/** * Do authorization. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ public function postIndex(Request $request) { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $server->addGrantType(new ClientCredentials()); $server->addGrantType(new RefreshToken()); $server->setTokenType(new Bearer()); try { $accessToken = $server->issueAccessToken(); $response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } finally { // Return the response $response->headers->set('Content-type', 'application/json'); return $response; } // TO DO: Remove previous active access token for current client }
/** * Register the Authorization server with the IoC container * @return void */ public function registerAuthorizer() { $this->app->bindShared('oauth2-server.authorizer', function ($app) { $config = $app['config']->get('oauth2'); $limitClientsToGrants = $config['limit_clients_to_grants']; $limitClientsToScopes = $config['limit_clients_to_scopes']; // Authorization server $issuer = new AuthorizationServer(); $issuer->setSessionStorage(new SessionStorage($app['db'])); $issuer->setAccessTokenStorage(new AccessTokenStorage($app['db'])); $issuer->setRefreshTokenStorage(new RefreshTokenStorage($app['db'])); $issuer->setClientStorage(new ClientStorage($app['db'], $limitClientsToGrants)); $issuer->setScopeStorage(new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants)); $issuer->setAuthCodeStorage(new AuthCodeStorage($app['db'])); $issuer->requireScopeParam($config['scope_param']); $issuer->setDefaultScope($config['default_scope']); $issuer->requireStateParam($config['state_param']); $issuer->setScopeDelimiter($config['scope_delimiter']); $issuer->setAccessTokenTTL($config['access_token_ttl']); // add the supported grant types to the authorization server foreach ($config['grant_types'] as $grantIdentifier => $grantParams) { $grant = new $grantParams['class'](); $grant->setAccessTokenTTL($grantParams['access_token_ttl']); if (array_key_exists('callback', $grantParams)) { $grant->setVerifyCredentialsCallback($grantParams['callback']); } if (array_key_exists('auth_token_ttl', $grantParams)) { $grant->setAuthTokenTTL($grantParams['auth_token_ttl']); } if (array_key_exists('refresh_token_ttl', $grantParams)) { $grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']); } $issuer->addGrantType($grant); } // Resource server $sessionStorage = new SessionStorage($app['db']); $accessTokenStorage = new AccessTokenStorage($app['db']); $clientStorage = new ClientStorage($app['db'], $limitClientsToGrants); $scopeStorage = new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants); $checker = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage); $authorizer = new Authorizer($issuer, $checker); $authorizer->setRequest($app['request']); $authorizer->setTokenType($app->make($config['token_type'])); $app->refresh('request', $authorizer, 'setRequest'); return $authorizer; }); $this->app->bind('Rapiro\\OAuth2Server\\Authorizer', function ($app) { return $app['oauth2-server.authorizer']; }); }
public function initAuthorizationServer() { if (!$this->authorize) { $authorize = new AuthorizationServer(); $authorize->setDefaultScope($this->defaultScope); $authorize->setSessionStorage(new SessionStorage($this->db)); $authorize->setAccessTokenStorage(new AccessTokenStorage($this->db)); $authorize->setRefreshTokenStorage(new RefreshTokenStorage($this->db)); $authorize->setClientStorage(new ClientStorage($this->db)); $authorize->setScopeStorage(new ScopeStorage($this->db)); $authorize->setAuthCodeStorage(new AuthCodeStorage($this->db)); $this->authorize = $authorize; } return $this; }
/** * Set up an OAuth2 Authorization Server. */ protected function setAuthorizationServer() { $this->authorisationServer = new AuthorizationServer(); // Storage $this->authorisationServer->setSessionStorage(new Storage\SessionStorage()); $this->authorisationServer->setAccessTokenStorage(new Storage\AccessTokenStorage()); $this->authorisationServer->setClientStorage(new Storage\ClientStorage()); $this->authorisationServer->setScopeStorage(new Storage\ScopeStorage()); $this->authorisationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage()); // Grants $this->authorisationServer->addGrantType(new RefreshTokenGrant()); // Events $this->authorisationServer->addEventListener('error.auth.client', [$this, 'eventErrorAuthClient']); $this->authorisationServer->addEventListener('error.auth.user', [$this, 'eventErrorAuthUser']); $this->authorisationServer->addEventListener('session.owner', [$this, 'eventSessionOwner']); }
