/**
* Complete the auth code grant
*
* @return array
*
* @throws
*/
public function completeFlow()
{
parent::completeFlow();
$accessToken = $this->server->getTokenType()->getParam('access_token');
$accessToken = $this->server->getAccessTokenStorage()->get($accessToken);
$this->server->getTokenType()->setParam('expires', (int) $accessToken->getExpireTime());
return $this->server->getTokenType()->generateResponse();
}
/**
* handle
*/
public function handle()
{
$clientRepository = new ClientRepository();
$scopeRepository = new ScopeRepository();
$accessTokenRepository = new AccessTokenRepository();
$authCodeRepository = new AuthCodeRepository();
$refreshTokenRepository = new RefreshTokenRepository();
$config = Yii::$container->get(ConfigInterface::class);
$privateKey = $config->get('privateKeyPath');
$publicKey = $config->get('publicKeyPath');
$server = new AuthorizationServer($clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey);
$codeTTL = $config->get('codeTTL', 'PT10M');
$refreshTokenTTL = $config->get('refreshTokenTTL', 'P1M');
$accessTokenTTL = $config->get('accessTokenTTL', 'PT1H');
$grant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, new \DateInterval($codeTTL));
$grant->setRefreshTokenTTL(new \DateInterval($refreshTokenTTL));
$server->enableGrantType($grant, new \DateInterval($accessTokenTTL));
return $server;
}
public static function getInstance()
{
if (self::$instance !== null) {
return self::$instance;
}
$oauth2config = \SimpleSAML_Configuration::getConfig('module_oauth2.php');
$accessTokenDuration = $oauth2config->getString('accessTokenDuration');
$authCodeDuration = $oauth2config->getString('authCodeDuration');
$passPhrase = $oauth2config->getString('pass_phrase', null);
$refreshTokenDuration = $oauth2config->getString('refreshTokenDuration');
$privateKeyPath = Config::getCertPath('oauth2_module.pem');
$publicKeyPath = Config::getCertPath('oauth2_module.crt');
$privateKey = new CryptKey($privateKeyPath, $passPhrase);
$publicKey = new CryptKey($publicKeyPath);
self::$instance = new AuthorizationServer(new ClientRepository(), new AccessTokenRepository(), new ScopeRepository(), $privateKey, $publicKey);
$authCodeGrant = new AuthCodeGrant(new AuthCodeRepository(), new RefreshTokenRepository(), new \DateInterval($authCodeDuration));
$authCodeGrant->setRefreshTokenTTL(new \DateInterval($refreshTokenDuration));
// refresh tokens will expire after 1 month
self::$instance->enableGrantType($authCodeGrant, new \DateInterval($accessTokenDuration));
$implicitGrant = new ImplicitGrant(new \DateInterval($accessTokenDuration));
self::$instance->enableGrantType($implicitGrant, new \DateInterval($accessTokenDuration));
return self::$instance;
}
function it_issues_an_auth_code(AuthorizationServer $issuer, AuthCodeGrant $authCodeGrant)
{
$authCodeGrant->newAuthorizeRequest('user', '1', ['foo' => 'bar'])->willReturn('baz')->shouldBeCalled();
$issuer->getGrantType('authorization_code')->willReturn($authCodeGrant)->shouldBeCalled();
$this->issueAuthCode('user', '1', ['foo' => 'bar'])->shouldReturn('baz');
}
$authorizationCodeLifetime = new \DateInterval($config->oauth['authorizationCodeLifetime']);
/**
* Using client_id & client_secret & username & password
*
*/
$passwordGrant = new PasswordGrant($userRepository, $refreshTokenRepository);
$passwordGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($passwordGrant, $accessTokenLifetime);
/**
* Using client_id & client_secret
*/
$clientCredentialsGrant = new ClientCredentialsGrant();
$server->enableGrantType($clientCredentialsGrant, $accessTokenLifetime);
/**
* Using client_id & client_secret
*/
$refreshTokenGrant = new RefreshTokenGrant($refreshTokenRepository);
$refreshTokenGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($refreshTokenGrant, $accessTokenLifetime);
/**
* Using response_type=code & client_id & redirect_uri & state
*/
$authCodeGrant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $authorizationCodeLifetime);
$authCodeGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($authCodeGrant, $accessTokenLifetime);
/**
* Using response_type=token & client_id & redirect_uri & state
*/
$server->enableGrantType(new ImplicitGrant($accessTokenLifetime), $accessTokenLifetime);
return $server;
});
/**
* enable AuthCodeGrant.
*
* @param $options
*
* @return AuthCodeGrant
*/
public function enableAuthCodeGrant($options)
{
// Init our repositories
$authCodeRepository = new AuthCodeRepository();
// instance of AuthCodeRepositoryInterface
$refreshTokenRepository = new RefreshTokenRepository();
$grant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $this->getDateInterval($options['auth_code_ttl']));
$grant->setRefreshTokenTTL($this->getDateInterval($options['refresh_token_ttl']));
// Enable the authentication code grant on the server
$this->authorizationServer->enableGrantType($grant, $this->getDateInterval($options['access_token_ttl']));
return $grant;
}