Documentation

Discord extends OAuth2Provider
in package
implements ClientCredentials, CSRFToken, TokenRefresh, TokenInvalidate

Discord OAuth2

Tags
see
https://discord.com/developers/docs/topics/oauth2

Table of Contents

Interfaces

ClientCredentials
Indicates whether the provider is capable of the OAuth2 client credentials authentication flow.
CSRFToken
Specifies the methods required for the OAuth2 CSRF token validation ("state parameter")
TokenRefresh
Indicates whether the provider is capable of the OAuth2 token refresh.
TokenInvalidate
Indicates whether the service is capable of invalidating access tokens

Constants

DEFAULT_SCOPES  = [self::SCOPE_CONNECTIONS, self::SCOPE_EMAIL, self::SCOPE_IDENTIFY, self::SCOPE_GUILDS, self::SCOPE_GUILDS_JOIN, self::SCOPE_GDM_JOIN, self::SCOPE_MESSAGES_READ]
SCOPE_APPLICATIONS_COMMANDS  = 'applications.commands'
SCOPE_APPLICATIONS_COMMANDS_PERMISSIONS_UPDATE  = 'applications.commands.permissions.update'
SCOPE_APPLICATIONS_COMMANDS_UPDATE  = 'applications.commands.update'
SCOPE_APPLICATIONS_ENTITLEMENTS  = 'applications.entitlements'
SCOPE_BOT  = 'bot'
SCOPE_CONNECTIONS  = 'connections'
SCOPE_EMAIL  = 'email'
SCOPE_GDM_JOIN  = 'gdm.join'
SCOPE_GUILDS  = 'guilds'
SCOPE_GUILDS_JOIN  = 'guilds.join'
SCOPE_GUILDS_MEMBERS_READ  = 'guilds.members.read'
SCOPE_IDENTIFY  = 'identify'
SCOPE_MESSAGES_READ  = 'messages.read'
SCOPE_RELATIONSHIPS_READ  = 'relationships.read'
SCOPE_ROLE_CONNECTIONS_WRITE  = 'role_connections.write'
SCOPE_RPC  = 'rpc'
SCOPE_RPC_ACTIVITIES_WRITE  = 'rpc.activities.write'
SCOPE_RPC_NOTIFICATIONS_READ  = 'rpc.notifications.read'
SCOPE_WEBHOOK_INCOMING  = 'webhook.incoming'
MAGIC_PROPERTIES  = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL  : string
$apiDocs  : string|null
$apiURL  : string
$applicationURL  : string|null
$authURL  : string
$clientCredentialsTokenURL  : string|null
An optional client credentials token endpoint in case the provider supports ClientCredentials.
$http  : ClientInterface
$logger  : LoggerInterface
$options  : OAuthOptions|SettingsContainerInterface
$refreshTokenURL  : string
An optional refresh token endpoint in case the provider supports TokenRefresh.
$requestFactory  : RequestFactoryInterface
$revokeURL  : string
$serviceName  : string
the name of the provider/class (magic)
$storage  : OAuthStorageInterface
$streamFactory  : StreamFactoryInterface
$uriFactory  : UriFactoryInterface
$userRevokeURL  : string|null
an optional link to the page where a user can revoke access tokens (magic)

Methods

__construct()  : mixed
OAuthProvider constructor.
__get()  : string|null
Magic getter for the properties specified in self::ALLOWED_PROPERTIES
getAccessToken()  : AccessToken
Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object
getAccessTokenFromStorage()  : AccessToken
Gets an access token from the current OAuthStorageInterface (shorthand/convenience)
getAuthURL()  : UriInterface
getClientCredentialsToken()  : AccessToken
getRequestAuthorization()  : RequestInterface
getStorage()  : OAuthStorageInterface
Returns the current OAuthStorageInterface
InvalidateAccessToken()  : bool
invalidateAccessToken()  : bool
Allows to invalidate an access token
me()  : ResponseInterface
refreshAccessToken()  : AccessToken
request()  : ResponseInterface
Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response
sendRequest()  : ResponseInterface
setLogger()  : static
Sets an optional PSR-3 LoggerInterface
setRequestFactory()  : static
Sets an optional PSR-17 RequestFactoryInterface
setStorage()  : static
Sets an optional OAuthStorageInterface
setStreamFactory()  : static
Sets an optional PSR-17 StreamFactoryInterface
setUriFactory()  : static
Sets an optional PSR-17 UriFactoryInterface
storeAccessToken()  : static
Sets an access token in the current OAuthStorageInterface (shorthand/convenience)
cleanBodyParams()  : array<string|int, mixed>
Cleans an array of body parameters
cleanQueryParams()  : array<string|int, mixed>
Cleans an array of query parameters
construct()  : void
A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`
createAccessToken()  : AccessToken
Creates an access token with the provider set to $this->serviceName
getAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the access token request
getAuthURLRequestParams()  : array<string|int, mixed>
prepares the query parameters for the auth URL
getClientCredentialsTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the client credentials token request
getRefreshAccessTokenRequestBodyParams()  : array<string|int, mixed>
prepares the request body parameters for the token refresh
getRequestBody()  : StreamInterface
Prepares the request body
getRequestHeaders()  : array<string|int, mixed>
Prepare request headers
getRequestTarget()  : string
Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".
getRequestURL()  : string
Prepares the request URL
getTokenResponseData()  : array<string|int, mixed>
extracts the data from the access token response and returns an array with the key->value pairs contained
nonce()  : string
returns a 32 byte random string (in hexadecimal representation) for use as a nonce
parseTokenResponse()  : AccessToken
Parses the response from a request to the token endpoint
sendAccessTokenRequest()  : ResponseInterface
sends a request to the access/refresh token endpoint $url with the given $body as form data
sendClientCredentialsTokenRequest()  : ResponseInterface
sends a request to the client credentials endpoint, using basic authentication

