Cheetah
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
OAuth2\Server Class Reference
Inheritance diagram for OAuth2\Server:
OAuth2\Controller\ResourceControllerInterface OAuth2\Controller\AuthorizeControllerInterface OAuth2\Controller\TokenControllerInterface OAuth2\OpenID\Controller\UserInfoControllerInterface

Public Member Functions

 __construct ($storage=array(), array $config=array(), array $grantTypes=array(), array $responseTypes=array(), TokenTypeInterface $tokenType=null, ScopeInterface $scopeUtil=null, ClientAssertionTypeInterface $clientAssertionType=null)
 
 getAuthorizeController ()
 
 getTokenController ()
 
 getResourceController ()
 
 getUserInfoController ()
 
 setAuthorizeController (AuthorizeControllerInterface $authorizeController)
 
 setTokenController (TokenControllerInterface $tokenController)
 
 setResourceController (ResourceControllerInterface $resourceController)
 
 setUserInfoController (UserInfoControllerInterface $userInfoController)
 
 handleUserInfoRequest (RequestInterface $request, ResponseInterface $response=null)
 
 handleTokenRequest (RequestInterface $request, ResponseInterface $response=null)
 
 grantAccessToken (RequestInterface $request, ResponseInterface $response=null)
 
 handleRevokeRequest (RequestInterface $request, ResponseInterface $response=null)
 
 handleAuthorizeRequest (RequestInterface $request, ResponseInterface $response, $is_authorized, $user_id=null)
 
 validateAuthorizeRequest (RequestInterface $request, ResponseInterface $response=null)
 
 verifyResourceRequest (RequestInterface $request, ResponseInterface $response=null, $scope=null)
 
 getAccessTokenData (RequestInterface $request, ResponseInterface $response=null)
 
 addGrantType (GrantTypeInterface $grantType, $identifier=null)
 
 addStorage ($storage, $key=null)
 
 addResponseType (ResponseTypeInterface $responseType, $key=null)
 
 getScopeUtil ()
 
 setScopeUtil ($scopeUtil)
 
 getResponse ()
 
 getStorages ()
 
 getStorage ($name)
 
 getGrantTypes ()
 
 getGrantType ($name)
 
 getResponseTypes ()
 
 getResponseType ($name)
 
 getTokenType ()
 
 getClientAssertionType ()
 
 setConfig ($name, $value)
 
 getConfig ($name, $default=null)
 

Protected Member Functions

 createDefaultAuthorizeController ()
 
 createDefaultTokenController ()
 
 createDefaultResourceController ()
 
 createDefaultUserInfoController ()
 
 getDefaultTokenType ()
 
 getDefaultResponseTypes ()
 
 getDefaultGrantTypes ()
 
 getAccessTokenResponseType ()
 
 getIdTokenResponseType ()
 
 getIdTokenTokenResponseType ()
 
 createDefaultJwtAccessTokenStorage ()
 
 createDefaultJwtAccessTokenResponseType ()
 
 createDefaultAccessTokenResponseType ()
 
 createDefaultIdTokenResponseType ()
 
 createDefaultIdTokenTokenResponseType ()
 
 validateOpenIdConnect ()
 
 normalizeResponseType ($name)
 

Protected Attributes

 $response
 
 $config
 
 $storages
 
 $authorizeController
 
 $tokenController
 
 $resourceController
 
 $userInfoController
 
 $grantTypes
 
 $responseTypes
 
 $tokenType
 
 $scopeUtil
 
 $clientAssertionType
 
 $storageMap
 
 $responseTypeMap
 

Additional Inherited Members

- Public Attributes inherited from OAuth2\Controller\AuthorizeControllerInterface
const RESPONSE_TYPE_AUTHORIZATION_CODE = 'code'
 
const RESPONSE_TYPE_ACCESS_TOKEN = 'token'
 

Detailed Description

Server class for OAuth2 This class serves as a convience class which wraps the other Controller classes

See also
OAuth2\Controller\ResourceController
OAuth2\Controller\AuthorizeController
OAuth2\Controller\TokenController

Definition at line 44 of file Server.php.

