public function register(Application $app) { parent::register($app); $app[AuthorizationServer::class] = $app->share(function () use($app) { /** @var AuthorizationServer $server */ $server = (new AuthorizationServer())->setAccessTokenStorage($app['oauth.accesstoken-storage'])->setSessionStorage($app['oauth.session-storage'])->setRefreshTokenStorage($app['oauth.refreshtoken-storage'])->setClientStorage($app['oauth.client-storage'])->setScopeStorage($app['oauth.scope-storage'])->setAuthCodeStorage($app['oauth.authcode-storage']); // standard auth code grant $authCodeGrant = new AuthCodeGrant(); $server->addGrantType($authCodeGrant); // password grant used by our apps $passwordGrant = new PasswordGrant(); $passwordGrant->setVerifyCredentialsCallback(function ($username, $password) use($app) { /** @var OAuth2AuthenticatorInterface $auth */ $auth = $app['oauth.authenticator']; $user = $auth->findUser(['username' => $username]); if ($user) { return $auth->authenticate($user, ['username' => $username, 'password' => $password]); } return false; }); $server->addGrantType($passwordGrant); $refreshTokenGrant = new RefreshTokenGrant(); $refreshTokenGrant->setRequireClientSecret(false); $server->addGrantType($refreshTokenGrant); return $server; }); $app[ResourceServer::class] = $app->share(function () use($app) { return new ResourceServer($app['oauth.session-storage'], $app['oauth.accesstoken-storage'], $app['oauth.client-storage'], $app['oauth.scope-storage']); }); $app['security.authentication_listener.factory.oauth'] = $app->protect(function ($name) use($app) { $app['security.authentication_provider.' . $name . '.oauth'] = $app->share(function ($app) { return $app[OAuth2Provider::class]; }); $app['security.authentication_listener.' . $name . '.oauth'] = $app->share(function ($app) { return $app[OAuth2Listener::class]; }); return ['security.authentication_provider.' . $name . '.oauth', 'security.authentication_listener.' . $name . '.oauth', null, 'pre_auth']; }); $app['security.authentication_listener.factory.oauth-optional'] = $app->protect(function ($name) use($app) { $app['security.authentication_provider.' . $name . '.oauth-optional'] = $app->share(function ($app) { $provider = new OAuth2Provider(); $provider->setContainer($app); return $provider; }); $app['security.authentication_listener.' . $name . '.oauth-optional'] = $app->share(function ($app) { $provider = new OAuth2OptionalListener(); $provider->setContainer($app); return $provider; }); return ['security.authentication_provider.' . $name . '.oauth-optional', 'security.authentication_listener.' . $name . '.oauth-optional', null, 'pre_auth']; }); }
/** * @return array * @throws \League\OAuth2\Server\Exception\InvalidClientException * @throws \League\OAuth2\Server\Exception\InvalidRefreshException * @throws \League\OAuth2\Server\Exception\InvalidRequestException * @throws \League\OAuth2\Server\Exception\InvalidScopeException */ public function completeFlow() { $response = parent::completeFlow(); // update user oauth token in session Session::put('oauth', $response); return $response; }
/** * handle */ public function handle() { $clientRepository = new ClientRepository(); $scopeRepository = new ScopeRepository(); $accessTokenRepository = new AccessTokenRepository(); $refreshTokenRepository = new RefreshTokenRepository(); $config = Yii::$container->get(ConfigInterface::class); $privateKey = $config->get('privateKeyPath'); $publicKey = $config->get('publicKeyPath'); $server = new AuthorizationServer($clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey); $refreshTokenTTL = $config->get('refreshTokenTTL', 'P1M'); $accessTokenTTL = $config->get('accessTokenTTL', 'PT1H'); $grant = new RefreshTokenGrant($refreshTokenRepository); $grant->setRefreshTokenTTL(new \DateInterval($refreshTokenTTL)); $server->enableGrantType($grant, new \DateInterval($accessTokenTTL)); return $server; }
/** * {@inheritdoc} */ public function completeFlow() { parent::completeFlow(); $accessToken = $this->server->getTokenType()->getParam('access_token'); $accessToken = $this->server->getAccessTokenStorage()->get($accessToken); $this->server->getTokenType()->setParam('expires', (int) $accessToken->getExpireTime()); return $this->server->getTokenType()->generateResponse(); }