/** * @param array $config Config array * @return void */ public function initialize(array $config) { $server = new AuthorizationServer(); $server->setSessionStorage(new Storage\SessionStorage()); $server->setAccessTokenStorage(new Storage\AccessTokenStorage()); $server->setClientStorage(new Storage\ClientStorage()); $server->setScopeStorage(new Storage\ScopeStorage()); $server->setAuthCodeStorage(new Storage\AuthCodeStorage()); $server->setRefreshTokenStorage(new Storage\RefreshTokenStorage()); $supportedGrants = isset($config['supportedGrants']) ? $config['supportedGrants'] : $this->config('supportedGrants'); foreach ($supportedGrants as $grant) { if (!in_array($grant, $this->_allowedGrants)) { throw new NotImplementedException(__('The {0} grant type is not supported by the OAuth server')); } $className = '\\League\\OAuth2\\Server\\Grant\\' . $grant . 'Grant'; $server->addGrantType(new $className()); } $server->setAccessTokenTTL($this->config('tokenTTL')); $this->Server = $server; }
/** * Register the Authorisation Server * * @return void */ private function authorisation() { $this->app->singleton('League\\OAuth2\\Server\\AuthorizationServer', function ($app) { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage($app->make('db'))); $server->setAccessTokenStorage(new AccessTokenStorage($app->make('db'))); $server->setRefreshTokenStorage(new RefreshTokenStorage($app->make('db'))); $server->setClientStorage(new ClientStorage($app->make('db'))); $server->setScopeStorage(new ScopeStorage($app->make('db'))); $server->setAuthCodeStorage(new AuthCodeStorage($app->make('db'))); $passwordGrant = new PasswordGrant(); $passwordGrant->setVerifyCredentialsCallback(function ($user, $pass) { return true; }); $server->addGrantType($passwordGrant); $refreshTokenGrant = new RefreshTokenGrant(); $server->addGrantType($refreshTokenGrant); $server->setRequest($app['request']); return $server; }); }
/** * Bootstrap application services. * * @param Router $router */ public function boot(Router $router) { $configPath = __DIR__ . '/../config/laravel-oauth2-server.php'; $this->publishes([$configPath => config_path('laravel-oauth2-server.php')], 'config'); $migrationPath = __DIR__ . '/../database/migrations/'; $this->publishes([$migrationPath => database_path('migrations/')], 'migrations'); $authorizationServer = new AuthorizationServer(); $authorizationServer->setSessionStorage(new Storage\SessionStorage()); $authorizationServer->setAccessTokenStorage(new Storage\AccessTokenStorage()); $authorizationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage()); $authorizationServer->setClientStorage(new Storage\ClientStorage()); $authorizationServer->setScopeStorage(new Storage\ScopeStorage()); $authorizationServer->setAuthCodeStorage(new Storage\AuthCodeStorage()); $authCodeGrant = new AuthCodeGrant(); $authorizationServer->addGrantType($authCodeGrant); $refreshTokenGrant = new RefreshTokenGrant(); $authorizationServer->addGrantType($refreshTokenGrant); $resourceServer = new ResourceServer(new Storage\SessionStorage(), new Storage\AccessTokenStorage(), new Storage\ClientStorage(), new Storage\ScopeStorage()); $this->authorizeRoute($router, $authorizationServer); $this->accessTokenRoute($router, $authorizationServer); $this->userDetailsRoute($router, $resourceServer); }
/** * Do client authorization based on user login. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ protected function completeAuthorizationFlow(Request $request, User $user) { // First create OAuth Auth Code $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setAuthCodeStorage(new AuthCodeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $server->addGrantType(new AuthCode()); $server->addGrantType(new RefreshToken()); $server->setTokenType(new Bearer()); $identifiedOAuth = $request->get('identified_oauth'); $authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()]; $redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams); parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr); // Complete the OAuth Auth flow $server->getRequest()->request->set('grant_type', 'authorization_code'); $server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId()); $server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret()); $server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri()); $server->getRequest()->request->set('code', $queryStr['code']); try { $accessToken = $server->issueAccessToken(); $response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']); } catch (OAuthException $e) { $response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); } catch (\Exception $e) { $response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500); } finally { // Return the response $response->headers->set('Content-type', 'application/json'); return $response; } // TO DO: Remove previous active access token for current client }
