public function register(Application $app)
{
parent::register($app);
$app[AuthorizationServer::class] = $app->share(function () use($app) {
/** @var AuthorizationServer $server */
$server = (new AuthorizationServer())->setAccessTokenStorage($app['oauth.accesstoken-storage'])->setSessionStorage($app['oauth.session-storage'])->setRefreshTokenStorage($app['oauth.refreshtoken-storage'])->setClientStorage($app['oauth.client-storage'])->setScopeStorage($app['oauth.scope-storage'])->setAuthCodeStorage($app['oauth.authcode-storage']);
// standard auth code grant
$authCodeGrant = new AuthCodeGrant();
$server->addGrantType($authCodeGrant);
// password grant used by our apps
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) use($app) {
/** @var OAuth2AuthenticatorInterface $auth */
$auth = $app['oauth.authenticator'];
$user = $auth->findUser(['username' => $username]);
if ($user) {
return $auth->authenticate($user, ['username' => $username, 'password' => $password]);
}
return false;
});
$server->addGrantType($passwordGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$refreshTokenGrant->setRequireClientSecret(false);
$server->addGrantType($refreshTokenGrant);
return $server;
});
$app[ResourceServer::class] = $app->share(function () use($app) {
return new ResourceServer($app['oauth.session-storage'], $app['oauth.accesstoken-storage'], $app['oauth.client-storage'], $app['oauth.scope-storage']);
});
$app['security.authentication_listener.factory.oauth'] = $app->protect(function ($name) use($app) {
$app['security.authentication_provider.' . $name . '.oauth'] = $app->share(function ($app) {
return $app[OAuth2Provider::class];
});
$app['security.authentication_listener.' . $name . '.oauth'] = $app->share(function ($app) {
return $app[OAuth2Listener::class];
});
return ['security.authentication_provider.' . $name . '.oauth', 'security.authentication_listener.' . $name . '.oauth', null, 'pre_auth'];
});
$app['security.authentication_listener.factory.oauth-optional'] = $app->protect(function ($name) use($app) {
$app['security.authentication_provider.' . $name . '.oauth-optional'] = $app->share(function ($app) {
$provider = new OAuth2Provider();
$provider->setContainer($app);
return $provider;
});
$app['security.authentication_listener.' . $name . '.oauth-optional'] = $app->share(function ($app) {
$provider = new OAuth2OptionalListener();
$provider->setContainer($app);
return $provider;
});
return ['security.authentication_provider.' . $name . '.oauth-optional', 'security.authentication_listener.' . $name . '.oauth-optional', null, 'pre_auth'];
});
}
/**
* @return array
* @throws \League\OAuth2\Server\Exception\InvalidClientException
* @throws \League\OAuth2\Server\Exception\InvalidRefreshException
* @throws \League\OAuth2\Server\Exception\InvalidRequestException
* @throws \League\OAuth2\Server\Exception\InvalidScopeException
*/
public function completeFlow()
{
$response = parent::completeFlow();
// update user oauth token in session
Session::put('oauth', $response);
return $response;
}
/**
* handle
*/
public function handle()
{
$clientRepository = new ClientRepository();
$scopeRepository = new ScopeRepository();
$accessTokenRepository = new AccessTokenRepository();
$refreshTokenRepository = new RefreshTokenRepository();
$config = Yii::$container->get(ConfigInterface::class);
$privateKey = $config->get('privateKeyPath');
$publicKey = $config->get('publicKeyPath');
$server = new AuthorizationServer($clientRepository, $accessTokenRepository, $scopeRepository, $privateKey, $publicKey);
$refreshTokenTTL = $config->get('refreshTokenTTL', 'P1M');
$accessTokenTTL = $config->get('accessTokenTTL', 'PT1H');
$grant = new RefreshTokenGrant($refreshTokenRepository);
$grant->setRefreshTokenTTL(new \DateInterval($refreshTokenTTL));
$server->enableGrantType($grant, new \DateInterval($accessTokenTTL));
return $server;
}
/**
* {@inheritdoc}
*/
public function completeFlow()
{
parent::completeFlow();
$accessToken = $this->server->getTokenType()->getParam('access_token');
$accessToken = $this->server->getAccessTokenStorage()->get($accessToken);
