/**
* Create an OAuth2\Server instance.
*
* @return OAuth2Server
* @throws Exception\RuntimeException
*/
public function __invoke()
{
if ($this->server) {
return $this->server;
}
$config = $this->config;
if (!isset($config['storage']) || empty($config['storage'])) {
throw new Exception\RuntimeException('The storage configuration for OAuth2 is missing');
}
$storagesServices = array();
if (is_string($config['storage'])) {
$storagesServices[] = $config['storage'];
} elseif (is_array($config['storage'])) {
$storagesServices = $config['storage'];
} else {
throw new Exception\RuntimeException('The storage configuration for OAuth2 should be string or array');
}
$storage = array();
foreach ($storagesServices as $storageKey => $storagesService) {
$storage[$storageKey] = $this->services->get($storagesService);
}
$enforceState = isset($config['enforce_state']) ? $config['enforce_state'] : true;
$allowImplicit = isset($config['allow_implicit']) ? $config['allow_implicit'] : false;
$accessLifetime = isset($config['access_lifetime']) ? $config['access_lifetime'] : 3600;
$audience = isset($config['audience']) ? $config['audience'] : '';
$options = isset($config['options']) ? $config['options'] : array();
$options = array_merge(array('enforce_state' => $enforceState, 'allow_implicit' => $allowImplicit, 'access_lifetime' => $accessLifetime), $options);
// Pass a storage object or array of storage objects to the OAuth2 server class
$server = new OAuth2Server($storage, $options);
$availableGrantTypes = $config['grant_types'];
if (isset($availableGrantTypes['client_credentials']) && $availableGrantTypes['client_credentials'] === true) {
$clientOptions = array();
if (isset($options['allow_credentials_in_request_body'])) {
$clientOptions['allow_credentials_in_request_body'] = $options['allow_credentials_in_request_body'];
}
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new ClientCredentials($server->getStorage('client_credentials'), $clientOptions));
}
if (isset($availableGrantTypes['authorization_code']) && $availableGrantTypes['authorization_code'] === true) {
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new AuthorizationCode($server->getStorage('authorization_code')));
}
if (isset($availableGrantTypes['password']) && $availableGrantTypes['password'] === true) {
// Add the "User Credentials" grant type
$server->addGrantType(new UserCredentials($server->getStorage('user_credentials')));
}
if (isset($availableGrantTypes['jwt']) && $availableGrantTypes['jwt'] === true) {
// Add the "JWT Bearer" grant type
$server->addGrantType(new JwtBearer($server->getStorage('jwt_bearer'), $audience));
}
if (isset($availableGrantTypes['refresh_token']) && $availableGrantTypes['refresh_token'] === true) {
$refreshOptions = array();
if (isset($options['always_issue_new_refresh_token'])) {
$refreshOptions['always_issue_new_refresh_token'] = $options['always_issue_new_refresh_token'];
}
// Add the "Refresh Token" grant type
$server->addGrantType(new RefreshToken($server->getStorage('refresh_token'), $refreshOptions));
}
return $this->server = $server;
}
public function getApplication($clientId)
{
if (!$clientId) {
return null;
}
return $this->server->getStorage('client')->getApplication($clientId);
}
/**
* @param mixed $config
* @param mixed $name
* @param Server|null $server
* @return GrantTypeInterface
*
* @throws ConfigurationException
*/
public function create($config, $name = null, Server $server = null)
{
//If the config value is a string, assume that it's a grant type name, a class name, or a
//service name
if (is_string($config)) {
if (class_exists($config)) {
$config = array('class' => $config);
} else {
if ($obj = $this->resolveReference($config)) {
return $obj;
} else {
$config = array('name' => $config);
}
}
}
//See if it's a preconfigured object or a closure
if ($obj = $this->resolveReference($config)) {
return $obj;
}
//Otherwise, try to manually instantiate a class
