/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); if ($this->authorizer->getResourceOwnerType() !== 'user') { throw new AccessDeniedException(); } return $next($request); }
/** * @return \Illuminate\Http\Response */ public function postAccessToken(Request $request) { //Patch because the package doesn't support json body parameter, we have to do this $this->request->request->replace($request->all()); //Replace the request instance into the authorizer $this->authorizer->setRequest($this->request); //Issue the access token return response()->json($this->authorizer->issueAccessToken()); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); $this->authorizer->validateAccessToken($this->httpHeadersOnly); if ($this->authorizer->getResourceOwnerType() !== 'client') { throw new AccessDeniedException(); } return $next($request); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @throws \League\OAuth2\Server\Exception\AccessDeniedException * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); $user = $this->authorizer->getResourceOwnerId(); $user = json_decode($user, true)['data']; if (in_array($user['role'], ['store_manager', 'admin'])) { return $next($request); } throw new AccessDeniedException(); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string|null $scopesString * * @throws \League\OAuth2\Server\Exception\InvalidScopeException * * @return mixed */ public function handle($request, Closure $next, $scopesString = null) { //$scopes = []; //if (!is_null($scopesString)) { // $scopes = explode('+', $scopesString); //} $this->authorizer->setRequest($request); $this->authorizer->validateAccessToken($this->httpHeadersOnly); //$this->validateScopes($scopes); return $next($request); }
/** * Register the Authorization server with the IoC container * @return void */ public function registerAuthorizer() { $this->app->bindShared('oauth2-server.authorizer', function ($app) { $config = $app['config']->get('oauth2'); $issuer = $app->make('League\\OAuth2\\Server\\AuthorizationServer')->setClientStorage($app->make('League\\OAuth2\\Server\\Storage\\ClientInterface'))->setSessionStorage($app->make('League\\OAuth2\\Server\\Storage\\SessionInterface'))->setAuthCodeStorage($app->make('League\\OAuth2\\Server\\Storage\\AuthCodeInterface'))->setAccessTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\AccessTokenInterface'))->setRefreshTokenStorage($app->make('League\\OAuth2\\Server\\Storage\\RefreshTokenInterface'))->setScopeStorage($app->make('League\\OAuth2\\Server\\Storage\\ScopeInterface'))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']); // add the supported grant types to the authorization server foreach ($config['grant_types'] as $grantIdentifier => $grantParams) { $grant = new $grantParams['class'](); $grant->setAccessTokenTTL($grantParams['access_token_ttl']); if (array_key_exists('callback', $grantParams)) { $grant->setVerifyCredentialsCallback($grantParams['callback']); } if (array_key_exists('auth_token_ttl', $grantParams)) { $grant->setAuthTokenTTL($grantParams['auth_token_ttl']); } if (array_key_exists('refresh_token_ttl', $grantParams)) { $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']); } $issuer->addGrantType($grant); } $checker = $app->make('League\\OAuth2\\Server\\ResourceServer'); $authorizer = new Authorizer($issuer, $checker); $authorizer->setRequest($app['request']); $authorizer->setTokenType($app->make($config['token_type'])); $app->refresh('request', $authorizer, 'setRequest'); return $authorizer; }); $this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) { return $app['oauth2-server.authorizer']; }); }
/** * Register the Authorization server with the IoC container * @return void */ public function registerAuthorizer() { $this->app->bindShared('oauth2-server.authorizer', function ($app) { $config = $app['config']->get('oauth2-server-laravel::oauth2'); $checker = $app->make('League\\OAuth2\\Server\\ResourceServer'); $authorizer = new Authorizer($checker); $authorizer->setRequest($app['request']); $authorizer->setTokenType($app->make($config['token_type'])); $app->refresh('request', $authorizer, 'setRequest'); return $authorizer; }); $this->app->bind('LucaDegasperi\\OAuth2Server\\Authorizer', function ($app) { return $app['oauth2-server.authorizer']; }); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @param string|null $scopesString * * @throws \League\OAuth2\Server\Exception\InvalidScopeException * * @return mixed */ public function handle($request, Closure $next, $scopesString = null) { $this->authorizer->setRequest($request); $this->authorizer->validateAccessToken($this->httpHeadersOnly); $scopes_sets = []; if (!is_null($scopesString)) { $scopes_sets = explode('|', $scopesString); } if (count($scopes_sets) === 0) { return $next($request); } $valid = false; foreach ($scopes_sets as $scopes) { $scopes = explode(',', $scopes); if ($this->validateScopes($scopes)) { $valid = true; break; } } if ($valid === false) { throw new InvalidScopeException($scopesString); } return $next($request); }
/** * Set the request to use on the issuer and checker. * * @param \Symfony\Component\HttpFoundation\Request $request * @static */ public static function setRequest($request) { return \LucaDegasperi\OAuth2Server\Authorizer::setRequest($request); }
/** * Register the Authorization server with the IoC container. * * @param \Illuminate\Contracts\Foundation\Application $app * * @return void */ public function registerAuthorizer(Application $app) { $app->singleton('oauth2-server.authorizer', function ($app) { $config = $app['config']->get('oauth2'); $issuer = $app->make(AuthorizationServer::class)->setClientStorage($app->make(ClientInterface::class))->setSessionStorage($app->make(SessionInterface::class))->setAuthCodeStorage($app->make(AuthCodeInterface::class))->setAccessTokenStorage($app->make(AccessTokenInterface::class))->setRefreshTokenStorage($app->make(RefreshTokenInterface::class))->setScopeStorage($app->make(ScopeInterface::class))->requireScopeParam($config['scope_param'])->setDefaultScope($config['default_scope'])->requireStateParam($config['state_param'])->setScopeDelimiter($config['scope_delimiter'])->setAccessTokenTTL($config['access_token_ttl']); // add the supported grant types to the authorization server foreach ($config['grant_types'] as $grantIdentifier => $grantParams) { $grant = $app->make($grantParams['class']); $grant->setAccessTokenTTL($grantParams['access_token_ttl']); if (array_key_exists('callback', $grantParams)) { list($className, $method) = array_pad(explode('@', $grantParams['callback']), 2, 'verify'); $verifier = $app->make($className); $grant->setVerifyCredentialsCallback([$verifier, $method]); } if (array_key_exists('auth_token_ttl', $grantParams)) { $grant->setAuthTokenTTL($grantParams['auth_token_ttl']); } if (array_key_exists('refresh_token_ttl', $grantParams)) { $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']); } if (array_key_exists('rotate_refresh_tokens', $grantParams)) { $grant->setRefreshTokenRotation($grantParams['rotate_refresh_tokens']); } $issuer->addGrantType($grant); } $checker = $app->make(ResourceServer::class); $authorizer = new Authorizer($issuer, $checker); $authorizer->setRequest($app['request']); $authorizer->setTokenType($app->make($config['token_type'])); $app->refresh('request', $authorizer, 'setRequest'); return $authorizer; }); $app->alias('oauth2-server.authorizer', Authorizer::class); }
/** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { $this->authorizer->setRequest($request); $this->authorizer->checkAuthCodeRequest(); return $next($request); }