This would be called from the "/token" endpoint as defined in the spec.
Obviously, you can call your endpoint whatever you want.
Draft specifies that the authorization parameters should be retrieved from POST, but you can override to whatever method you like.
|
public grantAccessToken ( |
||
| $request | (optional) The request | |
| 리턴 | ||
/**
* @param Request $request
* @return type
*/
public function tokenAction(Request $request)
{
try {
return $this->server->grantAccessToken($request);
} catch (OAuth2ServerException $e) {
return $e->getHttpResponse();
}
}
/**
* Tests OAuth2->grantAccessToken() with successful Auth code grant, but without redreict_uri in the input
*/
public function testGrantAccessTokenWithGrantAuthCodeSuccessWithoutRedirect()
{
$request = new Request(array('grant_type' => OAuth2::GRANT_TYPE_AUTH_CODE, 'client_id' => 'my_little_app', 'client_secret' => 'b', 'code' => 'foo'));
$storedToken = new OAuth2AuthCode('my_little_app', '', time() + 60, null, null, 'http://www.example.com');
$mockStorage = $this->createBaseMock('OAuth2\\IOAuth2GrantCode');
$mockStorage->expects($this->any())->method('getAuthCode')->will($this->returnValue($storedToken));
$this->fixture = new OAuth2($mockStorage);
$this->fixture->setVariable(OAuth2::CONFIG_ENFORCE_INPUT_REDIRECT, false);
$response = $this->fixture->grantAccessToken($request);
// Successful token grant will return a JSON encoded token:
$this->assertRegexp('/{"access_token":".*","expires_in":\\d+,"token_type":"bearer"/', $response->getContent());
}
/**
* If the user is logged generates the access token and sets into response creating a cookie.
*
* @param \Kreta\Bundle\UserBundle\Event\AuthorizationEvent $event The authorization event
*/
public function onAuthorizationEvent(AuthorizationEvent $event)
{
$client = $this->clientManager->findClientBy(['secret' => $this->clientSecret]);
$session = $event->getRequest()->getSession();
$request = new Request();
$request->query->add(['grant_type' => 'password', 'client_secret' => $this->clientSecret, 'client_id' => sprintf('%s_%s', $client->getId(), $client->getRandomId()), 'username' => $session->get('_email'), 'password' => $session->get('_password')]);
$response = $this->oauthServer->grantAccessToken($request);
$token = json_decode($response->getContent(), true);
$event->getRequest()->getSession()->remove('_email');
$event->getRequest()->getSession()->remove('_password');
$event->getRequest()->getSession()->replace(['access_token' => $token['access_token'], 'refresh_token' => $token['refresh_token']]);
}
public function testErrorResponseContainsExtraHeaders()
{
$config = array(OAuth2::CONFIG_RESPONSE_EXTRA_HEADERS => array("Access-Control-Allow-Origin" => "http://www.foo.com", "X-Extra-Header-1" => "Foo-Bar"));
$stub = new OAuth2GrantUserStub();
$stub->addClient(new OAuth2Client('cid', 'cpass'));
$stub->addUser('foo', 'bar');
$stub->setAllowedGrantTypes(array('authorization_code', 'password'));
$oauth2 = new OAuth2($stub, $config);
$response = $oauth2->grantAccessToken(new Request(array('grant_type' => 'password', 'client_id' => 'cid', 'client_secret' => 'cpass', 'username' => 'foo', 'password' => 'bar')));
$this->assertSame("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
$this->assertSame("Foo-Bar", $response->headers->get("X-Extra-Header-1"));
}
function it_listens_interactive_login(InteractiveLoginEvent $interactiveLoginEvent, TokenInterface $token, UserInterface $user, Request $request, SessionInterface $session, ParameterBagInterface $parameterBag, ClientManagerInterface $clientManager, ClientInterface $client, OAuth2 $oauthServer, Response $response)
{
$interactiveLoginEvent->getAuthenticationToken()->shouldBeCalled()->willReturn($token);
$token->getUser()->shouldBeCalled()->willReturn($user);
$interactiveLoginEvent->getRequest()->shouldBeCalled()->willReturn($request);
$parameterBag->get('_username')->shouldBeCalled()->willReturn('*****@*****.**');
