public function getResourceOwnerDetailsUrl(AccessToken $token) { $fields = ['first_name', 'last_name', 'nickname', 'screen_name', 'sex', 'bdate', 'city', 'country', 'timezone', 'photo_50', 'photo_100', 'photo_200_orig', 'has_mobile', 'contacts', 'education', 'online', 'counters', 'relation', 'last_seen', 'status', 'can_write_private_message', 'can_see_all_posts', 'can_see_audio', 'can_post', 'universities', 'schools', 'verified']; $userId = $token->getResourceOwnerId(); $tokenValue = $token->getToken(); return "https://api.vk.com/method/users.get?user_id={$userId}&fields=" . implode($this->getScopeSeparator(), $fields) . "&access_token={$tokenValue}"; }
public function __construct(array $options = [], $provider) { parent::__construct($options); if (!empty($options['id_token'])) { $this->idToken = $options['id_token']; $keys = $provider->getJwtVerificationKeys(); $idTokenClaims = null; try { $tks = explode('.', $this->idToken); // Check if the id_token contains signature if (count($tks) == 3 && !empty($tks[2])) { $idTokenClaims = (array) JWT::decode($this->idToken, $keys, ['RS256']); } else { // The id_token is unsigned (coming from v1.0 endpoint) - https://msdn.microsoft.com/en-us/library/azure/dn645542.aspx // Validate the access_token signature first by parsing it as JWT into claims $accessTokenClaims = (array) JWT::decode($options['access_token'], $keys, ['RS256']); // Then parse the idToken claims only without validating the signature $idTokenClaims = (array) JWT::jsonDecode(JWT::urlsafeB64Decode($tks[1])); } } catch (JWT_Exception $e) { throw new RuntimeException("Unable to parse the id_token!"); } if ($provider->getClientId() != $idTokenClaims['aud']) { throw new RuntimeException("The audience is invalid!"); } if ($idTokenClaims['nbf'] > time() || $idTokenClaims['exp'] < time()) { // Additional validation is being performed in firebase/JWT itself throw new RuntimeException("The id_token is invalid!"); } if ($provider->tenant == "common") { $provider->tenant = $idTokenClaims['tid']; $tenant = $provider->getTenantDetails($provider->tenant); if ($idTokenClaims['iss'] != $tenant['issuer']) { throw new RuntimeException("Invalid token issuer!"); } } else { $tenant = $provider->getTenantDetails($provider->tenant); if ($idTokenClaims['iss'] != $tenant['issuer']) { throw new RuntimeException("Invalid token issuer!"); } } $this->idTokenClaims = $idTokenClaims; } }
/** * Complete the client credentials grant * * @return array * * @throws */ public function completeFlow() { $selfClient = app('selfClient'); // Get the required params if (is_null($selfClient)) { throw new Exception\InvalidClientException(); } // Validate client ID and client secret $client = $this->server->getClientStorage()->get($selfClient->id, $selfClient->secret, null, $this->getIdentifier()); if ($client instanceof ClientEntity === false) { $this->server->getEventEmitter()->emit(new Event\ClientAuthenticationFailedEvent($this->server->getRequest())); throw new Exception\InvalidClientException(); } // Create a new session $session = new SessionEntity($this->server); $session->setOwner('client', $client->getId()); $session->associateClient($client); // Generate an access token $accessToken = new AccessTokenEntity($this->server); $accessToken->setId(SecureKey::generate()); $accessToken->setExpireTime($this->getAccessTokenTTL() + time()); foreach ($session->getScopes() as $scope) { $accessToken->associateScope($scope); } // Save everything $session->save(); $accessToken->setSession($session); $accessToken->save(); $oauthClient = new GenericProvider(['clientId' => $selfClient->id, 'clientSecret' => $selfClient->secret, 'redirectUri' => null, 'urlAuthorize' => null, 'urlAccessToken' => null, 'urlResourceOwnerDetails' => null]); $accessToken = new AccessToken(['access_token' => $accessToken->getId(), 'expires' => $accessToken->getExpireTime()]); return function ($method, $url, $options = []) use($oauthClient, $accessToken) { return $oauthClient->getAuthenticatedRequest($method, $url, $accessToken, $options); }; }
