ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: ElyBy-Mirror:5.0.0-RC2
Branches Tags
ElyBy-Mirror:master ElyBy-Mirror:abstract_crypt_key ElyBy-Mirror:adaptation ElyBy-Mirror:export_redirect_uri ElyBy-Mirror:gh-pages ElyBy-Mirror:update-examples-for-version-8 ElyBy-Mirror:7.3.x ElyBy-Mirror:4.1.x ElyBy-Mirror:5.1.x ElyBy-Mirror:7.0.0-WIP ElyBy-Mirror:gh-pages-v4
ElyBy-Mirror:8.0.0 ElyBy-Mirror:7.4.0 ElyBy-Mirror:7.3.3 ElyBy-Mirror:7.3.2 ElyBy-Mirror:7.3.1 ElyBy-Mirror:7.3.0 ElyBy-Mirror:7.2.0 ElyBy-Mirror:4.1.7 ElyBy-Mirror:7.1.1 ElyBy-Mirror:7.1.0 ElyBy-Mirror:7.0.0 ElyBy-Mirror:6.1.1 ElyBy-Mirror:6.1.0 ElyBy-Mirror:5.1.6 ElyBy-Mirror:6.0.2 ElyBy-Mirror:6.0.1 ElyBy-Mirror:5.1.5 ElyBy-Mirror:6.0.0 ElyBy-Mirror:5.1.4 ElyBy-Mirror:5.1.3 ElyBy-Mirror:5.1.2 ElyBy-Mirror:4.1.6 ElyBy-Mirror:5.1.1 ElyBy-Mirror:5.1.0 ElyBy-Mirror:5.0.3 ElyBy-Mirror:5.0.2 ElyBy-Mirror:5.0.1 ElyBy-Mirror:5.0.0 ElyBy-Mirror:5.0.0-RC2 ElyBy-Mirror:5.0.0-RC1 ElyBy-Mirror:4.1.5 ElyBy-Mirror:4.1.4 ElyBy-Mirror:4.1.3 ElyBy-Mirror:4.1.2 ElyBy-Mirror:4.1.1 ElyBy-Mirror:4.1.0 ElyBy-Mirror:4.0.5 ElyBy-Mirror:4.0.4 ElyBy-Mirror:4.0.3 ElyBy-Mirror:4.0.2 ElyBy-Mirror:4.0.1 ElyBy-Mirror:4.0.0 ElyBy-Mirror:3.2.4 ElyBy-Mirror:3.2.3 ElyBy-Mirror:3.2.2 ElyBy-Mirror:3.2.1 ElyBy-Mirror:2.1.3 ElyBy-Mirror:2.1.2 ElyBy-Mirror:3.2 ElyBy-Mirror:3.1.2 ElyBy-Mirror:3.1.1 ElyBy-Mirror:3.1.0 ElyBy-Mirror:3.0.1 ElyBy-Mirror:3.0.0 ElyBy-Mirror:1.0.9 ElyBy-Mirror:2.1.1 ElyBy-Mirror:2.1 ElyBy-Mirror:2.0.5 ElyBy-Mirror:2.0.4 ElyBy-Mirror:2.0.3 ElyBy-Mirror:2.0.2 ElyBy-Mirror:2.0.1 ElyBy-Mirror:2.0 ElyBy-Mirror:1.0.8 ElyBy-Mirror:1.0.7 ElyBy-Mirror:1.0.6 ElyBy-Mirror:1.0.5 ElyBy-Mirror:1.0.4 ElyBy-Mirror:1.0.3 ElyBy-Mirror:1.0.2 ElyBy-Mirror:1.0.1 ElyBy-Mirror:1.0.0 ElyBy-Mirror:0.4.2 ElyBy-Mirror:0.4.1 ElyBy-Mirror:0.4 ElyBy-Mirror:0.3.5 ElyBy-Mirror:0.3.4 ElyBy-Mirror:0.3.3 ElyBy-Mirror:0.3.2 ElyBy-Mirror:0.3.1 ElyBy-Mirror:0.3 ElyBy-Mirror:0.2.3 ElyBy-Mirror:0.2.2 ElyBy-Mirror:0.2.1 ElyBy-Mirror:0.2 ElyBy-Mirror:0.1
...
compare: ElyBy-Mirror:5.0.0
Branches Tags
ElyBy-Mirror:abstract_crypt_key ElyBy-Mirror:adaptation ElyBy-Mirror:export_redirect_uri ElyBy-Mirror:master ElyBy-Mirror:gh-pages ElyBy-Mirror:update-examples-for-version-8 ElyBy-Mirror:7.3.x ElyBy-Mirror:4.1.x ElyBy-Mirror:5.1.x ElyBy-Mirror:7.0.0-WIP ElyBy-Mirror:gh-pages-v4
ElyBy-Mirror:8.0.0 ElyBy-Mirror:7.4.0 ElyBy-Mirror:7.3.3 ElyBy-Mirror:7.3.2 ElyBy-Mirror:7.3.1 ElyBy-Mirror:7.3.0 ElyBy-Mirror:7.2.0 ElyBy-Mirror:4.1.7 ElyBy-Mirror:7.1.1 ElyBy-Mirror:7.1.0 ElyBy-Mirror:7.0.0 ElyBy-Mirror:6.1.1 ElyBy-Mirror:6.1.0 ElyBy-Mirror:5.1.6 ElyBy-Mirror:6.0.2 ElyBy-Mirror:6.0.1 ElyBy-Mirror:5.1.5 ElyBy-Mirror:6.0.0 ElyBy-Mirror:5.1.4 ElyBy-Mirror:5.1.3 ElyBy-Mirror:5.1.2 ElyBy-Mirror:4.1.6 ElyBy-Mirror:5.1.1 ElyBy-Mirror:5.1.0 ElyBy-Mirror:5.0.3 ElyBy-Mirror:5.0.2 ElyBy-Mirror:5.0.1 ElyBy-Mirror:5.0.0 ElyBy-Mirror:5.0.0-RC2 ElyBy-Mirror:5.0.0-RC1 ElyBy-Mirror:4.1.5 ElyBy-Mirror:4.1.4 ElyBy-Mirror:4.1.3 ElyBy-Mirror:4.1.2 ElyBy-Mirror:4.1.1 ElyBy-Mirror:4.1.0 ElyBy-Mirror:4.0.5 ElyBy-Mirror:4.0.4 ElyBy-Mirror:4.0.3 ElyBy-Mirror:4.0.2 ElyBy-Mirror:4.0.1 ElyBy-Mirror:4.0.0 ElyBy-Mirror:3.2.4 ElyBy-Mirror:3.2.3 ElyBy-Mirror:3.2.2 ElyBy-Mirror:3.2.1 ElyBy-Mirror:2.1.3 ElyBy-Mirror:2.1.2 ElyBy-Mirror:3.2 ElyBy-Mirror:3.1.2 ElyBy-Mirror:3.1.1 ElyBy-Mirror:3.1.0 ElyBy-Mirror:3.0.1 ElyBy-Mirror:3.0.0 ElyBy-Mirror:1.0.9 ElyBy-Mirror:2.1.1 ElyBy-Mirror:2.1 ElyBy-Mirror:2.0.5 ElyBy-Mirror:2.0.4 ElyBy-Mirror:2.0.3 ElyBy-Mirror:2.0.2 ElyBy-Mirror:2.0.1 ElyBy-Mirror:2.0 ElyBy-Mirror:1.0.8 ElyBy-Mirror:1.0.7 ElyBy-Mirror:1.0.6 ElyBy-Mirror:1.0.5 ElyBy-Mirror:1.0.4 ElyBy-Mirror:1.0.3 ElyBy-Mirror:1.0.2 ElyBy-Mirror:1.0.1 ElyBy-Mirror:1.0.0 ElyBy-Mirror:0.4.2 ElyBy-Mirror:0.4.1 ElyBy-Mirror:0.4 ElyBy-Mirror:0.3.5 ElyBy-Mirror:0.3.4 ElyBy-Mirror:0.3.3 ElyBy-Mirror:0.3.2 ElyBy-Mirror:0.3.1 ElyBy-Mirror:0.3 ElyBy-Mirror:0.2.3 ElyBy-Mirror:0.2.2 ElyBy-Mirror:0.2.1 ElyBy-Mirror:0.2 ElyBy-Mirror:0.1

