Created
January 8, 2014 22:53
-
-
Save zacharyblank/8326104 to your computer and use it in GitHub Desktop.
Custom Grant Type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/** | |
* OAuth 2.0 Password grant | |
* | |
* @package php-loep/oauth2-server | |
* @author Alex Bilbie <hello@alexbilbie.com> | |
* @copyright Copyright (c) 2013 PHP League of Extraordinary Packages | |
* @license http://mit-license.org/ | |
* @link http://github.com/php-loep/oauth2-server | |
*/ | |
namespace Casserole\OAuth2\Server\Grant; | |
use League\OAuth2\Server\Request; | |
use League\OAuth2\Server\Authorization; | |
use League\OAuth2\Server\Exception; | |
use League\OAuth2\Server\Util\SecureKey; | |
use League\OAuth2\Server\Storage\SessionInterface; | |
use League\OAuth2\Server\Storage\ClientInterface; | |
use League\OAuth2\Server\Storage\ScopeInterface; | |
use League\OAuth2\Server\Grant\GrantTypeInterface; | |
/** | |
* Password grant class | |
*/ | |
class Hitch implements GrantTypeInterface { | |
use \League\OAuth2\Server\Grant\GrantTrait; | |
/** | |
* Grant identifier | |
* @var string | |
*/ | |
protected $identifier = 'Hitch'; | |
/** | |
* Response type | |
* @var string | |
*/ | |
protected $responseType = null; | |
/** | |
* Callback to authenticate a user's name and password | |
* @var function | |
*/ | |
protected $callback = null; | |
/** | |
* AuthServer instance | |
* @var AuthServer | |
*/ | |
protected $authServer = null; | |
/** | |
* Access token expires in override | |
* @var int | |
*/ | |
protected $accessTokenTTL = null; | |
/** | |
* Set the callback to verify a user's username and password | |
* @param callable $callback The callback function | |
* @return void | |
*/ | |
public function setVerifyCredentialsCallback($callback) | |
{ | |
$this->callback = $callback; | |
} | |
/** | |
* Return the callback function | |
* @return callable | |
*/ | |
protected function getVerifyCredentialsCallback() | |
{ | |
if (is_null($this->callback) || ! is_callable($this->callback)) { | |
throw new Exception\InvalidGrantTypeException('Null or non-callable callback set'); | |
} | |
return $this->callback; | |
} | |
/** | |
* Complete the password grant | |
* @param null|array $inputParams | |
* @return array | |
*/ | |
public function completeFlow($inputParams = null) | |
{ | |
// Get the required params | |
$authParams = $this->authServer->getParam(array('client_id', 'client_secret', 'username', 'password'), 'post', $inputParams); | |
if (is_null($authParams['client_id'])) { | |
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_id'), 0); | |
} | |
if (is_null($authParams['client_secret'])) { | |
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'client_secret'), 0); | |
} | |
// Validate client credentials | |
$clientDetails = $this->authServer->getStorage('client')->getClient($authParams['client_id'], $authParams['client_secret'], null, $this->identifier); | |
if ($clientDetails === false) { | |
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_client'), 8); | |
} | |
$authParams['client_details'] = $clientDetails; | |
// Check if user's username and password are correct | |
$userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']); | |
if ($userId === false) { | |
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_credentials'), 0); | |
} | |
// Validate any scopes that are in the request | |
$scope = $this->authServer->getParam('scope', 'post', $inputParams, ''); | |
$scopes = explode($this->authServer->getScopeDelimeter(), $scope); | |
for ($i = 0; $i < count($scopes); $i++) { | |
$scopes[$i] = trim($scopes[$i]); | |
if ($scopes[$i] === '') unset($scopes[$i]); // Remove any junk scopes | |
} | |
if ($this->authServer->scopeParamRequired() === true && $this->authServer->getDefaultScope() === null && count($scopes) === 0) { | |
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_request'), 'scope'), 0); | |
} elseif (count($scopes) === 0 && $this->authServer->getDefaultScope() !== null) { | |
if (is_array($this->authServer->getDefaultScope())) { | |
$scopes = $this->authServer->getDefaultScope(); | |
} else { | |
$scopes = array($this->authServer->getDefaultScope()); | |
} | |
} | |
$authParams['scopes'] = array(); | |
foreach ($scopes as $scope) { | |
$scopeDetails = $this->authServer->getStorage('scope')->getScope($scope, $authParams['client_id'], $this->identifier); | |
if ($scopeDetails === false) { | |
throw new Exception\ClientException(sprintf($this->authServer->getExceptionMessage('invalid_scope'), $scope), 4); | |
} | |
$authParams['scopes'][] = $scopeDetails; | |
} | |
// Generate an access token | |
$accessToken = SecureKey::make(); | |
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL(); | |
$accessTokenExpires = time() + $accessTokenExpiresIn; | |
// Create a new session | |
$sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $userId); | |
// Associate an access token with the session | |
$accessTokenId = $this->authServer->getStorage('session')->associateAccessToken($sessionId, $accessToken, $accessTokenExpires); | |
// Associate scopes with the access token | |
foreach ($authParams['scopes'] as $scope) { | |
$this->authServer->getStorage('session')->associateScope($accessTokenId, $scope['id']); | |
} | |
$response = array( | |
'access_token' => $accessToken, | |
'token_type' => 'Bearer', | |
'expires' => $accessTokenExpires, | |
'expires_in' => $accessTokenExpiresIn | |
); | |
// Associate a refresh token if set | |
if ($this->authServer->hasGrantType('refresh_token')) { | |
$refreshToken = SecureKey::make(); | |
$refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL(); | |
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']); | |
$response['refresh_token'] = $refreshToken; | |
} | |
return $response; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment