Documentation

GitHub extends OAuth2Provider

in package

• Application

implements CSRFToken, TokenRefresh, UserInfo

GitHub OAuth2

Tags

link

https://docs.github.com/en/apps/oauth-apps/building-oauth-apps

link

https://docs.github.com/rest

link

https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/refreshing-user-access-tokens

Table of Contents

Interfaces

CSRFToken

Specifies the methods required for the OAuth2 CSRF token validation ("state parameter")

TokenRefresh

Indicates whether the provider is capable of the OAuth2 token refresh.

UserInfo

Indicates whether the service can provide information about the currently authenticated user, usually via a "/me", "/user" or "/tokeninfo" endpoint.

Constants

DEFAULT_SCOPES  = [self::SCOPE_USER, self::SCOPE_PUBLIC_REPO, self::SCOPE_GIST]

HEADERS_API  = ['Accept' => 'application/vnd.github+json', 'X-GitHub-Api-Version' => '2022-11-28']

HEADERS_AUTH  = ['Accept' => 'application/json']

IDENTIFIER  = 'GITHUB'

SCOPE_CODESPACE  = 'codespace'

SCOPE_GIST  = 'gist'

SCOPE_GPG_KEY_ADMIN  = 'admin:gpg_key'

SCOPE_GPG_KEY_READ  = 'read:gpg_key'

SCOPE_GPG_KEY_WRITE  = 'write:gpg_key'

SCOPE_NOTIFICATIONS  = 'notifications'

SCOPE_ORG_ADMIN  = 'admin:org'

SCOPE_ORG_HOOK_ADMIN  = 'admin:org_hook'

SCOPE_ORG_READ  = 'read:org'

SCOPE_ORG_WRITE  = 'write:org'

SCOPE_PACKAGES_DELETE  = 'delete:packages'

SCOPE_PACKAGES_READ  = 'read:packages'

SCOPE_PACKAGES_WRITE  = 'write:packages'

SCOPE_PROJECT  = 'project'

SCOPE_PROJECT_READ  = 'read:project'

SCOPE_PUBLIC_KEY_ADMIN  = 'admin:public_key'

SCOPE_PUBLIC_KEY_READ  = 'read:public_key'

SCOPE_PUBLIC_KEY_WRITE  = 'write:public_key'

SCOPE_PUBLIC_REPO  = 'public_repo'

SCOPE_REPO  = 'repo'

SCOPE_REPO_DELETE  = 'delete_repo'

SCOPE_REPO_DEPLOYMENT  = 'repo_deployment'

SCOPE_REPO_HOOK_ADMIN  = 'admin:repo_hook'

SCOPE_REPO_HOOK_READ  = 'read:repo_hook'

SCOPE_REPO_HOOK_WRITE  = 'write:repo_hook'

SCOPE_REPO_INVITE  = 'repo:invite'

SCOPE_REPO_STATUS  = 'repo:status'

SCOPE_SECURITY_EVENTS  = 'security_events'

SCOPE_USER  = 'user'

SCOPE_USER_EMAIL  = 'user:email'

SCOPE_USER_FOLLOW  = 'user:follow'

SCOPE_USER_READ  = 'read:user'

SCOPE_WORKFLOW  = 'workflow'

SCOPES_DELIMITER  = ','

Properties

$accessTokenURL  : string

$apiDocs  : string|null

$apiURL  : string

$applicationURL  : string|null

$authorizationURL  : string

$clientCredentialsTokenURL  : string|null

An optional client credentials token endpoint in case the provider supports ClientCredentials.

$http  : ClientInterface

The PSR-18 HTTP client

$logger  : LoggerInterface

A PSR-3 logger

$name  : string

The name of the provider/class

$options  : OAuthOptions|SettingsContainerInterface

The options instance

$parAuthorizationURL  : string

An optional PAR (Pushed Authorization Request) endpoint URL

$refreshTokenURL  : string|null

An optional refresh token endpoint in case the provider supports TokenRefresh.