93 Commits
5.0.0-RC2 ... 5.0.0

Author SHA1 Message Date
Alex Bilbie
bf55ce1f73 Merge branch 'V5-WIP' 
Conflicts:
	.travis.yml
	CHANGELOG.md
	composer.json
	examples/relational/Storage/AccessTokenStorage.php
	examples/relational/api.php
	src/AbstractServer.php
	src/AuthorizationServer.php
	src/Entity/AuthCodeEntity.php
	src/Exception/InvalidGrantException.php
	src/Exception/InvalidRequestException.php
	src/Exception/InvalidScopeException.php
	src/Exception/OAuthException.php
	src/Exception/ServerErrorException.php
	src/Exception/UnsupportedGrantTypeException.php
	src/Exception/UnsupportedResponseTypeException.php
	src/Grant/AuthCodeGrant.php
	src/Grant/RefreshTokenGrant.php
	src/ResourceServer.php
	src/Storage/AccessTokenInterface.php
	src/Storage/AuthCodeInterface.php
	src/Storage/ClientInterface.php
	src/Storage/RefreshTokenInterface.php
	src/Storage/ScopeInterface.php
	src/Storage/SessionInterface.php
	src/TokenType/Bearer.php
	src/TokenType/MAC.php
	tests/unit/Grant/RefreshTokenGrantTest.php
	tests/unit/TokenType/MacTest.php
 2016-04-17 13:21:22 +01:00
Alex Bilbie
4942585f4f Updated changelog 2016-04-17 13:18:12 +01:00
Alex Bilbie
1575128162 Merge pull request #549 from thephpleague/analysis-8L3Emw 
Applied fixes from StyleCI
 2016-04-17 13:07:29 +01:00
Alex Bilbie
78c2067698 Merge pull request #548 from thephpleague/analysis-z9mQxo 
Applied fixes from StyleCI
 2016-04-17 13:07:15 +01:00
Alex Bilbie
f765f134c9 Applied fixes from StyleCI 2016-04-17 08:07:03 -04:00
Alex Bilbie
257318e524 Merge pull request #547 from lookyman/scope-fixes 
Fix scope loading in grants
 2016-04-17 13:06:57 +01:00
Alex Bilbie
77737e7894 Applied fixes from StyleCI 2016-04-17 08:06:17 -04:00
Alex Bilbie
f007e25070 Added copyright docblocks 2016-04-17 13:06:05 +01:00
Alex Bilbie
25c2e9b31b Code tidy client_credentials 2016-04-17 13:00:49 +01:00
Alex Bilbie
6ed9cbf701 Class rename fixes 2016-04-17 12:54:49 +01:00
Alex Bilbie
7c35778316 Added tests for resource server middleware 2016-04-17 12:54:39 +01:00
Alex Bilbie
f6f39698d9 Renamed Server to AuthorizationServer 2016-04-17 12:54:25 +01:00
Lukáš Unger
3904767873 Fix scope loading in grants 2016-04-17 13:50:56 +02:00
Alex Bilbie
c3a7c418da Updated composer.json 2016-04-17 12:43:25 +01:00
Alex Bilbie
af5a06098b Removed --no-dev statement 2016-04-17 12:43:13 +01:00
Alex Bilbie
6205611a71 Removed unused methods 2016-04-17 12:42:42 +01:00
Alex Bilbie
9f3648039b Use resource server instead 2016-04-17 12:41:28 +01:00
Alex Bilbie
08c356a1e1 Added ResourceServer class 2016-04-17 12:33:29 +01:00
Alex Bilbie
70e32ce9bf Updated changelog 2016-04-17 12:23:38 +01:00
Alex Bilbie
94a1c18fa9 Implict grant does not return return refresh tokens 2016-04-17 12:12:49 +01:00
Alex Bilbie
88b01b792a Clarified example 2016-04-12 20:23:05 +01:00
Alex Bilbie
0178a837d4 Merge pull request #538 from lucadegasperi/patch-4 
Update AbstractGrant.php
 2016-04-11 15:28:26 +01:00
Alex Bilbie
2025bd6a30 Merge pull request #540 from vinkla/patch-2 
Allow phpunit 5.0
 2016-04-11 15:28:13 +01:00
Alex Bilbie
e7f18911f3 Merge pull request #539 from vinkla/patch-1 
Add 5.5.9 to travis
 2016-04-11 15:27:47 +01:00
Vincent Klaiber
8e8ac35dcb Allow phpunit 5.0 
We can allow phpunit 5.0
 2016-04-11 16:23:24 +02:00
Vincent Klaiber
16ed4ea51c Add 5.5.9 to travis 
We should test against 5.5.9 as well since that is the lowest requirement.
 2016-04-11 16:22:20 +02:00
Luca Degasperi
de635f826f Update AbstractGrant.php 
The hint is not necessary since it gets created by the exception with the parameter.
 2016-04-11 15:59:47 +02:00
Alex Bilbie
3e8577f889 Merge pull request #536 from Bobselp/V5-WIP 
less verbose exceptions for RefreshTokenGrant
 2016-04-11 08:24:31 +01:00
Alex Bilbie
525b9b3d3e Merge pull request #537 from ivyhjk/V5-WIP 
Update refresh token expire_time
 2016-04-11 08:24:07 +01:00
ivyhjk
f7413c2f15 Update BearerTokenResponse.php 2016-04-10 19:05:32 -03:00
Bobselp
6e583fdf8a less verbose exceptions for RefreshTokenGrant 
For the LogicException you could also use `throw OAuthServerException::invalidRequest('refresh_token', 'Cannot decrypt the authorization code');`, to get the exact same error AuthCodeGrant-php throws if decryption of `code` fails there.
The second error hint provides information which doesn't help users of the API, although it is next to impossible to trigger this error due to the encryption.
 2016-04-10 22:19:42 +02:00
Alex Bilbie
1de13cf892 Removed .travis.yml after_build stuff 2016-03-24 19:30:14 +00:00
Alex Bilbie
1ad44d1ce0 Merge pull request #483 from mikicaivosevic/master 
Bug fix
 2016-03-23 11:27:41 +00:00
Mikica Ivosevic
b480373249 bug fix 2016-03-23 12:08:45 +01:00
Alex Bilbie
3ad97b4ef4 Merge pull request #434 from bitExpert/fix/getScopeDelimiterDockblock 
Docblock stated that "," is the default scope delimiter but it is " ".
 2016-01-20 11:33:36 +00:00
Stephan Hochdörfer
0490736861 Docblock stated that "," is the default scope delimiter but it is " ". 2016-01-18 22:37:39 +01:00
Alex Bilbie
abaf399f5f Merge pull request #429 from Bobselp/master 
Add MAC Authentication to OAuthException->getHttpHeaders
 2016-01-17 14:57:45 +00:00
Bobselp
55c8df8312 fix for thephpleague/oauth2-server#389 2016-01-17 15:50:34 +01:00
Alex Bilbie
c5db707e69 Updated changelog 2016-01-04 19:56:12 +00:00
Alex Bilbie
ed7f78179a Merge pull request #412 from derrabus/symfony-3 
Allow Symfony 3.0
 2015-12-20 20:38:02 +00:00
Alexander M. Turek
6e92239dd7 Allow Symfony 3.0. 2015-12-11 15:24:13 +01:00
Alex Bilbie
f5d731def9 Updated changelog 2015-11-13 17:52:27 +00:00
Alex Bilbie
03815cec6d Merge pull request #388 from m4tthumphrey/master 
Added priority argument
 2015-10-13 11:21:52 +01:00
Matt Humphrey
c71dc47459 Added priority argument 2015-10-13 11:16:49 +01:00
