Documentation

OAuth2Provider extends OAuthProvider
in package
implements OAuth2Interface

AbstractYes

Implements an abstract OAuth2 provider with all methods required by the OAuth2Interface.

It also implements the ClientCredentials, CSRFToken and TokenRefresh interfaces in favor over traits.

Tags
see
https://oauth.net/2/
see
https://datatracker.ietf.org/doc/html/rfc6749

Table of Contents

Interfaces

OAuth2Interface
Specifies the basic methods for an OAuth2 provider.

Constants

MAGIC_PROPERTIES  = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL  : string
the provider's access token exchange URL
$apiDocs  : string|null
an optional link to the provider's API docs (magic)
$apiURL  : string
the API base URL (magic)
$applicationURL  : string|null
an optional URL to the provider's credential registration/application page (magic)
$authURL  : string
the authentication URL
$clientCredentialsTokenURL  : string|null
An optional client credentials token endpoint in case the provider supports ClientCredentials.
$http  : ClientInterface
$logger  : LoggerInterface
$options  : OAuthOptions|SettingsContainerInterface
$refreshTokenURL  : string
An optional refresh token endpoint in case the provider supports TokenRefresh.
$requestFactory  : RequestFactoryInterface
$revokeURL  : string
an optional URL for application side token revocation
$serviceName  : string
the name of the provider/class (magic)
$storage  : OAuthStorageInterface
$streamFactory  : StreamFactoryInterface
$uriFactory  : UriFactoryInterface
$userRevokeURL  : string|null
an optional link to the page where a user can revoke access tokens (magic)

Methods

__construct()  : mixed
OAuthProvider constructor.
__get()  : string|null
Magic getter for the properties specified in self::ALLOWED_PROPERTIES
getAccessToken()  : AccessToken
Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object
getAccessTokenFromStorage()  : AccessToken
Gets an access token from the current OAuthStorageInterface (shorthand/convenience)
getAuthURL()  : UriInterface
getClientCredentialsToken()  : AccessToken
getRequestAuthorization()  : RequestInterface
getStorage()  : OAuthStorageInterface
Returns the current OAuthStorageInterface
InvalidateAccessToken()  : bool
me()  : ResponseInterface
Returns information about the currently authenticated user (usually a /me or /user endpoint).
refreshAccessToken()  : AccessToken
request()  : ResponseInterface
Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response
sendRequest()  : ResponseInterface
setLogger()  : static
Sets an optional PSR-3 LoggerInterface
setRequestFactory()  : static
Sets an optional PSR-17 RequestFactoryInterface
setStorage()  : static
Sets an optional OAuthStorageInterface
setStreamFactory()  : static
Sets an optional PSR-17 StreamFactoryInterface
setUriFactory()  : static
Sets an optional PSR-17 UriFactoryInterface
storeAccessToken()  : static
Sets an access token in the current OAuthStorageInterface (shorthand/convenience)
cleanBodyParams()  : array<string|int, mixed>
Cleans an array of body parameters
cleanQueryParams()  : array<string|int, mixed>
Cleans an array of query parameters
construct()  : void
A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`
createAccessToken()  : AccessToken
Creates an access token with the provider set to $this->serviceName
getAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the access token request
getAuthURLRequestParams()  : array<string|int, mixed>
prepares the query parameters for the auth URL
getClientCredentialsTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the client credentials token request
getRefreshAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the token refresh
getRequestBody()  : StreamInterface
Prepares the request body
getRequestHeaders()  : array<string|int, mixed>
Prepare request headers
getRequestTarget()  : string
Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".
getRequestURL()  : string
Prepares the request URL
getTokenResponseData()  : array<string|int, mixed>
extracts the data from the access token response and returns an array with the key->value pairs contained
nonce()  : string
returns a 32 byte random string (in hexadecimal representation) for use as a nonce
parseTokenResponse()  : AccessToken
Parses the response from a request to the token endpoint
sendAccessTokenRequest()  : ResponseInterface
sends a request to the access/refresh token endpoint $url with the given $body as form data
sendClientCredentialsTokenRequest()  : ResponseInterface
sends a request to the client credentials endpoint, using basic authentication

Constants

MAGIC_PROPERTIES

protected array<string|int, string> MAGIC_PROPERTIES = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL

the provider's access token exchange URL

protected string $accessTokenURL

$apiDocs

an optional link to the provider's API docs (magic)

protected string|null $apiDocs = null

$applicationURL

an optional URL to the provider's credential registration/application page (magic)

protected string|null $applicationURL = null

$clientCredentialsTokenURL

An optional client credentials token endpoint in case the provider supports ClientCredentials.

protected string|null $clientCredentialsTokenURL = null

If the provider supports client credentials and $clientCredentialsTokenURL is null, $accessTokenURL will be used instead.

