Public Member Functions | |
| __construct ($connection, $config=array()) | |
| checkClientCredentials ($client_id, $client_secret=null) | |
| isPublicClient ($client_id) | |
| getClientDetails ($client_id) | |
| setClientDetails ($client_id, $client_secret=null, $redirect_uri=null, $grant_types=null, $scope=null, $user_id=null) | |
| checkRestrictedGrantType ($client_id, $grant_type) | |
| getAccessToken ($access_token) | |
| setAccessToken ($access_token, $client_id, $user_id, $expires, $scope=null) | |
| getAuthorizationCode ($code) | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) | |
| expireAuthorizationCode ($code) | |
| checkUserCredentials ($username, $password) | |
| getUserDetails ($username) | |
| getRefreshToken ($refresh_token) | |
| setRefreshToken ($refresh_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetRefreshToken ($refresh_token) | |
| getUser ($username) | |
| setUser ($username, $password, $firstName=null, $lastName=null) | |
| getClientKey ($client_id, $subject) | |
| getClientScope ($client_id) | |
| getJti ($client_id, $subject, $audience, $expiration, $jti) | |
| setJti ($client_id, $subject, $audience, $expiration, $jti) | |
 Public Member Functions inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\AuthorizationCodeInterface | |
| enforceRedirect () | |
| createAuthorizationCode ($client_id, $user_id, $redirect_uri, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\ResponseTypeInterface | |
| getAuthorizeResponse ($params, $user_id=null) | |
Protected Member Functions | |
| getObjectByType ($name, $id) | |
| setObjectByType ($name, $id, $array) | |
| deleteObjectByType ($name, $id) | |
| checkPassword ($user, $password) | |
Protected Attributes | |
| $db | |
| $config | |
Additional Inherited Members | |
| Public Attributes inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| const | RESPONSE_TYPE_CODE = "code" |
Detailed Description
Simple Couchbase storage for all storage types
This class should be extended or overridden as required
NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application
Definition at line 17 of file CouchbaseDB.php.
Constructor & Destructor Documentation
◆ __construct()
| OAuth2\Storage\CouchbaseDB::__construct | ( | $connection, | |
$config = array() |
|||
| ) |
Definition at line 28 of file CouchbaseDB.php.
Member Function Documentation
◆ checkClientCredentials()
| OAuth2\Storage\CouchbaseDB::checkClientCredentials | ( | $client_id, | |
$client_secret = null |
|||
| ) |
Make sure that the client credentials is valid.
- Parameters
-
$client_id Client identifier to be check with. $client_secret (optional) If a secret is required, check that they've given the right one.
- Returns
- TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 71 of file CouchbaseDB.php.
◆ checkPassword()
|
protected |
Definition at line 259 of file CouchbaseDB.php.
◆ checkRestrictedGrantType()
| OAuth2\Storage\CouchbaseDB::checkRestrictedGrantType | ( | $client_id, | |
| $grant_type | |||
| ) |
Check restricted grant types of corresponding client identifier.
If you want to restrict clients to certain grant types, override this function.
- Parameters
-
$client_id Client identifier to be check with. $grant_type Grant type to be check with
- Returns
- TRUE if the grant type is supported by this client identifier, and FALSE if it isn't.
Implements OAuth2\Storage\ClientInterface.
Definition at line 123 of file CouchbaseDB.php.
◆ checkUserCredentials()
| OAuth2\Storage\CouchbaseDB::checkUserCredentials | ( | $username, | |
| $password | |||
| ) |
Grant access tokens for basic user credentials.
Check the supplied username and password for validity.
You can also use the $client_id param to do any checks required based on a client, if you need that.
Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
- Parameters
-
$username Username to be check with. $password Password to be check with.
- Returns
- TRUE if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 212 of file CouchbaseDB.php.
◆ deleteObjectByType()
|
protected |
Definition at line 65 of file CouchbaseDB.php.
