Public Member Functions | |
| __construct ($connection=array(), array $config=array()) | |
| getAuthorizationCode ($code) | |
| setAuthorizationCode ($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) | |
| expireAuthorizationCode ($code) | |
| checkUserCredentials ($username, $password) | |
| getUserDetails ($username) | |
| getUser ($username) | |
| setUser ($username, $password, $first_name=null, $last_name=null) | |
| checkClientCredentials ($client_id, $client_secret=null) | |
| isPublicClient ($client_id) | |
| getClientDetails ($client_id) | |
| setClientDetails ($client_id, $client_secret=null, $redirect_uri=null, $grant_types=null, $scope=null, $user_id=null) | |
| checkRestrictedGrantType ($client_id, $grant_type) | |
| getRefreshToken ($refresh_token) | |
| setRefreshToken ($refresh_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetRefreshToken ($refresh_token) | |
| getAccessToken ($access_token) | |
| setAccessToken ($access_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetAccessToken ($access_token) | |
| scopeExists ($scope) | |
| getDefaultScope ($client_id=null) | |
| setScope ($scope, $client_id=null, $type='supported') | |
| getClientKey ($client_id, $subject) | |
| setClientKey ($client_id, $key, $subject=null) | |
| getClientScope ($client_id) | |
| getJti ($client_id, $subject, $audience, $expiration, $jti) | |
| setJti ($client_id, $subject, $audience, $expiration, $jti) | |
| getPublicKey ($client_id='') | |
| getPrivateKey ($client_id='') | |
| getEncryptionAlgorithm ($client_id=null) | |
| getUserClaims ($user_id, $claims) | |
 Public Member Functions inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\AuthorizationCodeInterface | |
| enforceRedirect () | |
| createAuthorizationCode ($client_id, $user_id, $redirect_uri, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\ResponseTypeInterface | |
| getAuthorizeResponse ($params, $user_id=null) | |
Protected Member Functions | |
| getValue ($key) | |
| setValue ($key, $value, $expire=0) | |
| expireValue ($key) | |
| checkPassword ($user, $password) | |
| getUserClaim ($claim, $userDetails) | |
Protected Attributes | |
| $cassandra | |
| $config | |
Additional Inherited Members | |
| Public Attributes inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| const | RESPONSE_TYPE_CODE = "code" |
| Public Attributes inherited from OAuth2\OpenID\Storage\UserClaimsInterface | |
| const | VALID_CLAIMS = 'profile email address phone' |
| const | PROFILE_CLAIM_VALUES = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at' |
| const | EMAIL_CLAIM_VALUES = 'email email_verified' |
| const | ADDRESS_CLAIM_VALUES = 'formatted street_address locality region postal_code country' |
| const | PHONE_CLAIM_VALUES = 'phone_number phone_number_verified' |
Detailed Description
Cassandra storage for all storage types
To use, install "thobbs/phpcassa" via composer composer require thobbs/phpcassa:dev-master
Once this is done, instantiate the $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_server', array('127.0.0.1:9160'));
Then, register the storage client: $storage = new OAuth2\Storage\Cassandra($cassandra); $storage->setClientDetails($client_id, $client_secret, $redirect_uri);
- See also
- test/lib/OAuth2/Storage/Bootstrap::getCassandraStorage
Definition at line 32 of file Cassandra.php.
Constructor & Destructor Documentation
◆ __construct()
| OAuth2\Storage\Cassandra::__construct | ( | $connection = array(), |
|
| array | $config = array() |
||
| ) |
Cassandra Storage! uses phpCassa
- Parameters
-
\phpcassa\ConnectionPool $cassandra array $config
Definition at line 58 of file Cassandra.php.
Member Function Documentation
◆ checkClientCredentials()
| OAuth2\Storage\Cassandra::checkClientCredentials | ( | $client_id, | |
$client_secret = null |
|||
| ) |
Make sure that the client credentials is valid.
- Parameters
-
$client_id Client identifier to be check with. $client_secret (optional) If a secret is required, check that they've given the right one.
- Returns
- TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 216 of file Cassandra.php.
◆ checkPassword()
|
protected |
Definition at line 183 of file Cassandra.php.
◆ checkRestrictedGrantType()
| OAuth2\Storage\Cassandra::checkRestrictedGrantType | ( | $client_id, | |
| $grant_type | |||
| ) |
Check restricted grant types of corresponding client identifier.
If you want to restrict clients to certain grant types, override this function.
- Parameters
-
$client_id Client identifier to be check with. $grant_type Grant type to be check with
- Returns
- TRUE if the grant type is supported by this client identifier, and FALSE if it isn't.
Implements OAuth2\Storage\ClientInterface.
Definition at line 249 of file Cassandra.php.
◆ checkUserCredentials()
| OAuth2\Storage\Cassandra::checkUserCredentials | ( | $username, | |
| $password | |||
| ) |
Grant access tokens for basic user credentials.
Check the supplied username and password for validity.
You can also use the $client_id param to do any checks required based on a client, if you need that.
Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
- Parameters
-
$username Username to be check with. $password Password to be check with.
- Returns
- TRUE if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 173 of file Cassandra.php.
