/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->validate()->ifTrue(function ($value) {
return $value['min_length'] >= $value['max_length'];
})->thenInvalid('The configuration option "min_length" must be lower than "max_length".')->end()->children()->scalarNode('class')->info('Authorization Code class.')->isRequired()->validate()->ifTrue(function ($value) {
return !class_exists($value);
})->thenInvalid('The class does not exist.')->end()->end()->scalarNode('manager')->info('Authorization Code manager.')->defaultValue('oauth2_server.auth_code.manager.default')->end()->integerNode('min_length')->info('The minimum length of Authorization Code values produced by this bundle. Should be at least 20.')->defaultValue(20)->min(1)->end()->integerNode('max_length')->info('The maximum length of Authorization Code values produced by this bundle. Should be at least 30.')->defaultValue(30)->min(2)->end()->integerNode('lifetime')->info('The lifetime (in seconds) of an Authorization Code. Should be less than 1 minute (default is 30 seconds).')->defaultValue(30)->min(1)->end()->booleanNode('enforce_pkce')->info('Enforce Proof Key for token exchange (PKCE) for non-confidential clients (see RFC7636). This option is useless if the option "allow_public_clients" is set to "false".')->defaultTrue()->end()->booleanNode('allow_public_clients')->info('If true, public clients are allowed to issue access tokens using this grant type.')->defaultFalse()->end()->end();
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->validate()->ifTrue(function ($value) {
return $value['min_length'] >= $value['max_length'];
})->thenInvalid('The configuration option "min_length" must be lower than "max_length".')->end()->children()->integerNode('min_length')->info('The minimum length of refresh token values produced by this bundle. Should be at least 20.')->defaultValue(20)->min(1)->end()->integerNode('max_length')->info('The maximum length of refresh token values produced by this bundle. Should be at least 30.')->defaultValue(30)->min(2)->end()->integerNode('lifetime')->info('The lifetime (in seconds) of a refresh token (default is 1209600 seconds = 14 days).')->defaultValue(1209600)->min(0)->end()->scalarNode('class')->info('Refresh token class.')->validate()->ifTrue(function ($value) {
return !class_exists($value);
})->thenInvalid('The class does not exist.')->end()->isRequired()->end()->scalarNode('manager')->info('Refresh token manager.')->defaultValue('oauth2_server.refresh_token.manager.default')->end()->end();
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->children()->scalarNode('login_route_name')->info('The name of the login route. Will be converted into URL and used to redirect the user if not logged in. If you use "FOSUserBundle", the route name should be "fos_user_security_login".')->isRequired()->end()->arrayNode('login_route_parameters')->info('Parameters associated to the login route (if needed).')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike([])->end()->scalarNode('user_account_manager')->info('The user account manager.')->isRequired()->end()->scalarNode('template')->info('The consent page template.')->cannotBeEmpty()->defaultValue('@SpomkyLabsOAuth2ServerBundle/authorization/authorization.html.twig')->end()->booleanNode('allow_scope_selection')->info('If true, resource owners will be able to select the scope on the consent page. This option is useless if the "ScopeManagerPlugin" is not enabled.')->defaultFalse()->end()->scalarNode('path')->info('The path to the authorization endpoint.')->defaultValue('/oauth/v2/authorize')->end()->end();
$this->addFormSection($pluginNode);
$this->addOptionSection($pluginNode);
$this->addAuthorizationRequestSection($pluginNode);
$this->addPreConfiguredAuthorizationSection($pluginNode);
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->children()->scalarNode('class')->info('The Client class.')->isRequired()->validate()->ifTrue(function ($value) {
return !class_exists($value);
})->thenInvalid('The class does not exist.')->end()->end()->scalarNode('manager')->info('The Client manager.')->defaultValue('oauth2_server.client_manager.default')->end()->end();
$this->addTokenEndpointAuthMethodsSection($pluginNode);
$this->addManagementSection($pluginNode);
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->children()->scalarNode('user_account_manager')->info('The user account manager.')->isRequired()->end()->end();
}
/**
*
* @access private
* @param \Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition $node
* @return \CCDNUser\AdminBundle\DependencyInjection\Configuration
*/
private function addEntitySection(ArrayNodeDefinition $node)
{
$node->isRequired()->cannotBeEmpty()->children()->arrayNode('entity')->isRequired()->cannotBeEmpty()->children()->arrayNode('user')->isRequired()->cannotBeEmpty()->children()->scalarNode('class')->isRequired()->cannotBeEmpty()->end()->end()->end()->end()->end()->end();
return $this;
}
protected static function createDatabaseNode()
{
$node = new ArrayNodeDefinition('database');