$this->server->getTokenType()->setParam('expires', (int) $accessToken->getExpireTime());
return $this->server->getTokenType()->generateResponse();
}
$authorizationCodeLifetime = new \DateInterval($config->oauth['authorizationCodeLifetime']);
/**
* Using client_id & client_secret & username & password
*
*/
$passwordGrant = new PasswordGrant($userRepository, $refreshTokenRepository);
$passwordGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($passwordGrant, $accessTokenLifetime);
/**
* Using client_id & client_secret
*/
$clientCredentialsGrant = new ClientCredentialsGrant();
$server->enableGrantType($clientCredentialsGrant, $accessTokenLifetime);
/**
* Using client_id & client_secret
*/
$refreshTokenGrant = new RefreshTokenGrant($refreshTokenRepository);
$refreshTokenGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($refreshTokenGrant, $accessTokenLifetime);
/**
* Using response_type=code & client_id & redirect_uri & state
*/
$authCodeGrant = new AuthCodeGrant($authCodeRepository, $refreshTokenRepository, $authorizationCodeLifetime);
$authCodeGrant->setRefreshTokenTTL($refreshTokenLifetime);
$server->enableGrantType($authCodeGrant, $accessTokenLifetime);
/**
* Using response_type=token & client_id & redirect_uri & state
*/
$server->enableGrantType(new ImplicitGrant($accessTokenLifetime), $accessTokenLifetime);
return $server;
});
/**
* enable RefreshTokenGrant.
*
* @param $options
*
* @return RefreshTokenGrant
*/
public function enableRefreshTokenGrant($options)
{
// Init our repositories
$refreshTokenRepository = new RefreshTokenRepository();
$grant = new RefreshTokenGrant($refreshTokenRepository);
$grant->setRefreshTokenTTL($this->getDateInterval($options['refresh_token_ttl']));
// Enable the refresh token grant on the server
$this->authorizationServer->enableGrantType($grant, $this->getDateInterval($options['access_token_ttl']));
return $grant;
}
public function POST()
{
if (!isset($this->config['oauth'][$_SERVER['__version']])) {
throw new \Exception('Forbidden.', 403);
} elseif (!isset($_REQUEST['grant_type'])) {
throw new \Exception('Bad Request.', 400);
}
$config = $this->config['oauth'][$_SERVER['__version']];
switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) {
case 'oauth/access_token':
try {
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$grant_type = $_REQUEST['grant_type'];
$grants = ['password'];
if (isset($config['grants'])) {
$grants = array_unique(array_merge($grants, $config['grants']));
}
if (!in_array($grant_type, $grants)) {
throw new \Exception('Unsupported grant type.', 403);
}
// Defaults TTLs to 1 day and 1 week respectively
$token_ttl = 3600;
$refresh_ttl = 604800;
if (isset($config['ttl']['access_token'])) {
$token_ttl = $config['ttl']['access_token'];
}
switch ($grant_type) {
case 'authorization_code':
throw new \Exception('Not Implemented', 501);
break;
case 'client_credentials':
throw new \Exception('Not Implemented', 501);
break;
case 'implicit':
throw new \Exception('Not Implemented', 501);
break;
case 'password':
$grant = new PasswordGrant();
$grant->setAccessTokenTTL($token_ttl);
$grant->setVerifyCredentialsCallback(function ($username, $password) {
$user = new User(['conditions' => ['email' => $username]]);
return $user->count() && password_verify($password, $user->record['password']);
});
break;
case 'refresh_token':
throw new \Exception('Not Implemented', 501);
// @todo Need to work through this, appears lib is busted
$grant = new RefreshTokenGrant();
//$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
break;
}
$server->addGrantType($grant);
// Adds the refresh token grant if enabled
if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) {
if (isset($config['ttl']['refresh_token'])) {
$refresh_ttl = $config['ttl']['refresh_token'];
}
$grant = new RefreshTokenGrant();
$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
}
$response = $server->issueAccessToken();
return $response;
} catch (OAuthException $e) {
throw new \Exception($e->getMessage(), $e->httpStatusCode);
} catch (\Exception $e) {
throw new \Exception($e->getMessage(), $e->getCode());
}
break;
default:
throw new \Exception('Not Found.', 404);
break;
}
}
