\OAuth2Server

Server class for OAuth2 This class serves as a convience class which wraps the other Controller classes

Summary

Methods
Properties
Constants
__construct()
getAuthorizeController()
getTokenController()
getResourceController()
getUserInfoController()
setAuthorizeController()
setTokenController()
setResourceController()
setUserInfoController()
handleUserInfoRequest()
handleTokenRequest()
grantAccessToken()
handleRevokeRequest()
handleAuthorizeRequest()
validateAuthorizeRequest()
verifyResourceRequest()
getAccessTokenData()
addGrantType()
addStorage()
addResponseType()
getScopeUtil()
setScopeUtil()
getResponse()
getStorages()
getStorage()
getGrantTypes()
getGrantType()
getResponseTypes()
getResponseType()
getTokenType()
getClientAssertionType()
setConfig()
getConfig()
No public properties found
No constants found
createDefaultAuthorizeController()
createDefaultTokenController()
createDefaultResourceController()
createDefaultUserInfoController()
getDefaultTokenType()
getDefaultResponseTypes()
getDefaultGrantTypes()
getAccessTokenResponseType()
getIdTokenResponseType()
getIdTokenTokenResponseType()
createDefaultJwtAccessTokenStorage()
createDefaultJwtAccessTokenResponseType()
createDefaultAccessTokenResponseType()
createDefaultIdTokenResponseType()
createDefaultIdTokenTokenResponseType()
validateOpenIdConnect()
normalizeResponseType()
$response
$config
$storages
$authorizeController
$tokenController
$resourceController
$userInfoController
$grantTypes
$responseTypes
$tokenType
$scopeUtil
$clientAssertionType
$storageMap
$responseTypeMap
N/A
No private methods found
No private properties found
N/A

Properties

$config

$config : array

Type

array

$storages

$storages : array

Type

array

$grantTypes

$grantTypes : array

Type

array

$responseTypes

$responseTypes : array

Type

array

$storageMap

$storageMap : array

Type

array

$responseTypeMap

$responseTypeMap : array

Type

array

Methods

__construct()

__construct(mixed  $storage = array(), array  $config = array(), array  $grantTypes = array(), array  $responseTypes = array(), \OAuth2\TokenType\TokenTypeInterface  $tokenType = null, \OAuth2\ScopeInterface  $scopeUtil = null, \OAuth2\ClientAssertionType\ClientAssertionTypeInterface  $clientAssertionType = null) 

Parameters

mixed $storage

(array or OAuth2\Storage) - single object or array of objects implementing the required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)

array $config

specify a different token lifetime, token header name, etc

array $grantTypes

An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens

array $responseTypes

Response types to use. array keys should be "code" and "token" for Access Token and Authorization Code response types

\OAuth2\TokenType\TokenTypeInterface $tokenType

The token type object to use. Valid token types are "bearer" and "mac"

\OAuth2\ScopeInterface $scopeUtil

The scope utility class to use to validate scope

\OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType

The method in which to verify the client identity. Default is HttpBasic

handleUserInfoRequest()

handleUserInfoRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : \OAuth2\ResponseInterface

Return claims about the authenticated end-user.

This would be called from the "/UserInfo" endpoint as defined in the spec.

Parameters

\OAuth2\RequestInterface $request
  • Request object to grant access token
\OAuth2\ResponseInterface $response
  • Response object containing error messages (failure) or user claims (success)

Throws

\InvalidArgumentException
\LogicException

Returns

\OAuth2\ResponseInterface

handleTokenRequest()

handleTokenRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : \OAuth2\ResponseInterface

Grant or deny a requested access token.

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want.

Parameters

\OAuth2\RequestInterface $request
  • Request object to grant access token
\OAuth2\ResponseInterface $response
  • Response object containing error messages (failure) or access token (success)

Throws

\InvalidArgumentException
\LogicException

Returns

\OAuth2\ResponseInterface

grantAccessToken()

grantAccessToken(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : mixed

Grant or deny a requested access token.

This would be called from the "/token" endpoint as defined in the spec. You can call your endpoint whatever you want.

Parameters

\OAuth2\RequestInterface $request
  • Request object to grant access token
\OAuth2\ResponseInterface $response
  • Response object

Returns

mixed

handleAuthorizeRequest()

handleAuthorizeRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response, boolean  $is_authorized, mixed  $user_id = null) : \OAuth2\ResponseInterface

Redirect the user appropriately after approval.

After the user has approved or denied the resource request the authorization server should call this function to redirect the user appropriately.

