/**
* Take the provided authorization code values and store them somewhere.
*
* This function should be the storage counterpart to getAuthCode().
*
* If storage fails for some reason, we're not currently checking for
* any sort of success/failure, so you should bail out of the script
* and provide a descriptive fail message.
*
* Required for OAuth2::GRANT_TYPE_AUTH_CODE.
*
* @param string $code
* Authorization code string to be stored.
* @param IOAuth2Client $client
* The client associated with this authorization code.
* @param mixed $data
* Application data to associate with this authorization code, such as a User object.
* @param string $redirect_uri
* Redirect URI to be stored.
* @param int $expires
* The timestamp when the authorization code will expire.
* @param string $scope
* (optional) Scopes to be stored in space-separated string.
*
* @ingroup oauth2_section_4
*/
public function createAuthCode($code_str, IOAuth2Client $client, $data, $redirect_uri, $expires, $scope = null)
{
$code_bean = $this->redbean->dispense($this->tables['code']);
$code = new Code($code_bean);
$code->code = $code_str;
$code->client_id = $client->getPublicId();
$code->data = $data;
$code->redirect_uri = $redirect_uri;
$code->expires_in = $expires;
$code->has_expired = false;
$this->redbean->store($code->getBean());
}
/**
* Store the supplied access token values to storage.
*
* We need to store access token data as we create and verify tokens.
*
* @param string $oauth_token
* The access token string to be stored.
* @param IOAuth2Client $client
* The client associated with this refresh token.
* @param mixed $data
* Application data associated with the refresh token, such as a User object.
* @param int $expires
* The timestamp when the refresh token will expire.
* @param string $scope
* (optional) Scopes to be stored in space-separated string.
*
* @ingroup oauth2_section_4
*/
public function createAccessToken($oauth_token, IOAuth2Client $client, $data, $expires, $scope = null)
{
$access_token_bean = $this->redbean->dispense($this->tables['access_token']);
$access_token = new AccessToken($access_token_bean);
$access_token->token = $oauth_token;
$access_token->client_id = $client->getPublicId();
$access_token->data = $data;
$access_token->expires_in = $expires;
$access_token->has_expired = false;
$access_token->scope = $scope;
$this->redbean->store($access_token->getBean());
}
/**
* @param IOAuth2Client $client
* @param array $input
*
* @return array
* @throws OAuth2ServerException
*/
protected function grantAccessTokenRefreshToken(IOAuth2Client $client, array $input)
{
if (!$this->storage instanceof IOAuth2RefreshTokens) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_UNSUPPORTED_GRANT_TYPE);
}
if (!$input["refresh_token"]) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->storage->getRefreshToken($input["refresh_token"]);
if ($token === null || $client->getPublicId() !== $token->getClientId()) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Invalid refresh token', 470);
}
if ($token->hasExpired()) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Refresh token has expired', 471);
}
// store the refresh token locally so we can delete it when a new refresh token is generated
$this->oldRefreshToken = $token->getToken();
return array('scope' => $token->getScope(), 'data' => $token->getData());
}
public function createAuthCode($code, IOAuth2Client $client, $data, $redirectUri, $expires, $scope = null)
{
$token = new OAuth2AuthCode($client->getPublicId(), $code, $expires, $scope, $data, $redirectUri);
$this->authCodes[$code] = $token;
}
public function createRefreshToken($refreshToken, IOAuth2Client $client, $data, $expires, $scope = null)
{
$token = new OAuth2RefreshToken($client->getPublicId(), $refreshToken, $expires, $scope, $data);
$this->refreshToken[$refreshToken] = $token;
}
/**
* Grant access tokens for basic user credentials.
*
* Check the supplied username and password for validity.
* You can also use the $client param to do any checks required based on a client, if you need that.
* Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
*
* @param IOAuth2Client $client Client to check.
* @param string $username Username to check.
* @param string $password Password to check.
*
* @return bool|array Returns true if the username and password are valid or false if they aren't.
* Moreover, if the username and password are valid, and you want to
* verify the scope of a user's access, return an associative array
* with the scope values as below. We'll check the scope you provide
* against the requested scope before providing an access token:
* @code
* return array(
* 'scope' => <stored scope values (space-separated string)>,
* );
* @endcode
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3
*
* @ingroup oauth2_section_4
*/
public function checkUserCredentials(IOAuth2Client $client, $username, $password)
{
try {
$clientId = $client->getPublicId();
$sql = 'SELECT id, password FROM ' . self::TABLE_USERS . ' WHERE username = :username';
$stmt = $this->db->prepare($sql);
$stmt->bindParam(':username', $username, \PDO::PARAM_STR);
$stmt->execute();
$result = $stmt->fetch(\PDO::FETCH_ASSOC);
if (false === password_verify($password, $result['password'])) {
return false;
}
return array('scope' => '', 'data' => $result['id']);
} catch (PDOException $e) {
$this->handleException($e);
}
}
public function createAccessToken($oauth_token, IOAuth2Client $client, $data, $expires, $scope = NULL)
{
$token = new OAuth2AccessToken($client->getPublicId(), $oauth_token, $expires, $scope, $data);
$this->accessTokens[$oauth_token] = $token;
}