Constructor & Destructor Documentation

◆ __construct()

OAuth2\Server::__construct (   $storage = array(),
array  $config = array(),
array  $grantTypes = array(),
array  $responseTypes = array(),
TokenTypeInterface  $tokenType = null,
ScopeInterface  $scopeUtil = null,
ClientAssertionTypeInterface  $clientAssertionType = null 
)
Parameters
mixed$storage(array or OAuth2\Storage) - single object or array of objects implementing the required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
array$configspecify a different token lifetime, token header name, etc
array$grantTypesAn array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
array$responseTypesResponse types to use. array keys should be "code" and and "token" for Access Token and Authorization Code response types
OAuth2\TokenType\TokenTypeInterface$tokenTypeThe token type object to use. Valid token types are "bearer" and "mac"
OAuth2\ScopeInterface$scopeUtilThe scope utility class to use to validate scope
OAuth2\ClientAssertionType\ClientAssertionTypeInterface$clientAssertionTypeThe method in which to verify the client identity. Default is HttpBasic

Definition at line 101 of file Server.php.

Member Function Documentation

◆ addGrantType()

OAuth2\Server::addGrantType ( GrantTypeInterface  $grantType,
  $identifier = null 
)

Definition at line 369 of file Server.php.

◆ addResponseType()

OAuth2\Server::addResponseType ( ResponseTypeInterface  $responseType,
  $key = null 
)

Definition at line 429 of file Server.php.

◆ addStorage()

OAuth2\Server::addStorage (   $storage,
  $key = null 
)

Set a storage object for the server

Parameters
$storageAn object implementing one of the Storage interfaces
$keyIf null, the storage is set to the key of each storage interface it implements
See also
storageMap

Definition at line 393 of file Server.php.

◆ createDefaultAccessTokenResponseType()

OAuth2\Server::createDefaultAccessTokenResponseType ( )
protected

Definition at line 719 of file Server.php.

◆ createDefaultAuthorizeController()

OAuth2\Server::createDefaultAuthorizeController ( )
protected

Definition at line 473 of file Server.php.

◆ createDefaultIdTokenResponseType()

OAuth2\Server::createDefaultIdTokenResponseType ( )
protected

Definition at line 736 of file Server.php.

◆ createDefaultIdTokenTokenResponseType()

OAuth2\Server::createDefaultIdTokenTokenResponseType ( )
protected

Definition at line 750 of file Server.php.

◆ createDefaultJwtAccessTokenResponseType()

OAuth2\Server::createDefaultJwtAccessTokenResponseType ( )
protected

For Authorize and Token Controllers

Definition at line 698 of file Server.php.

◆ createDefaultJwtAccessTokenStorage()

OAuth2\Server::createDefaultJwtAccessTokenStorage ( )
protected

For Resource Controller

Definition at line 682 of file Server.php.

◆ createDefaultResourceController()

OAuth2\Server::createDefaultResourceController ( )
protected

Definition at line 526 of file Server.php.

◆ createDefaultTokenController()

OAuth2\Server::createDefaultTokenController ( )
protected

Definition at line 497 of file Server.php.

◆ createDefaultUserInfoController()

OAuth2\Server::createDefaultUserInfoController ( )
protected

Definition at line 546 of file Server.php.

◆ getAccessTokenData()

OAuth2\Server::getAccessTokenData ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Implements OAuth2\Controller\ResourceControllerInterface.

Definition at line 361 of file Server.php.

◆ getAccessTokenResponseType()

OAuth2\Server::getAccessTokenResponseType ( )
protected

Definition at line 648 of file Server.php.

◆ getAuthorizeController()

OAuth2\Server::getAuthorizeController ( )

Definition at line 145 of file Server.php.

◆ getClientAssertionType()

OAuth2\Server::getClientAssertionType ( )

Definition at line 818 of file Server.php.

◆ getConfig()

OAuth2\Server::getConfig (   $name,
  $default = null 
)

Definition at line 828 of file Server.php.

◆ getDefaultGrantTypes()

OAuth2\Server::getDefaultGrantTypes ( )
protected

Definition at line 612 of file Server.php.

◆ getDefaultResponseTypes()

OAuth2\Server::getDefaultResponseTypes ( )
protected

Definition at line 577 of file Server.php.

◆ getDefaultTokenType()

OAuth2\Server::getDefaultTokenType ( )
protected

Definition at line 570 of file Server.php.

◆ getGrantType()

OAuth2\Server::getGrantType (   $name)

Definition at line 795 of file Server.php.

◆ getGrantTypes()

OAuth2\Server::getGrantTypes ( )

Definition at line 790 of file Server.php.

◆ getIdTokenResponseType()

OAuth2\Server::getIdTokenResponseType ( )
protected

Definition at line 661 of file Server.php.

◆ getIdTokenTokenResponseType()

OAuth2\Server::getIdTokenTokenResponseType ( )
protected

Definition at line 670 of file Server.php.

