\OAuth2\StorageCassandra

Cassandra storage for all storage types

To use, install "thobbs/phpcassa" via composer: composer require thobbs/phpcassa:dev-master

Once this is done, instantiate the connection: $cassandra = new \phpcassa\Connection\ConnectionPool('oauth2_server', array('127.0.0.1:9160'));

Then, register the storage client: $storage = new OAuth2\Storage\Cassandra($cassandra); $storage->setClientDetails($client_id, $client_secret, $redirect_uri);

Summary

Methods
Properties
Constants
__construct()
getAuthorizationCode()
setAuthorizationCode()
expireAuthorizationCode()
checkUserCredentials()
getUserDetails()
getUser()
setUser()
checkClientCredentials()
isPublicClient()
getClientDetails()
setClientDetails()
checkRestrictedGrantType()
getRefreshToken()
setRefreshToken()
unsetRefreshToken()
getAccessToken()
setAccessToken()
unsetAccessToken()
scopeExists()
getDefaultScope()
setScope()
getClientKey()
setClientKey()
getClientScope()
getJti()
setJti()
getPublicKey()
getPrivateKey()
getEncryptionAlgorithm()
getUserClaims()
No public properties found
No constants found
getValue()
setValue()
expireValue()
checkPassword()
hashPassword()
getUserClaim()
$cassandra
$config
N/A
No private methods found
$cache
N/A

Properties

$cassandra

$cassandra : \phpcassa\Connection\ConnectionPool

Type

\phpcassa\Connection\ConnectionPool

$config

$config : array

Type

array

$cache

$cache : 

Type

Methods

__construct()

__construct(\phpcassa\Connection\ConnectionPool|array  $connection = array(), array  $config = array()) 

Cassandra Storage! uses phpCassa

Parameters

\phpcassa\Connection\ConnectionPool|array $connection
array $config

Throws

\InvalidArgumentException

getAuthorizationCode()

getAuthorizationCode(string  $code) : boolean|mixed

Fetch authorization code data (probably the most common grant type).

Retrieve the stored data for the given authorization code.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

string $code

Authorization code to be check with.

Returns

boolean|mixed

setAuthorizationCode()

setAuthorizationCode(string  $authorization_code, mixed  $client_id, mixed  $user_id, string  $redirect_uri, integer  $expires, string  $scope = null, string  $id_token = null) : boolean

Take the provided authorization code values and store them somewhere.

This function should be the storage counterpart to getAuthCode().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

string $authorization_code
mixed $client_id
  • Client identifier to be stored.
mixed $user_id
  • User identifier to be stored.
string $redirect_uri
  • Redirect URI(s) to be stored in a space-separated string.
integer $expires
  • Expiration to be stored as a Unix timestamp.
string $scope
  • OPTIONAL Scopes to be stored in space-separated string.
string $id_token

Returns

boolean

expireAuthorizationCode()

expireAuthorizationCode(string  $code) : boolean

once an Authorization Code is used, it must be exipired

Parameters

string $code

Returns

boolean

checkUserCredentials()

checkUserCredentials(string  $username, string  $password) : boolean

Grant access tokens for basic user credentials.

Check the supplied username and password for validity.

You can also use the $client_id param to do any checks required based on a client, if you need that.

Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.

Parameters

string $username

Username to be check with.

string $password

Password to be check with.

Returns

boolean

getUserDetails()

getUserDetails(string  $username) : array|boolean|false

Parameters

string $username
  • username to get details for

Returns

array|boolean|false

getUser()

getUser(string  $username) : array|boolean

Parameters

string $username

Returns

array|boolean

setUser()

setUser(string  $username, string  $password, string  $first_name = null, string  $last_name = null) : boolean

Parameters

string $username
string $password
string $first_name
string $last_name

Returns

boolean

checkClientCredentials()

checkClientCredentials(mixed  $client_id, string  $client_secret = null) : boolean

Make sure that the client credentials is valid.

Parameters

mixed $client_id

Client identifier to be check with.

string $client_secret

(optional) If a secret is required, check that they've given the right one.

Returns

boolean

isPublicClient()

isPublicClient(  $client_id) : boolean

Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types

Parameters

$client_id

Client identifier to be check with.

Returns

boolean

getClientDetails()

getClientDetails(  $client_id) : array|boolean|mixed

Parameters

$client_id

Returns

array|boolean|mixed

setClientDetails()

setClientDetails(  $client_id, null  $client_secret = null, null  $redirect_uri = null, null  $grant_types = null, null  $scope = null, null  $user_id = null) : boolean

Parameters

$client_id
null $client_secret
null $redirect_uri
null $grant_types
null $scope
null $user_id

Returns

boolean

checkRestrictedGrantType()

checkRestrictedGrantType(  $client_id,   $grant_type) : boolean

Parameters

$client_id
$grant_type

Returns

boolean

getRefreshToken()

getRefreshToken(  $refresh_token) : boolean|mixed

Grant refresh access tokens.