Alex Bilbie
3bcd8fc3f8 Removed runs and increased timeout 2015-09-26 11:26:17 +01:00
Alex Bilbie
db6d4e0dc6 Only send data to Scrutinizer only for PHP 5.6 2015-09-26 11:25:26 +01:00
Alex Bilbie
f19189a999 Merge pull request #345 from mpipet/master 
Expose parameter passed to exceptions
 2015-09-04 08:38:35 +01:00
Alex Bilbie
ec9c91cc11 Update .scrutinizer.yml 2015-09-04 08:37:12 +01:00
Alex Bilbie
c3457107ee Merge pull request #370 from michaelhogg/fix-bug-hmac-encoding 
Fix bug: hash_hmac() should output raw binary data, not hexits
 2015-09-04 08:36:33 +01:00
Alex Bilbie
a9f61fd3ed Merge pull request #377 from starJammer/master 
AuthCodeGrant and RefreshTokenGrant don't require client_secret
 2015-09-04 08:29:39 +01:00
Alex Bilbie
b78d8ca1d8 Merge pull request #364 from apollopy/master 
Too idealistic. Should allow the client and server have some time difference.
 2015-09-04 08:28:14 +01:00
Jerry Saravia
8f82e8ef86 Added test for setRequireClientSecret 2015-09-03 23:16:09 -04:00
Jerry Saravia
d88e01c7dd Making client secret optional during refresh and access token requsets. 2015-09-03 22:50:35 -04:00
Michael Hogg
d21374fb0b Merge remote-tracking branch 'thephpleague/master' into fix-bug-hmac-encoding 2015-09-02 09:50:46 +01:00
Alex Bilbie
31e5f4d33c Merge pull request #368 from apollopy/mac_token_only_header 
Mac token only get to header
 2015-09-01 14:33:58 +01:00
Alex Bilbie
a773405adf Merge pull request #369 from joaopramos/mac-refresh-tokens 
Mac refresh tokens
 2015-09-01 14:32:45 +01:00
Alex Bilbie
ccc845b195 Merge pull request #371 from michaelhogg/fix-bug-base64-regex 
Fix bug: regex doesn't match all Base64 characters
 2015-09-01 14:30:38 +01:00
Alex Bilbie
21cd917892 Merge pull request #372 from michaelhogg/fix-bug-request-uri 
Fix bug: incorrect signature parameter
 2015-09-01 14:29:41 +01:00
Michael Hogg
a2c418ee07 Fix bug: incorrect signature parameter 2015-08-28 16:41:12 +01:00
Michael Hogg
b220368583 Fix bug: regex doesn't match all Base64 characters 2015-08-28 14:01:22 +01:00
Michael Hogg
2d26c38d6c Update unit test: testDetermineAccessTokenInHeaderValid() 2015-08-28 13:11:20 +01:00
Michael Hogg
eeaa68400f Fix bug: hash_hmac() should output raw binary data, not hexits 2015-08-28 12:46:53 +01:00
joao
56c73d2427 ISSUE #356: added the refresh token to the mac token type response 2015-08-28 10:40:13 +00:00
joao
f632fcc997 ISSUE #356: added the refresh token to the mac token type response 2015-08-28 10:38:45 +00:00
ApolloPY
618d84ddcf Mac token only get to header 2015-08-22 01:47:59 +08:00
apollopy
ace42e89e0 change to 300 seconds 2015-08-21 20:02:42 +08:00
ApolloPY
c496df98e4 Too idealistic. Should allow the client and server have some time difference. 2015-08-21 17:17:51 +08:00
Alex Bilbie
2496653968 Merge pull request #342 from gaomd/master 
Fix #328, strict check Bearer token
 2015-08-21 09:00:02 +01:00
Alex Bilbie
abf66ef9c8 Merge pull request #346 from Korri/Korri-patch-removed-duplicate-routing 
Removed duplicate routing setup code
 2015-08-21 08:59:35 +01:00
Alex Bilbie
4b9ec488f4 Merge pull request #352 from daveblake/master 
Fix typo in docblock
 2015-07-13 21:55:43 +01:00
DavidBlake
726d879607 Fix typo in docblock 2015-06-18 13:27:58 +01:00
Mathieu Pipet
b256195421 Expose parameter passed to exceptions 2015-06-09 17:42:25 +02:00
Mathieu Pipet
c84ea1ea62 Expose parameter passed to exceptions 2015-06-09 17:30:13 +02:00
Hugo Vacher
16685ccde4 Removed duplicate routing setup code 2015-06-08 15:50:55 -04:00
Mengdi Gao
7934c7bb53 Fix #328, strict check Bearer token 2015-06-01 21:36:44 +08:00
Alex Bilbie
c174b6fc65 Merge pull request #341 from thephpleague/philsturgeon-patch-1 
Added integration list to readme
 2015-05-20 13:22:42 +01:00
Phil Sturgeon
75ced70248 Added integration list to readme 
I figure it's a good idea to let people know where they can find their bridge packages to save em looking or building their own framework specific nonsense.
 2015-05-17 13:33:50 -04:00
Alex Bilbie
5b7fdaeece Merge pull request #330 from jakeasmith/patch-1 
Just a typo fix
 2015-04-16 17:48:00 +01:00
Jake A. Smith
430a752315 Just a typo fix 2015-04-16 10:41:37 -05:00
Alex Bilbie
810544ec0a Changelog update 2015-03-22 23:32:45 +00:00
Alex Bilbie
34a6b66b8c More .travis.yml updates 2015-03-22 23:19:36 +00:00
Alex Bilbie
61738a7fe2 Added fast_finish: true to .travis.yml 2015-03-22 23:13:41 +00:00
Alex Bilbie
51184259d1 Merge pull request #323 from rdohms/interface-docs 
Updated Interface Docs
 2015-03-20 11:43:47 +00:00
rdohms
b21de11429 Updated Interface Docs 
Made phpdocs match expectations like null when not found and using array notation for indicating array of <object>
 2015-03-20 11:33:03 +01:00
Alex Bilbie
cf6e86c9d4 Merge pull request #319 from Fuxy22/patch-1 
Fixed missing session scope
 2015-03-13 11:03:05 +00:00
Alex Bilbie
f6fdbc7142 Added PHP 7.0 testing 2015-03-03 22:00:47 +00:00
Norbert Fuksz
7f7f45662a Fixed missing session scope 
Close #297
 2015-03-02 17:47:48 +00:00
Alex Bilbie
f92a68cc72 Merge branch 'master' of github.com:thephpleague/oauth2-server 2015-02-22 19:47:44 +00:00
Alex Bilbie
295d8ffa24 Updated league/event to ~2.1. Fixes #311 2015-02-22 19:47:27 +00:00
Alex Bilbie
3d08140651 Merge pull request #300 from vvllaadd/patch-2 
Probable bug
 2015-02-22 19:45:14 +00:00
Alex Bilbie
ec8a8393ee Merge pull request #310 from ismailbaskin/master 
typo
 2015-02-10 10:03:53 +00:00
Ismail BASKIN
3869b8f406 typo 2015-02-10 10:28:57 +02:00
Vlad
d43391564c Probable bug 
AccessTokenStorage::delete should delete the token, not the scope associated with the token
 2015-01-15 14:20:54 +01:00
65 changed files with 765 additions and 513 deletions
Expand all files Collapse all files