◆ expireAuthorizationCode()
| OAuth2\Storage\CouchbaseDB::expireAuthorizationCode | ( | $code | ) |
once an Authorization Code is used, it must be exipired
The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 204 of file CouchbaseDB.php.
◆ getAccessToken()
| OAuth2\Storage\CouchbaseDB::getAccessToken | ( | $oauth_token | ) |
Look up the supplied oauth_token from storage.
We need to retrieve access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be check with.
- Returns
- An associative array as below, and return NULL if the supplied oauth_token is invalid:
- expires: Stored expiration in unix timestamp.
- client_id: (optional) Stored client identifier.
- user_id: (optional) Stored user identifier.
- scope: (optional) Stored scope values in space-separated string.
- id_token: (optional) Stored id_token (if "use_openid_connect" is true).
Implements OAuth2\Storage\AccessTokenInterface.
Definition at line 137 of file CouchbaseDB.php.
◆ getAuthorizationCode()
| OAuth2\Storage\CouchbaseDB::getAuthorizationCode | ( | $code | ) |
Fetch authorization code data (probably the most common grant type).
Retrieve the stored data for the given authorization code.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code Authorization code to be check with.
- Returns
- An associative array as below, and NULL if the code is invalid return array("client_id" => CLIENT_ID, // REQUIRED Stored client identifier"user_id" => USER_ID, // REQUIRED Stored user identifier"expires" => EXPIRES, // REQUIRED Stored expiration in unix timestamp"redirect_uri" => REDIRECT_URI, // REQUIRED Stored redirect URI"scope" => SCOPE, // OPTIONAL Stored scope values in space-separated string);
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 169 of file CouchbaseDB.php.
◆ getClientDetails()
| OAuth2\Storage\CouchbaseDB::getClientDetails | ( | $client_id | ) |
Get client details corresponding client_id.
OAuth says we should store request URIs for each registered client. Implement this function to grab the stored URI for a given client id.
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- array Client details. The only mandatory key in the array is "redirect_uri". This function MUST return FALSE if the given client does not exist or is invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
return array( "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client "client_id" => CLIENT_ID, // OPTIONAL the client id "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types "user_id" => USER_ID, // OPTIONAL the user identifier associated with this client "scope" => SCOPE, // OPTIONAL the scopes allowed for this client );
Implements OAuth2\Storage\ClientInterface.
Definition at line 90 of file CouchbaseDB.php.
◆ getClientKey()
| OAuth2\Storage\CouchbaseDB::getClientKey | ( | $client_id, | |
| $subject | |||
| ) |
Get the public key associated with a client_id
- Parameters
-
$client_id Client identifier to be checked with.
- Returns
- STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 294 of file CouchbaseDB.php.
◆ getClientScope()
| OAuth2\Storage\CouchbaseDB::getClientScope | ( | $client_id | ) |
Get the scope associated with this client
- Returns
- STRING the space-delineated scope list for the specified client_id
Implements OAuth2\Storage\ClientInterface.
Definition at line 307 of file CouchbaseDB.php.
◆ getJti()
| OAuth2\Storage\CouchbaseDB::getJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
- Parameters
-
$client_id Client identifier to match. $subject The subject to match. $audience The audience to match. $expiration The expiration of the jti. $jti The jti to match.
- Returns
- An associative array as below, and return NULL if the jti does not exist.
- issuer: Stored client identifier.
- subject: Stored subject.
- audience: Stored audience.
- expires: Stored expiration in unix timestamp.
- jti: The stored jti.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 320 of file CouchbaseDB.php.
◆ getObjectByType()
|
protected |
Definition at line 51 of file CouchbaseDB.php.
◆ getRefreshToken()
| OAuth2\Storage\CouchbaseDB::getRefreshToken | ( | $refresh_token | ) |
Grant refresh access tokens.
Retrieve the stored data for the given refresh token.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be check with.
- Returns
- An associative array as below, and NULL if the refresh_token is invalid:
- refresh_token: Refresh token identifier.
- client_id: Client identifier.
- user_id: User identifier.
