Public Member Functions | |
| __construct ($params=array()) | |
| getAuthorizationCode ($code) | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) | |
| setAuthorizationCodes ($authorization_codes) | |
| expireAuthorizationCode ($code) | |
| checkUserCredentials ($username, $password) | |
| setUser ($username, $password, $firstName=null, $lastName=null) | |
| getUserDetails ($username) | |
| getUserClaims ($user_id, $claims) | |
| checkClientCredentials ($client_id, $client_secret=null) | |
| isPublicClient ($client_id) | |
| getClientDetails ($client_id) | |
| checkRestrictedGrantType ($client_id, $grant_type) | |
| setClientDetails ($client_id, $client_secret=null, $redirect_uri=null, $grant_types=null, $scope=null, $user_id=null) | |
| getRefreshToken ($refresh_token) | |
| setRefreshToken ($refresh_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetRefreshToken ($refresh_token) | |
| setRefreshTokens ($refresh_tokens) | |
| getAccessToken ($access_token) | |
| setAccessToken ($access_token, $client_id, $user_id, $expires, $scope=null, $id_token=null) | |
| unsetAccessToken ($access_token) | |
| scopeExists ($scope) | |
| getDefaultScope ($client_id=null) | |
| getClientKey ($client_id, $subject) | |
| getClientScope ($client_id) | |
| getJti ($client_id, $subject, $audience, $expires, $jti) | |
| setJti ($client_id, $subject, $audience, $expires, $jti) | |
| getPublicKey ($client_id=null) | |
| getPrivateKey ($client_id=null) | |
| getEncryptionAlgorithm ($client_id=null) | |
 Public Member Functions inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null) | |
| Public Member Functions inherited from OAuth2\Storage\AccessTokenInterface | |
| setAccessToken ($oauth_token, $client_id, $user_id, $expires, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\AuthorizationCodeInterface | |
| enforceRedirect () | |
| createAuthorizationCode ($client_id, $user_id, $redirect_uri, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\ResponseTypeInterface | |
| getAuthorizeResponse ($params, $user_id=null) | |
Public Attributes | |
| $authorizationCodes | |
| $userCredentials | |
| $clientCredentials | |
| $refreshTokens | |
| $accessTokens | |
| $jwt | |
| $jti | |
| $supportedScopes | |
| $defaultScope | |
| $keys | |
| Public Attributes inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| const | RESPONSE_TYPE_CODE = "code" |
| Public Attributes inherited from OAuth2\OpenID\Storage\UserClaimsInterface | |
| const | VALID_CLAIMS = 'profile email address phone' |
| const | PROFILE_CLAIM_VALUES = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at' |
| const | EMAIL_CLAIM_VALUES = 'email email_verified' |
| const | ADDRESS_CLAIM_VALUES = 'formatted street_address locality region postal_code country' |
| const | PHONE_CLAIM_VALUES = 'phone_number phone_number_verified' |
Protected Member Functions | |
| getUserClaim ($claim, $userDetails) | |
Detailed Description
Simple in-memory storage for all storage types
NOTE: This class should never be used in production, and is a stub class for example use only
Definition at line 16 of file Memory.php.
Constructor & Destructor Documentation
◆ __construct()
| OAuth2\Storage\Memory::__construct | ( | $params = array() | ) |
Definition at line 38 of file Memory.php.
Member Function Documentation
◆ checkClientCredentials()
| OAuth2\Storage\Memory::checkClientCredentials | ( | $client_id, | |
$client_secret = null |
|||
| ) |
Make sure that the client credentials is valid.
- Parameters
-
$client_id Client identifier to be check with. $client_secret (optional) If a secret is required, check that they've given the right one.
- Returns
- TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 167 of file Memory.php.
◆ checkRestrictedGrantType()
| OAuth2\Storage\Memory::checkRestrictedGrantType | ( | $client_id, | |
| $grant_type | |||
| ) |
Check restricted grant types of corresponding client identifier.