5
.scrutinizer.yml
View File

@@ -21,8 +21,7 @@ checks:
fix_doc_comments: true
tools:
external_code_coverage:
timeout: 600
runs: 3
timeout: 1800
php_code_coverage: false
php_code_sniffer:
config:
@@ -34,4 +33,4 @@ tools:
excluded_dirs: [vendor, tests, examples]
php_cpd:
enabled: true
excluded_dirs: [vendor, tests, examples]
excluded_dirs: [vendor, tests, examples]

4
.travis.yml
View File

@@ -7,6 +7,7 @@ cache:
- vendor
php:
- 5.5.9
- 5.5
- 5.6
- 7.0
@@ -20,5 +21,4 @@ script:
branches:
only:
- master
- V5-WIP
- master

40
CHANGELOG.md
View File

@@ -1,6 +1,44 @@
# Changelog
## 5.0.0-RC2 (released 2016-04-XX)
## 5.0.0 (release 2016-04-17)
Version 5 is a complete code rewrite.
* JWT support
* PSR-7 support
* Improved exception errors
* Replace all occurrences of the term "Storage" with "Repository"
* Simplify repositories
* Entities conform to interfaces and use traits
* Auth code grant updated
* Allow support for public clients
* Add support for #439
* Client credentials grant updated
* Password grant updated
* Allow support for public clients
* Refresh token grant updated
* Implement Implicit grant
* Bearer token output type
* Remove MAC token output type
* Authorization server rewrite
* Resource server class moved to PSR-7 middleware
* Tests
* Much much better documentation
Changes since RC2:
* Renamed Server class to AuthorizationServer
* Added ResourceServer class
* Run unit tests again PHP 5.5.9 as it's the minimum supported version
* Enable PHPUnit 5.0 support
* Improved examples and documentation
* Make it clearer that the implicit grant doesn't support refresh tokens
* Improved refresh token validation errors
* Fixed refresh token expiry date
## 5.0.0-RC2 (released 2016-04-10)
Changes since RC1:
* Allow multiple client redirect URIs (Issue #511)
* Remove unused mac token interface (Issue #503)

5
README.md
View File

@@ -43,6 +43,11 @@ You can contribute to the documentation in the [gh-pages branch](https://github.
Please see [CONTRIBUTING.md](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) and [CONDUCT.md](https://github.com/thephpleague/oauth2-server/blob/master/CONDUCT.md) for details.
## Integration
- [CakePHP 3](https://github.com/uafrica/oauth-server)
- [Laravel](https://github.com/lucadegasperi/oauth2-server-laravel)
## Support
Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues).

2
composer.json
View File

@@ -12,7 +12,7 @@
"psr/http-message": "^1.0"
},
"require-dev": {
"phpunit/phpunit": "^4.8",
"phpunit/phpunit": "^4.8 || ^5.0",
"zendframework/zend-diactoros": "^1.0"
},
"repositories": [

2
examples/README.md
View File

@@ -2,7 +2,7 @@
## Installation
0. Run `composer install --no-dev` in this directory to install dependencies
0. Run `composer install` in this directory to install dependencies
0. Create a private key `openssl genrsa -out private.key 1024`
0. Create a public key `openssl rsa -in private.key -pubout > public.key`
0. `cd` into the public directory

18
examples/composer.json
View File

@@ -1,17 +1,17 @@
{
"repositories": [
{
"type": "path",
"url": ".."
}
],
"require": {
"slim/slim": "3.0.*",
"league/oauth2-server": "dev-V5-WIP"
"slim/slim": "3.0.*"
},
"require-dev": {
"league/event": "^2.1",
"lcobucci/jwt": "^3.1",
"paragonie/random_compat": "^1.1",
"psr/http-message": "^1.0"
},
"autoload": {
"psr-4": {
"OAuth2ServerExamples\\": "src/"
"OAuth2ServerExamples\\": "src/",
"League\\OAuth2\\Server\\": "../src/"
}
}
}

