1. class
  2. Google
  3. \
  4. Auth
  5. \
  6. OAuth2

OAuth2

class OAuth2 implements FetchAuthTokenInterface (View source)

OAuth2 supports authentication by OAuth2 2-legged flows.

It primary supports - service account authorization - authorization where a user already has an access token

Constants

DEFAULT_EXPIRY_SECONDS

DEFAULT_SKEW_SECONDS

JWT_URN

Properties

static array $knownSigningAlgorithms TODO: determine known methods from the keys of JWT::methods.
static array $knownGrantTypes The well known grant types.

Methods

__construct(array $config)

Create a new OAuthCredentials.

null|object
verifyIdToken(string|Key|Key[] $publicKey = null, string|array $allowed_algs = [])

Verifies the idToken if present.

string
toJwt(array $config = [])

Obtains the encoded jwt from the instance data.

RequestInterface
generateCredentialsRequest()

Generates a request for token credentials.

array
fetchAuthToken(callable $httpHandler = null)

Fetches the auth tokens based on the current state.

string
getCacheKey()

Obtains a key that can used to cache the results of #fetchAuthToken.

array
parseTokenResponse(ResponseInterface $resp)

Parses the fetched tokens.

void
updateToken(array $config)

Updates an OAuth 2.0 client.

UriInterface
buildFullAuthorizationUri(array $config = [])

Builds the authorization Uri that the user should be redirected to.

void
setAuthorizationUri(string $uri)

Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

?UriInterface
getAuthorizationUri()

Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

?UriInterface
getTokenCredentialUri()

Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

void
setTokenCredentialUri(string $uri)

Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

?string
getRedirectUri()

Gets the redirection URI used in the initial request.

void
setRedirectUri(?string $uri)

Sets the redirection URI used in the initial request.

?string
getScope()

Gets the scope of the access requests as a space-delimited String.

void
setScope(string|array|null $scope)

Sets the scope of the access request, expressed either as an Array or as a space-delimited String.

?string
getGrantType()

Gets the current grant type.

void
setGrantType(string $grantType)

Sets the current grant type.

string
getState()

Gets an arbitrary string designed to allow the client to maintain state.

void
setState(string $state)

Sets an arbitrary string designed to allow the client to maintain state.

string
getCode()

Gets the authorization code issued to this client.

void
setCode(string $code)

Sets the authorization code issued to this client.

string
getUsername()

Gets the resource owner's username.

void
setUsername(string $username)

Sets the resource owner's username.

string
getPassword()

Gets the resource owner's password.

void
setPassword(string $password)

Sets the resource owner's password.

string
getClientId()

Sets a unique identifier issued to the client to identify itself to the authorization server.

void
setClientId(string $clientId)

Sets a unique identifier issued to the client to identify itself to the authorization server.

string
getClientSecret()

Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

void
setClientSecret(string $clientSecret)

Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

?string
getIssuer()

Gets the Issuer ID when using assertion profile.

void
setIssuer(string $issuer)

Sets the Issuer ID when using assertion profile.

?string
getSub()

Gets the target sub when issuing assertions.

void
setSub(string $sub)

Sets the target sub when issuing assertions.

?string
getAudience()

Gets the target audience when issuing assertions.

void
setAudience(string $audience)

Sets the target audience when issuing assertions.

?string
getSigningKey()

Gets the signing key when using an assertion profile.

void
setSigningKey(string $signingKey)

Sets the signing key when using an assertion profile.

?string
getSigningKeyId()

Gets the signing key id when using an assertion profile.

void
setSigningKeyId(string $signingKeyId)

Sets the signing key id when using an assertion profile.

?string
getSigningAlgorithm()

Gets the signing algorithm when using an assertion profile.

void
setSigningAlgorithm(?string $signingAlgorithm)

Sets the signing algorithm when using an assertion profile.

array
getExtensionParams()

Gets the set of parameters used by extension when using an extension grant type.

void
setExtensionParams(array $extensionParams)

Sets the set of parameters used by extension when using an extension grant type.

int
getExpiry()

Gets the number of seconds assertions are valid for.

void
setExpiry(int $expiry)

Sets the number of seconds assertions are valid for.

int
getExpiresIn()

Gets the lifetime of the access token in seconds.

void
setExpiresIn(?int $expiresIn)

Sets the lifetime of the access token in seconds.

?int
getExpiresAt()

Gets the time the current access token expires at.

bool
isExpired()

Returns true if the acccess token has expired.

void
setExpiresAt(int $expiresAt)

Sets the time the current access token expires at.

?int
getIssuedAt()

Gets the time the current access token was issued at.

void
setIssuedAt(int $issuedAt)

Sets the time the current access token was issued at.

?string
getAccessToken()

Gets the current access token.

void
setAccessToken(string $accessToken)

Sets the current access token.