$logger

protected LoggerInterface $logger = new NullLogger()

$refreshTokenURL

An optional refresh token endpoint in case the provider supports TokenRefresh.

protected string $refreshTokenURL

If the provider supports token refresh and $refreshTokenURL is null, $accessTokenURL will be used instead.

Tags
see
TokenRefresh

$requestFactory

protected RequestFactoryInterface $requestFactory

$serviceName

the name of the provider/class (magic)

protected string $serviceName

$streamFactory

protected StreamFactoryInterface $streamFactory

$userRevokeURL

an optional link to the page where a user can revoke access tokens (magic)

protected string|null $userRevokeURL = null

Methods

__construct()

OAuthProvider constructor.

public __construct(OAuthOptions|SettingsContainerInterface $options, ClientInterface $http, RequestFactoryInterface $requestFactory, StreamFactoryInterface $streamFactory, UriFactoryInterface $uriFactory[, OAuthStorageInterface $storage = new MemoryStorage() ][, LoggerInterface $logger = new NullLogger() ]) : mixed
Parameters
$options : OAuthOptions|SettingsContainerInterface
$http : ClientInterface
$requestFactory : RequestFactoryInterface
$streamFactory : StreamFactoryInterface
$uriFactory : UriFactoryInterface
$storage : OAuthStorageInterface = new MemoryStorage()
$logger : LoggerInterface = new NullLogger()

__get()

Magic getter for the properties specified in self::ALLOWED_PROPERTIES

public final __get(string $name) : string|null
Parameters
$name : string
Return values
string|null

getAccessToken()

Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object

public getAccessToken(string $code[, string|null $state = null ]) : AccessToken
Parameters
$code : string
$state : string|null = null
Tags
inheritDoc
Return values
AccessToken

getAccessTokenFromStorage()

Gets an access token from the current OAuthStorageInterface (shorthand/convenience)

public getAccessTokenFromStorage() : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
AccessToken

getAuthURL()

public getAuthURL([array<string|int, mixed>|null $params = null ][, array<string|int, string>|null $scopes = null ]) : UriInterface
Parameters
$params : array<string|int, mixed>|null = null
$scopes : array<string|int, string>|null = null
Tags
inheritDoc
Return values
UriInterface

getClientCredentialsToken()

public getClientCredentialsToken([array<string|int, string>|null $scopes = null ]) : AccessToken
Parameters
$scopes : array<string|int, string>|null = null
Tags
implements

\chillerlan\OAuth\Core\ClientCredentials

throws
ProviderException
Return values
AccessToken

getRequestAuthorization()

public getRequestAuthorization(RequestInterface $request[, AccessToken|null $token = null ]) : RequestInterface
Parameters
$request : RequestInterface
$token : AccessToken|null = null
Tags
inheritDoc
Return values
RequestInterface

InvalidateAccessToken()

public InvalidateAccessToken([AccessToken|null $token = null ]) : bool
Parameters
$token : AccessToken|null = null
Tags
implements

\chillerlan\OAuth\Core\TokenInvalidate

codeCoverageIgnore
throws
ProviderException
Return values
bool

me()

Returns information about the currently authenticated user (usually a /me or /user endpoint).

public me() : ResponseInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
ResponseInterface

request()

Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response

public request(string $path[, array<string|int, mixed>|null $params = null ][, string|null $method = null ][, StreamInterface|array<string|int, mixed>|string|null $body = null ][, array<string|int, mixed>|null $headers = null ][, string|null $protocolVersion = null ]) : ResponseInterface
Parameters
$path : string
$params : array<string|int, mixed>|null = null
$method : string|null = null
$body : StreamInterface|array<string|int, mixed>|string|null = null
$headers : array<string|int, mixed>|null = null
$protocolVersion : string|null = null
Tags
inheritDoc
throws
UnauthorizedAccessException
Return values
ResponseInterface

sendRequest()

public final sendRequest(RequestInterface $request) : ResponseInterface
Parameters
$request : RequestInterface
Tags
inheritDoc
throws
InvalidAccessTokenException
Return values
ResponseInterface

setLogger()