$node->isRequired()->children()->scalarNode('host')->defaultValue('localhost')->end()->append(self::createRequiredScalar('username'))->append(self::createRequiredScalar('password'))->append(self::createRequiredScalar('name'))->end();
return $node;
}
/**
*
* @access private
* @param \Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition $node
* @return \CCDNUser\SecurityBundle\DependencyInjection\Configuration
*/
private function addEntitySection(ArrayNodeDefinition $node)
{
$node->isRequired()->cannotBeEmpty()->children()->arrayNode('entity')->isRequired()->cannotBeEmpty()->children()->arrayNode('user')->isRequired()->cannotBeEmpty()->children()->scalarNode('class')->isRequired()->cannotBeEmpty()->end()->end()->end()->arrayNode('session')->addDefaultsIfNotSet()->canBeUnset()->children()->scalarNode('class')->defaultValue('CCDNUser\\SecurityBundle\\Entity\\Session')->end()->end()->end()->end()->end()->end();
return $this;
}
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->children()->booleanNode('allow_refresh_token_with_resource_owner_grant_type')->defaultTrue()->end()->scalarNode('end_user_manager')->isRequired()->cannotBeEmpty()->end()->end();
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('key_encryption_algorithms'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_KEY_ENCRYPTION_ALGORITHMS)->end()->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('content_encryption_algorithms'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_CONTENT_ENCRYPTION_ALGORITHMS)->end()->validate()->ifTrue($this->isClientAssertionEncryptionParameterInvalid('key_set'))->thenInvalid(self::ERROR_EMPTY_CLIENT_ASSERTION_KEY_SET)->end()->children()->booleanNode('issue_refresh_token')->info('A refresh token, if available, will be issued with the access token. This option is not recommended.')->defaultFalse()->end()->arrayNode('signature_algorithms')->info('Supported signature algorithms.')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike([])->cannotBeEmpty()->end()->arrayNode('claim_checkers')->info('Checkers will verify the JWT claims.')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike(['exp', 'iat', 'nbf'])->end()->arrayNode('header_checkers')->info('Checkers will verify the JWT headers.')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike(['crit'])->end()->arrayNode('encryption')->addDefaultsIfNotSet()->children()->booleanNode('enabled')->defaultFalse()->end()->booleanNode('required')->defaultFalse()->end()->scalarNode('key_set')->defaultNull()->end()->arrayNode('key_encryption_algorithms')->info('Supported key encryption algorithms.')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike([])->end()->arrayNode('content_encryption_algorithms')->info('Supported content encryption algorithms.')->useAttributeAsKey('name')->prototype('scalar')->end()->treatNullLike([])->end()->end()->end()->end();
}
/**
* Adds the godfather.context configuration
*
* @param ArrayNodeDefinition $rootNode
*/
private function addContextSection(ArrayNodeDefinition $rootNode)
{
$rootNode->isRequired()->canBeUnset()->useAttributeAsKey('alias', false)->prototype('array')->children()->arrayNode('contexts')->useAttributeAsKey('name', false)->prototype('array')->children()->scalarNode('fallback')->defaultNull()->end()->scalarNode('class')->defaultNull()->end()->end()->end()->end()->end()->end();
}
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->addDefaultsIfNotSet()->children()->scalarNode('min_length')->defaultValue(20)->cannotBeEmpty()->end()->scalarNode('max_length')->defaultValue(30)->cannotBeEmpty()->end()->scalarNode('lifetime')->defaultValue(1209600)->cannotBeEmpty()->end()->scalarNode('token_class')->isRequired()->cannotBeEmpty()->end()->scalarNode('token_manager')->defaultValue('oauth2_server.refresh_token.manager.default')->cannotBeEmpty()->end()->end();
}
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->children()->scalarNode('client_class')->cannotBeEmpty()->isRequired()->validate()->ifTrue(function ($value) {
return !class_exists($value);
})->thenInvalid('The class does not exist')->end()->end()->scalarNode('prefix')->isRequired()->cannotBeEmpty()->defaultNull()->end()->scalarNode('jwt_loader')->cannotBeEmpty()->isRequired()->end()->scalarNode('keyset_manager')->cannotBeEmpty()->isRequired()->end()->scalarNode('client_manager_class')->cannotBeEmpty()->defaultValue('SpomkyLabs\\OAuth2ServerBundle\\Plugin\\JWTBearerPlugin\\Model\\JWTClientManager')->end()->arrayNode('allowed_encryption_algorithms')->cannotBeEmpty()->isRequired()->useAttributeAsKey('key')->prototype('scalar')->end()->end()->arrayNode('private_keys')->isRequired()->requiresAtLeastOneElement()->useAttributeAsKey('key')->prototype('array')->isRequired()->requiresAtLeastOneElement()->useAttributeAsKey('key')->prototype('scalar')->end()->end()->end();
}
/**
* {@inheritdoc}
*/
public function addConfiguration(ArrayNodeDefinition $pluginNode)
{
$pluginNode->isRequired()->children()->scalarNode('access_token_manager')->info('The access token manager.')->defaultNull()->end()->end();
}
