/** * POST /oauth/access_token * * @param Request $request * * @return JsonResponse */ public function issueAccessToken(Request $request) { try { $response = $this->server->issueAccessToken(); return $this->respond($response); } catch (\Exception $e) { return $this->setStatusCode($e->httpStatusCode)->respond(['error' => $e->errorType, 'message' => $e->getMessage()], $e->getHttpHeaders()); } }
/** * Authenticate via the Access Token Grant * * @return JsonResponse */ public function accessToken() { try { $response = $this->server->issueAccessToken(); return response()->json($response); } catch (OAuthException $e) { $error = $e->errorType; $message = $e->getMessage(); $code = $e->httpStatusCode; $headers = $e->getHttpHeaders(); return response()->json(compact('error', 'message'), $code, $headers); } }
/** * @Route("/", methods={"POST"}) */ public function loginAction(Request $request) { $request->request->set('grant_type', 'password'); $request->request->set('client_id', $this->clientId); $request->request->set('client_secret', $this->clientSecret); $this->server->setRequest($request); try { $response = $this->server->issueAccessToken(); $request->getSession()->set('oauth_data', $response); return new Response(); } catch (OAuthException $e) { return new Response('', Response::HTTP_BAD_REQUEST); } }
/** * Do authorization. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ public function postIndex(Request $request) { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $server->addGrantType(new ClientCredentials()); $server->addGrantType(new RefreshToken()); $server->setTokenType(new Bearer()); try { $accessToken = $server->issueAccessToken(); $response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } finally { // Return the response $response->headers->set('Content-type', 'application/json'); return $response; } // TO DO: Remove previous active access token for current client }
/** * Resource owner password credentials grant. * * @param Request $request * * @return Response */ public function grantPasswordCredentials(Request $request) { $this->authorisationServer->setRequest($request); try { $response = $this->authorisationServer->issueAccessToken(); return new Response(json_encode($response), 200, ['Content-type' => 'application/json', 'Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { return $this->getExceptionResponse($e); } }
/** * Do client authorization based on user login. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ protected function completeAuthorizationFlow(Request $request, User $user) { // First create OAuth Auth Code $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setAuthCodeStorage(new AuthCodeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $server->addGrantType(new AuthCode()); $server->addGrantType(new RefreshToken()); $server->setTokenType(new Bearer()); $identifiedOAuth = $request->get('identified_oauth'); $authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()]; $redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams); parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr); // Complete the OAuth Auth flow $server->getRequest()->request->set('grant_type', 'authorization_code'); $server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId()); $server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret()); $server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri()); $server->getRequest()->request->set('code', $queryStr['code']); try { $accessToken = $server->issueAccessToken(); $response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } finally { // Return the response $response->headers->set('Content-type', 'application/json'); return $response; } // TO DO: Remove previous active access token for current client }
/** * Issue an access token if the request parameters are valid. * * @return array a response object for the protocol in use */ public function issueAccessToken() { return $this->issuer->issueAccessToken(); }
username = {username} password = {password} scope = {scope} optional ------------------------ grant_type = refresh_token client_id = testclient client_secret = refresh_token = {refresh token} This route will be used for logging in by using the password grant_type */ $app->post('/access_token/', function () use($app, $authorizationServer) { try { echo json_encode($authorizationServer->issueAccessToken()); } catch (\League\OAuth2\Server\Exception\InvalidRefreshException $e) { $error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]); $app->halt($e->httpStatusCode, $error); } catch (\League\OAuth2\Server\Exception\InvalidRequestException $e) { $error = json_encode(['error' => $e->errorType, 'message' => $e->getMessage()]); $app->halt($e->httpStatusCode, $error); } }); $app->get('/', function () use($app) { echo 'Nothing to see here'; }); $routeFiles = (array) glob('routes/*.php'); foreach ($routeFiles as $routeFile) { require $routeFile; }
