DummyOAuth2Provider
extends OAuth2Provider
in package
implements
ClientCredentials, CSRFToken, PAR, PKCE, TokenRefresh, TokenInvalidate
uses
ClientCredentialsTrait, PARTrait, PKCETrait, TokenInvalidateTrait
An OAuth2 provider implementation that supports token refresh, csrf tokens and client credentials
Table of Contents
Interfaces
- ClientCredentials
- Indicates whether the provider is capable of the OAuth2 client credentials authentication flow.
- CSRFToken
- Specifies the methods required for the OAuth2 CSRF token validation ("state parameter")
- PAR
- Specifies the methods required for the OAuth2 Pushed Authorization Requests (PAR)
- PKCE
- Specifies the methods required for the OAuth2 Proof Key for Code Exchange (PKCE)
- TokenRefresh
- Indicates whether the provider is capable of the OAuth2 token refresh.
- TokenInvalidate
- Indicates whether the provider is capable of invalidating access tokens (RFC-7009 or proprietary)
Constants
- AUTH_METHOD = self::AUTH_METHOD_QUERY
- HEADERS_API = ['foo' => 'bar']
- HEADERS_AUTH = ['foo' => 'bar']
- IDENTIFIER = 'DUMMYOAUTH2PROVIDER'
Properties
- $accessTokenURL : string
- $apiDocs : string|null
- An optional link to the provider's API docs
- $apiURL : string
- $applicationURL : string|null
- An optional URL to the provider's credential registration/application page
- $authorizationURL : string
- $clientCredentialsTokenURL : string|null
- An optional client credentials token endpoint in case the provider supports ClientCredentials.
- $http : ClientInterface
- The PSR-18 HTTP client
- $logger : LoggerInterface
- A PSR-3 logger
- $name : string
- The name of the provider/class
- $options : OAuthOptions|SettingsContainerInterface
- The options instance
- $parAuthorizationURL : string
- An optional PAR (Pushed Authorization Request) endpoint URL
- $refreshTokenURL : string|null
- An optional refresh token endpoint in case the provider supports TokenRefresh.
- $requestFactory : RequestFactoryInterface
- A PSR-17 request factory
- $revokeURL : string
- $storage : OAuthStorageInterface
- A storage instance
- $streamFactory : StreamFactoryInterface
- A PSR-17 stream factory
- $uriFactory : UriFactoryInterface
- A PSR-17 URI factory
- $userRevokeURL : string|null
Methods
- __construct() : mixed
- OAuthProvider constructor.
- checkState() : void
- implements CSRFToken::checkState()
- generateChallenge() : string
- implements PKCE::generateChallenge()
- generateVerifier() : string
- implements PKCE::generateVerifier()
- getAccessToken() : AccessToken
- Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object
- getAccessTokenFromStorage() : AccessToken
- Gets an access token from the current OAuthStorageInterface (shorthand/convenience)
- getApiDocURL() : string|null
- Returns the link to the provider's API docs, or null if the value is not set
- getApplicationURL() : string|null
- Returns the link to the provider's credential registration/application page, or null if the value is not set
- getAuthorizationURL() : UriInterface
- Prepares the URL with optional $params which redirects to the provider's authorization prompt and returns a PSR-7 UriInterface with all necessary parameters set.
