Public Member Functions | |
| __construct ($connection, $config=array()) | |
| checkClientCredentials ($client_id, $client_secret=null) | |
| isPublicClient ($client_id) | |
| getClientDetails ($client_id) | |
| setClientDetails ($client_id, $client_secret=null, $redirect_uri=null, $grant_types=null, $scope=null, $user_id=null) | |
| checkRestrictedGrantType ($client_id, $grant_type) | |
| getAccessToken ($access_token) | |
| setAccessToken ($access_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetAccessToken ($access_token) | |
| getAuthorizationCode ($code) | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null, $id_token=null) | |
| expireAuthorizationCode ($code) | |
| checkUserCredentials ($username, $password) | |
| getUserDetails ($username) | |
| getUserClaims ($user_id, $claims) | |
| getRefreshToken ($refresh_token) | |
| setRefreshToken ($refresh_token, $client_id, $user_id, $expires, $scope=null) | |
| unsetRefreshToken ($refresh_token) | |
| getUser ($username) | |
| setUser ($username, $password, $firstName=null, $lastName=null) | |
| scopeExists ($scope) | |
| getDefaultScope ($client_id=null) | |
| getClientKey ($client_id, $subject) | |
| getClientScope ($client_id) | |
| getJti ($client_id, $subject, $audience, $expires, $jti) | |
| setJti ($client_id, $subject, $audience, $expires, $jti) | |
| getPublicKey ($client_id=null) | |
| getPrivateKey ($client_id=null) | |
| getEncryptionAlgorithm ($client_id=null) | |
| getBuildSql ($dbName='oauth2_server_php') | |
 Public Member Functions inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| setAuthorizationCode ($code, $client_id, $user_id, $redirect_uri, $expires, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\AuthorizationCodeInterface | |
| enforceRedirect () | |
| createAuthorizationCode ($client_id, $user_id, $redirect_uri, $scope=null) | |
| Public Member Functions inherited from OAuth2\ResponseType\ResponseTypeInterface | |
| getAuthorizeResponse ($params, $user_id=null) | |
Protected Member Functions | |
| getUserClaim ($claim, $userDetails) | |
| checkPassword ($user, $password) | |
Protected Attributes | |
| $db | |
| $config | |
Additional Inherited Members | |
| Public Attributes inherited from OAuth2\Storage\AuthorizationCodeInterface | |
| const | RESPONSE_TYPE_CODE = "code" |
| Public Attributes inherited from OAuth2\OpenID\Storage\UserClaimsInterface | |
| const | VALID_CLAIMS = 'profile email address phone' |
| const | PROFILE_CLAIM_VALUES = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at' |
| const | EMAIL_CLAIM_VALUES = 'email email_verified' |
| const | ADDRESS_CLAIM_VALUES = 'formatted street_address locality region postal_code country' |
| const | PHONE_CLAIM_VALUES = 'phone_number phone_number_verified' |
Detailed Description
Simple PDO storage for all storage types
NOTE: This class is meant to get users started quickly. If your application requires further customization, extend this class or create your own.
NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application
Constructor & Destructor Documentation
◆ __construct()
| OAuth2\Storage\Pdo::__construct | ( | $connection, | |
$config = array() |
|||
| ) |
Member Function Documentation
◆ checkClientCredentials()
| OAuth2\Storage\Pdo::checkClientCredentials | ( | $client_id, | |
$client_secret = null |
|||
| ) |
Make sure that the client credentials is valid.
- Parameters
-
$client_id Client identifier to be check with. $client_secret (optional) If a secret is required, check that they've given the right one.
- Returns
- TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
Implements OAuth2\Storage\ClientCredentialsInterface.
◆ checkPassword()
|
protected |
◆ checkRestrictedGrantType()
| OAuth2\Storage\Pdo::checkRestrictedGrantType | ( | $client_id, | |
| $grant_type | |||
| ) |
Check restricted grant types of corresponding client identifier.
If you want to restrict clients to certain grant types, override this function.
- Parameters
-
$client_id Client identifier to be check with. $grant_type Grant type to be check with
- Returns
- TRUE if the grant type is supported by this client identifier, and FALSE if it isn't.
Implements OAuth2\Storage\ClientInterface.
◆ checkUserCredentials()
| OAuth2\Storage\Pdo::checkUserCredentials | ( | $username, | |
| $password | |||
| ) |
Grant access tokens for basic user credentials.
Check the supplied username and password for validity.
You can also use the $client_id param to do any checks required based on a client, if you need that.
Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
- Parameters
-
$username Username to be check with. $password Password to be check with.
- Returns
- TRUE if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to
Implements OAuth2\Storage\UserCredentialsInterface.