◆ expireAuthorizationCode()
| OAuth2\Storage\Cassandra::expireAuthorizationCode | ( | $code | ) |
once an Authorization Code is used, it must be exipired
The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 164 of file Cassandra.php.
◆ expireValue()
|
protected |
Definition at line 134 of file Cassandra.php.
◆ getAccessToken()
| OAuth2\Storage\Cassandra::getAccessToken | ( | $oauth_token | ) |
Look up the supplied oauth_token from storage.
We need to retrieve access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be check with.
- Returns
- An associative array as below, and return NULL if the supplied oauth_token is invalid:
- expires: Stored expiration in unix timestamp.
- client_id: (optional) Stored client identifier.
- user_id: (optional) Stored user identifier.
- scope: (optional) Stored scope values in space-separated string.
- id_token: (optional) Stored id_token (if "use_openid_connect" is true).
Implements OAuth2\Storage\AccessTokenInterface.
Definition at line 283 of file Cassandra.php.
◆ getAuthorizationCode()
| OAuth2\Storage\Cassandra::getAuthorizationCode | ( | $code | ) |
Fetch authorization code data (probably the most common grant type).
Retrieve the stored data for the given authorization code.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code Authorization code to be check with.
- Returns
- An associative array as below, and NULL if the code is invalid return array("client_id" => CLIENT_ID, // REQUIRED Stored client identifier"user_id" => USER_ID, // REQUIRED Stored user identifier"expires" => EXPIRES, // REQUIRED Stored expiration in unix timestamp"redirect_uri" => REDIRECT_URI, // REQUIRED Stored redirect URI"scope" => SCOPE, // OPTIONAL Stored scope values in space-separated string);
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 150 of file Cassandra.php.
◆ getClientDetails()
| OAuth2\Storage\Cassandra::getClientDetails | ( | $client_id | ) |
Get client details corresponding client_id.
OAuth says we should store request URIs for each registered client. Implement this function to grab the stored URI for a given client id.
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- array Client details. The only mandatory key in the array is "redirect_uri". This function MUST return FALSE if the given client does not exist or is invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
return array( "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client "client_id" => CLIENT_ID, // OPTIONAL the client id "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types "user_id" => USER_ID, // OPTIONAL the user identifier associated with this client "scope" => SCOPE, // OPTIONAL the scopes allowed for this client );
Implements OAuth2\Storage\ClientInterface.
Definition at line 236 of file Cassandra.php.
◆ getClientKey()
| OAuth2\Storage\Cassandra::getClientKey | ( | $client_id, | |
| $subject | |||
| ) |
Get the public key associated with a client_id
- Parameters
-
$client_id Client identifier to be checked with.
- Returns
- STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 339 of file Cassandra.php.
◆ getClientScope()
| OAuth2\Storage\Cassandra::getClientScope | ( | $client_id | ) |
Get the scope associated with this client
- Returns
- STRING the space-delineated scope list for the specified client_id
Implements OAuth2\Storage\ClientInterface.
Definition at line 361 of file Cassandra.php.
◆ getDefaultScope()
| OAuth2\Storage\Cassandra::getDefaultScope | ( | $client_id = null | ) |
The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes
- Parameters
-
$client_id An optional client id that can be used to return customized default scopes.
- Returns
- string representation of default scope, null if scopes are not defined, or false to force scope request by the client
ex: 'default' ex: null
Implements OAuth2\Storage\ScopeInterface.
Definition at line 314 of file Cassandra.php.
◆ getEncryptionAlgorithm()
| OAuth2\Storage\Cassandra::getEncryptionAlgorithm | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 411 of file Cassandra.php.
◆ getJti()
| OAuth2\Storage\Cassandra::getJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
- Parameters
-
$client_id Client identifier to match. $subject The subject to match. $audience The audience to match. $expiration The expiration of the jti. $jti The jti to match.
- Returns
- An associative array as below, and return NULL if the jti does not exist.
- issuer: Stored client identifier.
- subject: Stored subject.
- audience: Stored audience.
- expires: Stored expiration in unix timestamp.
- jti: The stored jti.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 374 of file Cassandra.php.
◆ getPrivateKey()
| OAuth2\Storage\Cassandra::getPrivateKey | ( | $client_id = '' | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 399 of file Cassandra.php.
◆ getPublicKey()
| OAuth2\Storage\Cassandra::getPublicKey | ( | $client_id = '' | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 387 of file Cassandra.php.
◆ getRefreshToken()
| OAuth2\Storage\Cassandra::getRefreshToken | ( | $refresh_token | ) |
Grant refresh access tokens.
Retrieve the stored data for the given refresh token.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be check with.
- Returns
- An associative array as below, and NULL if the refresh_token is invalid:
- refresh_token: Refresh token identifier.
- client_id: Client identifier.
- user_id: User identifier.
- expires: Expiration unix timestamp, or 0 if the token doesn't expire.
- scope: (optional) Scope values in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 263 of file Cassandra.php.
◆ getUser()
| OAuth2\Storage\Cassandra::getUser | ( | $username | ) |
Definition at line 193 of file Cassandra.php.