452
examples/composer.lock generated
View File

@@ -4,8 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "ec2df46ff78a00052e1a241ce5988d81",
"content-hash": "46a1c1e42c62d3e3645279fc54ae95b7",
"hash": "48bcb7a3514d7c7f271c554ba1440124",
"content-hash": "e41be75973527cb9d63f27ad14ac8624",
"packages": [
{
"name": "container-interop/container-interop",
@@ -34,243 +34,6 @@
"description": "Promoting the interoperability of container objects (DIC, SL, etc.)",
"time": "2014-12-30 15:22:37"
},
{
"name": "lcobucci/jwt",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/lcobucci/jwt.git",
"reference": "afea8e682e911a21574fd8519321b32522fa25b5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/lcobucci/jwt/zipball/afea8e682e911a21574fd8519321b32522fa25b5",
"reference": "afea8e682e911a21574fd8519321b32522fa25b5",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"php": ">=5.5"
},
"require-dev": {
"mdanter/ecc": "~0.3",
"mikey179/vfsstream": "~1.5",
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1",
"phpunit/phpunit": "~4.5",
"squizlabs/php_codesniffer": "~2.3"
},
"suggest": {
"mdanter/ecc": "Required to use Elliptic Curves based algorithms."
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.1-dev"
}
},
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Luís Otávio Cobucci Oblonczyk",
"email": "lcobucci@gmail.com",
"role": "Developer"
}
],
"description": "A simple library to work with JSON Web Token and JSON Web Signature",
"keywords": [
"JWS",
"jwt"
],
"time": "2016-03-24 22:46:13"
},
{
"name": "league/event",
"version": "2.1.2",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/event.git",
"reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/event/zipball/e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
"reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
"shasum": ""
},
"require": {
"php": ">=5.4.0"
},
"require-dev": {
"henrikbjorn/phpspec-code-coverage": "~1.0.1",
"phpspec/phpspec": "~2.0.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.2-dev"
}
},
"autoload": {
"psr-4": {
"League\\Event\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Frank de Jonge",
"email": "info@frenky.net"
}
],
"description": "Event package",
"keywords": [
"emitter",
"event",
"listener"
],
"time": "2015-05-21 12:24:47"
},
{
"name": "league/oauth2-server",
"version": "dev-V5-authorization-request-flow",
"dist": {
"type": "path",
"url": "../",
"reference": "5410a42bb66f5a61969c3ec1a8e7ab30d225875c",
"shasum": null
},
"require": {
"lcobucci/jwt": "^3.1",
"league/event": "^2.1",
"paragonie/random_compat": "^1.1",
"php": ">=5.5.9",
"psr/http-message": "^1.0"
},
"replace": {
"league/oauth2server": "*",
"lncd/oauth2": "*"
},
"require-dev": {
"league/plates": "^3.1",
"phpunit/phpunit": "^4.8",
"zendframework/zend-diactoros": "^1.0"
},
"suggest": {
"league/plates": "Used for parsing authorization code templates",
"mustache/mustache": "Used for parsing authorization code templates",
"smarty/smarty": "Used for parsing authorization code templates",
"twig/twig": "Used for parsing authorization code templates"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-V5-WIP": "5.0-dev"
}
},
"autoload": {
"psr-4": {
"League\\OAuth2\\Server\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"LeagueTests\\": "tests/"
}
},
"license": [
"MIT"
],
"authors": [
{
"name": "Alex Bilbie",
"email": "hello@alexbilbie.com",
"homepage": "http://www.alexbilbie.com",
"role": "Developer"
}
],
"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
"homepage": "http://oauth2.thephpleague.com/",
"keywords": [
"api",
"auth",
"auth",
"authentication",
"authorisation",
"authorization",
"oauth",
"oauth 2",
"oauth 2.0",
"oauth2",
"protect",
"resource",
"secure",
"server"
]
},
{
"name": "league/plates",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/plates.git",
"reference": "2d8569e9f140a70d6a05db38006926f7547cb802"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/plates/zipball/2d8569e9f140a70d6a05db38006926f7547cb802",
"reference": "2d8569e9f140a70d6a05db38006926f7547cb802",
"shasum": ""
},
"require-dev": {
"mikey179/vfsstream": "~1.4.0",
"phpunit/phpunit": "~4.0",
"squizlabs/php_codesniffer": "~1.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.0-dev"
}
},
"autoload": {
"psr-4": {
"League\\Plates\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Jonathan Reinink",
"email": "jonathan@reinink.ca",
"role": "Developer"
}
],
"description": "Plates, the native PHP template system that's fast, easy to use and easy to extend.",
"homepage": "http://platesphp.com",
"keywords": [
"league",
"package",
"templates",
"templating",
"views"
],
"time": "2015-07-09 02:14:40"
},
{
"name": "nikic/fast-route",
"version": "v0.6.0",
@@ -314,54 +77,6 @@
],
"time": "2015-06-18 19:15:47"
},
{
"name": "paragonie/random_compat",
"version": "v1.4.1",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
"reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2016-03-18 20:34:03"
},
{
"name": "pimple/pimple",
"version": "v3.0.2",
@@ -524,12 +239,167 @@
"time": "2015-12-07 14:11:09"
}
],
"packages-dev": [],
"packages-dev": [
{
"name": "lcobucci/jwt",
"version": "3.1.1",
"source": {
"type": "git",
"url": "https://github.com/lcobucci/jwt.git",
"reference": "afea8e682e911a21574fd8519321b32522fa25b5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/lcobucci/jwt/zipball/afea8e682e911a21574fd8519321b32522fa25b5",
"reference": "afea8e682e911a21574fd8519321b32522fa25b5",
"shasum": ""
},
"require": {
"ext-openssl": "*",
"php": ">=5.5"
},
"require-dev": {
"mdanter/ecc": "~0.3",
"mikey179/vfsstream": "~1.5",
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1",
"phpunit/phpunit": "~4.5",
"squizlabs/php_codesniffer": "~2.3"
},
"suggest": {
"mdanter/ecc": "Required to use Elliptic Curves based algorithms."
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "3.1-dev"
}
},
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"BSD-3-Clause"
],
"authors": [
{
"name": "Luís Otávio Cobucci Oblonczyk",
"email": "lcobucci@gmail.com",
"role": "Developer"
}
],
"description": "A simple library to work with JSON Web Token and JSON Web Signature",
"keywords": [
"JWS",
"jwt"
],
"time": "2016-03-24 22:46:13"
},
{
"name": "league/event",
"version": "2.1.2",
"source": {
"type": "git",
"url": "https://github.com/thephpleague/event.git",
"reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/thephpleague/event/zipball/e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
"reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
"shasum": ""
},
"require": {
"php": ">=5.4.0"
},
"require-dev": {
"henrikbjorn/phpspec-code-coverage": "~1.0.1",
"phpspec/phpspec": "~2.0.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.2-dev"
}
},
"autoload": {
"psr-4": {
"League\\Event\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Frank de Jonge",
"email": "info@frenky.net"
}
],
"description": "Event package",
"keywords": [
"emitter",
"event",
"listener"
],
"time": "2015-05-21 12:24:47"
},
{
"name": "paragonie/random_compat",
"version": "v1.4.1",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
"reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"pseudorandom",
"random"
],
"time": "2016-03-18 20:34:03"
}
],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": {
"league/oauth2-server": 20
},
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": [],

22
examples/public/api.php
View File

@@ -1,9 +1,14 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\Server;
use League\OAuth2\Server\ResourceServer;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\ScopeRepository;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\App;
@@ -14,13 +19,10 @@ $app = new App([
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
ResourceServer::class => function () {
// Setup the authorization server
$server = new Server(
new ClientRepository(),
$server = new ResourceServer(
new AccessTokenRepository(),
new ScopeRepository(),
'file://' . __DIR__ . '/../private.key',
'file://' . __DIR__ . '/../public.key'
);
@@ -30,7 +32,7 @@ $app = new App([
$app->add(
new \League\OAuth2\Server\Middleware\ResourceServerMiddleware(
$app->getContainer()->get(Server::class)
$app->getContainer()->get(ResourceServer::class)
)
);
@@ -54,12 +56,14 @@ $app->get('/users', function (ServerRequestInterface $request, ResponseInterface
],
];
// If the access token doesn't have the `basic` scope hide users' names
if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) {
for ($i = 0; $i < count($users); $i++) {
unset($users[$i]['name']);
}
}
// If the access token doesn't have the `emal` scope hide users' email addresses
if (in_array('email', $request->getAttribute('oauth_scopes')) === false) {
for ($i = 0; $i < count($users); $i++) {
unset($users[$i]['email']);

22
examples/public/auth_code.php
View File

@@ -1,9 +1,15 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Entities\UserEntity;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\AuthCodeRepository;
@@ -21,7 +27,7 @@ $app = new App([
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$scopeRepository = new ScopeRepository();
@@ -33,7 +39,7 @@ $app = new App([
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
@@ -56,8 +62,8 @@ $app = new App([
]);
$app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
// Validate the HTTP request and return an AuthorizationRequest object.
@@ -84,8 +90,8 @@ $app->get('/authorize', function (ServerRequestInterface $request, ResponseInter
});
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
return $server->respondToAccessTokenRequest($request, $response);

49
examples/public/client_credentials.php
View File

@@ -1,8 +1,14 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\ScopeRepository;
@@ -14,31 +20,33 @@ use Zend\Diactoros\Stream;
include __DIR__ . '/../vendor/autoload.php';
$app = new App([
'settings' => [
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$accessTokenRepository = new AccessTokenRepository();
$scopeRepository = new ScopeRepository();
$clientRepository = new ClientRepository(); // instance of ClientRepositoryInterface
$scopeRepository = new ScopeRepository(); // instance of ScopeRepositoryInterface
$accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface
$privateKeyPath = 'file://' . __DIR__ . '/../private.key';
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Path to public and private keys
$privateKey = 'file://path/to/private.key';
//$privateKey = new CryptKey('file://path/to/private.key', 'passphrase'); // if private key has a pass phrase
$publicKey = 'file://path/to/public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
$privateKeyPath,
$publicKeyPath
$privateKey,
$publicKey
);
// Enable the client credentials grant on the server with a token TTL of 1 hour
// Enable the client credentials grant on the server
$server->enableGrantType(
new ClientCredentialsGrant(),
new \DateInterval('PT1H')
new \League\OAuth2\Server\Grant\ClientCredentialsGrant(),
new \DateInterval('PT1H') // access tokens will expire after 1 hour
);
return $server;
@@ -46,14 +54,21 @@ $app = new App([
]);
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
// Try to respond to the request
return $server->respondToAccessTokenRequest($request, $response);
} catch (OAuthServerException $exception) {
// All instances of OAuthServerException can be formatted into a HTTP response
return $exception->generateHttpResponse($response);
} catch (\Exception $exception) {
// Unknown exception
$body = new Stream('php://temp', 'r+');
$body->write($exception->getMessage());

17
examples/public/implicit.php
View File

@@ -1,8 +1,15 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\ImplicitGrant;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Entities\UserEntity;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
@@ -18,7 +25,7 @@ $app = new App([
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$scopeRepository = new ScopeRepository();
@@ -28,7 +35,7 @@ $app = new App([
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
@@ -44,8 +51,8 @@ $app = new App([
]);
$app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
// Validate the HTTP request and return an AuthorizationRequest object.

