\OAuth2\StoragePdo

Simple PDO storage for all storage types

NOTE: This class is meant to get users started quickly. If your application requires further customization, extend this class or create your own.

NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application

Summary

Methods
Properties
Constants
__construct()
checkClientCredentials()
isPublicClient()
getClientDetails()
setClientDetails()
checkRestrictedGrantType()
getAccessToken()
setAccessToken()
unsetAccessToken()
getAuthorizationCode()
setAuthorizationCode()
expireAuthorizationCode()
checkUserCredentials()
getUserDetails()
getUserClaims()
getRefreshToken()
setRefreshToken()
unsetRefreshToken()
getUser()
setUser()
scopeExists()
getDefaultScope()
getClientKey()
getClientScope()
getJti()
setJti()
getPublicKey()
getPrivateKey()
getEncryptionAlgorithm()
getBuildSql()
No public properties found
No constants found
getUserClaim()
checkPassword()
hashPassword()
$db
$config
N/A
setAuthorizationCodeWithIdToken()
No private properties found
N/A

Properties

$db

$db : \PDO

Type

\PDO

$config

$config : array

Type

array

Methods

__construct()

__construct(mixed  $connection, array  $config = array()) 

Parameters

mixed $connection
array $config

Throws

\InvalidArgumentException

checkClientCredentials()

checkClientCredentials(string  $client_id, null|string  $client_secret = null) : boolean

Make sure that the client credentials is valid.

Parameters

string $client_id

Client identifier to be check with.

null|string $client_secret

(optional) If a secret is required, check that they've given the right one.

Returns

boolean

isPublicClient()

isPublicClient(string  $client_id) : boolean

Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types

Parameters

string $client_id

Client identifier to be check with.

Returns

boolean

getClientDetails()

getClientDetails(string  $client_id) : array|mixed

Parameters

string $client_id

Returns

array|mixed

setClientDetails()

setClientDetails(string  $client_id, null|string  $client_secret = null, null|string  $redirect_uri = null, null|array  $grant_types = null, null|string  $scope = null, null|string  $user_id = null) : boolean

Parameters

string $client_id
null|string $client_secret
null|string $redirect_uri
null|array $grant_types
null|string $scope
null|string $user_id

Returns

boolean

checkRestrictedGrantType()

checkRestrictedGrantType(  $client_id,   $grant_type) : boolean

Parameters

$client_id
$grant_type

Returns

boolean

getAccessToken()

getAccessToken(string  $access_token) : array|boolean|mixed|null

Look up the supplied oauth_token from storage.

We need to retrieve access token data as we create and verify tokens.

Parameters

string $access_token

Returns

array|boolean|mixed|null

setAccessToken()

setAccessToken(string  $access_token, mixed  $client_id, mixed  $user_id, integer  $expires, string  $scope = null) : boolean

Store the supplied access token values to storage.

We need to store access token data as we create and verify tokens.

Parameters

string $access_token
mixed $client_id
  • client identifier to be stored.
mixed $user_id
  • user identifier to be stored.
integer $expires
  • expiration to be stored as a Unix timestamp.
string $scope
  • OPTIONAL Scopes to be stored in space-separated string.

Returns

boolean

unsetAccessToken()

unsetAccessToken(  $access_token) : boolean

Parameters

$access_token

Returns

boolean

getAuthorizationCode()

getAuthorizationCode(string  $code) : mixed

Fetch authorization code data (probably the most common grant type).

Retrieve the stored data for the given authorization code.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

string $code

Authorization code to be check with.

Returns

mixed

setAuthorizationCode()

setAuthorizationCode(string  $code, mixed  $client_id, mixed  $user_id, string  $redirect_uri, integer  $expires, string  $scope = null, string  $id_token = null) : boolean|mixed

Take the provided authorization code values and store them somewhere.

This function should be the storage counterpart to getAuthCode().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

string $code
  • Authorization code to be stored.
mixed $client_id
  • Client identifier to be stored.
mixed $user_id
  • User identifier to be stored.
string $redirect_uri
  • Redirect URI(s) to be stored in a space-separated string.
integer $expires
  • Expiration to be stored as a Unix timestamp.
string $scope
  • OPTIONAL Scopes to be stored in space-separated string.
string $id_token

Returns

boolean|mixed

expireAuthorizationCode()

expireAuthorizationCode(string  $code) : boolean

once an Authorization Code is used, it must be exipired

Parameters

string $code

Returns

boolean

checkUserCredentials()

checkUserCredentials(string  $username, string  $password) : boolean

Grant access tokens for basic user credentials.

Check the supplied username and password for validity.

