public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$fields = ['first_name', 'last_name', 'nickname', 'screen_name', 'sex', 'bdate', 'city', 'country', 'timezone', 'photo_50', 'photo_100', 'photo_200_orig', 'has_mobile', 'contacts', 'education', 'online', 'counters', 'relation', 'last_seen', 'status', 'can_write_private_message', 'can_see_all_posts', 'can_see_audio', 'can_post', 'universities', 'schools', 'verified'];
$userId = $token->getResourceOwnerId();
$tokenValue = $token->getToken();
return "https://api.vk.com/method/users.get?user_id={$userId}&fields=" . implode($this->getScopeSeparator(), $fields) . "&access_token={$tokenValue}";
}
public function __construct(array $options = [], $provider)
{
parent::__construct($options);
if (!empty($options['id_token'])) {
$this->idToken = $options['id_token'];
$keys = $provider->getJwtVerificationKeys();
$idTokenClaims = null;
try {
$tks = explode('.', $this->idToken);
// Check if the id_token contains signature
if (count($tks) == 3 && !empty($tks[2])) {
$idTokenClaims = (array) JWT::decode($this->idToken, $keys, ['RS256']);
} else {
// The id_token is unsigned (coming from v1.0 endpoint) - https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx
// Validate the access_token signature first by parsing it as JWT into claims
$accessTokenClaims = (array) JWT::decode($options['access_token'], $keys, ['RS256']);
// Then parse the idToken claims only without validating the signature
$idTokenClaims = (array) JWT::jsonDecode(JWT::urlsafeB64Decode($tks[1]));
}
} catch (JWT_Exception $e) {
throw new RuntimeException("Unable to parse the id_token!");
}
if ($provider->getClientId() != $idTokenClaims['aud']) {
throw new RuntimeException("The audience is invalid!");
}
if ($idTokenClaims['nbf'] > time() || $idTokenClaims['exp'] < time()) {
// Additional validation is being performed in firebase/JWT itself
throw new RuntimeException("The id_token is invalid!");
}
if ($provider->tenant == "common") {
$provider->tenant = $idTokenClaims['tid'];
$tenant = $provider->getTenantDetails($provider->tenant);
if ($idTokenClaims['iss'] != $tenant['issuer']) {
throw new RuntimeException("Invalid token issuer!");
}
} else {
$tenant = $provider->getTenantDetails($provider->tenant);
if ($idTokenClaims['iss'] != $tenant['issuer']) {
throw new RuntimeException("Invalid token issuer!");
}
}
$this->idTokenClaims = $idTokenClaims;
}
}
/**
* Complete the client credentials grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
$selfClient = app('selfClient');
// Get the required params
if (is_null($selfClient)) {
throw new Exception\InvalidClientException();
}
// Validate client ID and client secret
$client = $this->server->getClientStorage()->get($selfClient->id, $selfClient->secret, null, $this->getIdentifier());
if ($client instanceof ClientEntity === false) {
$this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest()));
throw new Exception\InvalidClientException();
}
// Create a new session
$session = new SessionEntity($this->server);
$session->setOwner('client', $client->getId());
$session->associateClient($client);
// Generate an access token
$accessToken = new AccessTokenEntity($this->server);
$accessToken->setId(SecureKey::generate());
$accessToken->setExpireTime($this->getAccessTokenTTL() + time());
foreach ($session->getScopes() as $scope) {
$accessToken->associateScope($scope);
}
// Save everything
$session->save();
$accessToken->setSession($session);
$accessToken->save();
$oauthClient = new GenericProvider(['clientId' => $selfClient->id, 'clientSecret' => $selfClient->secret, 'redirectUri' => null, 'urlAuthorize' => null, 'urlAccessToken' => null, 'urlResourceOwnerDetails' => null]);
$accessToken = new AccessToken(['access_token' => $accessToken->getId(), 'expires' => $accessToken->getExpireTime()]);
return function ($method, $url, $options = []) use($oauthClient, $accessToken) {
return $oauthClient->getAuthenticatedRequest($method, $url, $accessToken, $options);
};
}
/**
* Check if the user access token connected to payout exists. If it does not exist, returns null.
*
* If it exist, check for its expiration. If the token has been expired, refresh it with new one.
