public function createUsedRefreshToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, $refresh_token)
{
$class = $this->getClass();
$expired_date = (new \Datetime('now +1 year'))->format('U');
$token = new $class();
/*
* @var $token \OAuth2\Token\RefreshTokenInterface
*/
$token->setToken($refresh_token)->setExpiresAt($expired_date)->setResourceOwnerPublicId($resource_owner->getPublicId())->setClientPublicId($client->getPublicId())->setUsed(true);
$this->getEntityManager()->persist($token);
$this->getEntityManager()->flush();
return $token;
}
/**
* {@inheritdoc}
*/
public function createRefreshToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, array $scope = [], array $metadatas = [])
{
$refresh_token = $this->createEmptyRefreshToken();
$refresh_token->setScope($scope);
if ($resource_owner instanceof UserAccountInterface) {
$refresh_token->setResourceOwnerPublicId($resource_owner->getUserPublicId());
$refresh_token->setUserAccountPublicId($resource_owner->getPublicId());
} else {
$refresh_token->setResourceOwnerPublicId($resource_owner->getPublicId());
}
$refresh_token->setClientPublicId($client->getPublicId());
$refresh_token->setExpiresAt(time() + $this->getLifetime($client));
$refresh_token->setToken($this->generateToken());
$refresh_token->setMetadatas($metadatas);
$this->updateRefreshToken($refresh_token);
$this->saveRefreshToken($refresh_token);
return $refresh_token;
}
/**
* @param string $type
* @param \OAuth2\ResourceOwner\ResourceOwnerInterface $client
*
* @return bool
*/
private function isTypeValid($type, ResourceOwnerInterface $client)
{
switch ($type) {
case 'end_user':
return $client instanceof EndUserInterface;
case 'client':
return $client instanceof ClientInterface;
case 'registered_client':
return $client instanceof RegisteredClientInterface;
case 'confidential_client':
return $client instanceof ConfidentialClientInterface;
case 'public_client':
return $client instanceof RegisteredClientInterface && !$client instanceof ConfidentialClientInterface;
case 'unregistered_client':
return $client instanceof ClientInterface && !$client instanceof RegisteredClientInterface;
default:
return $type === $client->getType();
}
}
/**
* {@inheritdoc}
*/
public function createAccessToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, array $token_type_parameters, array $request_parameters, array $scope = [], RefreshTokenInterface $refresh_token = null, ClientInterface $resource_server = null, array $metadatas = [])
{
$access_token = $this->createEmptyAccessToken();
$access_token->setExpiresAt(time() + $this->getLifetime($client));
$access_token->setScope($scope);
if ($resource_owner instanceof UserAccountInterface) {
$access_token->setResourceOwnerPublicId($resource_owner->getUserPublicId());
$access_token->setUserAccountPublicId($resource_owner->getPublicId());
} else {
$access_token->setResourceOwnerPublicId($resource_owner->getPublicId());
}
$access_token->setClientPublicId($client->getPublicId());
$access_token->setRefreshToken(null === $refresh_token ? null : $refresh_token->getToken());
$access_token->setMetadatas($metadatas);
foreach ($token_type_parameters as $key => $value) {
$access_token->setParameter($key, $value);
}
$this->updateAccessToken($access_token);
$this->populateAccessToken($access_token, $client, $resource_owner, $refresh_token, $resource_server);
$this->saveAccessToken($access_token);
return $access_token;
}
protected function addAccessToken($token, $expiresAt, ClientInterface $client, ResourceOwnerInterface $resourceOwner, array $scope = [], BaseRefreshTokenInterface $refresh_token = null)
{
if (null !== $this->event_dispatcher) {
$this->event_dispatcher->dispatch(Events::OAUTH2_PRE_ACCESS_TOKEN_CREATION, new PreAccessTokenCreationEvent($client, $scope, $resourceOwner, $refresh_token));
}
$class = $this->getClass();
/*
* @var \SpomkyLabs\OAuth2ServerBundle\Plugin\SimpleStringAccessTokenPlugin\Model\SimpleStringAccessTokenInterface
*/
$access_token = new $class();
$access_token->setToken($token)->setExpiresAt($expiresAt)->setClientPublicId($client->getPublicId())->setScope($scope);
if (null !== $resourceOwner) {
$access_token->setResourceOwnerPublicId($resourceOwner->getPublicId());
}
if (null !== $refresh_token) {
$access_token->setRefreshToken($refresh_token->getToken());
}
$this->getEntityManager()->persist($access_token);
$this->getEntityManager()->flush();
if (null !== $this->event_dispatcher) {
$this->event_dispatcher->dispatch(Events::OAUTH2_POST_ACCESS_TOKEN_CREATION, new PostAccessTokenCreationEvent($access_token));
}
return $access_token;
}
/**
* @param string $token
* @param int $expiresAt
* @param \OAuth2\Client\ClientInterface $client
* @param array $scope
* @param \OAuth2\ResourceOwner\ResourceOwnerInterface $resourceOwner
*
* @return mixed
*/
protected function addRefreshToken($token, $expiresAt, ClientInterface $client, ResourceOwnerInterface $resourceOwner, array $scope = [])
{
$class = $this->getClass();
/*
* @var \OAuth2\Token\RefreshTokenInterface
*/
$refresh_token = new $class();
$refresh_token->setClientPublicId($client->getPublicId())->setExpiresAt($expiresAt)->setResourceOwnerPublicId($resourceOwner->getPublicId())->setToken($token)->setScope($scope);
$this->save($refresh_token);
return $refresh_token;
}
/**
* @param \OAuth2\Client\ClientInterface $client
* @param array $scope
* @param \OAuth2\ResourceOwner\ResourceOwnerInterface|null $resource_owner
* @param \OAuth2\Token\RefreshTokenInterface|null $refresh_token
*
* @throws \OAuth2\Exception\BaseExceptionInterface
*
* @return array
*/
protected function preparePayload(ClientInterface $client, array $scope = [], ResourceOwnerInterface $resource_owner = null, RefreshTokenInterface $refresh_token = null)
{
$audience = $this->getConfiguration()->get('jwt_access_token_audience', null);
$issuer = $this->getConfiguration()->get('jwt_access_token_issuer', null);
if (!is_string($audience)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, 'The configuration option "jwt_access_token_audience" is not set.');
}
if (!is_string($issuer)) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, 'The configuration option "jwt_access_token_issuer" is not set.');
}
$payload = ['iss' => $issuer, 'aud' => $audience, 'iat' => time(), 'nbf' => time(), 'exp' => time() + $this->getLifetime($client), 'sub' => $client->getPublicId(), 'sco' => $scope];
if (null !== $resource_owner) {
$payload['r_o'] = $resource_owner->getPublicId();
}
if (null !== $refresh_token) {
$payload['ref'] = $refresh_token->getToken();
}
return $payload;
}