If you want to restrict clients to certain grant types, override this function.
- Parameters
-
$client_id Client identifier to be check with. $grant_type Grant type to be check with
- Returns
- TRUE if the grant type is supported by this client identifier, and FALSE if it isn't.
Implements OAuth2\Storage\ClientInterface.
Definition at line 198 of file Memory.php.
◆ checkUserCredentials()
| OAuth2\Storage\Memory::checkUserCredentials | ( | $username, | |
| $password | |||
| ) |
Grant access tokens for basic user credentials.
Check the supplied username and password for validity.
You can also use the $client_id param to do any checks required based on a client, if you need that.
Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
- Parameters
-
$username Username to be check with. $password Password to be check with.
- Returns
- TRUE if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 95 of file Memory.php.
◆ expireAuthorizationCode()
| OAuth2\Storage\Memory::expireAuthorizationCode | ( | $code | ) |
once an Authorization Code is used, it must be exipired
The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 89 of file Memory.php.
◆ getAccessToken()
| OAuth2\Storage\Memory::getAccessToken | ( | $oauth_token | ) |
Look up the supplied oauth_token from storage.
We need to retrieve access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be check with.
- Returns
- An associative array as below, and return NULL if the supplied oauth_token is invalid:
- expires: Stored expiration in unix timestamp.
- client_id: (optional) Stored client identifier.
- user_id: (optional) Stored user identifier.
- scope: (optional) Stored scope values in space-separated string.
- id_token: (optional) Stored id_token (if "use_openid_connect" is true).
Implements OAuth2\Storage\AccessTokenInterface.
Definition at line 248 of file Memory.php.
◆ getAuthorizationCode()
| OAuth2\Storage\Memory::getAuthorizationCode | ( | $code | ) |
Fetch authorization code data (probably the most common grant type).
Retrieve the stored data for the given authorization code.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code Authorization code to be check with.
- Returns
- An associative array as below, and NULL if the code is invalid return array("client_id" => CLIENT_ID, // REQUIRED Stored client identifier"user_id" => USER_ID, // REQUIRED Stored user identifier"expires" => EXPIRES, // REQUIRED Stored expiration in unix timestamp"redirect_uri" => REDIRECT_URI, // REQUIRED Stored redirect URI"scope" => SCOPE, // OPTIONAL Stored scope values in space-separated string);
Implements OAuth2\Storage\AuthorizationCodeInterface.
Definition at line 66 of file Memory.php.
◆ getClientDetails()
| OAuth2\Storage\Memory::getClientDetails | ( | $client_id | ) |
Get client details corresponding client_id.
OAuth says we should store request URIs for each registered client. Implement this function to grab the stored URI for a given client id.
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- array Client details. The only mandatory key in the array is "redirect_uri". This function MUST return FALSE if the given client does not exist or is invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
return array( "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client "client_id" => CLIENT_ID, // OPTIONAL the client id "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types "user_id" => USER_ID, // OPTIONAL the user identifier associated with this client "scope" => SCOPE, // OPTIONAL the scopes allowed for this client );
Implements OAuth2\Storage\ClientInterface.
Definition at line 182 of file Memory.php.
◆ getClientKey()
| OAuth2\Storage\Memory::getClientKey | ( | $client_id, | |
| $subject | |||
| ) |
Get the public key associated with a client_id
- Parameters
-
$client_id Client identifier to be checked with.
- Returns
- STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 278 of file Memory.php.
◆ getClientScope()
| OAuth2\Storage\Memory::getClientScope | ( | $client_id | ) |
Get the scope associated with this client
- Returns
- STRING the space-delineated scope list for the specified client_id
Implements OAuth2\Storage\ClientInterface.
Definition at line 292 of file Memory.php.
◆ getDefaultScope()
| OAuth2\Storage\Memory::getDefaultScope | ( | $client_id = null | ) |
The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes
- Parameters
-
$client_id An optional client id that can be used to return customized default scopes.