*
* @param array $apiKeys
* @param Payout $payout
* @param int $expires
*
* @return Registry|AccessToken|null
*/
public static function getPayoutAccessToken($apiKeys, Payout $payout, $expires = 7)
{
try {
$token = $payout->getStripe();
// Try to get an access token (using the authorization code grant)
$alias = !$apiKeys['test'] ? 'production' : 'test';
if ($token === null or !$token->get('stripeconnect.' . $alias . '.access_token')) {
return null;
}
$options = array('access_token' => $token->get('stripeconnect.' . $alias . '.access_token'), 'refresh_token' => $token->get('stripeconnect.' . $alias . '.refresh_token'), 'expires' => $token->get('stripeconnect.' . $alias . '.expires'));
$accessToken = new AccessToken($options);
if ($accessToken->hasExpired()) {
$provider = new Stripe(['clientId' => $apiKeys['client_id'], 'clientSecret' => $apiKeys['secret_key']]);
$accessToken = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->get('stripeconnect.' . $alias . '.refresh_token')]);
// Prepare expiration date.
$date = new \JDate();
$date->add(new \DateInterval('P' . $expires . 'D'));
$token->set('stripeconnect.' . $alias . '.access_token', $accessToken->getToken());
$token->set('stripeconnect.' . $alias . '.refresh_token', $accessToken->getRefreshToken());
$token->set('stripeconnect.' . $alias . '.expires', $date->getTimestamp());
$payout->setStripe($token);
$payout->storeStripe();
}
} catch (\Exception $e) {
\JLog::add($e->getMessage());
return null;
}
return $accessToken;
}
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$params = ['fields' => $this->userFields, 'access_token' => $token->getToken(), 'v' => $this->version, 'lang' => $this->lang];
$query = $this->buildQueryString($params);
$url = "{$this->baseUri}/users.get?{$query}";
return $url;
}
/**
* Create an authentication cookie.
*
* @param string $path
* @param AccessToken $accessToken
*
* @return \Symfony\Component\HttpFoundation\Cookie
*/
public static function create($path, AccessToken $accessToken)
{
if (!($expire = $accessToken->getExpires())) {
$expire = time() + 3600;
}
return new CookieBase(TokenManager::TOKEN_COOKIE_NAME, $accessToken->getToken(), $expire, $path);
}
/**
* Query to insert a profile record.
*
* @param string $guid
* @param string $provider
* @param string $resourceOwnerId
* @param AccessToken $accessToken
* @param ResourceOwnerInterface $resourceOwner
*
* @return \Doctrine\DBAL\Query\QueryBuilder
*/
public function queryInsert($guid, $provider, $resourceOwnerId, AccessToken $accessToken, ResourceOwnerInterface $resourceOwner)
{
if ($guid === null) {
$guid = $this->getGuidV4();
}
return $this->getQueryBuilder()->insert($this->tableNameProvider)->values(['guid' => ':guid', 'provider' => ':provider', 'resource_owner_id' => ':resource_owner_id', 'refresh_token' => ':refresh_token', 'lastupdate' => ':lastupdate', 'resource_owner' => ':resource_owner'])->setParameters(['guid' => $guid, 'provider' => $provider, 'resource_owner_id' => $resourceOwnerId, 'refresh_token' => $accessToken->getRefreshToken(), 'lastupdate' => date('Y-m-d H:i:s', time()), 'resource_owner' => json_encode($resourceOwner->toArray())]);
}
/**
* @param \League\OAuth2\Client\Token\AccessToken $accessToken
* @return boolean
*/
public static function storeAccessToken(\League\OAuth2\Client\Token\AccessToken $accessToken)
{
$result = file_put_contents(self::TOKENS_FILE_PATH, json_encode($accessToken->jsonSerialize()) . "\n", FILE_APPEND);
if (!$result) {
throw new \RuntimeException(sprintf("Could not store token into file %s - check file permissions", self::TOKENS_FILE_PATH));
}
return $result;
}
/**
* Get user image from provider
*
* @param array $response
* @param AccessToken $token
*
* @return array
*/
protected function getUserImage(array $response, AccessToken $token)
{
$guid = $token->getResourceOwnerId();
$url = 'https://social.yahooapis.com/v1/user/' . $guid . '/profile/image/' . $this->imageSize . '?format=json';
$request = $this->getAuthenticatedRequest('get', $url, $token);
$response = $this->getResponse($request);
return $response;
}
/**
* Returns an authenticated API client.
*
* Requires optional Gitlab API client to be installed.