Constants

DEFAULT_SCOPES

public mixed DEFAULT_SCOPES = [self::SCOPE_CONNECTIONS, self::SCOPE_EMAIL, self::SCOPE_IDENTIFY, self::SCOPE_GUILDS, self::SCOPE_GUILDS_JOIN, self::SCOPE_GDM_JOIN, self::SCOPE_MESSAGES_READ]

SCOPE_APPLICATIONS_COMMANDS

public mixed SCOPE_APPLICATIONS_COMMANDS = 'applications.commands'

SCOPE_APPLICATIONS_COMMANDS_PERMISSIONS_UPDATE

public mixed SCOPE_APPLICATIONS_COMMANDS_PERMISSIONS_UPDATE = 'applications.commands.permissions.update'

SCOPE_APPLICATIONS_COMMANDS_UPDATE

public mixed SCOPE_APPLICATIONS_COMMANDS_UPDATE = 'applications.commands.update'

SCOPE_APPLICATIONS_ENTITLEMENTS

public mixed SCOPE_APPLICATIONS_ENTITLEMENTS = 'applications.entitlements'

SCOPE_BOT

public mixed SCOPE_BOT = 'bot'

SCOPE_CONNECTIONS

public mixed SCOPE_CONNECTIONS = 'connections'

SCOPE_EMAIL

public mixed SCOPE_EMAIL = 'email'

SCOPE_GDM_JOIN

public mixed SCOPE_GDM_JOIN = 'gdm.join'

SCOPE_GUILDS

public mixed SCOPE_GUILDS = 'guilds'

SCOPE_GUILDS_JOIN

public mixed SCOPE_GUILDS_JOIN = 'guilds.join'

SCOPE_GUILDS_MEMBERS_READ

public mixed SCOPE_GUILDS_MEMBERS_READ = 'guilds.members.read'

SCOPE_IDENTIFY

public mixed SCOPE_IDENTIFY = 'identify'

SCOPE_MESSAGES_READ

public mixed SCOPE_MESSAGES_READ = 'messages.read'

SCOPE_RELATIONSHIPS_READ

public mixed SCOPE_RELATIONSHIPS_READ = 'relationships.read'

SCOPE_ROLE_CONNECTIONS_WRITE

public mixed SCOPE_ROLE_CONNECTIONS_WRITE = 'role_connections.write'

SCOPE_RPC

public mixed SCOPE_RPC = 'rpc'

SCOPE_RPC_ACTIVITIES_WRITE

public mixed SCOPE_RPC_ACTIVITIES_WRITE = 'rpc.activities.write'

SCOPE_RPC_NOTIFICATIONS_READ

public mixed SCOPE_RPC_NOTIFICATIONS_READ = 'rpc.notifications.read'

SCOPE_WEBHOOK_INCOMING

public mixed SCOPE_WEBHOOK_INCOMING = 'webhook.incoming'

MAGIC_PROPERTIES

protected array<string|int, string> MAGIC_PROPERTIES = ['apiDocs', 'apiURL', 'applicationURL', 'serviceName', 'userRevokeURL']

Properties

$accessTokenURL

protected string $accessTokenURL = 'https://discordapp.com/api/oauth2/token'

$apiDocs

protected string|null $apiDocs = 'https://discord.com/developers/'

$apiURL

protected string $apiURL = 'https://discordapp.com/api'

$applicationURL

protected string|null $applicationURL = 'https://discordapp.com/developers/applications/'

$authURL

protected string $authURL = 'https://discordapp.com/api/oauth2/authorize'

$clientCredentialsTokenURL

An optional client credentials token endpoint in case the provider supports ClientCredentials.

protected string|null $clientCredentialsTokenURL = null

If the provider supports client credentials and $clientCredentialsTokenURL is null, $accessTokenURL will be used instead.

