* @copyright Copyright (c) Alex Bilbie * @license http://mit-license.org/ * @link https://github.com/thephpleague/oauth2-server */ namespace League\OAuth2\Server\Grant; use League\OAuth2\Server\AuthorizationServer; use League\OAuth2\Server\Entity\ScopeEntity; use League\OAuth2\Server\Exception; /** * Abstract grant class */ abstract class AbstractGrant implements GrantTypeInterface { /** * Grant identifier * @var string */ protected $identifier = ''; /** * Response type * @var string */ protected $responseType; /** * Callback to authenticate a user's name and password * @var function */ protected $callback; /** * AuthServer instance * @var AuthServer */ protected $server; /** * Access token expires in override * @var int */ protected $accessTokenTTL; /** * Return the identifier * @return string */ public function getIdentifier() { return $this->identifier; } /** * Return the identifier * @param string $identifier * @return self */ public function setIdentifier($identifier) { $this->identifier = $identifier; return $this; } /** * Return the response type * @return string */ public function getResponseType() { return $this->responseType; } /** * Override the default access token expire time * @param int $accessTokenTTL * @return self */ public function setAccessTokenTTL($accessTokenTTL) { $this->accessTokenTTL = $accessTokenTTL; return $this; } /** * Inject the authorization server into the grant * @param AuthorizationServer $server The authorization server instance * @return self */ public function setAuthorizationServer(AuthorizationServer $server) { $this->server = $server; return $this; } /** * Given a list of scopes, validate them and return an arrary of Scope entities * @param string $scopeParam A string of scopes (e.g. "profile email birthday") * @return array * @throws ClientException If scope is invalid, or no scopes passed when required */ public function validateScopes($scopeParam = '') { $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam); for ($i = 0; $i < count($scopesList); $i++) { $scopesList[$i] = trim($scopesList[$i]); if ($scopesList[$i] === '') unset($scopesList[$i]); // Remove any junk scopes } if ( $this->server->scopeParamRequired() === true && $this->server->getDefaultScope() === null && count($scopesList) === 0 ) { throw new Exception\InvalidRequestException('scope'); } elseif (count($scopesList) === 0 && $this->server->getDefaultScope() !== null) { if (is_array($this->server->getDefaultScope())) { $scopesList = $this->server->getDefaultScope(); } else { $scopesList = [0 => $this->server->getDefaultScope()]; } } $scopes = []; foreach ($scopesList as $scopeItem) { $scope = $this->server->getStorage('scope')->get( $scopeItem, $this->getIdentifier() ); if (($scope instanceof ScopeEntity) === false) { throw new Exception\InvalidScopeException($scopeItem); } $scopes[$scope->getId()] = $scope; } return $scopes; } /** * Format the local scopes array * @param array $unformated Array of Array of \League\OAuth2\Server\Entity\ScopeEntity * @return array */ protected function formatScopes($unformated = []) { $scopes = []; foreach ($unformated as $scope) { if ($scope instanceof ScopeEntity) { $scopes[$scope->getId()] = $scope; } } return $scopes; } /** * Complete the grant flow * * Example response: * 
     *  array(
     *      'access_token'  =>  (string),   // The access token
     *      'refresh_token' =>  (string),   // The refresh token (only set if the refresh token grant is enabled)
     *      'token_type'    =>  'bearer',   // Almost always "bearer" (exceptions: JWT, SAML)
     *      'expires'       =>  (int),      // The timestamp of when the access token will expire
     *      'expires_in'    =>  (int)       // The number of seconds before the access token will expire
     *  )
     *
* * @return array An array of parameters to be passed back to the client */ abstract public function completeFlow(); }