- Returns
- string representation of default scope, null if scopes are not defined, or false to force scope request by the client
ex: 'default' ex: null
Implements OAuth2\Storage\ScopeInterface.
Definition at line 272 of file Memory.php.
◆ getEncryptionAlgorithm()
| OAuth2\Storage\Memory::getEncryptionAlgorithm | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 356 of file Memory.php.
◆ getJti()
| OAuth2\Storage\Memory::getJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
- Parameters
-
$client_id Client identifier to match. $subject The subject to match. $audience The audience to match. $expiration The expiration of the jti. $jti The jti to match.
- Returns
- An associative array as below, and return NULL if the jti does not exist.
- issuer: Stored client identifier.
- subject: Stored subject.
- audience: Stored audience.
- expires: Stored expiration in unix timestamp.
- jti: The stored jti.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 305 of file Memory.php.
◆ getPrivateKey()
| OAuth2\Storage\Memory::getPrivateKey | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 342 of file Memory.php.
◆ getPublicKey()
| OAuth2\Storage\Memory::getPublicKey | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
Definition at line 328 of file Memory.php.
◆ getRefreshToken()
| OAuth2\Storage\Memory::getRefreshToken | ( | $refresh_token | ) |
Grant refresh access tokens.
Retrieve the stored data for the given refresh token.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be check with.
- Returns
- An associative array as below, and NULL if the refresh_token is invalid:
- refresh_token: Refresh token identifier.
- client_id: Client identifier.
- user_id: User identifier.
- expires: Expiration unix timestamp, or 0 if the token doesn't expire.
- scope: (optional) Scope values in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 225 of file Memory.php.
◆ getUserClaim()
|
protected |
Definition at line 153 of file Memory.php.
◆ getUserClaims()
| OAuth2\Storage\Memory::getUserClaims | ( | $user_id, | |
| $scope | |||
| ) |
Return claims about the provided user id.
Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.
- Parameters
-
$user_id The id of the user for which claims should be returned. $scope The requested scope. Scopes with matching claims: profile, email, address, phone.
- Returns
- An array in the claim => value format.
Implements OAuth2\OpenID\Storage\UserClaimsInterface.
Definition at line 128 of file Memory.php.
◆ getUserDetails()
| OAuth2\Storage\Memory::getUserDetails | ( | $username | ) |
- Returns
- ARRAY the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes. return array("user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token"scope" => SCOPE // OPTIONAL space-separated list of restricted scopes);
Implements OAuth2\Storage\UserCredentialsInterface.
Definition at line 113 of file Memory.php.
◆ isPublicClient()
| OAuth2\Storage\Memory::isPublicClient | ( | $client_id | ) |
Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- TRUE if the client is public, and FALSE if it isn't.
- See also
- http://tools.ietf.org/html/rfc6749#section-2.3
- https://github.com/bshaffer/oauth2-server-php/issues/257
Implements OAuth2\Storage\ClientCredentialsInterface.
Definition at line 172 of file Memory.php.
◆ scopeExists()
| OAuth2\Storage\Memory::scopeExists | ( | $scope | ) |
Check if the provided scope exists.
- Parameters
-
$scope A space-separated string of scopes.
- Returns
- TRUE if it exists, FALSE otherwise.
Implements OAuth2\Storage\ScopeInterface.
Definition at line 265 of file Memory.php.
◆ setAccessToken()
| OAuth2\Storage\Memory::setAccessToken | ( | $access_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null, |
|||
$id_token = null |
|||
| ) |
Definition at line 253 of file Memory.php.
◆ setAuthorizationCode()
| OAuth2\Storage\Memory::setAuthorizationCode | ( | $code, | |
| $client_id, | |||
| $user_id, | |||
| $redirect_uri, | |||
| $expires, | |||
$scope = null, |
|||
$id_token = null |
|||
| ) |
Take the provided authorization code values and store them somewhere.