◆ expireAuthorizationCode()
| OAuth2\Storage\Pdo::expireAuthorizationCode | ( | $code | ) |
once an Authorization Code is used, it must be exipired
The client MUST NOT use the authorization code more than once. If an authorization code is used more than once, the authorization server MUST deny the request and SHOULD revoke (when possible) all tokens previously issued based on that authorization code
Implements OAuth2\Storage\AuthorizationCodeInterface.
◆ getAccessToken()
| OAuth2\Storage\Pdo::getAccessToken | ( | $oauth_token | ) |
Look up the supplied oauth_token from storage.
We need to retrieve access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be check with.
- Returns
- An associative array as below, and return NULL if the supplied oauth_token is invalid:
- expires: Stored expiration in unix timestamp.
- client_id: (optional) Stored client identifier.
- user_id: (optional) Stored user identifier.
- scope: (optional) Stored scope values in space-separated string.
- id_token: (optional) Stored id_token (if "use_openid_connect" is true).
Implements OAuth2\Storage\AccessTokenInterface.
◆ getAuthorizationCode()
| OAuth2\Storage\Pdo::getAuthorizationCode | ( | $code | ) |
Fetch authorization code data (probably the most common grant type).
Retrieve the stored data for the given authorization code.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code Authorization code to be check with.
- Returns
- An associative array as below, and NULL if the code is invalid return array("client_id" => CLIENT_ID, // REQUIRED Stored client identifier"user_id" => USER_ID, // REQUIRED Stored user identifier"expires" => EXPIRES, // REQUIRED Stored expiration in unix timestamp"redirect_uri" => REDIRECT_URI, // REQUIRED Stored redirect URI"scope" => SCOPE, // OPTIONAL Stored scope values in space-separated string);
Implements OAuth2\Storage\AuthorizationCodeInterface.
◆ getBuildSql()
| OAuth2\Storage\Pdo::getBuildSql | ( | $dbName = 'oauth2_server_php' | ) |
DDL to create OAuth2 database and tables for PDO storage
◆ getClientDetails()
| OAuth2\Storage\Pdo::getClientDetails | ( | $client_id | ) |
Get client details corresponding client_id.
OAuth says we should store request URIs for each registered client. Implement this function to grab the stored URI for a given client id.
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- array Client details. The only mandatory key in the array is "redirect_uri". This function MUST return FALSE if the given client does not exist or is invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
return array( "redirect_uri" => REDIRECT_URI, // REQUIRED redirect_uri registered for the client "client_id" => CLIENT_ID, // OPTIONAL the client id "grant_types" => GRANT_TYPES, // OPTIONAL an array of restricted grant types "user_id" => USER_ID, // OPTIONAL the user identifier associated with this client "scope" => SCOPE, // OPTIONAL the scopes allowed for this client );
Implements OAuth2\Storage\ClientInterface.
◆ getClientKey()
| OAuth2\Storage\Pdo::getClientKey | ( | $client_id, | |
| $subject | |||
| ) |
Get the public key associated with a client_id
- Parameters
-
$client_id Client identifier to be checked with.
- Returns
- STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
Implements OAuth2\Storage\JwtBearerInterface.
◆ getClientScope()
| OAuth2\Storage\Pdo::getClientScope | ( | $client_id | ) |
Get the scope associated with this client
- Returns
- STRING the space-delineated scope list for the specified client_id
Implements OAuth2\Storage\ClientInterface.
◆ getDefaultScope()
| OAuth2\Storage\Pdo::getDefaultScope | ( | $client_id = null | ) |
The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes
- Parameters
-
$client_id An optional client id that can be used to return customized default scopes.
- Returns
- string representation of default scope, null if scopes are not defined, or false to force scope request by the client
ex: 'default' ex: null
Implements OAuth2\Storage\ScopeInterface.
◆ getEncryptionAlgorithm()
| OAuth2\Storage\Pdo::getEncryptionAlgorithm | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
◆ getJti()
| OAuth2\Storage\Pdo::getJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
- Parameters
-
$client_id Client identifier to match. $subject The subject to match. $audience The audience to match. $expiration The expiration of the jti. $jti The jti to match.
- Returns
- An associative array as below, and return NULL if the jti does not exist.
- issuer: Stored client identifier.
- subject: Stored subject.
- audience: Stored audience.
- expires: Stored expiration in unix timestamp.
- jti: The stored jti.
Implements OAuth2\Storage\JwtBearerInterface.
◆ getPrivateKey()
| OAuth2\Storage\Pdo::getPrivateKey | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
◆ getPublicKey()
| OAuth2\Storage\Pdo::getPublicKey | ( | $client_id = null | ) |
Implements OAuth2\Storage\PublicKeyInterface.
◆ getRefreshToken()
| OAuth2\Storage\Pdo::getRefreshToken | ( | $refresh_token | ) |
Grant refresh access tokens.
Retrieve the stored data for the given refresh token.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be check with.