/** * @return array * @throws \League\OAuth2\Server\Exception\InvalidRequestException * @throws \League\OAuth2\Server\Exception\UnsupportedGrantTypeException */ public function issueAccessToken() { return $this->authorizationServer->issueAccessToken(); }
function it_issues_an_access_token(AuthorizationServer $issuer) { $issuer->issueAccessToken()->willReturn('foo')->shouldBeCalled(); $this->issueAccessToken()->shouldReturn('foo'); }
/** * The route responsible for issuing access token * * @param Router $router * @param AuthorizationServer $authorizationServer * @return \Response */ private function accessTokenRoute(Router $router, AuthorizationServer $authorizationServer) { $router->post(Config::get('laravel-oauth2-server.access_token_path'), function () use($authorizationServer) { try { $response = $authorizationServer->issueAccessToken(); return response()->json($response); } catch (Exception $e) { return response()->json(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } }); }
public function POST() { if (!isset($this->config['oauth'][$_SERVER['__version']])) { throw new \Exception('Forbidden.', 403); } elseif (!isset($_REQUEST['grant_type'])) { throw new \Exception('Bad Request.', 400); } $config = $this->config['oauth'][$_SERVER['__version']]; switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) { case 'oauth/access_token': try { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $grant_type = $_REQUEST['grant_type']; $grants = ['password']; if (isset($config['grants'])) { $grants = array_unique(array_merge($grants, $config['grants'])); } if (!in_array($grant_type, $grants)) { throw new \Exception('Unsupported grant type.', 403); } // Defaults TTLs to 1 day and 1 week respectively $token_ttl = 3600; $refresh_ttl = 604800; if (isset($config['ttl']['access_token'])) { $token_ttl = $config['ttl']['access_token']; } switch ($grant_type) { case 'authorization_code': throw new \Exception('Not Implemented', 501); break; case 'client_credentials': throw new \Exception('Not Implemented', 501); break; case 'implicit': throw new \Exception('Not Implemented', 501); break; case 'password': $grant = new PasswordGrant(); $grant->setAccessTokenTTL($token_ttl); $grant->setVerifyCredentialsCallback(function ($username, $password) { $user = new User(['conditions' => ['email' => $username]]); return $user->count() && password_verify($password, $user->record['password']); }); break; case 'refresh_token': throw new \Exception('Not Implemented', 501); // @todo Need to work through this, appears lib is busted $grant = new RefreshTokenGrant(); //$grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); break; } $server->addGrantType($grant); // Adds the refresh token grant if enabled if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) { if (isset($config['ttl']['refresh_token'])) { $refresh_ttl = $config['ttl']['refresh_token']; } $grant = new RefreshTokenGrant(); $grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); } $response = $server->issueAccessToken(); return $response; } catch (OAuthException $e) { throw new \Exception($e->getMessage(), $e->httpStatusCode); } catch (\Exception $e) { throw new \Exception($e->getMessage(), $e->getCode()); } break; default: throw new \Exception('Not Found.', 404); break; } }
/** * This inherited method, from oauth2-server * aims to provide an access_token for users * when they request it. OAuth2-Server verifies * accuracy of credentials, and uses it's * storage-class based system which we implement * using eloquent models. * * This method also calls firewallOnScopes() * to ensure that an anonymous token is never * requested with scopes like "user" or so */ public function issueAccessToken() { $request = Request::createFromGlobals(); $grantType = $request->get('grant_type'); $clientId = $request->get('client_id'); $scopes = explode(' ', $request->get('scope')); switch ($clientId) { // We set client_secret = '' for webapp // and glpidefault. But the firewall will // only allow them to do certain things case 'webapp': case 'glpidefault': if (!$request->get('client_secret')) { $_POST['client_secret'] = ''; } break; } if (!$grantType == 'client_credentials') { if ($clientId != 'webapp') { throw new AccessDenied(); } } $this->firewallOnScopes($grantType, $scopes); return parent::issueAccessToken(); }