Sets an optional PSR-3 LoggerInterface

public final setLogger(LoggerInterface $logger) : static
Parameters
$logger : LoggerInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setRequestFactory()

Sets an optional PSR-17 RequestFactoryInterface

public final setRequestFactory(RequestFactoryInterface $requestFactory) : static
Parameters
$requestFactory : RequestFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setStreamFactory()

Sets an optional PSR-17 StreamFactoryInterface

public final setStreamFactory(StreamFactoryInterface $streamFactory) : static
Parameters
$streamFactory : StreamFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setUriFactory()

Sets an optional PSR-17 UriFactoryInterface

public final setUriFactory(UriFactoryInterface $uriFactory) : static
Parameters
$uriFactory : UriFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

storeAccessToken()

Sets an access token in the current OAuthStorageInterface (shorthand/convenience)

public storeAccessToken(AccessToken $token) : static
Parameters
$token : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
static

cleanBodyParams()

Cleans an array of body parameters

protected cleanBodyParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

cleanQueryParams()

Cleans an array of query parameters

protected cleanQueryParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

construct()

A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`

protected construct() : void

createAccessToken()

Creates an access token with the provider set to $this->serviceName

protected createAccessToken() : AccessToken
Tags
codeCoverageIgnore
Return values
AccessToken

getAccessTokenRequestBodyParams()

prepares the request body parameters for the access token request

protected getAccessTokenRequestBodyParams(string $code) : array<string|int, mixed>
Parameters
$code : string
Return values
array<string|int, mixed>

getAuthURLRequestParams()

prepares the query parameters for the auth URL

protected getAuthURLRequestParams(array<string|int, mixed> $params, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$params : array<string|int, mixed>
$scopes : array<string|int, mixed>
Return values
array<string|int, mixed>

getClientCredentialsTokenRequestBodyParams()

prepares the request body parameters for the client credentials token request

protected getClientCredentialsTokenRequestBodyParams(array<string|int, string>|null $scopes) : array<string|int, mixed>
Parameters
$scopes : array<string|int, string>|null
Return values
array<string|int, mixed>

getRefreshAccessTokenRequestBodyParams()

prepares the request body parameters for the token refresh

protected getRefreshAccessTokenRequestBodyParams(string $refreshToken) : array<string|int, mixed>
Parameters
$refreshToken : string
Return values
array<string|int, mixed>

getRequestBody()

Prepares the request body

protected getRequestBody(StreamInterface|array<string|int, mixed>|string $body, RequestInterface $request) : StreamInterface
Parameters
$body : StreamInterface|array<string|int, mixed>|string
$request : RequestInterface
Tags
throws
ProviderException
Return values
StreamInterface

getRequestHeaders()

Prepare request headers

protected getRequestHeaders([array<string|int, mixed>|null $headers = null ]) : array<string|int, mixed>
Parameters
$headers : array<string|int, mixed>|null = null
Return values
array<string|int, mixed>

getRequestTarget()

Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".

protected getRequestTarget(string $uri) : string

Throws if the host of a given URL does not match the host of $apiURL.

Parameters
$uri : string
Tags
see
OAuthInterface::request()
throws
ProviderException
Return values
string

getRequestURL()

Prepares the request URL

protected getRequestURL(string $path[, array<string|int, mixed>|null $params = null ]) : string
Parameters
$path : string
$params : array<string|int, mixed>|null = null
Return values
string

getTokenResponseData()

extracts the data from the access token response and returns an array with the key->value pairs contained

protected getTokenResponseData(ResponseInterface $response) : array<string|int, mixed>

we don't bother checking the content type here as it's sometimes vendor specific, not set or plain wrong: the spec mandates a JSON body which is what almost all providers send - weird exceptions:

  • mixcloud sends JSON with a "text/javascript" header
  • deezer sends form-data with a "text/html" header (???)
  • silly amazon sends gzip compressed data... (handled by decodeJSON)
Parameters
$response : ResponseInterface
Tags
throws
JsonException
Return values
array<string|int, mixed>

sendAccessTokenRequest()

sends a request to the access/refresh token endpoint $url with the given $body as form data

protected sendAccessTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface

sendClientCredentialsTokenRequest()

sends a request to the client credentials endpoint, using basic authentication

protected sendClientCredentialsTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results