/** * Check if the user access token connected to payout exists. If it does not exist, returns null. * * If it exist, check for its expiration. If the token has been expired, refresh it with new one. * * @param array $apiKeys * @param Payout $payout * @param int $expires * * @return Registry|AccessToken|null */ public static function getPayoutAccessToken($apiKeys, Payout $payout, $expires = 7) { try { $token = $payout->getStripe(); // Try to get an access token (using the authorization code grant) $alias = !$apiKeys['test'] ? 'production' : 'test'; if ($token === null or !$token->get('stripeconnect.' . $alias . '.access_token')) { return null; } $options = array('access_token' => $token->get('stripeconnect.' . $alias . '.access_token'), 'refresh_token' => $token->get('stripeconnect.' . $alias . '.refresh_token'), 'expires' => $token->get('stripeconnect.' . $alias . '.expires')); $accessToken = new AccessToken($options); if ($accessToken->hasExpired()) { $provider = new Stripe(['clientId' => $apiKeys['client_id'], 'clientSecret' => $apiKeys['secret_key']]); $accessToken = $provider->getAccessToken('refresh_token', ['refresh_token' => $token->get('stripeconnect.' . $alias . '.refresh_token')]); // Prepare expiration date. $date = new \JDate(); $date->add(new \DateInterval('P' . $expires . 'D')); $token->set('stripeconnect.' . $alias . '.access_token', $accessToken->getToken()); $token->set('stripeconnect.' . $alias . '.refresh_token', $accessToken->getRefreshToken()); $token->set('stripeconnect.' . $alias . '.expires', $date->getTimestamp()); $payout->setStripe($token); $payout->storeStripe(); } } catch (\Exception $e) { \JLog::add($e->getMessage()); return null; } return $accessToken; }
public function getResourceOwnerDetailsUrl(AccessToken $token) { $params = ['fields' => $this->userFields, 'access_token' => $token->getToken(), 'v' => $this->version, 'lang' => $this->lang]; $query = $this->buildQueryString($params); $url = "{$this->baseUri}/users.get?{$query}"; return $url; }
/** * Create an authentication cookie. * * @param string $path * @param AccessToken $accessToken * * @return \Symfony\Component\HttpFoundation\Cookie */ public static function create($path, AccessToken $accessToken) { if (!($expire = $accessToken->getExpires())) { $expire = time() + 3600; } return new CookieBase(TokenManager::TOKEN_COOKIE_NAME, $accessToken->getToken(), $expire, $path); }
/** * Query to insert a profile record. * * @param string $guid * @param string $provider * @param string $resourceOwnerId * @param AccessToken $accessToken * @param ResourceOwnerInterface $resourceOwner * * @return \Doctrine\DBAL\Query\QueryBuilder */ public function queryInsert($guid, $provider, $resourceOwnerId, AccessToken $accessToken, ResourceOwnerInterface $resourceOwner) { if ($guid === null) { $guid = $this->getGuidV4(); } return $this->getQueryBuilder()->insert($this->tableNameProvider)->values(['guid' => ':guid', 'provider' => ':provider', 'resource_owner_id' => ':resource_owner_id', 'refresh_token' => ':refresh_token', 'lastupdate' => ':lastupdate', 'resource_owner' => ':resource_owner'])->setParameters(['guid' => $guid, 'provider' => $provider, 'resource_owner_id' => $resourceOwnerId, 'refresh_token' => $accessToken->getRefreshToken(), 'lastupdate' => date('Y-m-d H:i:s', time()), 'resource_owner' => json_encode($resourceOwner->toArray())]); }
/** * @param \League\OAuth2\Client\Token\AccessToken $accessToken * @return boolean */ public static function storeAccessToken(\League\OAuth2\Client\Token\AccessToken $accessToken) { $result = file_put_contents(self::TOKENS_FILE_PATH, json_encode($accessToken->jsonSerialize()) . "\n", FILE_APPEND); if (!$result) { throw new \RuntimeException(sprintf("Could not store token into file %s - check file permissions", self::TOKENS_FILE_PATH)); } return $result; }
/** * Get user image from provider * * @param array $response * @param AccessToken $token * * @return array */ protected function getUserImage(array $response, AccessToken $token) { $guid = $token->getResourceOwnerId(); $url = 'https://social.yahooapis.com/v1/user/' . $guid . '/profile/image/' . $this->imageSize . '?format=json'; $request = $this->getAuthenticatedRequest('get', $url, $token); $response = $this->getResponse($request); return $response; }
/** * Returns an authenticated API client. * * Requires optional Gitlab API client to be installed. * * @return Client */ public function getApiClient() { if (!class_exists('\\Gitlab\\Client')) { throw new \LogicException(__METHOD__ . ' requires package m4tthumphrey/php-gitlab-api to be installed and autoloaded'); // @codeCoverageIgnore } $client = new Client(rtrim($this->domain, '/') . self::PATH_API); return $client->authenticate($this->token->getToken(), Client::AUTH_OAUTH_TOKEN); }
