/**
* Do authorization.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function postIndex(Request $request)
{
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$server->addGrantType(new ClientCredentials());
$server->addGrantType(new RefreshToken());
$server->setTokenType(new Bearer());
try {
$accessToken = $server->issueAccessToken();
$response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
} finally {
// Return the response
$response->headers->set('Content-type', 'application/json');
return $response;
}
// TO DO: Remove previous active access token for current client
}
/**
* Register the Authorization server with the IoC container
* @return void
*/
public function registerAuthorizer()
{
$this->app->bindShared('oauth2-server.authorizer', function ($app) {
$config = $app['config']->get('oauth2');
$limitClientsToGrants = $config['limit_clients_to_grants'];
$limitClientsToScopes = $config['limit_clients_to_scopes'];
// Authorization server
$issuer = new AuthorizationServer();
$issuer->setSessionStorage(new SessionStorage($app['db']));
$issuer->setAccessTokenStorage(new AccessTokenStorage($app['db']));
$issuer->setRefreshTokenStorage(new RefreshTokenStorage($app['db']));
$issuer->setClientStorage(new ClientStorage($app['db'], $limitClientsToGrants));
$issuer->setScopeStorage(new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants));
$issuer->setAuthCodeStorage(new AuthCodeStorage($app['db']));
$issuer->requireScopeParam($config['scope_param']);
$issuer->setDefaultScope($config['default_scope']);
$issuer->requireStateParam($config['state_param']);
$issuer->setScopeDelimiter($config['scope_delimiter']);
$issuer->setAccessTokenTTL($config['access_token_ttl']);
// add the supported grant types to the authorization server
foreach ($config['grant_types'] as $grantIdentifier => $grantParams) {
$grant = new $grantParams['class']();
$grant->setAccessTokenTTL($grantParams['access_token_ttl']);
if (array_key_exists('callback', $grantParams)) {
$grant->setVerifyCredentialsCallback($grantParams['callback']);
}
if (array_key_exists('auth_token_ttl', $grantParams)) {
$grant->setAuthTokenTTL($grantParams['auth_token_ttl']);
}
if (array_key_exists('refresh_token_ttl', $grantParams)) {
$grant->setRefreshTokenTTL($grantParams['refresh_token_ttl']);
}
$issuer->addGrantType($grant);
}
// Resource server
$sessionStorage = new SessionStorage($app['db']);
$accessTokenStorage = new AccessTokenStorage($app['db']);
$clientStorage = new ClientStorage($app['db'], $limitClientsToGrants);
$scopeStorage = new ScopeStorage($app['db'], $limitClientsToScopes, $limitClientsToGrants);
$checker = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage);
$authorizer = new Authorizer($issuer, $checker);
$authorizer->setRequest($app['request']);
$authorizer->setTokenType($app->make($config['token_type']));
$app->refresh('request', $authorizer, 'setRequest');
return $authorizer;
});
$this->app->bind('Rapiro\\OAuth2Server\\Authorizer', function ($app) {
return $app['oauth2-server.authorizer'];
});
}
public function initAuthorizationServer()
{
if (!$this->authorize) {
$authorize = new AuthorizationServer();
$authorize->setDefaultScope($this->defaultScope);
$authorize->setSessionStorage(new SessionStorage($this->db));
$authorize->setAccessTokenStorage(new AccessTokenStorage($this->db));
$authorize->setRefreshTokenStorage(new RefreshTokenStorage($this->db));
$authorize->setClientStorage(new ClientStorage($this->db));
$authorize->setScopeStorage(new ScopeStorage($this->db));
$authorize->setAuthCodeStorage(new AuthCodeStorage($this->db));
$this->authorize = $authorize;
}
return $this;
}
/**
* Set up an OAuth2 Authorization Server.
