Properties

$redis

$redis : 

Type

$config

$config : 

Type

$cache

$cache : 

Type

Methods

__construct()

__construct(\Predis\Client  $redis, array  $config = array()) 

Redis Storage!

Parameters

\Predis\Client $redis
array $config

getAuthorizationCode()

getAuthorizationCode(  $code) : \OAuth2\Storage\An

Fetch authorization code data (probably the most common grant type).

Retrieve the stored data for the given authorization code.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

$code

Authorization code to be check with.

Returns

\OAuth2\Storage\An —

associative array as below, and NULL if the code is invalid

setAuthorizationCode()

setAuthorizationCode(  $authorization_code, mixed  $client_id, mixed  $user_id, string  $redirect_uri, integer  $expires, string  $scope = null,   $id_token = null) 

Take the provided authorization code values and store them somewhere.

This function should be the storage counterpart to getAuthCode().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_AUTH_CODE.

Parameters

$authorization_code
mixed $client_id
  • Client identifier to be stored.
mixed $user_id
  • User identifier to be stored.
string $redirect_uri
  • Redirect URI(s) to be stored in a space-separated string.
integer $expires
  • Expiration to be stored as a Unix timestamp.
string $scope
  • OPTIONAL Scopes to be stored in space-separated string.
$id_token

expireAuthorizationCode()

expireAuthorizationCode(  $code) 

once an Authorization Code is used, it must be exipired

Parameters

$code

checkUserCredentials()

checkUserCredentials(  $username,   $password) : TRUE

Grant access tokens for basic user credentials.

Check the supplied username and password for validity.

You can also use the $client_id param to do any checks required based on a client, if you need that.

Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.

Parameters

$username

Username to be check with.

$password

Password to be check with.

Returns

TRUE —

if the username and password are valid, and FALSE if it isn't. Moreover, if the username and password are valid, and you want to

getUserDetails()

getUserDetails(string  $username) : array|false

Parameters

string $username
  • username to get details for

Returns

array|false —
  • the associated "user_id" and optional "scope" values This function MUST return FALSE if the requested user does not exist or is invalid. "scope" is a space-separated list of restricted scopes.

getUser()

getUser(  $username) 

Parameters

$username

setUser()

setUser(  $username,   $password,   $first_name = null,   $last_name = null) 

Parameters

$username
$password
$first_name
$last_name

checkClientCredentials()

checkClientCredentials(  $client_id,   $client_secret = null) : TRUE

Make sure that the client credentials is valid.

Parameters

$client_id

Client identifier to be check with.

$client_secret

(optional) If a secret is required, check that they've given the right one.

Returns

TRUE —

if the client credentials are valid, and MUST return FALSE if it isn't.

isPublicClient()

isPublicClient(  $client_id) : TRUE

Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types

Parameters

$client_id

Client identifier to be check with.

Returns

TRUE —

if the client is public, and FALSE if it isn't.

getClientDetails()

getClientDetails(  $client_id) 

Parameters

$client_id

setClientDetails()

setClientDetails(  $client_id,   $client_secret = null,   $redirect_uri = null,   $grant_types = null,   $scope = null,   $user_id = null) 

Parameters

$client_id
$client_secret
$redirect_uri
$grant_types
$scope
$user_id

checkRestrictedGrantType()

checkRestrictedGrantType(  $client_id,   $grant_type) 

Parameters

$client_id
$grant_type

getRefreshToken()

getRefreshToken(  $refresh_token) : \OAuth2\Storage\An

Grant refresh access tokens.

Retrieve the stored data for the given refresh token.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be check with.

Returns

\OAuth2\Storage\An —

associative array as below, and NULL if the refresh_token is invalid:

  • refresh_token: Refresh token identifier.
  • client_id: Client identifier.
  • user_id: User identifier.
  • expires: Expiration unix timestamp, or 0 if the token doesn't expire.
  • scope: (optional) Scope values in space-separated string.

setRefreshToken()

setRefreshToken(  $refresh_token,   $client_id,   $user_id,   $expires,   $scope = null) 

Take the provided refresh token values and store them somewhere.

This function should be the storage counterpart to getRefreshToken().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be stored.

$client_id

Client identifier to be stored.

$user_id

User identifier to be stored.

$expires

Expiration timestamp to be stored. 0 if the token doesn't expire.

$scope

(optional) Scopes to be stored in space-separated string.

unsetRefreshToken()

unsetRefreshToken(  $refresh_token) 

Expire a used refresh token.

This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Parameters

$refresh_token

Refresh token to be expirse.

getAccessToken()

getAccessToken(  $access_token) : array|null

Look up the supplied oauth_token from storage.

We need to retrieve access token data as we create and verify tokens.

Parameters

$access_token

Returns

array|null —
  • An associative array as below, and return NULL if the supplied oauth_token is invalid:

setAccessToken()

setAccessToken(  $access_token, mixed  $client_id, mixed  $user_id, integer  $expires, string  $scope = null) 

Store the supplied access token values to storage.

We need to store access token data as we create and verify tokens.

Parameters

$access_token
mixed $client_id
  • client identifier to be stored.
mixed $user_id
  • user identifier to be stored.
integer $expires
  • expiration to be stored as a Unix timestamp.
string $scope
  • OPTIONAL Scopes to be stored in space-separated string.

unsetAccessToken()

unsetAccessToken(  $access_token) 

Parameters

$access_token

scopeExists()

scopeExists(  $scope) : TRUE

Check if the provided scope exists.

Parameters

$scope

A space-separated string of scopes.

Returns

TRUE —

if it exists, FALSE otherwise.

getDefaultScope()

getDefaultScope(  $client_id = null) : string

The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes

Parameters

$client_id

An optional client id that can be used to return customized default scopes.

Returns

string —

representation of default scope, null if scopes are not defined, or false to force scope request by the client

ex: 'default' ex: null

setScope()

setScope(  $scope,   $client_id = null,   $type = 'supported') 

Parameters

$scope
$client_id
$type

getClientKey()

getClientKey(  $client_id,   $subject) : STRING

Get the public key associated with a client_id

Parameters

$client_id

Client identifier to be checked with.

$subject

Returns

STRING —

Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.

setClientKey()

setClientKey(  $client_id,   $key,   $subject = null) 

Parameters

$client_id
$key
$subject

getClientScope()

getClientScope(  $client_id) 

Parameters

$client_id

getJti()

getJti(  $client_id,   $subject,   $audience,   $expiration,   $jti) : \OAuth2\Storage\An

Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.

Parameters

$client_id

Client identifier to match.

$subject

The subject to match.

$audience

The audience to match.

$expiration

The expiration of the jti.

$jti

The jti to match.

Returns

\OAuth2\Storage\An —

associative array as below, and return NULL if the jti does not exist.

  • issuer: Stored client identifier.
  • subject: Stored subject.
  • audience: Stored audience.
  • expires: Stored expiration in unix timestamp.
  • jti: The stored jti.

setJti()

setJti(  $client_id,   $subject,   $audience,   $expiration,   $jti) 

Store a used jti so that we can check against it to prevent replay attacks.

Parameters

$client_id

Client identifier to insert.

$subject

The subject to insert.

$audience

The audience to insert.

$expiration

The expiration of the jti.

$jti

The jti to insert.

getValue()

getValue(  $key) 

Parameters

$key

setValue()

setValue(  $key,   $value,   $expire) 

Parameters

$key
$value
$expire

expireValue()

expireValue(  $key) 

Parameters

$key