use Lib\Model; use Models\Host; use Lib\OAuth2\Storage; use Lib\OAuth2\OAuth2; $app = new \Slim\Slim(array('debug' => true)); $app->response->headers->set('Content-Type', 'application/json'); // Set up the OAuth 2.0 resource server $sessionStorage = new Storage\SessionStorage(); $accessTokenStorage = new Storage\AccessTokenStorage(); $clientStorage = new Storage\ClientStorage(); $scopeStorage = new Storage\ScopeStorage(); $refreshTokenStorage = new Storage\RefreshTokenStorage(); $authorizationServer = new \League\OAuth2\Server\AuthorizationServer(); $authorizationServer->setSessionStorage($sessionStorage); $authorizationServer->setAccessTokenStorage($accessTokenStorage); $authorizationServer->setClientStorage($clientStorage); $authorizationServer->setScopeStorage($scopeStorage); $authorizationServer->setRefreshTokenStorage($refreshTokenStorage); //$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant(); //$server->addGrantType($clientCredentials); $refreshTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant(); $authorizationServer->addGrantType($refreshTokenGrant); $resourceServer = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage, $refreshTokenStorage); $passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant(); $authorizationServer->addGrantType($passwordGrant); $passwordGrant->setVerifyCredentialsCallback(function ($username, $password) use($app) { // implement logic here to validate a username and password, return an ID if valid, otherwise return false $host = new Host(); $valid = $host->oauth2Login($username, $password); if ($valid !== false) { return $valid;
public function POST() { if (!isset($this->config['oauth'][$_SERVER['__version']])) { throw new \Exception('Forbidden.', 403); } elseif (!isset($_REQUEST['grant_type'])) { throw new \Exception('Bad Request.', 400); } $config = $this->config['oauth'][$_SERVER['__version']]; switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) { case 'oauth/access_token': try { $server = new AuthorizationServer(); $server->setSessionStorage(new SessionStorage()); $server->setAccessTokenStorage(new AccessTokenStorage()); $server->setClientStorage(new ClientStorage()); $server->setScopeStorage(new ScopeStorage()); $server->setRefreshTokenStorage(new RefreshTokenStorage()); $grant_type = $_REQUEST['grant_type']; $grants = ['password']; if (isset($config['grants'])) { $grants = array_unique(array_merge($grants, $config['grants'])); } if (!in_array($grant_type, $grants)) { throw new \Exception('Unsupported grant type.', 403); } // Defaults TTLs to 1 day and 1 week respectively $token_ttl = 3600; $refresh_ttl = 604800; if (isset($config['ttl']['access_token'])) { $token_ttl = $config['ttl']['access_token']; } switch ($grant_type) { case 'authorization_code': throw new \Exception('Not Implemented', 501); break; case 'client_credentials': throw new \Exception('Not Implemented', 501); break; case 'implicit': throw new \Exception('Not Implemented', 501); break; case 'password': $grant = new PasswordGrant(); $grant->setAccessTokenTTL($token_ttl); $grant->setVerifyCredentialsCallback(function ($username, $password) { $user = new User(['conditions' => ['email' => $username]]); return $user->count() && password_verify($password, $user->record['password']); }); break; case 'refresh_token': throw new \Exception('Not Implemented', 501); // @todo Need to work through this, appears lib is busted $grant = new RefreshTokenGrant(); //$grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); break; } $server->addGrantType($grant); // Adds the refresh token grant if enabled if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) { if (isset($config['ttl']['refresh_token'])) { $refresh_ttl = $config['ttl']['refresh_token']; } $grant = new RefreshTokenGrant(); $grant->setAccessTokenTTL($refresh_ttl); $server->addGrantType($grant); } $response = $server->issueAccessToken(); return $response; } catch (OAuthException $e) { throw new \Exception($e->getMessage(), $e->httpStatusCode); } catch (\Exception $e) { throw new \Exception($e->getMessage(), $e->getCode()); } break; default: throw new \Exception('Not Found.', 404); break; } }