERVER['PHP_AUTH_PW'] = 5678;
-        $_POST['redirect_uri'] = 'http://foo/redirect';
-        $_POST['code'] = 'foobar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST, array(), array(), $_SERVER);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function tearDown() {
-        M::close();
-    }
-}

tests/authorization/ClientCredentialsGrantTest.php

@@ -1,414 +0,0 @@
-<?php
-
-use \Mockery as m;
-
-class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
-{
-    private $client;
-    private $session;
-    private $scope;
-
-    public function setUp()
-    {
-        $this->client = M::mock('League\OAuth2\Server\Storage\ClientInterface');
-        $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-        $this->scope = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
-    }
-
-    private function returnDefault()
-    {
-        return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_clientCredentialsGrant_missingClientId()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    8
-     */
-    public function test_issueAccessToken_clientCredentialsGrant_badClient()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_clientCredentialsGrant_missingScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(true);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    public function test_issueAccessToken_clientCredentialsGrant_defaultScope()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'key' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(false);
-        $a->setDefaultScope('foobar');
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'scope' =>  ''
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    public function test_issueAccessToken_clientCredentialsGrant_defaultScopeArray()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'key' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(false);
-        $a->setDefaultScope(array('foobar', 'barfoo'));
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'scope' =>  ''
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    4
-     */
-    public function test_issueAccessToken_clientCredentialsGrant_badScope()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(false);
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'scope' =>  'blah'
-        ));
-    }
-
-    public function test_issueAccessToken_clientCredentialsGrant_goodScope()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'key' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'scope' =>  'blah'
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    function test_issueAccessToken_clientCredentialsGrant_passedInput()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(false);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'client_credentials',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    function test_issueAccessToken_clientCredentialsGrant()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'client_credentials';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    function test_issueAccessToken_clientCredentialsGrant_customExpiresIn()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\ClientCredentials($a);
-        $grant->setAccessTokenTTL(30);
-        $a->addGrantType($grant);
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'client_credentials';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertNotEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertNotEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-        $this->assertEquals(30, $v['expires_in']);
-        $this->assertEquals(time()+30, $v['expires']);
-    }
-
-    function test_issueAccessToken_clientCredentialsGrant_withRefreshToken()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'client_credentials';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-}

tests/authorization/PasswordGrantTest.php

@@ -1,617 +0,0 @@
-<?php
-
-use \Mockery as m;
-
-class Password_Grant_Test extends PHPUnit_Framework_TestCase
-{
-    private $client;
-    private $session;
-    private $scope;
-
-    public function setUp()
-    {
-        $this->client = M::mock('League\OAuth2\Server\Storage\ClientInterface');
-        $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-        $this->scope = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
-    }
-
-    private function returnDefault()
-    {
-        return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_passwordGrant_missingClientId()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_passwordGrant_missingClientPassword()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    8
-     */
-    public function test_issueAccessToken_passwordGrant_badClient()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\InvalidGrantTypeException
-     */
-    function test_issueAccessToken_passwordGrant_invalidCallback()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = null;
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  => 'foo',
-            'password'  => 'bar'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    function test_issueAccessToken_passwordGrant_missingUsername()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return false; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    function test_issueAccessToken_passwordGrant_missingPassword()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return false; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    function test_issueAccessToken_passwordGrant_badCredentials()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return false; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  => 'foo',
-            'password'  => 'bar'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    4
-     */
-    public function test_issueAccessToken_passwordGrant_badScopes()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(false);
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo',
-            'password'  =>  'bar',
-            'scope' =>  'blah'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_passwordGrant_missingScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(true);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo',
-            'password'  =>  'bar'
-        ));
-    }
-
-    public function test_issueAccessToken_passwordGrant_defaultScope()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(false);
-        $a->setDefaultScope('foobar');
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo',
-            'password'  =>  'bar',
-            'scope' =>  ''
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    public function test_issueAccessToken_passwordGrant_defaultScopeArray()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(false);
-        $a->setDefaultScope(array('foobar', 'barfoo'));
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo',
-            'password'  =>  'bar',
-            'scope' =>  ''
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    public function test_issueAccessToken_passwordGrant_goodScope()
-    {
-        $this->scope->shouldReceive('getScope')->andReturn(array(
-            'id'    =>  1,
-            'scope' =>  'foo',
-            'name'  =>  'Foo Name',
-            'description'   =>  'Foo Name Description'
-        ));
-
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  =>  'foo',
-            'password'  =>  'bar',
-            'scope' =>  'blah'
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-    }
-
-    function test_issueAccessToken_passwordGrant_passedInput()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(false);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'password',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'username'  => 'foo',
-            'password'  => 'bar'
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    function test_issueAccessToken_passwordGrant()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'password';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['username'] = 'foo';
-        $_POST['password'] = 'bar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    function test_issueAccessToken_passwordGrant_customExpiresIn()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $pgrant->setAccessTokenTTL(30);
-        $a->addGrantType($pgrant);
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'password';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['username'] = 'foo';
-        $_POST['password'] = 'bar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertNotEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertNotEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-        $this->assertEquals(30, $v['expires_in']);
-        $this->assertEquals(time()+30, $v['expires']);
-    }
-
-    function test_issueAccessToken_passwordGrant_withRefreshToken()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->client->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('createSession')->andReturn(1);
-        $this->session->shouldReceive('deleteSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(null);
-
-        $testCredentials = function() { return 1; };
-
-        $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
-        $pgrant->setVerifyCredentialsCallback($testCredentials);
-        $a->addGrantType($pgrant);
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-        $a->requireScopeParam(false);
-
-        $_POST['grant_type'] = 'password';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['username'] = 'foo';
-        $_POST['password'] = 'bar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-        $this->assertArrayHasKey('refresh_token', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-}