/** * Get Access Token * @return AccessToken * @throws \Exception */ private function getAccessToken() { if ($this->provider === null) { throw new EmptyProviderException(); } if ($this->token == null || $this->token->hasExpired()) { // Get and store a new token $this->token = $this->provider->getAccessToken('client_credentials'); } return $this->token; }
protected function loadToken() { // Carregar token da sessão $this->token = \Session::get('oauth_token'); // Verificar se token foi gerado if (is_null($this->token)) { return; } // Verificar se token jah expirou, se sim tentar atualizar o token if ($this->token->hasExpired() && is_null($this->token->getRefreshToken()) != true) { $this->token = $this->provider->getAccessToken('refresh_token', ['refresh_token' => $this->token->getRefreshToken()]); \Session::set('oauth_token', $this->token); } }
/** * Constructor. * * @param string $guid * @param string $providerName * @param AccessToken $accessToken * @param ResourceOwnerInterface $resourceOwner */ public function __construct($guid, $providerName, AccessToken $accessToken, ResourceOwnerInterface $resourceOwner) { if (Uuid::isValid($guid) === false) { throw new \RuntimeException('Tried to create Transition object with an invalid GUID.'); } $this->guid = $guid; $this->accessToken = $accessToken; $this->resourceOwner = $resourceOwner; $providerEntity = new Entity\Provider(); $providerEntity->setProvider($providerName); $providerEntity->setRefreshToken($accessToken->getRefreshToken()); $providerEntity->setResourceOwnerId($resourceOwner->getId()); $providerEntity->setResourceOwner($resourceOwner); $this->providerEntity = $providerEntity; }
/** * Sets the token, expiry, etc values. * * @param array $options token options */ public function __construct(array $options = null) { parent::__construct($options); if (isset($options['session_secret'])) { $this->_secret = $options['session_secret']; } }
/** * @return bool * @throws FitbitTokenMissingException */ public function hasTokenExpired() { if (empty($this->access_token)) { throw new FitbitTokenMissingException(); } return $this->access_token->hasExpired(); }
public function getResourceOwnerDetailsUrl(AccessToken $token) { $fields = ['id', 'name', 'first_name', 'last_name', 'email', 'hometown', 'picture.type(large){url,is_silhouette}', 'cover{source}', 'gender', 'locale', 'link', 'timezone', 'age_range']; // backwards compatibility less than 2.8 if ((double) substr($this->graphApiVersion, 1) < 2.8) { $fields[] = 'bio'; } $appSecretProof = AppSecretProof::create($this->clientSecret, $token->getToken()); return $this->getBaseGraphUrl() . $this->graphApiVersion . '/me?fields=' . implode(',', $fields) . '&access_token=' . $token . '&appsecret_proof=' . $appSecretProof; }
/** * @throws Exception * @param sring $method * @param string $path * @param array $options * @return ResponseInterface */ public function call($method, $path, array $options = []) { $doRequest = function ($method, $path, $accessToken, $options) { $request = $this->provider->getAuthenticatedRequest($method, $this->provider->domain . "/{$path}", $accessToken, $options); return $this->provider->getHttpClient()->send($request); }; try { $response = $doRequest($method, $path, $this->accessToken, $options); } catch (ClientException $e) { if (!$this->accessToken instanceof AccessToken || !$this->accessToken->hasExpired()) { throw new Exception($e->getMessage(), $e->getCode(), $e); } $newAccessToken = $this->provider->getAccessToken('refresh_token', ['refresh_token' => $this->accessToken->getRefreshToken()]); $response = $doRequest($method, $path, $newAccessToken, $options); } return $response; }
/** * Executes a request * * @param string|array|GuzzleHttp\Psr7\Uri $uri String, url template array or URL object * @param string $method * @param array|GuzzleHttp\Query $query * @param string|array|object $data * @param array $headers * @return array|string|bool * @throws GuzzleHttp\Exception\RequestException */ public function exec($uri, $method = 'GET', $query = null, $data = null, array $headers = []) { if (is_array($uri)) { $uri = \GuzzleHttp\uri_template($uri[0], $uri[1]); } $method = strtoupper($method); if (!isset($headers['Authorization']) && null !== $this->token) { $headers['Authorization'] = 'Bearer ' . $this->token->getToken(); } $reqOptions = ['headers' => $headers]; if (is_array($query) || $query instanceof Query) { $reqOptions['query'] = $query; } if ($data !== null) { $this->handleRequestData($method, $data, $reqOptions); } $resp = $this->tryRequest($method, $uri, $reqOptions); if ($resp->getStatusCode() === 204) { // No Content, just return true return true; } return $this->parseResponse($resp); }