- Returns
- An associative array as below, and NULL if the refresh_token is invalid:
- refresh_token: Refresh token identifier.
- client_id: Client identifier.
- user_id: User identifier.
- expires: Expiration unix timestamp, or 0 if the token doesn't expire.
- scope: (optional) Scope values in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
◆ getUser()
◆ getUserClaim()
|
protected |
◆ getUserClaims()
| OAuth2\Storage\Pdo::getUserClaims | ( | $user_id, | |
| $scope | |||
| ) |
Return claims about the provided user id.
Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.
- Parameters
-
$user_id The id of the user for which claims should be returned. $scope The requested scope. Scopes with matching claims: profile, email, address, phone.
- Returns
- An array in the claim => value format.
Implements OAuth2\OpenID\Storage\UserClaimsInterface.
◆ getUserDetails()
| OAuth2\Storage\Pdo::getUserDetails | ( | $username | ) |
- Returns
- ARRAY the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes. return array("user_id" => USER_ID, // REQUIRED user_id to be stored with the authorization code or access token"scope" => SCOPE // OPTIONAL space-separated list of restricted scopes);
Implements OAuth2\Storage\UserCredentialsInterface.
◆ isPublicClient()
| OAuth2\Storage\Pdo::isPublicClient | ( | $client_id | ) |
Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types
- Parameters
-
$client_id Client identifier to be check with.
- Returns
- TRUE if the client is public, and FALSE if it isn't.
- See also
- http://tools.ietf.org/html/rfc6749#section-2.3
- https://github.com/bshaffer/oauth2-server-php/issues/257
Implements OAuth2\Storage\ClientCredentialsInterface.
◆ scopeExists()
| OAuth2\Storage\Pdo::scopeExists | ( | $scope | ) |
Check if the provided scope exists.
- Parameters
-
$scope A space-separated string of scopes.
- Returns
- TRUE if it exists, FALSE otherwise.
Implements OAuth2\Storage\ScopeInterface.
◆ setAccessToken()
| OAuth2\Storage\Pdo::setAccessToken | ( | $oauth_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Store the supplied access token values to storage.
We need to store access token data as we create and verify tokens.
- Parameters
-
$oauth_token oauth_token to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL Scopes to be stored in space-separated string.
Implements OAuth2\Storage\AccessTokenInterface.
◆ setAuthorizationCode()
| OAuth2\Storage\Pdo::setAuthorizationCode | ( | $code, | |
| $client_id, | |||
| $user_id, | |||
| $redirect_uri, | |||
| $expires, | |||
$scope = null, |
|||
$id_token = null |
|||
| ) |
Take the provided authorization code values and store them somewhere.
This function should be the storage counterpart to getAuthCode().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_AUTH_CODE.
- Parameters
-
$code authorization code to be stored. $client_id client identifier to be stored. $user_id user identifier to be stored. string $redirect_uri redirect URI(s) to be stored in a space-separated string. int $expires expiration to be stored as a Unix timestamp. string $scope OPTIONAL scopes to be stored in space-separated string. string $id_token OPTIONAL the OpenID Connect id_token.
Implements OAuth2\OpenID\Storage\AuthorizationCodeInterface.
◆ setClientDetails()
◆ setJti()
| OAuth2\Storage\Pdo::setJti | ( | $client_id, | |
| $subject, | |||
| $audience, | |||
| $expiration, | |||
| $jti | |||
| ) |
Store a used jti so that we can check against it to prevent replay attacks.
- Parameters
-
$client_id Client identifier to insert. $subject The subject to insert. $audience The audience to insert. $expiration The expiration of the jti. $jti The jti to insert.
Implements OAuth2\Storage\JwtBearerInterface.
◆ setRefreshToken()
| OAuth2\Storage\Pdo::setRefreshToken | ( | $refresh_token, | |
| $client_id, | |||
| $user_id, | |||
| $expires, | |||
$scope = null |
|||
| ) |
Take the provided refresh token values and store them somewhere.
This function should be the storage counterpart to getRefreshToken().
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
- Parameters
-
$refresh_token Refresh token to be stored. $client_id Client identifier to be stored. $user_id User identifier to be stored. $expires Expiration timestamp to be stored. 0 if the token doesn't expire. $scope (optional) Scopes to be stored in space-separated string.
Implements OAuth2\Storage\RefreshTokenInterface.
◆ setUser()
◆ unsetAccessToken()
◆ unsetRefreshToken()
| OAuth2\Storage\Pdo::unsetRefreshToken | ( | $refresh_token | ) |
Expire a used refresh token.
This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.
If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.
- Parameters
-
$refresh_token Refresh token to be expirse.
Implements OAuth2\Storage\RefreshTokenInterface.
Member Data Documentation
◆ $config
◆ $db
The documentation for this class was generated from the following file:
- plugins/OAuth2/Storage/Pdo.php