Retrieve the stored data for the given refresh token.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be check with.

Returns

boolean|mixed

setRefreshToken()

setRefreshToken(  $refresh_token,   $client_id,   $user_id,   $expires, null  $scope = null) : boolean

Take the provided refresh token values and store them somewhere.

This function should be the storage counterpart to getRefreshToken().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be stored.

$client_id

Client identifier to be stored.

$user_id

User identifier to be stored.

$expires

Expiration timestamp to be stored. 0 if the token doesn't expire.

null $scope

(optional) Scopes to be stored in space-separated string.

Returns

boolean

unsetRefreshToken()

unsetRefreshToken(  $refresh_token) : boolean

Expire a used refresh token.

This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Parameters

$refresh_token

Refresh token to be expirse.

Returns

boolean

getAccessToken()

getAccessToken(string  $access_token) : array|boolean|mixed|null

Look up the supplied oauth_token from storage.

We need to retrieve access token data as we create and verify tokens.

Parameters

string $access_token

Returns

array|boolean|mixed|null

setAccessToken()

setAccessToken(string  $access_token, mixed  $client_id, mixed  $user_id, integer  $expires, null  $scope = null) : boolean

Store the supplied access token values to storage.

We need to store access token data as we create and verify tokens.

Parameters

string $access_token
mixed $client_id
  • client identifier to be stored.
mixed $user_id
  • user identifier to be stored.
integer $expires
  • expiration to be stored as a Unix timestamp.
null $scope
  • OPTIONAL Scopes to be stored in space-separated string.

Returns

boolean

unsetAccessToken()

unsetAccessToken(  $access_token) : boolean

Parameters

$access_token

Returns

boolean

scopeExists()

scopeExists(  $scope) : boolean

Check if the provided scope exists.

Parameters

$scope

A space-separated string of scopes.

Returns

boolean

getDefaultScope()

getDefaultScope(null  $client_id = null) : boolean|mixed

The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes

Parameters

null $client_id

An optional client id that can be used to return customized default scopes.

Returns

boolean|mixed

setScope()

setScope(  $scope, null  $client_id = null, string  $type = 'supported') : boolean

Parameters

$scope
null $client_id
string $type

Throws

\InvalidArgumentException

Returns

boolean

getClientKey()

getClientKey(  $client_id,   $subject) : boolean|null

Get the public key associated with a client_id

Parameters

$client_id

Client identifier to be checked with.

$subject

Returns

boolean|null

setClientKey()

setClientKey(  $client_id,   $key, null  $subject = null) : boolean

Parameters

$client_id
$key
null $subject

Returns

boolean

getClientScope()

getClientScope(  $client_id) : boolean|null

Parameters

$client_id

Returns

boolean|null

getJti()

getJti(  $client_id,   $subject,   $audience,   $expiration,   $jti) : \OAuth2\Storage\An

Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.

Parameters

$client_id

Client identifier to match.

$subject

The subject to match.

$audience

The audience to match.

$expiration

The expiration of the jti.

$jti

The jti to match.

Throws

\Exception

Returns

\OAuth2\Storage\An —

associative array as below, and return NULL if the jti does not exist.

  • issuer: Stored client identifier.
  • subject: Stored subject.
  • audience: Stored audience.
  • expires: Stored expiration in unix timestamp.
  • jti: The stored jti.

setJti()

setJti(  $client_id,   $subject,   $audience,   $expiration,   $jti) 

Store a used jti so that we can check against it to prevent replay attacks.

Parameters

$client_id

Client identifier to insert.

$subject

The subject to insert.

$audience

The audience to insert.

$expiration

The expiration of the jti.

$jti

The jti to insert.

Throws

\Exception

getPublicKey()

getPublicKey(string  $client_id = '') : mixed

Parameters

string $client_id

Returns

mixed

getPrivateKey()

getPrivateKey(string  $client_id = '') : mixed

Parameters

string $client_id

Returns

mixed

getEncryptionAlgorithm()

getEncryptionAlgorithm(null  $client_id = null) : mixed|string

Parameters

null $client_id

Returns

mixed|string

getUserClaims()

getUserClaims(mixed  $user_id, string  $claims) : array|boolean

Return claims about the provided user id.

Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.

Parameters

mixed $user_id
  • The id of the user for which claims should be returned.
string $claims

Returns

array|boolean

getValue()

getValue(  $key) : boolean|mixed

Parameters

$key

Returns

boolean|mixed

setValue()

setValue(  $key,   $value, integer  $expire) : boolean

Parameters

$key
$value
integer $expire

Returns

boolean

expireValue()

expireValue(  $key) : boolean

Parameters

$key

Returns

boolean

checkPassword()

checkPassword(array  $user, string  $password) : boolean

plaintext passwords are bad! Override this for your application

Parameters

array $user
string $password

Returns

boolean

hashPassword()

hashPassword(  $password) 

Parameters

$password

getUserClaim()

getUserClaim(  $claim,   $userDetails) : array

Parameters

$claim
$userDetails

Returns

array