if (is_array($config)) {
//Determine name, if missing
if (!isset($config['name'])) {
if (is_string($name)) {
$config['name'] = $name;
} else {
if (isset($config['class'])) {
$config['name'] = $this->camelCaseToUnderscore($config['class']);
}
}
}
//Determine class, if missing
if (isset($config['name']) && !isset($config['class'])) {
$config['class'] = $this->grantTypeNamespace . $this->underscoreToCamelCase($config['name']);
}
//Call constructor with the appropriate parameters
if (isset($config['class']) && class_exists($config['class'])) {
$storage = null;
if (isset($config['storage'])) {
$storage = $this->resolveReference($config['storage']);
}
if (!$storage && $server && isset($config['name'])) {
$storage = $server->getStorage($config['name']);
}
$class = $config['class'];
if ($storage && isset($config['options'])) {
return new $class($storage, $config['options']);
}
if ($storage) {
return new $class($storage);
}
return new $class();
}
}
throw new ConfigurationException('Unable to find or instantiate grant type ' . $name . ' from configuration ' . print_r($config, true));
}
public function testUsingJustJwtAccessTokenStorageWithResourceControllerIsOkay()
{
$pubkey = $this->getMock('OAuth2\\Storage\\PublicKeyInterface');
$server = new Server(array($pubkey), array('use_jwt_access_tokens' => true));
$this->assertNotNull($server->getResourceController());
$this->assertInstanceOf('OAuth2\\Storage\\PublicKeyInterface', $server->getStorage('public_key'));
}
/**
* Inject grant types into the OAuth2\Server instance, based on zf-oauth2
* configuration.
*
* @param OAuth2Server $server
* @param array $availableGrantTypes
* @param array $options
* @return OAuth2Server
*/
private static function injectGrantTypes(OAuth2Server $server, array $availableGrantTypes, array $options, ServiceLocatorInterface $services)
{
if (isset($availableGrantTypes['client_credentials']) && $availableGrantTypes['client_credentials'] === true) {
$clientOptions = [];
if (isset($options['allow_credentials_in_request_body'])) {
$clientOptions['allow_credentials_in_request_body'] = $options['allow_credentials_in_request_body'];
}
// Add the "Client Credentials" grant type (it is the simplest of the grant types)
$server->addGrantType(new ClientCredentials($server->getStorage('client_credentials'), $clientOptions));
}
if (isset($availableGrantTypes['authorization_code']) && $availableGrantTypes['authorization_code'] === true) {
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
$server->addGrantType(new AuthorizationCode($server->getStorage('authorization_code')));
}
if (isset($availableGrantTypes['password']) && $availableGrantTypes['password'] === true) {
// Add the "User Credentials" grant type
$server->addGrantType(new UserCredentials($server->getStorage('user_credentials')));
}
if (isset($availableGrantTypes['jwt']) && $availableGrantTypes['jwt'] === true) {
// Add the "JWT Bearer" grant type
$server->addGrantType(new JwtBearer($server->getStorage('jwt_bearer'), $options['audience']));
}
if (isset($availableGrantTypes['refresh_token']) && $availableGrantTypes['refresh_token'] === true) {
$refreshOptions = [];
if (isset($options['always_issue_new_refresh_token'])) {
$refreshOptions['always_issue_new_refresh_token'] = $options['always_issue_new_refresh_token'];
}
if (isset($options['refresh_token_lifetime'])) {
$refreshOptions['refresh_token_lifetime'] = $options['refresh_token_lifetime'];
}
// Add the "Refresh Token" grant type
$server->addGrantType(new RefreshToken($server->getStorage('refresh_token'), $refreshOptions));
}
// Add custom grant type from the service locator
if (isset($availableGrantTypes['custom_grant_types']) && is_array($availableGrantTypes['custom_grant_types'])) {
foreach ($availableGrantTypes['custom_grant_types'] as $grantKey => $grantType) {
if ($services->has($grantType)) {
$server->addGrantType($services->get($grantType, $grantKey));
}
}
}
return $server;
}
