* @copyright Copyright (c) Alex Bilbie * @license http://mit-license.org/ * @link https://github.com/thephpleague/oauth2-server */ namespace League\OAuth2\Server; use League\OAuth2\Server\Storage\ClientInterface; use League\OAuth2\Server\Storage\AccessTokenInterface; use League\OAuth2\Server\Storage\SessionInterface; use League\OAuth2\Server\Storage\ScopeInterface; use League\OAuth2\Server\Entity\AccessTokenEntity; use League\OAuth2\Server\TokenType\Bearer; use League\OAuth2\Server\Exception; use Symfony\Component\HttpFoundation\Request; /** * OAuth 2.0 Resource Server */ class ResourceServer extends AbstractServer { /** * The access token * @var \League\OAuth2\Server\Entity\AccessTokenEntity */ protected $accessToken; /** * The query string key which is used by clients to present the access token (default: access_token) * @var string */ protected $tokenKey = 'access_token'; /** * Initialise the resource server * @param SessionInterface $sessionStorage * @param AccessTokenInteface $accessTokenStorage * @param ClientInterface $clientStorage * @param ScopeInterface $scopeStorage * @return self */ public function __construct( SessionInterface $sessionStorage, AccessTokenInterface $accessTokenStorage, ClientInterface $clientStorage, ScopeInterface $scopeStorage ) { $this->setSessionStorage($sessionStorage); $this->setAccessTokenStorage($accessTokenStorage); $this->setClientStorage($clientStorage); $this->setScopeStorage($scopeStorage); // Set Bearer as the default token type $this->setTokenType(new Bearer); parent::__construct(); return $this; } /** * Sets the query string key for the access token. * @param $key The new query string key * @return self */ public function setIdKey($key) { $this->tokenKey = $key; return $this; } /** * Gets the access token * @return string */ public function getAccessToken() { return $this->accessToken->getId(); } /** * Checks if the access token is valid or not * @param $headersOnly Limit Access Token to Authorization header only * @return bool */ public function isValidRequest($headersOnly = true, $accessToken = null) { $accessTokenString = ($accessToken !== null) ? $accessToken : $this->determineAccessToken($headersOnly); // Set the access token $this->accessToken = $this->getAccessTokenStorage()->get($accessTokenString); if (!$this->accessToken instanceof AccessTokenEntity) { throw new Exception\AccessDeniedException; } return true; } /** * Reads in the access token from the headers * @param $headersOnly Limit Access Token to Authorization header only * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented * @return string */ public function determineAccessToken($headersOnly = false) { if ($this->getRequest()->headers->get('Authorization') !== null) { $accessToken = $this->getTokenType()->determineAccessTokenInHeader($this->getRequest()); } elseif ($headersOnly === false) { $accessToken = ($this->getRequest()->server->get('REQUEST_METHOD') === 'GET') ? $this->getRequest()->query->get($this->tokenKey) : $this->getRequest()->request->get($this->tokenKey); } if (empty($accessToken)) { throw new Exception\InvalidRequestException('access token'); } return $accessToken; } }