◆ getUserClaim()
|
protected |
Definition at line 452 of file Cassandra.php.
◆ getUserClaims()
| OAuth2\Storage\Cassandra::getUserClaims | ( | $user_id, | |
| $scope | |||
| ) |
Return claims about the provided user id.
Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.
- Parameters
-
$user_id The id of the user for which claims should be returned. $scope The requested scope. Scopes with matching claims: profile, email, address, phone.
- Returns
- An array in the claim => value format.
Implements OAuth2\OpenID\Storage\UserClaimsInterface.
Definition at line 426 of file Cassandra.php.
◆ getUserDetails()
| OAuth2\Storage\Cassandra::getUserDetails | ( | $username | ) |
- Returns
- ARRAY the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes. return array("user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token"scope" => SCOPE // OPTIONAL space-separated list of restricted scopes);
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 188 of file Cassandra.php.
◆ getValue()
|
protected |
Definition at line 90 of file Cassandra.php.
◆ isPublicClient()
| OAuth2\Storage\Cassandra::isPublicClient | ( | $client_id | ) |
Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- TRUE if the client is public, and FALSE if it isn't.
- See also
- http://tools.ietf.org/html/rfc6749#section-2.3
- https://github.com/bshaffer/oauth2-server-php/issues/257
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 226 of file Cassandra.php.
◆ scopeExists()
| OAuth2\Storage\Cassandra::scopeExists | ( | $scope | ) |
Check if the provided scope exists.
- Parameters
-
$scope A space-separated string of scopes.
- Returns
- TRUE if it exists, FALSE otherwise.
Implements OAuth2\Storage\ScopeInterface.
Definition at line 303 of file Cassandra.php.
◆ setAccessToken()
| OAuth2\Storage\Cassandra::setAccessToken | ( | $oauth_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Store the supplied access token values to storage.
We need to store access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL Scopes to be stored in space-separated string.
Implements OAuth2\Storage\AccessTokenInterface.
Definition at line 288 of file Cassandra.php.
◆ setAuthorizationCode()
| OAuth2\Storage\Cassandra::setAuthorizationCode | ( | $code, | |
| $client_id, | |||
| $user_id, | |||
| $redirect_uri, | |||
| $expires, | |||
$scope = null, |
|||
$id_token = null |
|||
| ) |
Take the provided authorization code values and store them somewhere.
This function should be the storage counterpart to getAuthCode().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code authorization code to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. string $redirect_uri redirect URI(s) to be stored in a space-separated string. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL scopes to be stored in space-separated string. string $id_token OPTIONAL the OpenID Connect id_token.
Implements OAuth2\OpenID\Storage\AuthorizationCodeInterface.
Definition at line 155 of file Cassandra.php.
◆ setClientDetails()
| OAuth2\Storage\Cassandra::setClientDetails | ( | $client_id, | |
$client_secret = null, |
|||
$redirect_uri = null, |
|||
$grant_types = null, |
|||
$scope = null, |
|||
$user_id = null |
|||
| ) |
Definition at line 241 of file Cassandra.php.
◆ setClientKey()
| OAuth2\Storage\Cassandra::setClientKey | ( | $client_id, | |
| $key, | |||
$subject = null |
|||
| ) |
Definition at line 352 of file Cassandra.php.
◆ setJti()
| OAuth2\Storage\Cassandra::setJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Store a used jti so that we can check against it to prevent replay attacks.
- Parameters
-
$client_id Client identifier to insert. $subject The subject to insert. $audience The audience to insert. $expiration The expiration of the jti. $jti The jti to insert.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 380 of file Cassandra.php.
◆ setRefreshToken()
| OAuth2\Storage\Cassandra::setRefreshToken | ( | $refresh_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Take the provided refresh token values and store them somewhere.
This function should be the storage counterpart to getRefreshToken().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be stored. $client_id Client identifier to be stored. $user_id User identifier to be stored. $expires Expiration timestamp to be stored. 0 if the token doesn't expire. $scope (optional) Scopes to be stored in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 268 of file Cassandra.php.
◆ setScope()
| OAuth2\Storage\Cassandra::setScope | ( | $scope, | |
$client_id = null, |
|||
$type = 'supported' |
|||
| ) |
Definition at line 323 of file Cassandra.php.
◆ setUser()
Definition at line 205 of file Cassandra.php.
◆ setValue()
|
protected |
Definition at line 107 of file Cassandra.php.
◆ unsetAccessToken()
| OAuth2\Storage\Cassandra::unsetAccessToken | ( | $access_token | ) |
Definition at line 297 of file Cassandra.php.
◆ unsetRefreshToken()
| OAuth2\Storage\Cassandra::unsetRefreshToken | ( | $refresh_token | ) |
Expire a used refresh token.
This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
- Parameters
-
$refresh_token Refresh token to be expirse.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 277 of file Cassandra.php.
Member Data Documentation
◆ $cassandra
|
protected |
Definition at line 47 of file Cassandra.php.
◆ $config
|
protected |
Definition at line 50 of file Cassandra.php.
The documentation for this class was generated from the following file:
- plugins/OAuth2/Storage/Cassandra.php