- getClientCredentialsToken() : AccessToken
- implements ClientCredentials::getClientCredentialsToken()
- getName() : string
- Returns the name of the provider/class
- getParRequestUri() : UriInterface
- implements PAR::getParRequestUri()
- getRequestAuthorization() : RequestInterface
- Authorizes the $request with the credentials from the given $token and returns a PSR-7 RequestInterface with all necessary headers and/or parameters set
- getStorage() : OAuthStorageInterface
- Returns the current OAuthStorageInterface
- getUserRevokeURL() : string|null
- Returns the link to the page where a user can revoke access tokens, or null if the value is not set
- InvalidateAccessToken() : bool
- implements TokenInvalidate
- invalidateAccessToken() : bool
- Allows to invalidate an access token
- refreshAccessToken() : AccessToken
- implements TokenRefresh::refreshAccessToken()
- request() : ResponseInterface
- Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response
- sendRequest() : ResponseInterface
- setCodeChallenge() : array<string, string>
- implements PKCE::setCodeChallenge()
- setCodeVerifier() : array<string, string>
- implements PKCE::setCodeVerifier()
- setLogger() : static
- Sets an optional PSR-3 LoggerInterface
- setRequestFactory() : static
- Sets an optional PSR-17 RequestFactoryInterface
- setState() : array<string, string>
- implements CSRFToken::setState()
- setStorage() : static
- Sets an optional OAuthStorageInterface
- setStreamFactory() : static
- Sets an optional PSR-17 StreamFactoryInterface
- setUriFactory() : static
- Sets an optional PSR-17 UriFactoryInterface
- storeAccessToken() : static
- Sets an access token in the current OAuthStorageInterface (shorthand/convenience)
- addBasicAuthHeader() : RequestInterface
- Adds an "Authorization: Basic <base64(key:secret)>" header to the given request
- cleanBodyParams() : array<string, string>
- Cleans an array of body parameters
- cleanQueryParams() : array<string, string>
- Cleans an array of query parameters
- construct() : void
- A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`
- createAccessToken() : AccessToken
- Creates an access token with the provider set to $this->name
- getAccessTokenRequestBodyParams() : array<string, string>
- prepares the request body parameters for the access token request
- getAuthorizationURLRequestParams() : array<string, string>
- prepares the query parameters for the auth URL
- getClientCredentialsTokenRequestBodyParams() : array<string, string>
- prepares the request body parameters for the client credentials token request
- getInvalidateAccessTokenBodyParams() : array<string, scalar|bool|null>
- Prepares the body for a token revocation request
- getMeResponseData() : array<int|string, mixed>
- fetches the provider's "me" endpoint and returns the JSON data as an array
- getParAuthorizationURLRequestParams() : array<string, string>
- Parses the response from the PAR request and returns the query parameters for the authorization URL
- getRefreshAccessTokenRequestBodyParams() : array<string, string|null>
- prepares the request body parameters for the token refresh
- getRequestHeaders() : array<string, string>
- Prepare request headers
- getRequestTarget() : string
- Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".
- getRequestURL() : string
- Prepares the request URL
- getTokenResponseData() : array<string, string|mixed>
- extracts the data from the access token response and returns an array with the key->value pairs contained
- handleMeResponseError() : void
- handles errors for the `me()` endpoints - one horrible block of code to catch them all
- nonce() : string
- returns a 32 byte random string (in hexadecimal representation) for use as a nonce
- parseTokenResponse() : AccessToken
- Parses the response from a request to the token endpoint
- sendAccessTokenRequest() : ResponseInterface
- sends a request to the access/refresh token endpoint $url with the given $body as form data
- sendClientCredentialsTokenRequest() : ResponseInterface
- sends a request to the client credentials endpoint, using basic authentication
- sendMeRequest() : ResponseInterface
- prepares and sends the request to the provider's "me" endpoint and returns a ResponseInterface
- sendTokenInvalidateRequest() : ResponseInterface
- Prepares and sends a request to the token invalidation endpoint
- setRequestBody() : RequestInterface
- Prepares the request body and sets it in the given RequestInterface, along with a Content-Length header
Constants
AUTH_METHOD
public
mixed
AUTH_METHOD
= self::AUTH_METHOD_QUERY
HEADERS_API
public
mixed
HEADERS_API
= ['foo' => 'bar']
HEADERS_AUTH
public
mixed
HEADERS_AUTH
= ['foo' => 'bar']
IDENTIFIER
public
mixed
IDENTIFIER
= 'DUMMYOAUTH2PROVIDER'
Properties
$accessTokenURL
protected
string
$accessTokenURL
= 'https://example.com/oauth2/token'
$apiDocs
An optional link to the provider's API docs
protected
string|null
$apiDocs
= null
$apiURL
protected
string
$apiURL
= 'https://api.example.com/'
$applicationURL
An optional URL to the provider's credential registration/application page
protected
string|null
$applicationURL
= null
$authorizationURL
protected
string
$authorizationURL
= 'https://example.com/oauth2/authorize'
$clientCredentialsTokenURL
An optional client credentials token endpoint in case the provider supports ClientCredentials.
protected
string|null
$clientCredentialsTokenURL
= null
If the provider supports client credentials and $clientCredentialsTokenURL is null, $accessTokenURL will be used instead.