24
examples/public/middleware_use.php
View File

@@ -1,16 +1,22 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\Grant\RefreshTokenGrant;
use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
use League\OAuth2\Server\Middleware\ResourceServerMiddleware;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\AuthCodeRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
use OAuth2ServerExamples\Repositories\ScopeRepository;
use OAuth2ServerExamples\Repositories\UserRepository;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\App;
@@ -19,23 +25,22 @@ use Zend\Diactoros\Stream;
include __DIR__ . '/../vendor/autoload.php';
$app = new App([
'settings' => [
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$accessTokenRepository = new AccessTokenRepository();
$scopeRepository = new ScopeRepository();
$authCodeRepository = new AuthCodeRepository();
$refreshTokenRepository = new RefreshTokenRepository();
$userRepository = new UserRepository();
$privateKeyPath = 'file://' . __DIR__ . '/../private.key';
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
@@ -48,7 +53,6 @@ $app = new App([
new AuthCodeGrant(
$authCodeRepository,
$refreshTokenRepository,
$userRepository,
new \DateInterval('PT10M')
),
new \DateInterval('PT1H')
@@ -66,7 +70,7 @@ $app = new App([
// Access token issuer
$app->post('/access_token', function () {
})->add(new AuthenticationServerMiddleware($app->getContainer()->get(Server::class)));
})->add(new AuthorizationServerMiddleware($app->getContainer()->get(AuthorizationServer::class)));
// Secured API
$app->group('/api', function () {
@@ -90,6 +94,6 @@ $app->group('/api', function () {
return $response->withBody($body);
});
})->add(new ResourceServerMiddleware($app->getContainer()->get(Server::class)));
})->add(new ResourceServerMiddleware($app->getContainer()->get(AuthorizationServer::class)));
$app->run();

17
examples/public/password.php
View File

@@ -1,8 +1,15 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\PasswordGrant;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
@@ -19,7 +26,7 @@ $app = new App([
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$accessTokenRepository = new AccessTokenRepository();
@@ -31,7 +38,7 @@ $app = new App([
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
@@ -50,8 +57,8 @@ $app = new App([
]);
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
return $server->respondToAccessTokenRequest($request, $response);

26
examples/public/refresh_token.php
View File

@@ -1,8 +1,15 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\RefreshTokenGrant;
use League\OAuth2\Server\Server;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use OAuth2ServerExamples\Repositories\ClientRepository;
use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
@@ -18,7 +25,7 @@ $app = new App([
'settings' => [
'displayErrorDetails' => true,
],
Server::class => function () {
AuthorizationServer::class => function () {
// Init our repositories
$clientRepository = new ClientRepository();
$accessTokenRepository = new AccessTokenRepository();
@@ -29,7 +36,7 @@ $app = new App([
$publicKeyPath = 'file://' . __DIR__ . '/../public.key';
// Setup the authorization server
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepository,
$scopeRepository,
@@ -37,10 +44,13 @@ $app = new App([
$publicKeyPath
);
// Enable the refresh token grant on the server with a token TTL of 1 hour
// Enable the refresh token grant on the server
$grant = new RefreshTokenGrant($refreshTokenRepository);
$grant->setRefreshTokenTTL(new \DateInterval('P1M')); // The refresh token will expire in 1 month
$server->enableGrantType(
new RefreshTokenGrant($refreshTokenRepository),
new \DateInterval('PT1H')
$grant,
new \DateInterval('PT1H') // The new access token will expire after 1 hour
);
return $server;
@@ -48,8 +58,8 @@ $app = new App([
]);
$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
/* @var \League\OAuth2\Server\Server $server */
$server = $app->getContainer()->get(Server::class);
/* @var \League\OAuth2\Server\AuthorizationServer $server */
$server = $app->getContainer()->get(AuthorizationServer::class);
try {
return $server->respondToAccessTokenRequest($request, $response);

7
examples/src/Entities/AccessTokenEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Entities/AuthCodeEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Entities/ClientEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Entities/RefreshTokenEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Entities/ScopeEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Entities/UserEntity.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Entities;

7
examples/src/Repositories/AccessTokenRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

7
examples/src/Repositories/AuthCodeRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

7
examples/src/Repositories/ClientRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

7
examples/src/Repositories/RefreshTokenRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

7
examples/src/Repositories/ScopeRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

7
examples/src/Repositories/UserRepository.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace OAuth2ServerExamples\Repositories;

61
src/Server.php → src/AuthorizationServer.php
View File

@@ -1,12 +1,17 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server;
use DateInterval;
use League\Event\EmitterAwareInterface;
use League\Event\EmitterAwareTrait;
use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface;
use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\GrantTypeInterface;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
@@ -18,7 +23,7 @@ use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
class Server implements EmitterAwareInterface
class AuthorizationServer implements EmitterAwareInterface
{
use EmitterAwareTrait;
@@ -62,21 +67,15 @@ class Server implements EmitterAwareInterface
*/
private $scopeRepository;
/**
* @var \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
*/
private $authorizationValidator;
/**
* New server instance.
*
* @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface $clientRepository
* @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository
* @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface $scopeRepository
* @param \League\OAuth2\Server\CryptKey|string $privateKey
* @param \League\OAuth2\Server\CryptKey|string $publicKey
* @param null|\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType
* @param null|\League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface $authorizationValidator
* @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface $clientRepository
* @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository
* @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface $scopeRepository
* @param \League\OAuth2\Server\CryptKey|string $privateKey
* @param \League\OAuth2\Server\CryptKey|string $publicKey
* @param null|\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType
*/
public function __construct(
ClientRepositoryInterface $clientRepository,
@@ -84,8 +83,7 @@ class Server implements EmitterAwareInterface
ScopeRepositoryInterface $scopeRepository,
$privateKey,
$publicKey,
ResponseTypeInterface $responseType = null,
AuthorizationValidatorInterface $authorizationValidator = null
ResponseTypeInterface $responseType = null
) {
$this->clientRepository = $clientRepository;
$this->accessTokenRepository = $accessTokenRepository;
@@ -102,7 +100,6 @@ class Server implements EmitterAwareInterface
$this->publicKey = $publicKey;
$this->responseType = $responseType;
$this->authorizationValidator = $authorizationValidator;
}
/**
@@ -199,20 +196,6 @@ class Server implements EmitterAwareInterface
throw OAuthServerException::unsupportedGrantType();
}
/**
* Determine the access token validity.
*
* @param \Psr\Http\Message\ServerRequestInterface $request
*
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*
* @return \Psr\Http\Message\ServerRequestInterface
*/
public function validateAuthenticatedRequest(ServerRequestInterface $request)
{
return $this->getAuthorizationValidator()->validateAuthorization($request);
}
/**
* Get the token type that grants will return in the HTTP response.
*
@@ -228,18 +211,4 @@ class Server implements EmitterAwareInterface
return $this->responseType;
}
/**
* @return \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
*/
protected function getAuthorizationValidator()
{
if (!$this->authorizationValidator instanceof AuthorizationValidatorInterface) {
$this->authorizationValidator = new BearerTokenValidator($this->accessTokenRepository);
}
$this->authorizationValidator->setPublicKey($this->publicKey);
return $this->authorizationValidator;
}
}

