/** * Create an OAuth2\Server instance. * * @return OAuth2Server * @throws Exception\RuntimeException */ public function __invoke() { if ($this->server) { return $this->server; } $config = $this->config; if (!isset($config['storage']) || empty($config['storage'])) { throw new Exception\RuntimeException('The storage configuration for OAuth2 is missing'); } $storagesServices = array(); if (is_string($config['storage'])) { $storagesServices[] = $config['storage']; } elseif (is_array($config['storage'])) { $storagesServices = $config['storage']; } else { throw new Exception\RuntimeException('The storage configuration for OAuth2 should be string or array'); } $storage = array(); foreach ($storagesServices as $storageKey => $storagesService) { $storage[$storageKey] = $this->services->get($storagesService); } $enforceState = isset($config['enforce_state']) ? $config['enforce_state'] : true; $allowImplicit = isset($config['allow_implicit']) ? $config['allow_implicit'] : false; $accessLifetime = isset($config['access_lifetime']) ? $config['access_lifetime'] : 3600; $audience = isset($config['audience']) ? $config['audience'] : ''; $options = isset($config['options']) ? $config['options'] : array(); $options = array_merge(array('enforce_state' => $enforceState, 'allow_implicit' => $allowImplicit, 'access_lifetime' => $accessLifetime), $options); // Pass a storage object or array of storage objects to the OAuth2 server class $server = new OAuth2Server($storage, $options); $availableGrantTypes = $config['grant_types']; if (isset($availableGrantTypes['client_credentials']) && $availableGrantTypes['client_credentials'] === true) { $clientOptions = array(); if (isset($options['allow_credentials_in_request_body'])) { $clientOptions['allow_credentials_in_request_body'] = $options['allow_credentials_in_request_body']; } // Add the "Client Credentials" grant type (it is the simplest of the grant types) $server->addGrantType(new ClientCredentials($server->getStorage('client_credentials'), $clientOptions)); } if (isset($availableGrantTypes['authorization_code']) && $availableGrantTypes['authorization_code'] === true) { // Add the "Authorization Code" grant type (this is where the oauth magic happens) $server->addGrantType(new AuthorizationCode($server->getStorage('authorization_code'))); } if (isset($availableGrantTypes['password']) && $availableGrantTypes['password'] === true) { // Add the "User Credentials" grant type $server->addGrantType(new UserCredentials($server->getStorage('user_credentials'))); } if (isset($availableGrantTypes['jwt']) && $availableGrantTypes['jwt'] === true) { // Add the "JWT Bearer" grant type $server->addGrantType(new JwtBearer($server->getStorage('jwt_bearer'), $audience)); } if (isset($availableGrantTypes['refresh_token']) && $availableGrantTypes['refresh_token'] === true) { $refreshOptions = array(); if (isset($options['always_issue_new_refresh_token'])) { $refreshOptions['always_issue_new_refresh_token'] = $options['always_issue_new_refresh_token']; } // Add the "Refresh Token" grant type $server->addGrantType(new RefreshToken($server->getStorage('refresh_token'), $refreshOptions)); } return $this->server = $server; }
public function getApplication($clientId) { if (!$clientId) { return null; } return $this->server->getStorage('client')->getApplication($clientId); }
/** * @param mixed $config * @param mixed $name * @param Server|null $server * @return GrantTypeInterface * * @throws ConfigurationException */ public function create($config, $name = null, Server $server = null) { //If the config value is a string, assume that it's a grant type name, a class name, or a //service name if (is_string($config)) { if (class_exists($config)) { $config = array('class' => $config); } else { if ($obj = $this->resolveReference($config)) { return $obj; } else { $config = array('name' => $config); } } } //See if it's a preconfigured object or a closure if ($obj = $this->resolveReference($config)) { return $obj; } //Otherwise, try to manually instantiate a class if (is_array($config)) { //Determine name, if missing if (!isset($config['name'])) { if (is_string($name)) { $config['name'] = $name; } else { if (isset($config['class'])) { $config['name'] = $this->camelCaseToUnderscore($config['class']); } } } //Determine class, if missing if (isset($config['name']) && !isset($config['class'])) { $config['class'] = $this->grantTypeNamespace . $this->underscoreToCamelCase($config['name']); } //Call constructor with the appropriate parameters if (isset($config['class']) && class_exists($config['class'])) { $storage = null; if (isset($config['storage'])) { $storage = $this->resolveReference($config['storage']); } if (!$storage && $server && isset($config['name'])) { $storage = $server->getStorage($config['name']); } $class = $config['class']; if ($storage && isset($config['options'])) { return new $class($storage, $config['options']); } if ($storage) { return new $class($storage); } return new $class(); } } throw new ConfigurationException('Unable to find or instantiate grant type ' . $name . ' from configuration ' . print_r($config, true)); }
public function testUsingJustJwtAccessTokenStorageWithResourceControllerIsOkay() { $pubkey = $this->getMock('OAuth2\\Storage\\PublicKeyInterface'); $server = new Server(array($pubkey), array('use_jwt_access_tokens' => true)); $this->assertNotNull($server->getResourceController()); $this->assertInstanceOf('OAuth2\\Storage\\PublicKeyInterface', $server->getStorage('public_key')); }
/** * Inject grant types into the OAuth2\Server instance, based on zf-oauth2 * configuration. * * @param OAuth2Server $server * @param array $availableGrantTypes * @param array $options * @return OAuth2Server */ private static function injectGrantTypes(OAuth2Server $server, array $availableGrantTypes, array $options, ServiceLocatorInterface $services) { if (isset($availableGrantTypes['client_credentials']) && $availableGrantTypes['client_credentials'] === true) { $clientOptions = []; if (isset($options['allow_credentials_in_request_body'])) { $clientOptions['allow_credentials_in_request_body'] = $options['allow_credentials_in_request_body']; } // Add the "Client Credentials" grant type (it is the simplest of the grant types) $server->addGrantType(new ClientCredentials($server->getStorage('client_credentials'), $clientOptions)); } if (isset($availableGrantTypes['authorization_code']) && $availableGrantTypes['authorization_code'] === true) { // Add the "Authorization Code" grant type (this is where the oauth magic happens) $server->addGrantType(new AuthorizationCode($server->getStorage('authorization_code'))); } if (isset($availableGrantTypes['password']) && $availableGrantTypes['password'] === true) { // Add the "User Credentials" grant type $server->addGrantType(new UserCredentials($server->getStorage('user_credentials'))); } if (isset($availableGrantTypes['jwt']) && $availableGrantTypes['jwt'] === true) { // Add the "JWT Bearer" grant type $server->addGrantType(new JwtBearer($server->getStorage('jwt_bearer'), $options['audience'])); } if (isset($availableGrantTypes['refresh_token']) && $availableGrantTypes['refresh_token'] === true) { $refreshOptions = []; if (isset($options['always_issue_new_refresh_token'])) { $refreshOptions['always_issue_new_refresh_token'] = $options['always_issue_new_refresh_token']; } if (isset($options['refresh_token_lifetime'])) { $refreshOptions['refresh_token_lifetime'] = $options['refresh_token_lifetime']; } // Add the "Refresh Token" grant type $server->addGrantType(new RefreshToken($server->getStorage('refresh_token'), $refreshOptions)); } // Add custom grant type from the service locator if (isset($availableGrantTypes['custom_grant_types']) && is_array($availableGrantTypes['custom_grant_types'])) { foreach ($availableGrantTypes['custom_grant_types'] as $grantKey => $grantType) { if ($services->has($grantType)) { $server->addGrantType($services->get($grantType, $grantKey)); } } } return $server; }