/** * Complete the auth code grant * * @return array * * @throws */ public function completeFlow() { parent::completeFlow(); $accessToken = $this->server->getTokenType()->getParam('access_token'); $accessToken = $this->server->getAccessTokenStorage()->get($accessToken); $this->server->getTokenType()->setParam('expires', (int) $accessToken->getExpireTime()); return $this->server->getTokenType()->generateResponse(); }
/** * handle */ public function handle() { $clientRepository = new ClientRepository(); $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); $authCodeRepository = new AuthCodeRepository(); $refreshTokenRepository = new RefreshTokenRepository(); $config = Yii::$container->get(ConfigInterface::class); $privateKey = $config->get('privateKeyPath'); $publicKey = $config->get('publicKeyPath'); $server = new AuthorizationServer($clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey); $codeTTL = $config->get('codeTTL', 'PT10M'); $refreshTokenTTL = $config->get('refreshTokenTTL', 'P1M'); $accessTokenTTL = $config->get('accessTokenTTL', 'PT1H'); $grant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, new \DateInterval($codeTTL)); $grant->setRefreshTokenTTL(new \DateInterval($refreshTokenTTL)); $server->enableGrantType($grant, new \DateInterval($accessTokenTTL)); return $server; }
public static function getInstance() { if (self::$instance !== null) { return self::$instance; } $oauth2config = \SimpleSAML_Configuration::getConfig('module_oauth2.php'); $accessTokenDuration = $oauth2config->getString('accessTokenDuration'); $authCodeDuration = $oauth2config->getString('authCodeDuration'); $passPhrase = $oauth2config->getString('pass_phrase', null); $refreshTokenDuration = $oauth2config->getString('refreshTokenDuration'); $privateKeyPath = Config::getCertPath('oauth2_module.pem'); $publicKeyPath = Config::getCertPath('oauth2_module.crt'); $privateKey = new CryptKey($privateKeyPath, $passPhrase); $publicKey = new CryptKey($publicKeyPath); self::$instance = new AuthorizationServer(new ClientRepository(), new AccessTokenRepository(), new ScopeRepository(), $privateKey, $publicKey); $authCodeGrant = new AuthCodeGrant(new AuthCodeRepository(), new RefreshTokenRepository(), new \DateInterval($authCodeDuration)); $authCodeGrant->setRefreshTokenTTL(new \DateInterval($refreshTokenDuration)); // refresh tokens will expire after 1 month self::$instance->enableGrantType($authCodeGrant, new \DateInterval($accessTokenDuration)); $implicitGrant = new ImplicitGrant(new \DateInterval($accessTokenDuration)); self::$instance->enableGrantType($implicitGrant, new \DateInterval($accessTokenDuration)); return self::$instance; }
function it_issues_an_auth_code(AuthorizationServer $issuer, AuthCodeGrant $authCodeGrant) { $authCodeGrant->newAuthorizeRequest('user', '1', ['foo' => 'bar'])->willReturn('baz')->shouldBeCalled(); $issuer->getGrantType('authorization_code')->willReturn($authCodeGrant)->shouldBeCalled(); $this->issueAuthCode('user', '1', ['foo' => 'bar'])->shouldReturn('baz'); }
$authorizationCodeLifetime = new \DateInterval($config->oauth['authorizationCodeLifetime']); /** * Using client_id & client_secret & username & password * */ $passwordGrant = new PasswordGrant($userRepository, $refreshTokenRepository); $passwordGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($passwordGrant, $accessTokenLifetime); /** * Using client_id & client_secret */ $clientCredentialsGrant = new ClientCredentialsGrant(); $server->enableGrantType($clientCredentialsGrant, $accessTokenLifetime); /** * Using client_id & client_secret */ $refreshTokenGrant = new RefreshTokenGrant($refreshTokenRepository); $refreshTokenGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($refreshTokenGrant, $accessTokenLifetime); /** * Using response_type=code & client_id & redirect_uri & state */ $authCodeGrant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $authorizationCodeLifetime); $authCodeGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($authCodeGrant, $accessTokenLifetime); /** * Using response_type=token & client_id & redirect_uri & state */ $server->enableGrantType(new ImplicitGrant($accessTokenLifetime), $accessTokenLifetime); return $server; });
/** * enable AuthCodeGrant. * * @param $options * * @return AuthCodeGrant */ public function enableAuthCodeGrant($options) { // Init our repositories $authCodeRepository = new AuthCodeRepository(); // instance of AuthCodeRepositoryInterface $refreshTokenRepository = new RefreshTokenRepository(); $grant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $this->getDateInterval($options['auth_code_ttl'])); $grant->setRefreshTokenTTL($this->getDateInterval($options['refresh_token_ttl'])); // Enable the authentication code grant on the server $this->authorizationServer->enableGrantType($grant, $this->getDateInterval($options['access_token_ttl'])); return $grant; }