$requestFactory  : RequestFactoryInterface

A PSR-17 request factory

$revokeURL  : string

An optional URL for application side token revocation

$storage  : OAuthStorageInterface

A storage instance

$streamFactory  : StreamFactoryInterface

A PSR-17 stream factory

$uriFactory  : UriFactoryInterface

A PSR-17 URI factory

$userRevokeURL  : string|null

Methods

__construct()  : mixed

OAuthProvider constructor.

checkState()  : void

implements CSRFToken::checkState()

getAccessToken()  : AccessToken

Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object

getAccessTokenFromStorage()  : AccessToken

Gets an access token from the current OAuthStorageInterface (shorthand/convenience)

getApiDocURL()  : string|null

Returns the link to the provider's API docs, or null if the value is not set

getApplicationURL()  : string|null

Returns the link to the provider's credential registration/application page, or null if the value is not set

getAuthorizationURL()  : UriInterface

Prepares the URL with optional $params which redirects to the provider's authorization prompt and returns a PSR-7 UriInterface with all necessary parameters set.

getName()  : string

Returns the name of the provider/class

getRequestAuthorization()  : RequestInterface

Authorizes the $request with the credentials from the given $token and returns a PSR-7 RequestInterface with all necessary headers and/or parameters set

getStorage()  : OAuthStorageInterface

Returns the current OAuthStorageInterface

getUserRevokeURL()  : string|null

Returns the link to the page where a user can revoke access tokens, or null if the value is not set

InvalidateAccessToken()  : bool

implements TokenInvalidate

me()  : AuthenticatedUser

Returns information about the currently authenticated user (usually a /me or /user endpoint).

refreshAccessToken()  : AccessToken

implements TokenRefresh::refreshAccessToken()

request()  : ResponseInterface

Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response

sendRequest()  : ResponseInterface

setLogger()  : static

Sets an optional PSR-3 LoggerInterface

setRequestFactory()  : static

Sets an optional PSR-17 RequestFactoryInterface

setState()  : array<string, string>

implements CSRFToken::setState()

setStorage()  : static

Sets an optional OAuthStorageInterface

setStreamFactory()  : static

Sets an optional PSR-17 StreamFactoryInterface

setUriFactory()  : static

Sets an optional PSR-17 UriFactoryInterface

storeAccessToken()  : static

Sets an access token in the current OAuthStorageInterface (shorthand/convenience)

addBasicAuthHeader()  : RequestInterface

Adds an "Authorization: Basic <base64(key:secret)>" header to the given request

cleanBodyParams()  : array<string, string>

Cleans an array of body parameters

cleanQueryParams()  : array<string, string>

Cleans an array of query parameters

construct()  : void

A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`

createAccessToken()  : AccessToken

Creates an access token with the provider set to $this->name

getAccessTokenRequestBodyParams()  : array<string, string>

prepares the request body parameters for the access token request

getAuthorizationURLRequestParams()  : array<string, string>

prepares the query parameters for the auth URL

getMeResponseData()  : array<int|string, mixed>

fetches the provider's "me" endpoint and returns the JSON data as an array

getRefreshAccessTokenRequestBodyParams()  : array<string, string|null>

prepares the request body parameters for the token refresh

getRequestHeaders()  : array<string, string>

Prepare request headers

getRequestTarget()  : string

Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".

getRequestURL()  : string

Prepares the request URL

getTokenResponseData()  : array<string, string|mixed>

extracts the data from the access token response and returns an array with the key->value pairs contained

handleMeResponseError()  : void

handles errors for the `me()` endpoints - one horrible block of code to catch them all

nonce()  : string

returns a 32 byte random string (in hexadecimal representation) for use as a nonce

parseTokenResponse()  : AccessToken

Parses the response from a request to the token endpoint

sendAccessTokenRequest()  : ResponseInterface

sends a request to the access/refresh token endpoint $url with the given $body as form data

sendMeRequest()  : ResponseInterface

prepares and sends the request to the provider's "me" endpoint and returns a ResponseInterface

setRequestBody()  : RequestInterface

Prepares the request body and sets it in the given RequestInterface, along with a Content-Length header