Tags
$http
The PSR-18 HTTP client
protected
ClientInterface
$http
$logger
A PSR-3 logger
protected
LoggerInterface
$logger
$name
The name of the provider/class
protected
string
$name
= ''
$options
The options instance
protected
OAuthOptions|SettingsContainerInterface
$options
$parAuthorizationURL
An optional PAR (Pushed Authorization Request) endpoint URL
protected
string
$parAuthorizationURL
= 'https://example.com/oauth2/par'
$refreshTokenURL
An optional refresh token endpoint in case the provider supports TokenRefresh.
protected
string|null
$refreshTokenURL
= null
If the provider supports token refresh and $refreshTokenURL is null, $accessTokenURL will be used instead.
Tags
$requestFactory
A PSR-17 request factory
protected
RequestFactoryInterface
$requestFactory
$revokeURL
protected
string
$revokeURL
= 'https://example.com/oauth2/revoke'
$storage
A storage instance
protected
OAuthStorageInterface
$storage
$streamFactory
A PSR-17 stream factory
protected
StreamFactoryInterface
$streamFactory
$uriFactory
A PSR-17 URI factory
protected
UriFactoryInterface
$uriFactory
$userRevokeURL
protected
string|null
$userRevokeURL
= 'https://account.example.com/apps/'
Methods
__construct()
OAuthProvider constructor.
public
final __construct(OAuthOptions|SettingsContainerInterface $options, ClientInterface $http, RequestFactoryInterface $requestFactory, StreamFactoryInterface $streamFactory, UriFactoryInterface $uriFactory[, OAuthStorageInterface $storage = new MemoryStorage() ][, LoggerInterface $logger = new NullLogger() ]) : mixed
Parameters
- $options : OAuthOptions|SettingsContainerInterface
- $http : ClientInterface
- $requestFactory : RequestFactoryInterface
- $streamFactory : StreamFactoryInterface
- $uriFactory : UriFactoryInterface
- $storage : OAuthStorageInterface = new MemoryStorage()
- $logger : LoggerInterface = new NullLogger()
checkState()
implements CSRFToken::checkState()
public
final checkState([string|null $state = null ]) : void
Parameters
- $state : string|null = null
Tags
generateChallenge()
implements PKCE::generateChallenge()
public
final generateChallenge(string $verifier, string $challengeMethod) : string
Parameters
- $verifier : string
- $challengeMethod : string
Tags
Return values
stringgenerateVerifier()
implements PKCE::generateVerifier()
public
final generateVerifier(int $length) : string
Parameters
- $length : int
Tags
Return values
stringgetAccessToken()
Obtains an OAuth2 access token with the given $code, verifies the $state if the provider implements the CSRFToken interface, and returns an AccessToken object
public
getAccessToken(string $code[, string|null $state = null ]) : AccessToken
Parameters
- $code : string
- $state : string|null = null
Return values
AccessTokengetAccessTokenFromStorage()
Gets an access token from the current OAuthStorageInterface (shorthand/convenience)
public
final getAccessTokenFromStorage() : AccessToken
Tags
Return values
AccessTokengetApiDocURL()
Returns the link to the provider's API docs, or null if the value is not set
public
final getApiDocURL() : string|null
Tags
Return values
string|nullgetApplicationURL()
Returns the link to the provider's credential registration/application page, or null if the value is not set
public
final getApplicationURL() : string|null
Tags
Return values
string|nullgetAuthorizationURL()
Prepares the URL with optional $params which redirects to the provider's authorization prompt and returns a PSR-7 UriInterface with all necessary parameters set.