/** * @param AccessToken $token * @return string */ public function getResourceOwnerDetailsUrl(AccessToken $token) { return Config::get('laravel-oauth2-client.server_url_user_details') . '?access_token=' . $token->getToken(); }
/** * Constructor. */ public function __construct(array $options) { parent::__construct($options); }
/** * Find a token matching the given parameters, or create one if it doesn't exist * * @param string $provider * @param AccessToken $token * @return self */ public static function createFromAccessToken($provider, AccessToken $token) { $data = ['Provider' => $provider, 'Token' => $token->getToken(), 'RefreshToken' => $token->getRefreshToken(), 'Expires' => $token->getExpires(), 'ResourceOwnerID' => $token->getResourceOwnerId()]; $token = static::create()->update($data); return $token; }
/** * Returns the URL for requesting the resource owner's details. * * @param AccessToken $token * @return string */ public function getResourceOwnerDetailsUrl(AccessToken $token) { return sprintf('%s/users/me?oauth_token=%s', $this->baseUrl, $token->getToken()); }
/** * Revoke access for the given token. * * @param AccessToken $accessToken * * @return mixed */ public function revoke(AccessToken $accessToken) { $options = $this->getAccessTokenOptions([]); $uri = $this->appendQuery(self::BASE_FITBIT_API_URL . '/oauth2/revoke', $this->buildQueryString(['token' => $accessToken->getToken()])); $request = $this->getRequest(self::METHOD_POST, $uri, $options); return $this->getResponse($request); }
/** * Get provider url to fetch user details * * @param AccessToken $token * * @return string */ public function getResourceOwnerDetailsUrl(AccessToken $token) { return 'https://api.deezer.com/user/me?' . http_build_query(['access_token' => $token->getToken()]); }
/** * Sets an access token and adds it to `AuthMiddleware` so the application * can make authenticated requests. * * @param AccessToken $token * * @return void * * @codeCoverageIgnore */ public function setAccessToken(AccessToken $token) { $this->container->get('config')->set('access_token', json_encode($token->jsonSerialize())); }
/** * Get a refresh token from the OAuth provider. * * @param AccessToken $accessToken * * @throws IdentityProviderException * * @return AccessToken */ protected function getRefreshToken(AccessToken $accessToken) { if ($accessToken->hasExpired()) { // Try to get an access token using the authorization code grant. $accessToken = $this->getProvider()->getAccessToken('refresh_token', ['refresh_token' => $accessToken->getRefreshToken()]); } return $accessToken; }
protected function getOpenidUrl(AccessToken $token) { return 'https://graph.qq.com/oauth2.0/me?' . http_build_query(['access_token' => $token->getToken()]); }
/** * Returns the URL for requesting the resource owner's details. * * @param AccessToken $token * @return string */ public function getResourceOwnerDetailsUrl(AccessToken $token) { $fields = ['email', 'nickname', 'screen_name', 'sex', 'bdate', 'city', 'country', 'timezone', 'photo_50', 'photo_100', 'photo_200_orig', 'has_mobile', 'contacts', 'education', 'online', 'counters', 'relation', 'last_seen', 'status', 'can_write_private_message', 'can_see_all_posts', 'can_see_audio', 'can_post', 'universities', 'schools', 'verified']; return "https://api.vk.com/method/users.get?user_id={$token->getResourceOwnerId()}&fields=" . implode(",", $fields) . "&access_token={$token}&v=" . static::API_VERSION; }
/** * Return our values as a string in the form of: * GUID||token ID||resource owner ID * * @return string */ public function __toString() { // return sprintf('%s||%s||%s', $this->guid, (string) $this->accessToken, $this->accessToken->getResourceOwnerId()); }
/** * @param AccessToken $token * @return string */ public function getResourceOwnerDetailsUrl(AccessToken $token) { $fields = array_merge($this->defaultUserFields, $this->userFields); $url = 'https://api.vk.com/method/users.get?' . http_build_query(['user_id' => $token->getResourceOwnerId(), 'fields' => implode(',', $fields), 'lang' => $this->lang, 'https' => $this->https, 'v' => $this->version]); return $url; }