*
* @return Client
*/
public function getApiClient()
{
if (!class_exists('\\Gitlab\\Client')) {
throw new \LogicException(__METHOD__ . ' requires package m4tthumphrey/php-gitlab-api to be installed and autoloaded');
// @codeCoverageIgnore
}
$client = new Client(rtrim($this->domain, '/') . self::PATH_API);
return $client->authenticate($this->token->getToken(), Client::AUTH_OAUTH_TOKEN);
}
/**
* Get Access Token
* @return AccessToken
* @throws \Exception
*/
private function getAccessToken()
{
if ($this->provider === null) {
throw new EmptyProviderException();
}
if ($this->token == null || $this->token->hasExpired()) {
// Get and store a new token
$this->token = $this->provider->getAccessToken('client_credentials');
}
return $this->token;
}
protected function loadToken()
{
// Carregar token da sessão
$this->token = \Session::get('oauth_token');
// Verificar se token foi gerado
if (is_null($this->token)) {
return;
}
// Verificar se token jah expirou, se sim tentar atualizar o token
if ($this->token->hasExpired() && is_null($this->token->getRefreshToken()) != true) {
$this->token = $this->provider->getAccessToken('refresh_token', ['refresh_token' => $this->token->getRefreshToken()]);
\Session::set('oauth_token', $this->token);
}
}
/**
* Constructor.
*
* @param string $guid
* @param string $providerName
* @param AccessToken $accessToken
* @param ResourceOwnerInterface $resourceOwner
*/
public function __construct($guid, $providerName, AccessToken $accessToken, ResourceOwnerInterface $resourceOwner)
{
if (Uuid::isValid($guid) === false) {
throw new \RuntimeException('Tried to create Transition object with an invalid GUID.');
}
$this->guid = $guid;
$this->accessToken = $accessToken;
$this->resourceOwner = $resourceOwner;
$providerEntity = new Entity\Provider();
$providerEntity->setProvider($providerName);
$providerEntity->setRefreshToken($accessToken->getRefreshToken());
$providerEntity->setResourceOwnerId($resourceOwner->getId());
$providerEntity->setResourceOwner($resourceOwner);
$this->providerEntity = $providerEntity;
}
/**
* Sets the token, expiry, etc values.
*
* @param array $options token options
*/
public function __construct(array $options = null)
{
parent::__construct($options);
if (isset($options['session_secret'])) {
$this->_secret = $options['session_secret'];
}
}
/**
* @return bool
* @throws FitbitTokenMissingException
*/
public function hasTokenExpired()
{
if (empty($this->access_token)) {
throw new FitbitTokenMissingException();
}
return $this->access_token->hasExpired();
}
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$fields = ['id', 'name', 'first_name', 'last_name', 'email', 'hometown', 'picture.type(large){url,is_silhouette}', 'cover{source}', 'gender', 'locale', 'link', 'timezone', 'age_range'];
// backwards compatibility less than 2.8
if ((double) substr($this->graphApiVersion, 1) < 2.8) {
$fields[] = 'bio';
}
$appSecretProof = AppSecretProof::create($this->clientSecret, $token->getToken());
return $this->getBaseGraphUrl() . $this->graphApiVersion . '/me?fields=' . implode(',', $fields) . '&access_token=' . $token . '&appsecret_proof=' . $appSecretProof;
}
/**
* @throws Exception
* @param sring $method
* @param string $path
* @param array $options
* @return ResponseInterface
*/
public function call($method, $path, array $options = [])
{
$doRequest = function ($method, $path, $accessToken, $options) {
$request = $this->provider->getAuthenticatedRequest($method, $this->provider->domain . "/{$path}", $accessToken, $options);
return $this->provider->getHttpClient()->send($request);
};
try {
$response = $doRequest($method, $path, $this->accessToken, $options);
} catch (ClientException $e) {
if (!$this->accessToken instanceof AccessToken || !$this->accessToken->hasExpired()) {
throw new Exception($e->getMessage(), $e->getCode(), $e);
}
$newAccessToken = $this->provider->getAccessToken('refresh_token', ['refresh_token' => $this->accessToken->getRefreshToken()]);
$response = $doRequest($method, $path, $newAccessToken, $options);
}
return $response;
}
/**
* Executes a request
*
* @param string|array|GuzzleHttp\Psr7\Uri $uri String, url template array or URL object
* @param string $method
* @param array|GuzzleHttp\Query $query
* @param string|array|object $data
* @param array $headers
* @return array|string|bool
* @throws GuzzleHttp\Exception\RequestException
*/
public function exec($uri, $method = 'GET', $query = null, $data = null, array $headers = [])
{
if (is_array($uri)) {
$uri = \GuzzleHttp\uri_template($uri[0], $uri[1]);
}
$method = strtoupper($method);
if (!isset($headers['Authorization']) && null !== $this->token) {
$headers['Authorization'] = 'Bearer ' . $this->token->getToken();
}
$reqOptions = ['headers' => $headers];
if (is_array($query) || $query instanceof Query) {
$reqOptions['query'] = $query;
}
if ($data !== null) {
$this->handleRequestData($method, $data, $reqOptions);
}
$resp = $this->tryRequest($method, $uri, $reqOptions);
if ($resp->getStatusCode() === 204) {
// No Content, just return true
return true;
}
return $this->parseResponse($resp);
}
/**
* @param AccessToken $token
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
return Config::get('laravel-oauth2-client.server_url_user_details') . '?access_token=' . $token->getToken();
}
/**
* Constructor.