*/
protected function setAuthorizationServer()
{
$this->authorisationServer = new AuthorizationServer();
// Storage
$this->authorisationServer->setSessionStorage(new Storage\SessionStorage());
$this->authorisationServer->setAccessTokenStorage(new Storage\AccessTokenStorage());
$this->authorisationServer->setClientStorage(new Storage\ClientStorage());
$this->authorisationServer->setScopeStorage(new Storage\ScopeStorage());
$this->authorisationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
// Grants
$this->authorisationServer->addGrantType(new RefreshTokenGrant());
// Events
$this->authorisationServer->addEventListener('error.auth.client', [$this, 'eventErrorAuthClient']);
$this->authorisationServer->addEventListener('error.auth.user', [$this, 'eventErrorAuthUser']);
$this->authorisationServer->addEventListener('session.owner', [$this, 'eventSessionOwner']);
}
/**
* @param array $config Config array
* @return void
*/
public function initialize(array $config)
{
$server = new AuthorizationServer();
$server->setSessionStorage(new Storage\SessionStorage());
$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
$server->setClientStorage(new Storage\ClientStorage());
$server->setScopeStorage(new Storage\ScopeStorage());
$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
$supportedGrants = isset($config['supportedGrants']) ? $config['supportedGrants'] : $this->config('supportedGrants');
foreach ($supportedGrants as $grant) {
if (!in_array($grant, $this->_allowedGrants)) {
throw new NotImplementedException(__('The {0} grant type is not supported by the OAuth server'));
}
$className = '\\League\\OAuth2\\Server\\Grant\\' . $grant . 'Grant';
$server->addGrantType(new $className());
}
$server->setAccessTokenTTL($this->config('tokenTTL'));
$this->Server = $server;
}
/**
* Register the Authorisation Server
*
* @return void
*/
private function authorisation()
{
$this->app->singleton('League\\OAuth2\\Server\\AuthorizationServer', function ($app) {
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage($app->make('db')));
$server->setAccessTokenStorage(new AccessTokenStorage($app->make('db')));
$server->setRefreshTokenStorage(new RefreshTokenStorage($app->make('db')));
$server->setClientStorage(new ClientStorage($app->make('db')));
$server->setScopeStorage(new ScopeStorage($app->make('db')));
$server->setAuthCodeStorage(new AuthCodeStorage($app->make('db')));
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($user, $pass) {
return true;
});
$server->addGrantType($passwordGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$server->addGrantType($refreshTokenGrant);
$server->setRequest($app['request']);
return $server;
});
}
/**
* Bootstrap application services.
*
* @param Router $router
*/
public function boot(Router $router)
{
$configPath = __DIR__ . '/../config/laravel-oauth2-server.php';
$this->publishes([$configPath => config_path('laravel-oauth2-server.php')], 'config');
$migrationPath = __DIR__ . '/../database/migrations/';
$this->publishes([$migrationPath => database_path('migrations/')], 'migrations');
$authorizationServer = new AuthorizationServer();
$authorizationServer->setSessionStorage(new Storage\SessionStorage());
$authorizationServer->setAccessTokenStorage(new Storage\AccessTokenStorage());
$authorizationServer->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
$authorizationServer->setClientStorage(new Storage\ClientStorage());
$authorizationServer->setScopeStorage(new Storage\ScopeStorage());
$authorizationServer->setAuthCodeStorage(new Storage\AuthCodeStorage());
$authCodeGrant = new AuthCodeGrant();
$authorizationServer->addGrantType($authCodeGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$authorizationServer->addGrantType($refreshTokenGrant);
$resourceServer = new ResourceServer(new Storage\SessionStorage(), new Storage\AccessTokenStorage(), new Storage\ClientStorage(), new Storage\ScopeStorage());
$this->authorizeRoute($router, $authorizationServer);
$this->accessTokenRoute($router, $authorizationServer);
$this->userDetailsRoute($router, $resourceServer);
}
/**
* Do client authorization based on user login.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
protected function completeAuthorizationFlow(Request $request, User $user)
{
// First create OAuth Auth Code
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setAuthCodeStorage(new AuthCodeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$server->addGrantType(new AuthCode());
$server->addGrantType(new RefreshToken());
$server->setTokenType(new Bearer());
$identifiedOAuth = $request->get('identified_oauth');
$authParams = ['client' => $identifiedOAuth['client'], 'redirect_uri' => $identifiedOAuth['client']->getRedirectUri(), 'scopes' => $identifiedOAuth['scopes'], 'state' => time()];
$redirectUri = $server->getGrantType('authorization_code')->newAuthorizeRequest('user', $user->id, $authParams);
parse_str(parse_url($redirectUri, PHP_URL_QUERY), $queryStr);
// Complete the OAuth Auth flow
$server->getRequest()->request->set('grant_type', 'authorization_code');