public
getAuthorizationURL([array<string, scalar>|null $params = null ][, array<string|int, string>|null $scopes = null ]) : UriInterface
Parameters
- $params : array<string, scalar>|null = null
- $scopes : array<string|int, string>|null = null
Return values
UriInterfacegetClientCredentialsToken()
implements ClientCredentials::getClientCredentialsToken()
public
getClientCredentialsToken([array<string|int, string>|null $scopes = null ]) : AccessToken
Parameters
- $scopes : array<string|int, string>|null = null
Tags
Return values
AccessTokengetName()
Returns the name of the provider/class
public
final getName() : string
Tags
Return values
stringgetParRequestUri()
implements PAR::getParRequestUri()
public
getParRequestUri(array<string, string> $body) : UriInterface
Parameters
- $body : array<string, string>
Tags
Return values
UriInterfacegetRequestAuthorization()
Authorizes the $request with the credentials from the given $token and returns a PSR-7 RequestInterface with all necessary headers and/or parameters set
public
getRequestAuthorization(RequestInterface $request[, AccessToken|null $token = null ]) : RequestInterface
Parameters
- $request : RequestInterface
- $token : AccessToken|null = null
Return values
RequestInterfacegetStorage()
Returns the current OAuthStorageInterface
public
final getStorage() : OAuthStorageInterface
Tags
Return values
OAuthStorageInterfacegetUserRevokeURL()
Returns the link to the page where a user can revoke access tokens, or null if the value is not set
public
final getUserRevokeURL() : string|null
Tags
Return values
string|nullInvalidateAccessToken()
implements TokenInvalidate
public
InvalidateAccessToken([AccessToken|null $token = null ]) : bool
Parameters
- $token : AccessToken|null = null
Tags
Return values
boolinvalidateAccessToken()
Allows to invalidate an access token
public
invalidateAccessToken([AccessToken|null $token = null ][, string|null $type = null ]) : bool
Clients shall set the optional OAuthProvider::$revokeURL for use in this method. If a token is given via $token, that token should be invalidated, otherwise the current user token from the internal storage should be used. Returns true if the operation was successful, false otherwise. May throw a ProviderException if an error occurred.
Parameters
- $token : AccessToken|null = null
- $type : string|null = null
Return values
boolrefreshAccessToken()
implements TokenRefresh::refreshAccessToken()
public
refreshAccessToken([AccessToken|null $token = null ]) : AccessToken
Parameters
- $token : AccessToken|null = null
Tags
Return values
AccessTokenrequest()
Prepares an API request to $path with the given parameters, gets authorization, fires the request and returns a PSR-7 ResponseInterface with the corresponding API response
public
request(string $path[, array<string|int, mixed>|null $params = null ][, string|null $method = null ][, StreamInterface|array<string|int, mixed>|string|null $body = null ][, array<string|int, mixed>|null $headers = null ][, string|null $protocolVersion = null ]) : ResponseInterface
Parameters
- $path : string
- $params : array<string|int, mixed>|null = null
- $method : string|null = null
- $body : StreamInterface|array<string|int, mixed>|string|null = null
- $headers : array<string|int, mixed>|null = null
- $protocolVersion : string|null = null
Tags
Return values
ResponseInterfacesendRequest()
public
final sendRequest(RequestInterface $request) : ResponseInterface
Parameters
- $request : RequestInterface
Tags
Return values
ResponseInterfacesetCodeChallenge()
implements PKCE::setCodeChallenge()
public
final setCodeChallenge(array<string, string> $params, string $challengeMethod) : array<string, string>
Parameters
- $params : array<string, string>
- $challengeMethod : string
Tags
Return values
array<string, string>setCodeVerifier()
implements PKCE::setCodeVerifier()
public
final setCodeVerifier(array<string, string> $params) : array<string, string>
Parameters
- $params : array<string, string>
Tags
Return values
array<string, string>setLogger()
Sets an optional PSR-3 LoggerInterface
public
final setLogger(LoggerInterface $logger) : static
Parameters
- $logger : LoggerInterface
Tags
Return values
staticsetRequestFactory()
Sets an optional PSR-17 RequestFactoryInterface
public
final setRequestFactory(RequestFactoryInterface $requestFactory) : static
Parameters
- $requestFactory : RequestFactoryInterface
Tags
Return values
staticsetState()
implements CSRFToken::setState()
public
final setState(array<string, string> $params) : array<string, string>
Parameters
- $params : array<string, string>