tests/authorization/RefreshTokenTest.php

@@ -1,425 +0,0 @@
-<?php
-
-use \Mockery as m;
-
-class Refresh_Token_test extends PHPUnit_Framework_TestCase
-{
-    private $client;
-    private $session;
-    private $scope;
-
-    public function setUp()
-    {
-        $this->client = M::mock('League\OAuth2\Server\Storage\ClientInterface');
-        $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-        $this->scope = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
-    }
-
-    private function returnDefault()
-    {
-        return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
-    }
-
-    public function test_setRefreshTokenTTL()
-    {
-        $a = $this->returnDefault();
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
-        $rt->setRefreshTokenTTL(30);
-        $this->assertEquals(30, $rt->getRefreshTokenTTL());
-    }
-
-    public function test_issueAccessToken_with_refresh_token()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('removeAuthCode')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $_POST['grant_type'] = 'authorization_code';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['redirect_uri'] = 'http://foo/redirect';
-        $_POST['code'] = 'foobar';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-        $this->assertArrayHasKey('refresh_token', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_refreshTokenGrant_missingClientId()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token'
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_refreshTokenGrant_missingClientSecret()
-    {
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    8
-     */
-    public function test_issueAccessToken_refreshTokenGrant_badClient()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_refreshTokenGrant_missingRefreshToken()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array());
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678
-        ));
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_refreshTokenGrant_badRefreshToken()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array());
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(false);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token' =>  'abcdef'
-        ));
-    }
-
-    public function test_issueAccessToken_refreshTokenGrant_passedInput()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array());
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $_POST['grant_type'] = 'refresh_token';
-        $_POST['client_id'] = 1234;
-        $_POST['client_secret'] = 5678;
-        $_POST['refresh_token'] = 'abcdef';
-
-        $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
-        $a->setRequest($request);
-
-        $v = $a->issueAccessToken();
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function test_issueAccessToken_refreshTokenGrant()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array('id'    =>  1));
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token'  =>  'abcdef',
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function test_issueAccessToken_refreshTokenGrant_rotateTokens()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array('id'    =>  1));
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
-        $rt->rotateRefreshTokens(true);
-        $a->addGrantType($rt);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token'  =>  'abcdef',
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-        $this->assertArrayHasKey('refresh_token', $v);
-
-        $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-    }
-
-    public function test_issueAccessToken_refreshTokenGrant_customExpiresIn()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array('id'    =>  1));
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
-        $grant->setAccessTokenTTL(30);
-        $a->addGrantType($grant);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token'  =>  'abcdef',
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-
-        $this->assertNotEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertNotEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-        $this->assertEquals(30, $v['expires_in']);
-        $this->assertEquals(time()+30, $v['expires']);
-    }
-
-    public function test_issueAccessToken_refreshTokenGrant_newScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array(array('id' => 1, 'scope' => 'foo'), array('id' => 2, 'scope' => 'bar')));
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
-
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
-        $grant->setAccessTokenTTL(30);
-        $grant->rotateRefreshTokens(true);
-        $a->addGrantType($grant);
-
-        $v = $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token'  =>  'abcdef',
-            'scope' =>  'foo'
-        ));
-
-        $this->assertArrayHasKey('access_token', $v);
-        $this->assertArrayHasKey('token_type', $v);
-        $this->assertArrayHasKey('expires', $v);
-        $this->assertArrayHasKey('expires_in', $v);
-        $this->assertArrayHasKey('refresh_token', $v);
-
-        $this->assertNotEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertNotEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
-        $this->assertEquals(30, $v['expires_in']);
-        $this->assertEquals(time()+30, $v['expires']);
-    }
-
-    /**
-     * @expectedException        League\OAuth2\Server\Exception\ClientException
-     * @expectedExceptionCode    0
-     */
-    public function test_issueAccessToken_refreshTokenGrant_badNewScopes()
-    {
-        $this->client->shouldReceive('getClient')->andReturn(array(
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'redirect_uri'  =>  'http://foo/redirect',
-            'name'  =>  'Example Client'
-        ));
-
-        $this->session->shouldReceive('validateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('validateAuthCode')->andReturn(1);
-        $this->session->shouldReceive('updateSession')->andReturn(null);
-        $this->session->shouldReceive('updateRefreshToken')->andReturn(null);
-        $this->session->shouldReceive('getAccessToken')->andReturn(null);
-        $this->session->shouldReceive('getScopes')->andReturn(array(array('id' => 1, 'scope' => 'foo'), array('id' => 2, 'scope' => 'bar')));
-        $this->session->shouldReceive('associateAccessToken')->andReturn(1);
-        $this->session->shouldReceive('associateRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('removeRefreshToken')->andReturn(1);
-        $this->session->shouldReceive('associateScope')->andReturn(null);
-        $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
-
-        $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
-        $grant->setAccessTokenTTL(30);
-        $grant->rotateRefreshTokens(true);
-        $a->addGrantType($grant);
-
-        $a->issueAccessToken(array(
-            'grant_type'    =>  'refresh_token',
-            'client_id' =>  1234,
-            'client_secret' =>  5678,
-            'refresh_token'  =>  'abcdef',
-            'scope' =>  'foobar'
-        ));
-    }
-}

tests/fuzz/grant-authcode.yml

@@ -0,0 +1,9 @@
+url: 'http://localhost:8000/authcode_grant.php/authorize?client_id=testclient&redirect_uri=http%3A%2F%2Fexample.com%2Fredirect&response_type=code&scope=basic'
+request:
+    method: GET
+response:
+    statusCode: 200
+    headers:
+        -
+            key: Location
+            valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/