7
src/AuthorizationValidators/AuthorizationValidatorInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\AuthorizationValidators;

7
src/AuthorizationValidators/BearerTokenValidator.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\AuthorizationValidators;

7
src/Entities/AccessTokenEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/AuthCodeEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/ClientEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/RefreshTokenEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/ScopeEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/TokenInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Entities/Traits/AccessTokenTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/Traits/AuthCodeTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/Traits/ClientTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/Traits/EntityTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/Traits/RefreshTokenTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/Traits/TokenEntityTrait.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities\Traits;

7
src/Entities/UserEntityInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Entities;

7
src/Exception/OAuthServerException.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Exception;

4
src/Grant/AbstractGrant.php
View File

@@ -148,7 +148,7 @@ abstract class AbstractGrant implements GrantTypeInterface
$this->getServerParameter('PHP_AUTH_USER', $request)
);
if (is_null($clientId)) {
throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
throw OAuthServerException::invalidRequest('client_id');
}
// If the client is confidential require the client secret
@@ -215,7 +215,7 @@ abstract class AbstractGrant implements GrantTypeInterface
foreach ($scopesList as $scopeItem) {
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
if (($scope instanceof ScopeEntityInterface) === false) {
if (!$scope instanceof ScopeEntityInterface) {
throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
}

10
src/Grant/AuthCodeGrant.php
View File

@@ -1,9 +1,17 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Grant;
use DateInterval;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
@@ -90,7 +98,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
foreach ($authCodePayload->scopes as $scopeId) {
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
if ($scope === false) {
if (!$scope instanceof ScopeEntityInterface) {
// @codeCoverageIgnoreStart
throw OAuthServerException::invalidScope($scopeId);
// @codeCoverageIgnoreEnd

29
src/Grant/ImplicitGrant.php
View File

@@ -1,10 +1,18 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Grant;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\RedirectResponse;
@@ -23,10 +31,29 @@ class ImplicitGrant extends AbstractAuthorizeGrant
*/
public function __construct(\DateInterval $accessTokenTTL)
{
$this->refreshTokenTTL = new \DateInterval('P1M');
$this->accessTokenTTL = $accessTokenTTL;
}
/**
* @param \DateInterval $refreshTokenTTL
*
* @throw \LogicException
*/
public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
{
throw new \LogicException('The Implicit Grant does nto return refresh tokens');
}
/**
* @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
*
* @throw \LogicException
*/
public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
{
throw new \LogicException('The Implicit Grant does nto return refresh tokens');
}
/**
* {@inheritdoc}
*/

11
src/Grant/RefreshTokenGrant.php
View File

@@ -10,6 +10,7 @@
*/
namespace League\OAuth2\Server\Grant;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\RequestEvent;
@@ -49,7 +50,7 @@ class RefreshTokenGrant extends AbstractGrant
$scopes = array_map(function ($scopeId) use ($client) {
$scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
if (!$scope) {
if (!$scope instanceof ScopeEntityInterface) {
// @codeCoverageIgnoreStart
throw OAuthServerException::invalidScope($scopeId);
// @codeCoverageIgnoreEnd
@@ -101,17 +102,13 @@ class RefreshTokenGrant extends AbstractGrant
try {
$refreshToken = $this->decrypt($encryptedRefreshToken);
} catch (\LogicException $e) {
throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token: ' . $e->getMessage());
throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token');
}
$refreshTokenData = json_decode($refreshToken, true);
if ($refreshTokenData['client_id'] !== $clientId) {
$this->getEmitter()->emit(new RequestEvent('refresh_token.client.failed', $request));
throw OAuthServerException::invalidRefreshToken(
'Token is not linked to client,' .
' got: ' . $clientId .
' expected: ' . $refreshTokenData['client_id']
);
throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
}
if ($refreshTokenData['expire_time'] < time()) {

19
src/Middleware/AuthenticationServerMiddleware.php → src/Middleware/AuthorizationServerMiddleware.php
View File

@@ -1,25 +1,32 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Middleware;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Server;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
class AuthenticationServerMiddleware
class AuthorizationServerMiddleware
{
/**
* @var \League\OAuth2\Server\Server
* @var \League\OAuth2\Server\AuthorizationServer
*/
private $server;
/**
* AuthenticationServerMiddleware constructor.
* AuthorizationServerMiddleware constructor.
*
* @param \League\OAuth2\Server\Server $server
* @param \League\OAuth2\Server\AuthorizationServer $server
*/
public function __construct(Server $server)
public function __construct(AuthorizationServer $server)
{
$this->server = $server;
}

15
src/Middleware/ResourceServerMiddleware.php
View File

@@ -1,25 +1,32 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Middleware;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Server;
use League\OAuth2\Server\ResourceServer;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
class ResourceServerMiddleware
{
/**
* @var \League\OAuth2\Server\Server
* @var \League\OAuth2\Server\ResourceServer
*/
private $server;
/**
* ResourceServerMiddleware constructor.
*
* @param \League\OAuth2\Server\Server $server
* @param \League\OAuth2\Server\ResourceServer $server
*/
public function __construct(Server $server)
public function __construct(ResourceServer $server)
{
$this->server = $server;
}

3
src/Repositories/AccessTokenRepositoryInterface.php
View File

@@ -1,13 +1,12 @@
<?php
/**
* OAuth 2.0 Access token storage interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Repositories;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;

2
src/Repositories/AuthCodeRepositoryInterface.php
View File

@@ -1,7 +1,5 @@
<?php
/**
* OAuth 2.0 Auth code storage interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/

2
src/Repositories/ClientRepositoryInterface.php
View File

@@ -1,7 +1,5 @@
<?php
/**
* OAuth 2.0 Client storage interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/

2
src/Repositories/RefreshTokenRepositoryInterface.php
View File

@@ -1,7 +1,5 @@
<?php
/**
* OAuth 2.0 Refresh token storage interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/

2
src/Repositories/RepositoryInterface.php
View File

@@ -1,7 +1,5 @@
<?php
/**
* OAuth 2.0 Repository interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/

3
src/Repositories/ScopeRepositoryInterface.php
View File

@@ -1,13 +1,12 @@
<?php
/**
* OAuth 2.0 Scope storage interface.
*
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Repositories;
use League\OAuth2\Server\Entities\ClientEntityInterface;

7
src/Repositories/UserRepositoryInterface.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\Repositories;

8
src/RequestEvent.php
View File

@@ -1,5 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server;
use League\Event\Event;

7
src/RequestTypes/AuthorizationRequest.php
View File

@@ -1,4 +1,11 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server\RequestTypes;