$authorizationCodeLifetime = new \DateInterval($config->oauth['authorizationCodeLifetime']); /** * Using client_id & client_secret & username & password * */ $passwordGrant = new PasswordGrant($userRepository, $refreshTokenRepository); $passwordGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($passwordGrant, $accessTokenLifetime); /** * Using client_id & client_secret */ $clientCredentialsGrant = new ClientCredentialsGrant(); $server->enableGrantType($clientCredentialsGrant, $accessTokenLifetime); /** * Using client_id & client_secret */ $refreshTokenGrant = new RefreshTokenGrant($refreshTokenRepository); $refreshTokenGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($refreshTokenGrant, $accessTokenLifetime); /** * Using response_type=code & client_id & redirect_uri & state */ $authCodeGrant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $authorizationCodeLifetime); $authCodeGrant->setRefreshTokenTTL($refreshTokenLifetime); $server->enableGrantType($authCodeGrant, $accessTokenLifetime); /** * Using response_type=token & client_id & redirect_uri & state */ $server->enableGrantType(new ImplicitGrant($accessTokenLifetime), $accessTokenLifetime); return $server; });
/** * enable RefreshTokenGrant. * * @param $options * * @return RefreshTokenGrant */ public function enableRefreshTokenGrant($options) { // Init our repositories $refreshTokenRepository = new RefreshTokenRepository(); $grant = new RefreshTokenGrant($refreshTokenRepository); $grant->setRefreshTokenTTL($this->getDateInterval($options['refresh_token_ttl'])); // Enable the refresh token grant on the server $this->authorizationServer->enableGrantType($grant, $this->getDateInterval($options['access_token_ttl'])); return $grant; }
public function POST() { if (!isset($this->config['oauth'][$_SERVER['__version']])) { throw new \Exception('Forbidden.', 403); } elseif (!isset($_REQUEST['grant_type'])) { throw new \Exception('Bad Request.', 400); } $config = $this->config['oauth'][$_SERVER['__version']]; switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) { case 'oauth/access_token': try { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $grant_type = $_REQUEST['grant_type']; $grants = ['password']; if (isset($config['grants'])) { $grants = array_unique(array_merge($grants, $config['grants'])); } if (!in_array($grant_type, $grants)) { throw new \Exception('Unsupported grant type.', 403); } // Defaults TTLs to 1 day and 1 week respectively $token_ttl = 3600; $refresh_ttl = 604800; if (isset($config['ttl']['access_token'])) { $token_ttl = $config['ttl']['access_token']; } switch ($grant_type) { case 'authorization_code': throw new \Exception('Not Implemented', 501); break; case 'client_credentials': throw new \Exception('Not Implemented', 501); break; case 'implicit': throw new \Exception('Not Implemented', 501); break; case 'password': $grant = new PasswordGrant(); $grant->setAccessTokenTTL($token_ttl); $grant->setVerifyCredentialsCallback(function ($username, $password) { $user = new User(['conditions' => ['email' => $username]]); return $user->count() && password_verify($password, $user->record['password']); }); break; case 'refresh_token': throw new \Exception('Not Implemented', 501); // @todo Need to work through this, appears lib is busted $grant = new RefreshTokenGrant(); //$grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); break; } $server->addGrantType($grant); // Adds the refresh token grant if enabled if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) { if (isset($config['ttl']['refresh_token'])) { $refresh_ttl = $config['ttl']['refresh_token']; } $grant = new RefreshTokenGrant(); $grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); } $response = $server->issueAccessToken(); return $response; } catch (OAuthException $e) { throw new \Exception($e->getMessage(), $e->httpStatusCode); } catch (\Exception $e) { throw new \Exception($e->getMessage(), $e->getCode()); } break; default: throw new \Exception('Not Found.', 404); break; } }