$logger

protected LoggerInterface $logger = new NullLogger()

$refreshTokenURL

An optional refresh token endpoint in case the provider supports TokenRefresh.

protected string $refreshTokenURL

If the provider supports token refresh and $refreshTokenURL is null, $accessTokenURL will be used instead.

Tags
see
TokenRefresh

$requestFactory

protected RequestFactoryInterface $requestFactory

$revokeURL

protected string $revokeURL = 'https://discordapp.com/api/oauth2/token/revoke'

$serviceName

the name of the provider/class (magic)

protected string $serviceName

$streamFactory

protected StreamFactoryInterface $streamFactory

$userRevokeURL

an optional link to the page where a user can revoke access tokens (magic)

protected string|null $userRevokeURL = null

Methods

__construct()

OAuthProvider constructor.

public __construct(OAuthOptions|SettingsContainerInterface $options, ClientInterface $http, RequestFactoryInterface $requestFactory, StreamFactoryInterface $streamFactory, UriFactoryInterface $uriFactory[, OAuthStorageInterface $storage = new MemoryStorage() ][, LoggerInterface $logger = new NullLogger() ]) : mixed
Parameters
$options : OAuthOptions|SettingsContainerInterface
$http : ClientInterface
$requestFactory : RequestFactoryInterface
$streamFactory : StreamFactoryInterface
$uriFactory : UriFactoryInterface
$storage : OAuthStorageInterface = new MemoryStorage()
$logger : LoggerInterface = new NullLogger()

__get()

Magic getter for the properties specified in self::ALLOWED_PROPERTIES

public final __get(string $name) : string|null
Parameters
$name : string
Return values
string|null

getAccessToken()

Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object

public getAccessToken(string $code[, string|null $state = null ]) : AccessToken
Parameters
$code : string
$state : string|null = null
Tags
inheritDoc
Return values
AccessToken

getAccessTokenFromStorage()

Gets an access token from the current OAuthStorageInterface (shorthand/convenience)

public getAccessTokenFromStorage() : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
AccessToken

getAuthURL()

public getAuthURL([array<string|int, mixed>|null $params = null ][, array<string|int, string>|null $scopes = null ]) : UriInterface
Parameters
$params : array<string|int, mixed>|null = null
$scopes : array<string|int, string>|null = null
Tags
inheritDoc
Return values
UriInterface

getClientCredentialsToken()

public getClientCredentialsToken([array<string|int, string>|null $scopes = null ]) : AccessToken
Parameters
$scopes : array<string|int, string>|null = null
Tags
implements

\chillerlan\OAuth\Core\ClientCredentials

throws
ProviderException
Return values
AccessToken

getRequestAuthorization()

public getRequestAuthorization(RequestInterface $request[, AccessToken|null $token = null ]) : RequestInterface
Parameters
$request : RequestInterface
$token : AccessToken|null = null
Tags
inheritDoc
Return values
RequestInterface

InvalidateAccessToken()

public InvalidateAccessToken([AccessToken|null $token = null ]) : bool
Parameters
$token : AccessToken|null = null
Tags
implements

\chillerlan\OAuth\Core\TokenInvalidate

codeCoverageIgnore
throws
ProviderException
Return values
bool

invalidateAccessToken()

Allows to invalidate an access token

public invalidateAccessToken([AccessToken $token = null ]) : bool
Parameters
$token : AccessToken = null
Tags
inheritDoc
Return values
bool

me()

public me() : ResponseInterface
Tags
inheritDoc
Return values
ResponseInterface

request()

Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response

public request(string $path[, array<string|int, mixed>|null $params = null ][, string|null $method = null ][, StreamInterface|array<string|int, mixed>|string|null $body = null ][, array<string|int, mixed>|null $headers = null ][, string|null $protocolVersion = null ]) : ResponseInterface
Parameters
$path : string
$params : array<string|int, mixed>|null = null
$method : string|null = null
$body : StreamInterface|array<string|int, mixed>|string|null = null
$headers : array<string|int, mixed>|null = null
$protocolVersion : string|null = null
Tags
inheritDoc
throws
UnauthorizedAccessException
Return values
ResponseInterface

sendRequest()

public final sendRequest(RequestInterface $request) : ResponseInterface
Parameters
$request : RequestInterface
Tags
inheritDoc
throws
InvalidAccessTokenException
Return values
ResponseInterface

setLogger()

Sets an optional PSR-3 LoggerInterface

public final setLogger(LoggerInterface $logger) : static
Parameters
$logger : LoggerInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setRequestFactory()