$parameterBag->get('_password')->shouldBeCalled()->willReturn('123456');
$request->request = $parameterBag;
$request->getSession()->shouldBeCalled()->willReturn($session);
$session->set('_email', '*****@*****.**')->shouldBeCalled();
$session->set('_password', '123456')->shouldBeCalled();
$clientManager->findClientBy(['secret' => 'client-secret'])->shouldBeCalled()->willReturn($client);
$client->getId()->shouldBeCalled()->willReturn('the-id');
$client->getRandomId()->shouldBeCalled()->willReturn('random-id');
$session->get('_email')->shouldBeCalled()->willReturn('*****@*****.**');
$session->get('_password')->shouldBeCalled()->willReturn('123456');
$oauthServer->grantAccessToken(Argument::type('Symfony\\Component\\HttpFoundation\\Request'))->shouldBeCalled()->willReturn($response);
$response->getContent()->shouldBeCalled()->willReturn('the response content');
$session->remove('_email')->shouldBeCalled()->willReturn('*****@*****.**');
$session->remove('_password')->shouldBeCalled()->willReturn('123456');
$session->replace(['access_token' => null, 'refresh_token' => null])->shouldBeCalled();
$this->onInteractiveLogin($interactiveLoginEvent);
}
/**
* Tests OAuth2->grantAccessToken() with urn: extension
*/
public function testGrantAccessTokenWithGrantExtensionJwtBearer()
{
$clientId = 'cid';
$clientSecret = 'csecret';
$grantType = 'urn:ietf:params:oauth:grant-type:jwt-bearer';
$subject = 1234;
$stub = new \OAuth2\Tests\Fixtures\OAuth2GrantExtensionJwtBearer();
$stub->addClient(new OAuth2Client($clientId, $clientSecret));
$stub->setAllowedGrantTypes(array($grantType));
$stub->setExpectedSubject($subject);
$oauth2 = new OAuth2($stub);
$response = $oauth2->grantAccessToken(new Request(array('grant_type' => $grantType, 'client_id' => $clientId, 'client_secret' => $clientSecret, 'jwt' => \OAuth2\Tests\Fixtures\OAuth2GrantExtensionJwtBearer::encodeJwt(array('sub' => $subject)))));
$this->assertSame(array('content-type' => array('application/json'), 'cache-control' => array('no-store, private'), 'pragma' => array('no-cache')), array_diff_key($response->headers->all(), array('date' => null)));
$this->assertRegExp('{"access_token":"[^"]+","expires_in":3600,"token_type":"bearer","scope":null,"refresh_token":"[^"]+"}', $response->getContent());
$token = $stub->getLastAccessToken();
$this->assertSame('cid', $token->getClientId());
$data = $token->getData();
$this->assertSame($subject, $data['sub']);
}
<?php
/**
* @file
* Sample token endpoint.
*
* Obviously not production-ready code, just simple and to the point.
*
* In reality, you'd probably use a nifty framework to handle most of the crud for you.
*/
use OAuth2\OAuth2;
use OAuth2\OAuth2ServerException;
require 'lib/bootstrap.php';
$oauth = new OAuth2(new OAuth2StoragePDO(newPDO()));
try {
$response = $oauth->grantAccessToken();
$response->send();
} catch (OAuth2ServerException $oauthError) {
$oauthError->getHttpResponse()->send();
}
/**
* Tests OAuth2->grantAccessToken() with extension
*/
public function testGrantAccessTokenWithGrantExtension()
{
$clientId = 'cid';
$clientSecret = 'csecret';
$grantType = 'http://company.com/fb_access_token';
$fbId = '35';
$fbAccessToken = 'da4b9237bacccd_35';
$stub = new \OAuth2\Tests\Fixtures\OAuth2GrantExtensionStub();
$stub->addClient(new OAuth2Client($clientId, $clientSecret));
$stub->setAllowedGrantTypes(array($grantType));
$stub->addFacebookId($fbId);
$oauth2 = new OAuth2($stub);
$response = $oauth2->grantAccessToken(new Request(array('grant_type' => $grantType, 'client_id' => $clientId, 'client_secret' => $clientSecret, 'fb_access_token' => $fbAccessToken)));
$this->assertSame(array('content-type' => array('application/json'), 'cache-control' => array('no-store, private'), 'pragma' => array('no-cache')), array_diff_key($response->headers->all(), array('date' => null)));
$this->assertRegExp('{"access_token":"[^"]+","expires_in":3600,"token_type":"bearer"}', $response->getContent());
}