◆ getResourceController()

OAuth2\Server::getResourceController ( )

Definition at line 163 of file Server.php.

◆ getResponse()

OAuth2\Server::getResponse ( )

Definition at line 775 of file Server.php.

◆ getResponseType()

OAuth2\Server::getResponseType (   $name)

Definition at line 805 of file Server.php.

◆ getResponseTypes()

OAuth2\Server::getResponseTypes ( )

Definition at line 800 of file Server.php.

◆ getScopeUtil()

OAuth2\Server::getScopeUtil ( )

Definition at line 455 of file Server.php.

◆ getStorage()

OAuth2\Server::getStorage (   $name)

Definition at line 785 of file Server.php.

◆ getStorages()

OAuth2\Server::getStorages ( )

Definition at line 780 of file Server.php.

◆ getTokenController()

OAuth2\Server::getTokenController ( )

Definition at line 154 of file Server.php.

◆ getTokenType()

OAuth2\Server::getTokenType ( )

Definition at line 813 of file Server.php.

◆ getUserInfoController()

OAuth2\Server::getUserInfoController ( )

Definition at line 172 of file Server.php.

◆ grantAccessToken()

OAuth2\Server::grantAccessToken ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Implements OAuth2\Controller\TokenControllerInterface.

Definition at line 264 of file Server.php.

◆ handleAuthorizeRequest()

OAuth2\Server::handleAuthorizeRequest ( RequestInterface  $request,
ResponseInterface  $response,
  $is_authorized,
  $user_id = null 
)

Redirect the user appropriately after approval.

After the user has approved or denied the resource request the authorization server should call this function to redirect the user appropriately.

Parameters
$requestThe request should have the follow parameters set in the querystring:
  • response_type: The requested response: an access token, an authorization code, or both.
  • client_id: The client identifier as described in Section 2.
  • redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed.
  • scope: (optional) The scope of the resource request expressed as a list of space-delimited strings.
  • state: (optional) An opaque value used by the client to maintain state between the request and callback.
$is_authorizedTRUE or FALSE depending on whether the user authorized the access.
$user_idIdentifier of user who authorized the client
See also
http://tools.ietf.org/html/rfc6749#section-4

Implements OAuth2\Controller\AuthorizeControllerInterface.

Definition at line 318 of file Server.php.

◆ handleRevokeRequest()

OAuth2\Server::handleRevokeRequest ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Handle a revoke token request This would be called from the "/revoke" endpoint as defined in the draft Token Revocation spec

See also
https://tools.ietf.org/html/rfc7009#section-2
Parameters
RequestInterface$request
ResponseInterface$response
Returns
Response|ResponseInterface

Definition at line 282 of file Server.php.

◆ handleTokenRequest()

OAuth2\Server::handleTokenRequest ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Grant or deny a requested access token. This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want.

Parameters
$request- OAuth2\RequestInterface Request object to grant access token
$response- OAuth2\ResponseInterface Response object containing error messages (failure) or access token (success)
Exceptions
InvalidArgumentException
LogicException
See also
http://tools.ietf.org/html/rfc6749#section-4
http://tools.ietf.org/html/rfc6749#section-10.6
http://tools.ietf.org/html/rfc6749#section-4.1.3

Implements OAuth2\Controller\TokenControllerInterface.

Definition at line 256 of file Server.php.

◆ handleUserInfoRequest()

OAuth2\Server::handleUserInfoRequest ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Return claims about the authenticated end-user. This would be called from the "/UserInfo" endpoint as defined in the spec.

Parameters
$request- OAuth2\RequestInterface Request object to grant access token
$response- OAuth2\ResponseInterface Response object containing error messages (failure) or user claims (success)
Exceptions
InvalidArgumentException
LogicException
See also
http://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Implements OAuth2\OpenID\Controller\UserInfoControllerInterface.

Definition at line 228 of file Server.php.

◆ normalizeResponseType()

OAuth2\Server::normalizeResponseType (   $name)
protected

Definition at line 763 of file Server.php.

◆ setAuthorizeController()

OAuth2\Server::setAuthorizeController ( AuthorizeControllerInterface  $authorizeController)

every getter deserves a setter

Definition at line 184 of file Server.php.

◆ setConfig()

OAuth2\Server::setConfig (   $name,
  $value 
)

Definition at line 823 of file Server.php.

◆ setResourceController()

OAuth2\Server::setResourceController ( ResourceControllerInterface  $resourceController)

every getter deserves a setter

Definition at line 200 of file Server.php.