Parameters

\OAuth2\RequestInterface $request
  • The request should have the follow parameters set in the querystring:
  • response_type: The requested response: an access token, an authorization code, or both.
  • client_id: The client identifier as described in Section 2.
  • redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed.
  • scope: (optional) The scope of the resource request expressed as a list of space-delimited strings.
  • state: (optional) An opaque value used by the client to maintain state between the request and callback.
\OAuth2\ResponseInterface $response
  • Response object
boolean $is_authorized
  • TRUE or FALSE depending on whether the user authorized the access.
mixed $user_id
  • Identifier of user who authorized the client

Returns

\OAuth2\ResponseInterface

validateAuthorizeRequest()

validateAuthorizeRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : boolean

Pull the authorization request data out of the HTTP request.

  • The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting $config['enforce_redirect'] to true.
  • The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.

The draft specifies that the parameters should be retrieved from GET, override the Response object to change this

Parameters

\OAuth2\RequestInterface $request
  • Request object
\OAuth2\ResponseInterface $response
  • Response object

Returns

boolean —

The authorization parameters so the authorization server can prompt the user for approval if valid.

verifyResourceRequest()

verifyResourceRequest(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null, string  $scope = null) : mixed

Verify the resource request

Parameters

\OAuth2\RequestInterface $request
  • Request object
\OAuth2\ResponseInterface $response
  • Response object
string $scope
  • Scope

Returns

mixed

getAccessTokenData()

getAccessTokenData(\OAuth2\RequestInterface  $request, \OAuth2\ResponseInterface  $response = null) : mixed

Get access token data.

Parameters

\OAuth2\RequestInterface $request
  • Request object
\OAuth2\ResponseInterface $response
  • Response object

Returns

mixed

addStorage()

addStorage(object  $storage, mixed  $key = null) 

Set a storage object for the server

Parameters

object $storage
  • An object implementing one of the Storage interfaces
mixed $key
  • If null, the storage is set to the key of each storage interface it implements

Throws

\InvalidArgumentException

addResponseType()

addResponseType(\OAuth2\ResponseType\ResponseTypeInterface  $responseType, mixed  $key = null) 

Parameters

\OAuth2\ResponseType\ResponseTypeInterface $responseType
mixed $key

Throws

\InvalidArgumentException

getResponse()

getResponse() : mixed

Returns

mixed

getStorages()

getStorages() : array

Returns

array

getStorage()

getStorage(string  $name) : object|null

Parameters

string $name

Returns

object|null

getGrantTypes()

getGrantTypes() : array

Returns

array

getGrantType()

getGrantType(string  $name) : object|null

Parameters

string $name

Returns

object|null

getResponseTypes()

getResponseTypes() : array

Returns

array

getResponseType()

getResponseType(string  $name) : object|null

Parameters

string $name

Returns

object|null

setConfig()

setConfig(string  $name, mixed  $value) 

Parameters

string $name
mixed $value

getConfig()

getConfig(string  $name, mixed  $default = null) : mixed

Parameters

string $name
mixed $default

Returns

mixed

getDefaultResponseTypes()

getDefaultResponseTypes() : array

Throws

\LogicException

Returns

array

getDefaultGrantTypes()

getDefaultGrantTypes() : array

Throws

\LogicException

Returns

array

createDefaultJwtAccessTokenStorage()

createDefaultJwtAccessTokenStorage() : \OAuth2\Storage\JwtAccessToken

For Resource Controller

Throws

\LogicException

Returns

\OAuth2\Storage\JwtAccessToken

createDefaultJwtAccessTokenResponseType()

createDefaultJwtAccessTokenResponseType() : \OAuth2\ResponseType\JwtAccessToken

For Authorize and Token Controllers

Throws

\LogicException

Returns

\OAuth2\ResponseType\JwtAccessToken

createDefaultAccessTokenResponseType()

createDefaultAccessTokenResponseType() : \OAuth2\ResponseType\AccessToken

Throws

\LogicException

Returns

\OAuth2\ResponseType\AccessToken

createDefaultIdTokenResponseType()

createDefaultIdTokenResponseType() : \OAuth2\OpenID\ResponseType\IdToken

Throws

\LogicException

Returns

\OAuth2\OpenID\ResponseType\IdToken

validateOpenIdConnect()

validateOpenIdConnect() 

Throws

\InvalidArgumentException

normalizeResponseType()

normalizeResponseType(string  $name) : string

Parameters

string $name

Returns

string