Sets an optional PSR-17 RequestFactoryInterface

public final setRequestFactory(RequestFactoryInterface $requestFactory) : static
Parameters
$requestFactory : RequestFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setStreamFactory()

Sets an optional PSR-17 StreamFactoryInterface

public final setStreamFactory(StreamFactoryInterface $streamFactory) : static
Parameters
$streamFactory : StreamFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

setUriFactory()

Sets an optional PSR-17 UriFactoryInterface

public final setUriFactory(UriFactoryInterface $uriFactory) : static
Parameters
$uriFactory : UriFactoryInterface
Tags
inheritDoc
codeCoverageIgnore
Return values
static

storeAccessToken()

Sets an access token in the current OAuthStorageInterface (shorthand/convenience)

public storeAccessToken(AccessToken $token) : static
Parameters
$token : AccessToken
Tags
inheritDoc
codeCoverageIgnore
Return values
static

cleanBodyParams()

Cleans an array of body parameters

protected cleanBodyParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

cleanQueryParams()

Cleans an array of query parameters

protected cleanQueryParams(iterable<string|int, mixed> $params) : array<string|int, mixed>
Parameters
$params : iterable<string|int, mixed>
Return values
array<string|int, mixed>

construct()

A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`

protected construct() : void

createAccessToken()

Creates an access token with the provider set to $this->serviceName

protected createAccessToken() : AccessToken
Tags
codeCoverageIgnore
Return values
AccessToken

getAccessTokenRequestBodyParams()

prepares the request body parameters for the access token request

protected getAccessTokenRequestBodyParams(string $code) : array<string|int, mixed>
Parameters
$code : string
Return values
array<string|int, mixed>

getAuthURLRequestParams()

prepares the query parameters for the auth URL

protected getAuthURLRequestParams(array<string|int, mixed> $params, array<string|int, mixed> $scopes) : array<string|int, mixed>
Parameters
$params : array<string|int, mixed>
$scopes : array<string|int, mixed>
Return values
array<string|int, mixed>

getClientCredentialsTokenRequestBodyParams()

prepares the request body parameters for the client credentials token request

protected getClientCredentialsTokenRequestBodyParams(array<string|int, string>|null $scopes) : array<string|int, mixed>
Parameters
$scopes : array<string|int, string>|null
Return values
array<string|int, mixed>

getRefreshAccessTokenRequestBodyParams()

prepares the request body parameters for the token refresh

protected getRefreshAccessTokenRequestBodyParams(string $refreshToken) : array<string|int, mixed>
Parameters
$refreshToken : string
Return values
array<string|int, mixed>

getRequestBody()

Prepares the request body

protected getRequestBody(StreamInterface|array<string|int, mixed>|string $body, RequestInterface $request) : StreamInterface
Parameters
$body : StreamInterface|array<string|int, mixed>|string
$request : RequestInterface
Tags
throws
ProviderException
Return values
StreamInterface

getRequestHeaders()

Prepare request headers

protected getRequestHeaders([array<string|int, mixed>|null $headers = null ]) : array<string|int, mixed>
Parameters
$headers : array<string|int, mixed>|null = null
Return values
array<string|int, mixed>

getRequestTarget()

Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".

protected getRequestTarget(string $uri) : string

Throws if the host of a given URL does not match the host of $apiURL.

Parameters
$uri : string
Tags
see
OAuthInterface::request()
throws
ProviderException
Return values
string

getRequestURL()

Prepares the request URL

protected getRequestURL(string $path[, array<string|int, mixed>|null $params = null ]) : string
Parameters
$path : string
$params : array<string|int, mixed>|null = null
Return values
string

getTokenResponseData()

extracts the data from the access token response and returns an array with the key->value pairs contained

protected getTokenResponseData(ResponseInterface $response) : array<string|int, mixed>

we don't bother checking the content type here as it's sometimes vendor specific, not set or plain wrong: the spec mandates a JSON body which is what almost all providers send - weird exceptions:

  • mixcloud sends JSON with a "text/javascript" header
  • deezer sends form-data with a "text/html" header (???)
  • silly amazon sends gzip compressed data... (handled by decodeJSON)
Parameters
$response : ResponseInterface
Tags
throws
JsonException
Return values
array<string|int, mixed>

sendAccessTokenRequest()

sends a request to the access/refresh token endpoint $url with the given $body as form data

protected sendAccessTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface

sendClientCredentialsTokenRequest()

sends a request to the client credentials endpoint, using basic authentication

protected sendClientCredentialsTokenRequest(string $url, array<string|int, mixed> $body) : ResponseInterface
Parameters
$url : string
$body : array<string|int, mixed>
Return values
ResponseInterface 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results