◆ setScopeUtil()

OAuth2\Server::setScopeUtil (   $scopeUtil)

every getter deserves a setter

Definition at line 468 of file Server.php.

◆ setTokenController()

OAuth2\Server::setTokenController ( TokenControllerInterface  $tokenController)

every getter deserves a setter

Definition at line 192 of file Server.php.

◆ setUserInfoController()

OAuth2\Server::setUserInfoController ( UserInfoControllerInterface  $userInfoController)

every getter deserves a setter

Definition at line 208 of file Server.php.

◆ validateAuthorizeRequest()

OAuth2\Server::validateAuthorizeRequest ( RequestInterface  $request,
ResponseInterface  $response = null 
)

Pull the authorization request data out of the HTTP request.

  • The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting $config['enforce_redirect'] to true.
  • The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.

The draft specifies that the parameters should be retrieved from GET, override the Response object to change this

Returns
The authorization parameters so the authorization server can prompt the user for approval if valid.
See also
http://tools.ietf.org/html/rfc6749#section-4.1.1
http://tools.ietf.org/html/rfc6749#section-10.12

Implements OAuth2\Controller\AuthorizeControllerInterface.

Definition at line 345 of file Server.php.

◆ validateOpenIdConnect()

OAuth2\Server::validateOpenIdConnect ( )
protected

Definition at line 755 of file Server.php.

◆ verifyResourceRequest()

OAuth2\Server::verifyResourceRequest ( RequestInterface  $request,
ResponseInterface  $response = null,
  $scope = null 
)

Implements OAuth2\Controller\ResourceControllerInterface.

Definition at line 353 of file Server.php.

Member Data Documentation

◆ $authorizeController

OAuth2\Server::$authorizeController
protected

Definition at line 55 of file Server.php.

◆ $clientAssertionType

OAuth2\Server::$clientAssertionType
protected

Definition at line 65 of file Server.php.

◆ $config

OAuth2\Server::$config
protected

Definition at line 51 of file Server.php.

◆ $grantTypes

OAuth2\Server::$grantTypes
protected

Definition at line 61 of file Server.php.

◆ $resourceController

OAuth2\Server::$resourceController
protected

Definition at line 57 of file Server.php.

◆ $response

OAuth2\Server::$response
protected

Definition at line 50 of file Server.php.

◆ $responseTypeMap

OAuth2\Server::$responseTypeMap
protected
Initial value:
= array(
'token' => 'OAuth2\ResponseType\AccessTokenInterface',
'code' => 'OAuth2\ResponseType\AuthorizationCodeInterface',
'id_token' => 'OAuth2\OpenID\ResponseType\IdTokenInterface',
'id_token token' => 'OAuth2\OpenID\ResponseType\IdTokenTokenInterface',
'code id_token' => 'OAuth2\OpenID\ResponseType\CodeIdTokenInterface',
)

Definition at line 80 of file Server.php.

◆ $responseTypes

OAuth2\Server::$responseTypes
protected

Definition at line 62 of file Server.php.

◆ $scopeUtil

OAuth2\Server::$scopeUtil
protected

Definition at line 64 of file Server.php.

◆ $storageMap

OAuth2\Server::$storageMap
protected
Initial value:
= array(
'access_token' => 'OAuth2\Storage\AccessTokenInterface',
'authorization_code' => 'OAuth2\Storage\AuthorizationCodeInterface',
'client_credentials' => 'OAuth2\Storage\ClientCredentialsInterface',
'client' => 'OAuth2\Storage\ClientInterface',
'refresh_token' => 'OAuth2\Storage\RefreshTokenInterface',
'user_credentials' => 'OAuth2\Storage\UserCredentialsInterface',
'user_claims' => 'OAuth2\OpenID\Storage\UserClaimsInterface',
'public_key' => 'OAuth2\Storage\PublicKeyInterface',
'jwt_bearer' => 'OAuth2\Storage\JWTBearerInterface',
'scope' => 'OAuth2\Storage\ScopeInterface',
)

Definition at line 67 of file Server.php.

◆ $storages

OAuth2\Server::$storages
protected

Definition at line 52 of file Server.php.

◆ $tokenController

OAuth2\Server::$tokenController
protected

Definition at line 56 of file Server.php.

◆ $tokenType

OAuth2\Server::$tokenType
protected

Definition at line 63 of file Server.php.

◆ $userInfoController

OAuth2\Server::$userInfoController
protected

Definition at line 58 of file Server.php.

The documentation for this class was generated from the following file:
Generated by doxygen 1.8.20