80
src/ResourceServer.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
/**
* @author Alex Bilbie <hello@alexbilbie.com>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
namespace League\OAuth2\Server;
use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface;
use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use Psr\Http\Message\ServerRequestInterface;
class ResourceServer
{
/**
* @var \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface
*/
private $accessTokenRepository;
/**
* @var \League\OAuth2\Server\CryptKey|string
*/
private $publicKey;
/**
* @var \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface|null
*/
private $authorizationValidator;
/**
* New server instance.
*
* @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository
* @param \League\OAuth2\Server\CryptKey|string $publicKey
* @param null|\League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface $authorizationValidator
*/
public function __construct(
AccessTokenRepositoryInterface $accessTokenRepository,
$publicKey,
AuthorizationValidatorInterface $authorizationValidator = null
) {
$this->accessTokenRepository = $accessTokenRepository;
if (!$publicKey instanceof CryptKey) {
$publicKey = new CryptKey($publicKey);
}
$this->publicKey = $publicKey;
$this->authorizationValidator = $authorizationValidator;
}
/**
* @return \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
*/
protected function getAuthorizationValidator()
{
if (!$this->authorizationValidator instanceof AuthorizationValidatorInterface) {
$this->authorizationValidator = new BearerTokenValidator($this->accessTokenRepository);
}
$this->authorizationValidator->setPublicKey($this->publicKey);
return $this->authorizationValidator;
}
/**
* Determine the access token validity.
*
* @param \Psr\Http\Message\ServerRequestInterface $request
*
* @throws \League\OAuth2\Server\Exception\OAuthServerException
*
* @return \Psr\Http\Message\ServerRequestInterface
*/
public function validateAuthenticatedRequest(ServerRequestInterface $request)
{
return $this->getAuthorizationValidator()->validateAuthorization($request);
}
}

2
src/ResponseTypes/BearerTokenResponse.php
View File

@@ -39,7 +39,7 @@ class BearerTokenResponse extends AbstractResponseType
'access_token_id' => $this->accessToken->getIdentifier(),
'scopes' => $this->accessToken->getScopes(),
'user_id' => $this->accessToken->getUserIdentifier(),
'expire_time' => $expireDateTime,
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
]
)
);

35
tests/ServerTest.php → tests/AuthorizationServerTest.php
View File

@@ -2,6 +2,7 @@
namespace LeagueTests;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\AuthCodeGrant;
@@ -13,7 +14,6 @@ use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
use League\OAuth2\Server\Server;
use LeagueTests\Stubs\AccessTokenEntity;
use LeagueTests\Stubs\AuthCodeEntity;
use LeagueTests\Stubs\ClientEntity;
@@ -24,11 +24,11 @@ use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequest;
use Zend\Diactoros\ServerRequestFactory;
class ServerTest extends \PHPUnit_Framework_TestCase
class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
{
public function testRespondToRequestInvalidGrantType()
{
$server = new Server(
$server = new AuthorizationServer(
$this->getMock(ClientRepositoryInterface::class),
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
@@ -58,7 +58,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
$accessTokenRepositoryMock = $this->getMock(AccessTokenRepositoryInterface::class);
$accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessTokenRepositoryMock,
$scopeRepositoryMock,
@@ -80,7 +80,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
@@ -95,30 +95,11 @@ class ServerTest extends \PHPUnit_Framework_TestCase
$this->assertTrue($method->invoke($server) instanceof BearerTokenResponse);
}
public function testValidateAuthenticatedRequest()
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$clientRepository,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
'file://' . __DIR__ . '/Stubs/private.key',
'file://' . __DIR__ . '/Stubs/public.key'
);
try {
$server->validateAuthenticatedRequest(ServerRequestFactory::fromGlobals());
} catch (OAuthServerException $e) {
$this->assertEquals('Missing "Authorization" header', $e->getHint());
}
}
public function testCompleteAuthorizationRequest()
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
@@ -164,7 +145,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
);
$grant->setClientRepository($clientRepositoryMock);
$server = new Server(
$server = new AuthorizationServer(
$clientRepositoryMock,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
@@ -196,7 +177,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
*/
public function testValidateAuthorizationRequestUnregistered()
{
$server = new Server(
$server = new AuthorizationServer(
$this->getMock(ClientRepositoryInterface::class),
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),

14
tests/Middleware/AuthenticationServerMiddlewareTest.php → tests/Middleware/AuthorizationServerMiddlewareTest.php
View File

@@ -2,20 +2,20 @@
namespace LeagueTests\Middleware;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Server;
use LeagueTests\Stubs\AccessTokenEntity;
use LeagueTests\Stubs\ClientEntity;
use LeagueTests\Stubs\StubResponseType;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequestFactory;
class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
{
public function testValidResponse()
{
@@ -28,7 +28,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
$accessRepositoryMock = $this->getMock(AccessTokenRepositoryInterface::class);
$accessRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$accessRepositoryMock,
$scopeRepositoryMock,
@@ -45,7 +45,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
$request = ServerRequestFactory::fromGlobals();
$middleware = new AuthenticationServerMiddleware($server);
$middleware = new AuthorizationServerMiddleware($server);
$response = $middleware->__invoke(
$request,
new Response(),
@@ -61,7 +61,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$clientRepository->method('getClientEntity')->willReturn(null);
$server = new Server(
$server = new AuthorizationServer(
$clientRepository,
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
@@ -78,7 +78,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
$request = ServerRequestFactory::fromGlobals();
$middleware = new AuthenticationServerMiddleware($server);
$middleware = new AuthorizationServerMiddleware($server);
$response = $middleware->__invoke(
$request,

35
tests/Middleware/ResourceServerMiddlewareTest.php
View File

@@ -5,12 +5,9 @@ namespace LeagueTests\Middleware;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Middleware\ResourceServerMiddleware;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Server;
use League\OAuth2\Server\ResourceServer;
use LeagueTests\Stubs\AccessTokenEntity;
use LeagueTests\Stubs\ClientEntity;
use LeagueTests\Stubs\StubResponseType;
use Zend\Diactoros\Response;
use Zend\Diactoros\ServerRequest;
@@ -18,15 +15,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
{
public function testValidResponse()
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$clientRepository,
$server = new ResourceServer(
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
'file://' . __DIR__ . '/../Stubs/private.key',
'file://' . __DIR__ . '/../Stubs/public.key',
new StubResponseType()
'file://' . __DIR__ . '/../Stubs/public.key'
);
$client = new ClientEntity();
@@ -59,15 +50,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
public function testValidResponseExpiredToken()
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$clientRepository,
$server = new ResourceServer(
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
'file://' . __DIR__ . '/../Stubs/private.key',
'file://' . __DIR__ . '/../Stubs/public.key',
new StubResponseType()
'file://' . __DIR__ . '/../Stubs/public.key'
);
$client = new ClientEntity();
@@ -100,15 +85,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
public function testErrorResponse()
{
$clientRepository = $this->getMock(ClientRepositoryInterface::class);
$server = new Server(
$clientRepository,
$server = new ResourceServer(
$this->getMock(AccessTokenRepositoryInterface::class),
$this->getMock(ScopeRepositoryInterface::class),
'file://' . __DIR__ . '/../Stubs/private.key',
'file://' . __DIR__ . '/../Stubs/public.key',
new StubResponseType()
'file://' . __DIR__ . '/../Stubs/public.key'
);
$request = new ServerRequest();

26
tests/ResourceServerTest.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
namespace LeagueTests;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\ResourceServer;
use Zend\Diactoros\ServerRequestFactory;
class ResourceServerTest extends \PHPUnit_Framework_TestCase
{
public function testValidateAuthenticatedRequest()
{
$server = new ResourceServer(
$this->getMock(AccessTokenRepositoryInterface::class),
'file://' . __DIR__ . '/Stubs/public.key'
);
try {
$server->validateAuthenticatedRequest(ServerRequestFactory::fromGlobals());
} catch (OAuthServerException $e) {
$this->assertEquals('Missing "Authorization" header', $e->getHint());
}
}
}