$server->getRequest()->request->set('client_id', $identifiedOAuth['client']->getId());
$server->getRequest()->request->set('client_secret', $identifiedOAuth['client']->getSecret());
$server->getRequest()->request->set('redirect_uri', $identifiedOAuth['client']->getRedirectUri());
$server->getRequest()->request->set('code', $queryStr['code']);
try {
$accessToken = $server->issueAccessToken();
$response = new Response($accessToken, 200, ['Cache-Control' => 'no-store', 'Pragma' => 'no-store']);
} catch (OAuthException $e) {
$response = new Response(['error' => $e->errorType, 'message' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
} catch (\Exception $e) {
$response = new Response(['error' => $e->getCode(), 'message' => $e->getMessage()], 500);
} finally {
// Return the response
$response->headers->set('Content-type', 'application/json');
return $response;
}
// TO DO: Remove previous active access token for current client
}
use Models\Host;
use Lib\OAuth2\Storage;
use Lib\OAuth2\OAuth2;
$app = new \Slim\Slim(array('debug' => true));
$app->response->headers->set('Content-Type', 'application/json');
// Set up the OAuth 2.0 resource server
$sessionStorage = new Storage\SessionStorage();
$accessTokenStorage = new Storage\AccessTokenStorage();
$clientStorage = new Storage\ClientStorage();
$scopeStorage = new Storage\ScopeStorage();
$refreshTokenStorage = new Storage\RefreshTokenStorage();
$authorizationServer = new \League\OAuth2\Server\AuthorizationServer();
$authorizationServer->setSessionStorage($sessionStorage);
$authorizationServer->setAccessTokenStorage($accessTokenStorage);
$authorizationServer->setClientStorage($clientStorage);
$authorizationServer->setScopeStorage($scopeStorage);
$authorizationServer->setRefreshTokenStorage($refreshTokenStorage);
//$clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant();
//$server->addGrantType($clientCredentials);
$refreshTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
$authorizationServer->addGrantType($refreshTokenGrant);
$resourceServer = new ResourceServer($sessionStorage, $accessTokenStorage, $clientStorage, $scopeStorage, $refreshTokenStorage);
$passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
$authorizationServer->addGrantType($passwordGrant);
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) use($app) {
// implement logic here to validate a username and password, return an ID if valid, otherwise return false
$host = new Host();
$valid = $host->oauth2Login($username, $password);
if ($valid !== false) {
return $valid;
} else {
public function POST()
{
if (!isset($this->config['oauth'][$_SERVER['__version']])) {
throw new \Exception('Forbidden.', 403);
} elseif (!isset($_REQUEST['grant_type'])) {
throw new \Exception('Bad Request.', 400);
}
$config = $this->config['oauth'][$_SERVER['__version']];
switch (substr($_REQUEST['request'], strlen($_SERVER['__version']) + 2)) {
case 'oauth/access_token':
try {
$server = new AuthorizationServer();
$server->setSessionStorage(new SessionStorage());
$server->setAccessTokenStorage(new AccessTokenStorage());
$server->setClientStorage(new ClientStorage());
$server->setScopeStorage(new ScopeStorage());
$server->setRefreshTokenStorage(new RefreshTokenStorage());
$grant_type = $_REQUEST['grant_type'];
$grants = ['password'];
if (isset($config['grants'])) {
$grants = array_unique(array_merge($grants, $config['grants']));
}
if (!in_array($grant_type, $grants)) {
throw new \Exception('Unsupported grant type.', 403);
}
// Defaults TTLs to 1 day and 1 week respectively
$token_ttl = 3600;
$refresh_ttl = 604800;
if (isset($config['ttl']['access_token'])) {
$token_ttl = $config['ttl']['access_token'];
}
switch ($grant_type) {
case 'authorization_code':
throw new \Exception('Not Implemented', 501);
break;
case 'client_credentials':
throw new \Exception('Not Implemented', 501);
break;
case 'implicit':
throw new \Exception('Not Implemented', 501);
break;
case 'password':
$grant = new PasswordGrant();
$grant->setAccessTokenTTL($token_ttl);
$grant->setVerifyCredentialsCallback(function ($username, $password) {
$user = new User(['conditions' => ['email' => $username]]);
return $user->count() && password_verify($password, $user->record['password']);
});
break;
case 'refresh_token':
throw new \Exception('Not Implemented', 501);
// @todo Need to work through this, appears lib is busted
$grant = new RefreshTokenGrant();
//$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
break;
}
$server->addGrantType($grant);
// Adds the refresh token grant if enabled
if ($grant_type != 'refresh_token' && in_array('refresh_token', $grants)) {
if (isset($config['ttl']['refresh_token'])) {
$refresh_ttl = $config['ttl']['refresh_token'];
}
$grant = new RefreshTokenGrant();
$grant->setAccessTokenTTL($refresh_ttl);
$server->addGrantType($grant);
}
$response = $server->issueAccessToken();
return $response;
} catch (OAuthException $e) {
throw new \Exception($e->getMessage(), $e->httpStatusCode);
} catch (\Exception $e) {
throw new \Exception($e->getMessage(), $e->getCode());
}
break;
default:
throw new \Exception('Not Found.', 404);
break;
}
}
