Skip to content

Instantly share code, notes, and snippets.

@luchaos

luchaos/User.php

Last active Aug 29, 2015
Embed
What would you like to do?
OAuth - Remembering granted authorization
Route::get('authorize', array('before' => 'check-authorization-params|auth', function()
{
// get the data from the check-authorization-params filter
$params = Session::get('authorize-params');
// get the user id
$params['user_id'] = Auth::user()->id;
// check if user already has authorized client for scopes
$scopesAuthorized = Auth::user()->scopesAuthorizedByClientId($params['client_id']);
$scopesNotAuthorized = array_diff(array_fetch($params['scopes'], 'scope'), $scopesAuthorized);
if(sizeof($scopesNotAuthorized) == 0)
{
// all requested scopes have already been approved by the user -> skip the authorization dialog
$code = AuthorizationServer::newAuthorizeRequest('user', $params['user_id'], $params);
Session::forget('authorize-params');
return Redirect::to(AuthorizationServer::makeRedirectWithCode($code, $params));
}
// display the authorization form
return View::make('oauth.authorize', array('params' => $params));
}));
class User extends Eloquent implements UserInterface, RemindableInterface {
// ...
public function scopesAuthorizedByClientId($clientId)
{
$scopesAuthorized = array();
$session = DB::table('oauth_sessions')
->where('client_id', $clientId)
->where('owner_type', 'user')
->where('owner_id', $this->id)
->first();
if(!$session)
{
return $scopesAuthorized;
}
$accessToken = DB::table('oauth_session_access_tokens')
->where('session_id', $session->id)
->first();
if(!$accessToken)
{
return $scopesAuthorized;
}
$scopes = DB::table('oauth_session_token_scopes')
->where('session_access_token_id', $accessToken->id)
->get();
foreach($scopes as $scope)
{
$scopeData = DB::table('oauth_scopes')
->where('id', $scope->scope_id)
->first();
if($scopeData)
{
$scopesAuthorized[]= $scopeData->scope;
}
}
return $scopesAuthorized;
}
// ...
}
@syphernl

This comment has been minimized.

Copy link

@syphernl syphernl commented Jul 24, 2014

For some reason this snippet always allows permission even if the user hasn't done this previously. I have resolved this by swapping the arrays in $scopesNotAuthorized, otherwise the $scopesNotAuthorized always remains empty.

@luchaos

This comment has been minimized.

Copy link
Owner Author

@luchaos luchaos commented Jul 24, 2014

@syphernl ah, I did not see your comment over here, yet :) I updated the gist with the fix. thanks!

@syphernl

This comment has been minimized.

Copy link

@syphernl syphernl commented Dec 2, 2014

@luchaos Are you still using something like this?
The v3 version uses different table names/columns which do not match 1:1 with the one's from v1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.