/** * Register the Authorization server with the IoC container * @return void */ public function registerAuthorizer() { $this->app->bindShared('oauth2-server.authorizer', function ($app) { $config = $app['config']->get('oauth2'); $limitClientsToGrants = $config['limit_clients_to_grants']; $limitClientsToScopes = $config['limit_clients_to_scopes']; // Authorization server $issuer = new AuthorizationServer(); $issuer->setSessionStorage(new SessionStorage($app['db'])); $issuer->setAccessTokenStorage(new AccessTokenStorage($app['db'])); $issuer->setRefreshTokenStorage(new RefreshTokenStorage($app['db'])); $issuer->setClientStorage(new ClientStorage($app['db'], $limitClientsToGrants)); $issuer->setScopeStorage(new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants)); $issuer->setAuthCodeStorage(new AuthCodeStorage($app['db'])); $issuer->requireScopeParam($config['scope_param']); $issuer->setDefaultScope($config['default_scope']); $issuer->requireStateParam($config['state_param']); $issuer->setScopeDelimiter($config['scope_delimiter']); $issuer->setAccessTokenTTL($config['access_token_ttl']); // add the supported grant types to the authorization server foreach ($config['grant_types'] as $grantIdentifier => $grantParams) { $grant = new $grantParams['class'](); $grant->setAccessTokenTTL($grantParams['access_token_ttl']); if (array_key_exists('callback', $grantParams)) { $grant->setVerifyCredentialsCallback($grantParams['callback']); } if (array_key_exists('auth_token_ttl', $grantParams)) { $grant->setAuthTokenTTL($grantParams['auth_token_ttl']); } if (array_key_exists('refresh_token_ttl', $grantParams)) { $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']); } $issuer->addGrantType($grant); } // Resource server $sessionStorage = new SessionStorage($app['db']); $accessTokenStorage = new AccessTokenStorage($app['db']); $clientStorage = new ClientStorage($app['db'], $limitClientsToGrants); $scopeStorage = new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants); $checker = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage); $authorizer = new Authorizer($issuer, $checker); $authorizer->setRequest($app['request']); $authorizer->setTokenType($app->make($config['token_type'])); $app->refresh('request', $authorizer, 'setRequest'); return $authorizer; }); $this->app->bind('Rapiro\\OAuth2Server\\Authorizer', function ($app) { return $app['oauth2-server.authorizer']; }); }
public function initAuthorizationServer() { if (!$this->authorize) { $authorize = new AuthorizationServer(); $authorize->setDefaultScope($this->defaultScope); $authorize->setSessionStorage(new SessionStorage($this->db)); $authorize->setAccessTokenStorage(new AccessTokenStorage($this->db)); $authorize->setRefreshTokenStorage(new RefreshTokenStorage($this->db)); $authorize->setClientStorage(new ClientStorage($this->db)); $authorize->setScopeStorage(new ScopeStorage($this->db)); $authorize->setAuthCodeStorage(new AuthCodeStorage($this->db)); $this->authorize = $authorize; } return $this; }
/** * @param array $config Config array * @return void */ public function initialize(array $config) { $server = new AuthorizationServer(); $server->setSessionStorage(new Storage\SessionStorage()); $server->setAccessTokenStorage(new Storage\AccessTokenStorage()); $server->setClientStorage(new Storage\ClientStorage()); $server->setScopeStorage(new Storage\ScopeStorage()); $server->setAuthCodeStorage(new Storage\AuthCodeStorage()); $server->setRefreshTokenStorage(new Storage\RefreshTokenStorage()); $supportedGrants = isset($config['supportedGrants']) ? $config['supportedGrants'] : $this->config('supportedGrants'); foreach ($supportedGrants as $grant) { if (!in_array($grant, $this->_allowedGrants)) { throw new NotImplementedException(__('The {0} grant type is not supported by the OAuth server')); } $className = '\\League\\OAuth2\\Server\\Grant\\' . $grant . 'Grant'; $server->addGrantType(new $className()); } $server->setAccessTokenTTL($this->config('tokenTTL')); $this->Server = $server; }
/** * Register the Authorisation Server * * @return void */ private function authorisation() { $this->app->singleton('League\\OAuth2\\Server\\AuthorizationServer', function ($app) { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage($app->make('db'))); $server->setAccessTokenStorage(new AccessTokenStorage($app->make('db'))); $server->setRefreshTokenStorage(new RefreshTokenStorage($app->make('db'))); $server->setClientStorage(new ClientStorage($app->make('db'))); $server->setScopeStorage(new ScopeStorage($app->make('db'))); $server->setAuthCodeStorage(new AuthCodeStorage($app->make('db'))); $passwordGrant = new PasswordGrant(); $passwordGrant->setVerifyCredentialsCallback(function ($user, $pass) { return true; }); $server->addGrantType($passwordGrant); $refreshTokenGrant = new RefreshTokenGrant(); $server->addGrantType($refreshTokenGrant); $server->setRequest($app['request']); return $server; }); }
/** * Bootstrap application services. * * @param Router $router */ public function boot(Router $router) { $configPath = __DIR__ . '/../config/laravel-oauth2-server.php'; $this->publishes([$configPath => config_path('laravel-oauth2-server.php')], 'config'); $migrationPath = __DIR__ . '/../database/migrations/'; $this->publishes([$migrationPath => database_path('migrations/')], 'migrations'); $authorizationServer = new AuthorizationServer(); $authorizationServer->setSessionStorage(new Storage\SessionStorage()); $authorizationServer->setAccessTokenStorage(new Storage\AccessTokenStorage()); $authorizationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage()); $authorizationServer->setClientStorage(new Storage\ClientStorage()); $authorizationServer->setScopeStorage(new Storage\ScopeStorage()); $authorizationServer->setAuthCodeStorage(new Storage\AuthCodeStorage()); $authCodeGrant = new AuthCodeGrant(); $authorizationServer->addGrantType($authCodeGrant); $refreshTokenGrant = new RefreshTokenGrant(); $authorizationServer->addGrantType($refreshTokenGrant); $resourceServer = new ResourceServer(new Storage\SessionStorage(), new Storage\AccessTokenStorage(), new Storage\ClientStorage(), new Storage\ScopeStorage()); $this->authorizeRoute($router, $authorizationServer); $this->accessTokenRoute($router, $authorizationServer); $this->userDetailsRoute($router, $resourceServer); }
/** * Do client authorization based on user login. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ protected function completeAuthorizationFlow(Request $request, User $user) { // First create OAuth Auth Code $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setAuthCodeStorage(new AuthCodeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $server->addGrantType(new AuthCode()); $server->addGrantType(new RefreshToken()); $server->setTokenType(new Bearer()); $identifiedOAuth = $request->get('identified_oauth'); $authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()]; $redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams); parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr); // Complete the OAuth Auth flow $server->getRequest()->request->set('grant_type', 'authorization_code'); $server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId()); $server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret()); $server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri()); $server->getRequest()->request->set('code', $queryStr['code']); try { $accessToken = $server->issueAccessToken(); $response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } finally { // Return the response $response->headers->set('Content-type', 'application/json'); return $response; } // TO DO: Remove previous active access token for current client }