/**
* Register the Authorization server with the IoC container
* @return void
*/
public function registerAuthorizer()
{
$this->app->bindShared('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2');
$limitClientsToGrants = $config['limit_clients_to_grants'];
$limitClientsToScopes = $config['limit_clients_to_scopes'];
// Authorization server
$issuer = new AuthorizationServer();
$issuer->setSessionStorage(new SessionStorage($app['db']));
$issuer->setAccessTokenStorage(new AccessTokenStorage($app['db']));
$issuer->setRefreshTokenStorage(new RefreshTokenStorage($app['db']));
$issuer->setClientStorage(new ClientStorage($app['db'], $limitClientsToGrants));
$issuer->setScopeStorage(new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants));
$issuer->setAuthCodeStorage(new AuthCodeStorage($app['db']));
$issuer->requireScopeParam($config['scope_param']);
$issuer->setDefaultScope($config['default_scope']);
$issuer->requireStateParam($config['state_param']);
$issuer->setScopeDelimiter($config['scope_delimiter']);
$issuer->setAccessTokenTTL($config['access_token_ttl']);
// add the supported grant types to the authorization server
foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
$grant = new $grantParams['class']();
$grant->setAccessTokenTTL($grantParams['access_token_ttl']);
if (array_key_exists('callback', $grantParams)) {
$grant->setVerifyCredentialsCallback($grantParams['callback']);
}
if (array_key_exists('auth_token_ttl', $grantParams)) {
$grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
}
if (array_key_exists('refresh_token_ttl', $grantParams)) {
$grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
}
$issuer->addGrantType($grant);
}
// Resource server
$sessionStorage = new SessionStorage($app['db']);
$accessTokenStorage = new AccessTokenStorage($app['db']);
$clientStorage = new ClientStorage($app['db'], $limitClientsToGrants);
$scopeStorage = new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants);
$checker = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage);
$authorizer = new Authorizer($issuer, $checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$this->app->bind('Rapiro\\OAuth2Server\\Authorizer', function ($app) {
return $app['oauth2-server.authorizer'];
});
}
public function initAuthorizationServer()
{
if (!$this->authorize) {
$authorize = new AuthorizationServer();
$authorize->setDefaultScope($this->defaultScope);
$authorize->setSessionStorage(new SessionStorage($this->db));
$authorize->setAccessTokenStorage(new AccessTokenStorage($this->db));
$authorize->setRefreshTokenStorage(new RefreshTokenStorage($this->db));
$authorize->setClientStorage(new ClientStorage($this->db));
$authorize->setScopeStorage(new ScopeStorage($this->db));
$authorize->setAuthCodeStorage(new AuthCodeStorage($this->db));
$this->authorize = $authorize;
}
return $this;
}
/**
* @param array $config Config array
* @return void
*/
public function initialize(array $config)
{
$server = new AuthorizationServer();
$server->setSessionStorage(new Storage\SessionStorage());
$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
$server->setClientStorage(new Storage\ClientStorage());
$server->setScopeStorage(new Storage\ScopeStorage());
$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
$supportedGrants = isset($config['supportedGrants']) ? $config['supportedGrants'] : $this->config('supportedGrants');
foreach ($supportedGrants as $grant) {
if (!in_array($grant, $this->_allowedGrants)) {
throw new NotImplementedException(__('The {0} grant type is not supported by the OAuth server'));
}
$className = '\\League\\OAuth2\\Server\\Grant\\' . $grant . 'Grant';
$server->addGrantType(new $className());
}
$server->setAccessTokenTTL($this->config('tokenTTL'));
$this->Server = $server;
}
/**
* Register the Authorisation Server
*
* @return void
*/
private function authorisation()
{
$this->app->singleton('League\\OAuth2\\Server\\AuthorizationServer', function ($app) {
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage($app->make('db')));
$server->setAccessTokenStorage(new AccessTokenStorage($app->make('db')));
$server->setRefreshTokenStorage(new RefreshTokenStorage($app->make('db')));
$server->setClientStorage(new ClientStorage($app->make('db')));
$server->setScopeStorage(new ScopeStorage($app->make('db')));
$server->setAuthCodeStorage(new AuthCodeStorage($app->make('db')));
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($user, $pass) {
return true;
});
$server->addGrantType($passwordGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$server->addGrantType($refreshTokenGrant);
$server->setRequest($app['request']);
return $server;
});
}
/**
* Bootstrap application services.
*
* @param Router $router
*/
public function boot(Router $router)
{
$configPath = __DIR__ . '/../config/laravel-oauth2-server.php';
$this->publishes([$configPath => config_path('laravel-oauth2-server.php')], 'config');
$migrationPath = __DIR__ . '/../database/migrations/';
$this->publishes([$migrationPath => database_path('migrations/')], 'migrations');
$authorizationServer = new AuthorizationServer();
$authorizationServer->setSessionStorage(new Storage\SessionStorage());
$authorizationServer->setAccessTokenStorage(new Storage\AccessTokenStorage());
$authorizationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
$authorizationServer->setClientStorage(new Storage\ClientStorage());
$authorizationServer->setScopeStorage(new Storage\ScopeStorage());
$authorizationServer->setAuthCodeStorage(new Storage\AuthCodeStorage());
$authCodeGrant = new AuthCodeGrant();
$authorizationServer->addGrantType($authCodeGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$authorizationServer->addGrantType($refreshTokenGrant);
$resourceServer = new ResourceServer(new Storage\SessionStorage(), new Storage\AccessTokenStorage(), new Storage\ClientStorage(), new Storage\ScopeStorage());
$this->authorizeRoute($router, $authorizationServer);
$this->accessTokenRoute($router, $authorizationServer);
$this->userDetailsRoute($router, $resourceServer);
}
/**
* Do client authorization based on user login.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function completeAuthorizationFlow(Request $request, User $user)
{
// First create OAuth Auth Code
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setAuthCodeStorage(new AuthCodeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$server->addGrantType(new AuthCode());
$server->addGrantType(new RefreshToken());
$server->setTokenType(new Bearer());
$identifiedOAuth = $request->get('identified_oauth');
$authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()];
$redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams);
parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr);
// Complete the OAuth Auth flow
$server->getRequest()->request->set('grant_type', 'authorization_code');
$server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId());
$server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret());
$server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri());
$server->getRequest()->request->set('code', $queryStr['code']);
try {
$accessToken = $server->issueAccessToken();
$response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
} finally {
// Return the response
$response->headers->set('Content-type', 'application/json');
return $response;
}
// TO DO: Remove previous active access token for current client
}