You can also use the $client_id param to do any checks required based on a client, if you need that.

Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.

Parameters

string $username

Username to be check with.

string $password

Password to be check with.

Returns

boolean

getUserDetails()

getUserDetails(string  $username) : array|boolean

Parameters

string $username
  • username to get details for

Returns

array|boolean

getUserClaims()

getUserClaims(mixed  $user_id, string  $claims) : array|boolean

Return claims about the provided user id.

Groups of claims are returned based on the requested scopes. No group is required, and no claim is required.

Parameters

mixed $user_id
  • The id of the user for which claims should be returned.
string $claims

Returns

array|boolean

getRefreshToken()

getRefreshToken(string  $refresh_token) : boolean|mixed

Grant refresh access tokens.

Retrieve the stored data for the given refresh token.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

string $refresh_token

Refresh token to be check with.

Returns

boolean|mixed

setRefreshToken()

setRefreshToken(string  $refresh_token, mixed  $client_id, mixed  $user_id, string  $expires, string  $scope = null) : boolean

Take the provided refresh token values and store them somewhere.

This function should be the storage counterpart to getRefreshToken().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

string $refresh_token

Refresh token to be stored.

mixed $client_id

Client identifier to be stored.

mixed $user_id

User identifier to be stored.

string $expires

Expiration timestamp to be stored. 0 if the token doesn't expire.

string $scope

(optional) Scopes to be stored in space-separated string.

Returns

boolean

unsetRefreshToken()

unsetRefreshToken(string  $refresh_token) : boolean

Expire a used refresh token.

This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Parameters

string $refresh_token

Refresh token to be expirse.

Returns

boolean

getUser()

getUser(string  $username) : array|boolean

Parameters

string $username

Returns

array|boolean

setUser()

setUser(string  $username, string  $password, string  $firstName = null, string  $lastName = null) : boolean

plaintext passwords are bad! Override this for your application

Parameters

string $username
string $password
string $firstName
string $lastName

Returns

boolean

scopeExists()

scopeExists(string  $scope) : boolean

Check if the provided scope exists.

Parameters

string $scope

A space-separated string of scopes.

Returns

boolean

getDefaultScope()

getDefaultScope(mixed  $client_id = null) : null|string

The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes

Parameters

mixed $client_id

An optional client id that can be used to return customized default scopes.

Returns

null|string

getClientKey()

getClientKey(mixed  $client_id,   $subject) : string

Get the public key associated with a client_id

Parameters

mixed $client_id

Client identifier to be checked with.

$subject

Returns

string

getClientScope()

getClientScope(mixed  $client_id) : boolean|null

Parameters

mixed $client_id

Returns

boolean|null

getJti()

getJti(mixed  $client_id,   $subject,   $audience,   $expires,   $jti) : array|null

Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.

Parameters

mixed $client_id

Client identifier to match.

$subject

The subject to match.

$audience

The audience to match.

$expires
$jti

The jti to match.

Returns

array|null

setJti()

setJti(mixed  $client_id,   $subject,   $audience,   $expires,   $jti) : boolean

Store a used jti so that we can check against it to prevent replay attacks.

Parameters

mixed $client_id

Client identifier to insert.

$subject

The subject to insert.

$audience

The audience to insert.

$expires
$jti

The jti to insert.

Returns

boolean

getPublicKey()

getPublicKey(mixed  $client_id = null) : mixed

Parameters

mixed $client_id

Returns

mixed

getPrivateKey()

getPrivateKey(mixed  $client_id = null) : mixed

Parameters

mixed $client_id

Returns

mixed

getEncryptionAlgorithm()

getEncryptionAlgorithm(mixed  $client_id = null) : string

Parameters

mixed $client_id

Returns

string

getBuildSql()

getBuildSql(string  $dbName = 'oauth2_server_php') : string

DDL to create OAuth2 database and tables for PDO storage

Parameters

string $dbName

Returns

string

getUserClaim()

getUserClaim(string  $claim, array  $userDetails) : array

Parameters

string $claim
array $userDetails

Returns

array

checkPassword()

checkPassword(array  $user, string  $password) : boolean

plaintext passwords are bad! Override this for your application

Parameters

array $user
string $password

Returns

boolean

hashPassword()

hashPassword(  $password) 

Parameters

$password

setAuthorizationCodeWithIdToken()

setAuthorizationCodeWithIdToken(string  $code, mixed  $client_id, mixed  $user_id, string  $redirect_uri, string  $expires, string  $scope = null, string  $id_token = null) : boolean

Parameters

string $code
mixed $client_id
mixed $user_id
string $redirect_uri
string $expires
string $scope
string $id_token

Returns

boolean