Tags
Return values
array<string, string>setStorage()
Sets an optional OAuthStorageInterface
public
final setStorage(OAuthStorageInterface $storage) : static
Parameters
- $storage : OAuthStorageInterface
Tags
Return values
staticsetStreamFactory()
Sets an optional PSR-17 StreamFactoryInterface
public
final setStreamFactory(StreamFactoryInterface $streamFactory) : static
Parameters
- $streamFactory : StreamFactoryInterface
Tags
Return values
staticsetUriFactory()
Sets an optional PSR-17 UriFactoryInterface
public
final setUriFactory(UriFactoryInterface $uriFactory) : static
Parameters
- $uriFactory : UriFactoryInterface
Tags
Return values
staticstoreAccessToken()
Sets an access token in the current OAuthStorageInterface (shorthand/convenience)
public
final storeAccessToken(AccessToken $token) : static
Parameters
- $token : AccessToken
Tags
Return values
staticaddBasicAuthHeader()
Adds an "Authorization: Basic <base64(key:secret)>" header to the given request
protected
addBasicAuthHeader(RequestInterface $request) : RequestInterface
Parameters
- $request : RequestInterface
Return values
RequestInterfacecleanBodyParams()
Cleans an array of body parameters
protected
cleanBodyParams(array<string, scalar|bool|null> $params) : array<string, string>
Parameters
- $params : array<string, scalar|bool|null>
Return values
array<string, string>cleanQueryParams()
Cleans an array of query parameters
protected
cleanQueryParams(array<string, scalar|bool|null> $params) : array<string, string>
Parameters
- $params : array<string, scalar|bool|null>
Return values
array<string, string>construct()
A replacement constructor that you can call in extended classes, so that you don't have to implement the monstrous original `__construct()`
protected
construct() : void
createAccessToken()
Creates an access token with the provider set to $this->name
protected
final createAccessToken() : AccessToken
Tags
Return values
AccessTokengetAccessTokenRequestBodyParams()
prepares the request body parameters for the access token request
protected
getAccessTokenRequestBodyParams(string $code) : array<string, string>
Parameters
- $code : string
Tags
Return values
array<string, string>getAuthorizationURLRequestParams()
prepares the query parameters for the auth URL
protected
getAuthorizationURLRequestParams(array<string, scalar> $params, array<string|int, string> $scopes) : array<string, string>
Parameters
- $params : array<string, scalar>
- $scopes : array<string|int, string>
Tags
Return values
array<string, string>getClientCredentialsTokenRequestBodyParams()
prepares the request body parameters for the client credentials token request
protected
getClientCredentialsTokenRequestBodyParams(array<string|int, string>|null $scopes) : array<string, string>
Parameters
- $scopes : array<string|int, string>|null
Tags
Return values
array<string, string>getInvalidateAccessTokenBodyParams()
Prepares the body for a token revocation request
protected
getInvalidateAccessTokenBodyParams(AccessToken $token, string $type) : array<string, scalar|bool|null>
Parameters
- $token : AccessToken
- $type : string
Tags
Return values
array<string, scalar|bool|null>getMeResponseData()
fetches the provider's "me" endpoint and returns the JSON data as an array
protected
final getMeResponseData(string $endpoint[, array<string, scalar|bool|null>|null $params = null ]) : array<int|string, mixed>
Parameters
- $endpoint : string
- $params : array<string, scalar|bool|null>|null = null
Tags
Return values
array<int|string, mixed>getParAuthorizationURLRequestParams()
Parses the response from the PAR request and returns the query parameters for the authorization URL
protected
getParAuthorizationURLRequestParams(array<string, string> $response) : array<string, string>
Parameters
- $response : array<string, string>
Tags
Return values
array<string, string>getRefreshAccessTokenRequestBodyParams()
prepares the request body parameters for the token refresh
protected
getRefreshAccessTokenRequestBodyParams(string $refreshToken) : array<string, string|null>
Parameters
- $refreshToken : string
Tags
Return values
array<string, string|null>getRequestHeaders()
Prepare request headers
protected
final getRequestHeaders([array<string, string>|null $headers = null ]) : array<string, string>
Parameters
- $headers : array<string, string>|null = null
Return values
array<string, string>getRequestTarget()
Determine the request target from the given URI (path segment or URL) with respect to $apiURL, anything except host and path will be ignored, scheme will always be set to "https".