- expires: Expiration unix timestamp, or 0 if the token doesn't expire.
- scope: (optional) Scope values in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 231 of file CouchbaseDB.php.
◆ getUser()
| OAuth2\Storage\CouchbaseDB::getUser | ( | $username | ) |
Definition at line 264 of file CouchbaseDB.php.
◆ getUserDetails()
| OAuth2\Storage\CouchbaseDB::getUserDetails | ( | $username | ) |
- Returns
- ARRAY the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes. return array("user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token"scope" => SCOPE // OPTIONAL space-separated list of restricted scopes);
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 221 of file CouchbaseDB.php.
◆ isPublicClient()
| OAuth2\Storage\CouchbaseDB::isPublicClient | ( | $client_id | ) |
Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- TRUE if the client is public, and FALSE if it isn't.
- See also
- http://tools.ietf.org/html/rfc6749#section-2.3
- https://github.com/bshaffer/oauth2-server-php/issues/257
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 80 of file CouchbaseDB.php.
◆ setAccessToken()
| OAuth2\Storage\CouchbaseDB::setAccessToken | ( | $oauth_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Store the supplied access token values to storage.
We need to store access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL Scopes to be stored in space-separated string.
Implements OAuth2\Storage\AccessTokenInterface.
Definition at line 144 of file CouchbaseDB.php.
◆ setAuthorizationCode()
| OAuth2\Storage\CouchbaseDB::setAuthorizationCode | ( | $code, | |
| $client_id, | |||
| $user_id, | |||
| $redirect_uri, | |||
| $expires, | |||
$scope = null, |
|||
$id_token = null |
|||
| ) |
Take the provided authorization code values and store them somewhere.
This function should be the storage counterpart to getAuthCode().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code authorization code to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. string $redirect_uri redirect URI(s) to be stored in a space-separated string. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL scopes to be stored in space-separated string. string $id_token OPTIONAL the OpenID Connect id_token.
Implements OAuth2\OpenID\Storage\AuthorizationCodeInterface.
Definition at line 176 of file CouchbaseDB.php.
◆ setClientDetails()
| OAuth2\Storage\CouchbaseDB::setClientDetails | ( | $client_id, | |
$client_secret = null, |
|||
$redirect_uri = null, |
|||
$grant_types = null, |
|||
$scope = null, |
|||
$user_id = null |
|||
| ) |
Definition at line 97 of file CouchbaseDB.php.
◆ setJti()
| OAuth2\Storage\CouchbaseDB::setJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Store a used jti so that we can check against it to prevent replay attacks.
- Parameters
-
$client_id Client identifier to insert. $subject The subject to insert. $audience The audience to insert. $expiration The expiration of the jti. $jti The jti to insert.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 326 of file CouchbaseDB.php.
◆ setObjectByType()
|
protected |
Definition at line 57 of file CouchbaseDB.php.
◆ setRefreshToken()
| OAuth2\Storage\CouchbaseDB::setRefreshToken | ( | $refresh_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Take the provided refresh token values and store them somewhere.
This function should be the storage counterpart to getRefreshToken().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be stored. $client_id Client identifier to be stored. $user_id User identifier to be stored. $expires Expiration timestamp to be stored. 0 if the token doesn't expire. $scope (optional) Scopes to be stored in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 238 of file CouchbaseDB.php.
◆ setUser()
Definition at line 271 of file CouchbaseDB.php.
◆ unsetRefreshToken()
| OAuth2\Storage\CouchbaseDB::unsetRefreshToken | ( | $refresh_token | ) |
Expire a used refresh token.
This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
- Parameters
-
$refresh_token Refresh token to be expirse.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 251 of file CouchbaseDB.php.
Member Data Documentation
◆ $config
|
protected |
Definition at line 26 of file CouchbaseDB.php.
◆ $db
|
protected |
Definition at line 25 of file CouchbaseDB.php.
The documentation for this class was generated from the following file:
- plugins/OAuth2/Storage/CouchbaseDB.php
