public function createUsedRefreshToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, $refresh_token) { $class = $this->getClass(); $expired_date = (new \Datetime('now +1 year'))->format('U'); $token = new $class(); /* * @var $token \OAuth2\Token\RefreshTokenInterface */ $token->setToken($refresh_token)->setExpiresAt($expired_date)->setResourceOwnerPublicId($resource_owner->getPublicId())->setClientPublicId($client->getPublicId())->setUsed(true); $this->getEntityManager()->persist($token); $this->getEntityManager()->flush(); return $token; }
/** * {@inheritdoc} */ public function createRefreshToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, array $scope = [], array $metadatas = []) { $refresh_token = $this->createEmptyRefreshToken(); $refresh_token->setScope($scope); if ($resource_owner instanceof UserAccountInterface) { $refresh_token->setResourceOwnerPublicId($resource_owner->getUserPublicId()); $refresh_token->setUserAccountPublicId($resource_owner->getPublicId()); } else { $refresh_token->setResourceOwnerPublicId($resource_owner->getPublicId()); } $refresh_token->setClientPublicId($client->getPublicId()); $refresh_token->setExpiresAt(time() + $this->getLifetime($client)); $refresh_token->setToken($this->generateToken()); $refresh_token->setMetadatas($metadatas); $this->updateRefreshToken($refresh_token); $this->saveRefreshToken($refresh_token); return $refresh_token; }
/** * @param string $type * @param \OAuth2\ResourceOwner\ResourceOwnerInterface $client * * @return bool */ private function isTypeValid($type, ResourceOwnerInterface $client) { switch ($type) { case 'end_user': return $client instanceof EndUserInterface; case 'client': return $client instanceof ClientInterface; case 'registered_client': return $client instanceof RegisteredClientInterface; case 'confidential_client': return $client instanceof ConfidentialClientInterface; case 'public_client': return $client instanceof RegisteredClientInterface && !$client instanceof ConfidentialClientInterface; case 'unregistered_client': return $client instanceof ClientInterface && !$client instanceof RegisteredClientInterface; default: return $type === $client->getType(); } }
/** * {@inheritdoc} */ public function createAccessToken(ClientInterface $client, ResourceOwnerInterface $resource_owner, array $token_type_parameters, array $request_parameters, array $scope = [], RefreshTokenInterface $refresh_token = null, ClientInterface $resource_server = null, array $metadatas = []) { $access_token = $this->createEmptyAccessToken(); $access_token->setExpiresAt(time() + $this->getLifetime($client)); $access_token->setScope($scope); if ($resource_owner instanceof UserAccountInterface) { $access_token->setResourceOwnerPublicId($resource_owner->getUserPublicId()); $access_token->setUserAccountPublicId($resource_owner->getPublicId()); } else { $access_token->setResourceOwnerPublicId($resource_owner->getPublicId()); } $access_token->setClientPublicId($client->getPublicId()); $access_token->setRefreshToken(null === $refresh_token ? null : $refresh_token->getToken()); $access_token->setMetadatas($metadatas); foreach ($token_type_parameters as $key => $value) { $access_token->setParameter($key, $value); } $this->updateAccessToken($access_token); $this->populateAccessToken($access_token, $client, $resource_owner, $refresh_token, $resource_server); $this->saveAccessToken($access_token); return $access_token; }
protected function addAccessToken($token, $expiresAt, ClientInterface $client, ResourceOwnerInterface $resourceOwner, array $scope = [], BaseRefreshTokenInterface $refresh_token = null) { if (null !== $this->event_dispatcher) { $this->event_dispatcher->dispatch(Events::OAUTH2_PRE_ACCESS_TOKEN_CREATION, new PreAccessTokenCreationEvent($client, $scope, $resourceOwner, $refresh_token)); } $class = $this->getClass(); /* * @var \SpomkyLabs\OAuth2ServerBundle\Plugin\SimpleStringAccessTokenPlugin\Model\SimpleStringAccessTokenInterface */ $access_token = new $class(); $access_token->setToken($token)->setExpiresAt($expiresAt)->setClientPublicId($client->getPublicId())->setScope($scope); if (null !== $resourceOwner) { $access_token->setResourceOwnerPublicId($resourceOwner->getPublicId()); } if (null !== $refresh_token) { $access_token->setRefreshToken($refresh_token->getToken()); } $this->getEntityManager()->persist($access_token); $this->getEntityManager()->flush(); if (null !== $this->event_dispatcher) { $this->event_dispatcher->dispatch(Events::OAUTH2_POST_ACCESS_TOKEN_CREATION, new PostAccessTokenCreationEvent($access_token)); } return $access_token; }
/** * @param string $token * @param int $expiresAt * @param \OAuth2\Client\ClientInterface $client * @param array $scope * @param \OAuth2\ResourceOwner\ResourceOwnerInterface $resourceOwner * * @return mixed */ protected function addRefreshToken($token, $expiresAt, ClientInterface $client, ResourceOwnerInterface $resourceOwner, array $scope = []) { $class = $this->getClass(); /* * @var \OAuth2\Token\RefreshTokenInterface */ $refresh_token = new $class(); $refresh_token->setClientPublicId($client->getPublicId())->setExpiresAt($expiresAt)->setResourceOwnerPublicId($resourceOwner->getPublicId())->setToken($token)->setScope($scope); $this->save($refresh_token); return $refresh_token; }
/** * @param \OAuth2\Client\ClientInterface $client * @param array $scope * @param \OAuth2\ResourceOwner\ResourceOwnerInterface|null $resource_owner * @param \OAuth2\Token\RefreshTokenInterface|null $refresh_token * * @throws \OAuth2\Exception\BaseExceptionInterface * * @return array */ protected function preparePayload(ClientInterface $client, array $scope = [], ResourceOwnerInterface $resource_owner = null, RefreshTokenInterface $refresh_token = null) { $audience = $this->getConfiguration()->get('jwt_access_token_audience', null); $issuer = $this->getConfiguration()->get('jwt_access_token_issuer', null); if (!is_string($audience)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, 'The configuration option "jwt_access_token_audience" is not set.'); } if (!is_string($issuer)) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::INTERNAL_SERVER_ERROR, ExceptionManagerInterface::SERVER_ERROR, 'The configuration option "jwt_access_token_issuer" is not set.'); } $payload = ['iss' => $issuer, 'aud' => $audience, 'iat' => time(), 'nbf' => time(), 'exp' => time() + $this->getLifetime($client), 'sub' => $client->getPublicId(), 'sco' => $scope]; if (null !== $resource_owner) { $payload['r_o'] = $resource_owner->getPublicId(); } if (null !== $refresh_token) { $payload['ref'] = $refresh_token->getToken(); } return $payload; }