protected
getRequestTarget(string $uri) : string
Throws if the host of a given URL does not match the host of $apiURL.
Parameters
- $uri : string
Tags
Return values
stringgetRequestURL()
Prepares the request URL
protected
final getRequestURL(string $path[, array<string, scalar|bool|null>|null $params = null ]) : string
Parameters
- $path : string
- $params : array<string, scalar|bool|null>|null = null
Return values
stringgetTokenResponseData()
extracts the data from the access token response and returns an array with the key->value pairs contained
protected
getTokenResponseData(ResponseInterface $response) : array<string, string|mixed>
we don't bother checking the content type here as it's sometimes vendor specific, not set or plain wrong: the spec mandates a JSON body which is what almost all providers send - weird exceptions:
- mixcloud sends JSON with a "text/javascript" header
- deezer sends form-data with a "text/html" header (???)
- silly amazon sends gzip compressed data... (handled by decodeJSON)
Parameters
- $response : ResponseInterface
Tags
Return values
array<string, string|mixed>handleMeResponseError()
handles errors for the `me()` endpoints - one horrible block of code to catch them all
protected
final handleMeResponseError(ResponseInterface $response) : void
we could simply throw a ProviderException and be done with it, but we're nice and try to provide a message too
Parameters
- $response : ResponseInterface
Tags
nonce()
returns a 32 byte random string (in hexadecimal representation) for use as a nonce
protected
nonce([int $bytes = 32 ]) : string
Parameters
- $bytes : int = 32
Tags
Return values
stringparseTokenResponse()
Parses the response from a request to the token endpoint
protected
parseTokenResponse(ResponseInterface $response) : AccessToken
Parameters
- $response : ResponseInterface
Tags
Return values
AccessTokensendAccessTokenRequest()
sends a request to the access/refresh token endpoint $url with the given $body as form data
protected
sendAccessTokenRequest(string $url, array<string, scalar|bool|null> $body) : ResponseInterface
Parameters
- $url : string
- $body : array<string, scalar|bool|null>
Tags
Return values
ResponseInterfacesendClientCredentialsTokenRequest()
sends a request to the client credentials endpoint, using basic authentication
protected
sendClientCredentialsTokenRequest(string $url, array<string, scalar> $body) : ResponseInterface
Parameters
- $url : string
- $body : array<string, scalar>
Tags
Return values
ResponseInterfacesendMeRequest()
prepares and sends the request to the provider's "me" endpoint and returns a ResponseInterface
protected
sendMeRequest(string $endpoint[, array<string, scalar|bool|null>|null $params = null ]) : ResponseInterface
Parameters
- $endpoint : string
- $params : array<string, scalar|bool|null>|null = null
Return values
ResponseInterfacesendTokenInvalidateRequest()
Prepares and sends a request to the token invalidation endpoint
protected
sendTokenInvalidateRequest(string $url, array<string, scalar|bool|null> $body) : ResponseInterface
Parameters
- $url : string
- $body : array<string, scalar|bool|null>
Tags
Return values
ResponseInterfacesetRequestBody()
Prepares the request body and sets it in the given RequestInterface, along with a Content-Length header
protected
final setRequestBody(StreamInterface|array<string, scalar|bool|null>|string $body, RequestInterface $request) : RequestInterface
Parameters
- $body : StreamInterface|array<string, scalar|bool|null>|string
- $request : RequestInterface