This function should be the storage counterpart to getAuthCode().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code authorization code to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. string $redirect_uri redirect URI(s) to be stored in a space-separated string. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL scopes to be stored in space-separated string. string $id_token OPTIONAL the OpenID Connect id_token.
Implements OAuth2\OpenID\Storage\AuthorizationCodeInterface.
Definition at line 77 of file Memory.php.
◆ setAuthorizationCodes()
| OAuth2\Storage\Memory::setAuthorizationCodes | ( | $authorization_codes | ) |
Definition at line 84 of file Memory.php.
◆ setClientDetails()
| OAuth2\Storage\Memory::setClientDetails | ( | $client_id, | |
$client_secret = null, |
|||
$redirect_uri = null, |
|||
$grant_types = null, |
|||
$scope = null, |
|||
$user_id = null |
|||
| ) |
Definition at line 210 of file Memory.php.
◆ setJti()
| OAuth2\Storage\Memory::setJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Store a used jti so that we can check against it to prevent replay attacks.
- Parameters
-
$client_id Client identifier to insert. $subject The subject to insert. $audience The audience to insert. $expiration The expiration of the jti. $jti The jti to insert.
Implements OAuth2\Storage\JwtBearerInterface.
Definition at line 322 of file Memory.php.
◆ setRefreshToken()
| OAuth2\Storage\Memory::setRefreshToken | ( | $refresh_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Take the provided refresh token values and store them somewhere.
This function should be the storage counterpart to getRefreshToken().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be stored. $client_id Client identifier to be stored. $user_id User identifier to be stored. $expires Expiration timestamp to be stored. 0 if the token doesn't expire. $scope (optional) Scopes to be stored in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 230 of file Memory.php.
◆ setRefreshTokens()
| OAuth2\Storage\Memory::setRefreshTokens | ( | $refresh_tokens | ) |
Definition at line 242 of file Memory.php.
◆ setUser()
Definition at line 102 of file Memory.php.
◆ unsetAccessToken()
| OAuth2\Storage\Memory::unsetAccessToken | ( | $access_token | ) |
Definition at line 260 of file Memory.php.
◆ unsetRefreshToken()
| OAuth2\Storage\Memory::unsetRefreshToken | ( | $refresh_token | ) |
Expire a used refresh token.
This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
- Parameters
-
$refresh_token Refresh token to be expirse.
Implements OAuth2\Storage\RefreshTokenInterface.
Definition at line 237 of file Memory.php.
Member Data Documentation
◆ $accessTokens
| OAuth2\Storage\Memory::$accessTokens |
Definition at line 31 of file Memory.php.
◆ $authorizationCodes
| OAuth2\Storage\Memory::$authorizationCodes |
Definition at line 27 of file Memory.php.
◆ $clientCredentials
| OAuth2\Storage\Memory::$clientCredentials |
Definition at line 29 of file Memory.php.
◆ $defaultScope
| OAuth2\Storage\Memory::$defaultScope |
Definition at line 35 of file Memory.php.
◆ $jti
| OAuth2\Storage\Memory::$jti |
Definition at line 33 of file Memory.php.
◆ $jwt
| OAuth2\Storage\Memory::$jwt |
Definition at line 32 of file Memory.php.
◆ $keys
| OAuth2\Storage\Memory::$keys |
Definition at line 36 of file Memory.php.
◆ $refreshTokens
| OAuth2\Storage\Memory::$refreshTokens |
Definition at line 30 of file Memory.php.
◆ $supportedScopes
| OAuth2\Storage\Memory::$supportedScopes |
Definition at line 34 of file Memory.php.
◆ $userCredentials
| OAuth2\Storage\Memory::$userCredentials |
Definition at line 28 of file Memory.php.
The documentation for this class was generated from the following file:
- plugins/OAuth2/Storage/Memory.php
