public function registerRoutes()
{
$this->get('/', function () {
return '
<html>
<head><title>Demo</title></head>
<body>
<form method="post" action="foo">
<input type="text" name="v">
<input type="submit">
</form>
</body>
</html>
';
});
$this->post('/foo', function (Request $request) {
$v = $request->getPostParameter('v');
if (null === $v) {
throw new BadRequestException('parameter "v" missing');
}
$response = new JsonResponse(201);
$response->setBody(array('status' => 'ok'));
return $response;
});
}
public function postToken(Request $request, UserInfoInterface $userInfo)
{
$tokenRequest = new TokenRequest($request);
$grantType = $tokenRequest->getGrantType();
$clientId = $tokenRequest->getClientId();
// the userId from Basic Autentication is the same as the client_id
$userId = $userInfo->getUserId();
$clientData = $this->db->getClient($userId);
if (false === $clientData) {
throw new RuntimeException('authenticated, but client no longer exists');
}
if (null !== $clientId) {
if ($clientId !== $userId) {
throw new BadRequestException('invalid_grant', 'authenicated user must match client_id in request body');
}
}
if ('code' !== $clientData->getType()) {
throw new BadRequestException('invalid_client', 'this client type is not allowed to use the token endpoint');
}
switch ($grantType) {
case 'authorization_code':
$accessToken = $this->handleCode($tokenRequest, $clientData);
break;
case 'refresh_token':
$accessToken = $this->handleRefreshToken($tokenRequest, $clientData);
break;
default:
throw new BadRequestException('invalid_request', 'unsupported grant_type');
}
$response = new JsonResponse();
$response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache'));
$response->setBody($accessToken);
return $response;
}
public function getTokenIntrospection(Request $request, $tokenValue)
{
if (null === $tokenValue) {
throw new BadRequestException('invalid_token', 'the token parameter is missing');
}
// FIXME: validate token format
$accessToken = $this->db->getAccessToken($tokenValue);
if (false === $accessToken) {
// token does not exist
$tokenInfo = array('active' => false);
} elseif ($this->io->getTime() > $accessToken['issue_time'] + $accessToken['expires_in']) {
// token expired
$tokenInfo = array('active' => false);
} else {
// token exists and did not expire
$tokenInfo = array('active' => true, 'exp' => intval($accessToken['issue_time'] + $accessToken['expires_in']), 'iat' => intval($accessToken['issue_time']), 'scope' => $accessToken['scope'], 'iss' => $request->getUrl()->getHost(), 'client_id' => $accessToken['client_id'], 'sub' => $accessToken['resource_owner_id'], 'user_id' => $accessToken['resource_owner_id'], 'token_type' => 'bearer');
// as long as we have no RS registration we cannot set the audience...
// $tokenInfo['aud'] => 'foo';
}
$response = new JsonResponse();
$response->setHeaders(array('Cache-Control' => 'no-store', 'Pragma' => 'no-cache'));
$response->setBody($tokenInfo);
return $response;
}
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
require_once dirname(__DIR__) . '/vendor/autoload.php';
use fkooman\Http\JsonResponse;
use fkooman\Rest\Service;
use fkooman\Http\Exception\BadRequestException;
$service = new Service();
$service->get('/hello/:str', function ($str) {
$response = new JsonResponse();
$response->setBody(array('type' => 'GET', 'response' => sprintf('hello %s', $str)));
return $response;
});
$service->post('/hello/:str', function ($str) {
if ('foo' === $str) {
throw new BadRequestException('you cannot say "foo!"');
}
$response = new JsonResponse();
$response->setBody(array('type' => 'POST', 'response' => sprintf('hello %s', $str)));
return $response;
});
$service->run()->send();