CO-Public-Mirror/CloudObjects-PHP-SDK
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implementing OAuth2 client credential flow (WIP)

Browse Source
This commit is contained in:
Lukas Rosenstock
2023-05-17 18:01:12 +02:00
parent 8b1a5ca4a2
commit f1e1c8fd18
3 changed files with 157 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
CloudObjects/SDK/WebAPI/OAuth2AuthServer.php Normal file
View File

@@ -0,0 +1,105 @@
<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
namespace CloudObjects\SDK\WebAPI;
use Exception;
use ML\JsonLD\Node;
use GuzzleHttp\Client;
use Webmozart\Assert\Assert;
use CloudObjects\SDK\NodeReader;
class OAuth2AuthServer {
private $reader;
private $authServer;
private $consumer;
private $grantType;
private $clientId;
private $clientSecret;
public function __construct(Node $authServer) {
$this->reader = new NodeReader([
'prefixes' => [
'oauth2' => 'coid://oauth2.co-n.net/'
]
]);
Assert::true($this->reader->hasProperty($authServer, 'oauth2:hasTokenEndpoint'),
"Authorization Server must have a token endpoint.");
Assert::startsWith($this->reader->getFirstValueString($authServer, 'oauth2:hasTokenEndpoint'),
"https://",
"Token endpoint must be an https:// URL.");
Assert::true($this->reader->hasProperty($authServer, 'oauth2:supportsGrantType'),
"Authorization Server must support at least one grant type.");
Assert::true($this->reader->hasProperty($this->authServer, 'oauth2:usesClientIDFrom'),
"Authorization Server must define client ID property.");
Assert::true($this->reader->hasProperty($this->authServer, 'oauth2:usesClientSecretFrom'),
"Authorization Server must define client secret property.");
$this->authServer = $authServer;
}
private function assertClientCredentialPropertiesExist() : void {
}
public function configureConsumer(Node $consumer) : void {
$this->assertClientCredentialPropertiesExist();
$clientIDProperty = $this->reader->getFirstValueString($this->authServer,
'oauth2:usesClientIDFrom');
$clientSecretProperty = $this->reader->getFirstValueString($this->authServer,
'oauth2:usesClientSecretFrom');
Assert::true($this->reader->hasProperty($consumer, $clientIDProperty),
"Namespace must have Client ID");
Assert::true($this->reader->hasProperty($consumer, $clientSecretProperty),
"Namespace must have Client Secret");
if ($this->reader->hasPropertyValue($this->authServer,
'oauth2:supportsGrantType', 'oauth2:ClientCredentials')) {
// No additional conditions for "client_credentials" flow
$this->grantType = 'client_credentials';
} else {
throw new Exception("No flow/grant_type found.");
}
$this->consumer = $consumer;
$this->clientId = $this->reader->getFirstValueString($consumer, $clientIDProperty);
$this->clientSecret = $this->reader->getFirstValueString($consumer, $clientSecretProperty);
}
public function getAccessToken() {
Assert::notNull($this->consumer, "Missing consumer.");
Assert::notNull($this->grantType, "Missing grant_type.");
Assert::notNull($this->clientId, "Missing client_id.");
Assert::notNull($this->clientSecret, "Missing client_secret.");
$client = new Client;
$tokenEndpointUrl = $this->reader->getFirstValueString($this->authServer, 'oauth2:hasTokenEndpoint');
$params = [
'grant_type' => $this->grantType,
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret
];
switch ($this->grantType) {
case "client_credentials":
// no additional params needed
default:
throw new Exception("No flow/grant_type found.");
}
$tokenResponse = json_decode($client->post($tokenEndpointUrl, [
'form_params' => $params
])->getBody(true));
Assert::keyExists($tokenResponse, 'access_token');
return $tokenResponse['access_token'];
}
}