*/
public function __construct(array $options)
{
parent::__construct($options);
}
/**
* Find a token matching the given parameters, or create one if it doesn't exist
*
* @param string $provider
* @param AccessToken $token
* @return self
*/
public static function createFromAccessToken($provider, AccessToken $token)
{
$data = ['Provider' => $provider, 'Token' => $token->getToken(), 'RefreshToken' => $token->getRefreshToken(), 'Expires' => $token->getExpires(), 'ResourceOwnerID' => $token->getResourceOwnerId()];
$token = static::create()->update($data);
return $token;
}
/**
* Returns the URL for requesting the resource owner's details.
*
* @param AccessToken $token
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
return sprintf('%s/users/me?oauth_token=%s', $this->baseUrl, $token->getToken());
}
/**
* Revoke access for the given token.
*
* @param AccessToken $accessToken
*
* @return mixed
*/
public function revoke(AccessToken $accessToken)
{
$options = $this->getAccessTokenOptions([]);
$uri = $this->appendQuery(self::BASE_FITBIT_API_URL . '/oauth2/revoke', $this->buildQueryString(['token' => $accessToken->getToken()]));
$request = $this->getRequest(self::METHOD_POST, $uri, $options);
return $this->getResponse($request);
}
/**
* Get provider url to fetch user details
*
* @param AccessToken $token
*
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
return 'https://api.deezer.com/user/me?' . http_build_query(['access_token' => $token->getToken()]);
}
/**
* Sets an access token and adds it to `AuthMiddleware` so the application
* can make authenticated requests.
*
* @param AccessToken $token
*
* @return void
*
* @codeCoverageIgnore
*/
public function setAccessToken(AccessToken $token)
{
$this->container->get('config')->set('access_token', json_encode($token->jsonSerialize()));
}
/**
* Get a refresh token from the OAuth provider.
*
* @param AccessToken $accessToken
*
* @throws IdentityProviderException
*
* @return AccessToken
*/
protected function getRefreshToken(AccessToken $accessToken)
{
if ($accessToken->hasExpired()) {
// Try to get an access token using the authorization code grant.
$accessToken = $this->getProvider()->getAccessToken('refresh_token', ['refresh_token' => $accessToken->getRefreshToken()]);
}
return $accessToken;
}
protected function getOpenidUrl(AccessToken $token)
{
return 'https://graph.qq.com/oauth2.0/me?' . http_build_query(['access_token' => $token->getToken()]);
}
/**
* Returns the URL for requesting the resource owner's details.
*
* @param AccessToken $token
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$fields = ['email', 'nickname', 'screen_name', 'sex', 'bdate', 'city', 'country', 'timezone', 'photo_50', 'photo_100', 'photo_200_orig', 'has_mobile', 'contacts', 'education', 'online', 'counters', 'relation', 'last_seen', 'status', 'can_write_private_message', 'can_see_all_posts', 'can_see_audio', 'can_post', 'universities', 'schools', 'verified'];
return "https://api.vk.com/method/users.get?user_id={$token->getResourceOwnerId()}&fields=" . implode(",", $fields) . "&access_token={$token}&v=" . static::API_VERSION;
}
/**
* Return our values as a string in the form of:
* GUID||token ID||resource owner ID
*
* @return string
*/
public function __toString()
{
//
return sprintf('%s||%s||%s', $this->guid, (string) $this->accessToken, $this->accessToken->getResourceOwnerId());
}
/**
* @param AccessToken $token
* @return string
*/
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
$fields = array_merge($this->defaultUserFields, $this->userFields);
$url = 'https://api.vk.com/method/users.get?' . http_build_query(['user_id' => $token->getResourceOwnerId(), 'fields' => implode(',', $fields), 'lang' => $this->lang, 'https' => $this->https, 'v' => $this->version]);
return $url;
}