?string
getIdToken()

Gets the current ID token.

void
setIdToken(string $idToken)

Sets the current ID token.

?string
getRefreshToken()

Gets the refresh token associated with the current access token.

void
setRefreshToken(string $refreshToken)

Sets the refresh token associated with the current access token.

void
setAdditionalClaims(array $additionalClaims)

Sets additional claims to be included in the JWT token

array
getAdditionalClaims()

Gets the additional claims to be included in the JWT token.

null|array
getLastReceivedToken()

The expiration of the last received token.

string
getClientName(callable $httpHandler = null)

Get the client ID.

Details

at line 332
__construct(array $config)

Create a new OAuthCredentials.

The configuration array accepts various options

  • authorizationUri The authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

  • tokenCredentialUri The authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

  • clientId A unique identifier issued to the client to identify itself to the authorization server.

  • clientSecret A shared symmetric secret issued by the authorization server, which is used to authenticate the client.

  • scope The scope of the access request, expressed either as an Array or as a space-delimited String.

  • state An arbitrary string designed to allow the client to maintain state.

  • redirectUri The redirection URI used in the initial request.

  • username The resource owner's username.

  • password The resource owner's password.

  • issuer Issuer ID when using assertion profile

  • audience Target audience for assertions

  • expiry Number of seconds assertions are valid for

  • signingKey Signing key when using assertion profile

  • signingKeyId Signing key id when using assertion profile

  • refreshToken The refresh token associated with the access token to be refreshed.

  • accessToken The current access token for this client.

  • idToken The current ID token for this client.

  • extensionParams When using an extension grant type, this is the set of parameters used by that extension.

Parameters

array $config Configuration array

at line 401
null|object verifyIdToken(string|Key|Key[] $publicKey = null, string|array $allowed_algs = [])

Verifies the idToken if present.

  • if none is present, return null
  • if present, but invalid, raises DomainException.
  • otherwise returns the payload in the idtoken as a PHP object.

The behavior of this method varies depending on the version of firebase/php-jwt you are using. In versions 6.0 and above, you cannot provide multiple $allowed_algs, and instead must provide an array of Key objects as the $publicKey.

Parameters

string|Key|Key[] $publicKey The public key to use to authenticate the token
string|array $allowed_algs algorithm or array of supported verification algorithms. Providing more than one algorithm will throw an exception.

Return Value

null|object

Exceptions

DomainException if the token is missing an audience.
DomainException if the audience does not match the one set in the OAuth2 class instance.
UnexpectedValueException If the token is invalid
InvalidArgumentException If more than one value for allowed_algs is supplied
SignatureInvalidException If the signature is invalid.
BeforeValidException If the token is not yet valid.
ExpiredException If the token has expired.

at line 425
string toJwt(array $config = [])

Obtains the encoded jwt from the instance data.

Parameters

array $config array optional configuration parameters

Return Value

string

at line 479
RequestInterface generateCredentialsRequest()

Generates a request for token credentials.

Return Value

RequestInterface the authorization Url.

at line 538
array fetchAuthToken(callable $httpHandler = null)

Fetches the auth tokens based on the current state.

Parameters

callable $httpHandler callback which delivers psr7 request

Return Value

array a hash of auth tokens

at line 558
string getCacheKey()

Obtains a key that can used to cache the results of #fetchAuthToken.

The key is derived from the scopes.

Return Value

string a key that may be used to cache the auth token.

at line 579
array parseTokenResponse(ResponseInterface $resp)

Parses the fetched tokens.

Parameters

ResponseInterface $resp the response.

Return Value

array the tokens parsed from the response body.

Exceptions

Exception

at line 634
void updateToken(array $config)

Updates an OAuth 2.0 client.

Example:

$oauth->updateToken([
    'refresh_token' => 'n4E9O119d',
    'access_token' => 'FJQbwq9',
    'expires_in' => 3600
]);

Parameters

array $config The configuration parameters related to the token.

  • refresh_token The refresh token associated with the access token to be refreshed.

  • access_token The current access token for this client.

  • id_token The current ID token for this client.

  • expires_in The time in seconds until access token expiration.

  • expires_at The time as an integer number of seconds since the Epoch

  • issued_at The timestamp that the token was issued at.

Return Value

void

at line 670
UriInterface buildFullAuthorizationUri(array $config = [])

Builds the authorization Uri that the user should be redirected to.

Parameters

array $config configuration options that customize the return url

Return Value

UriInterface the authorization Url.

Exceptions

InvalidArgumentException

at line 726
void setAuthorizationUri(string $uri)

Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

Parameters

string $uri

Return Value

void

at line 737
?UriInterface getAuthorizationUri()

Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

Return Value

?UriInterface

at line 748
?UriInterface getTokenCredentialUri()

Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Return Value

?UriInterface

at line 760
void setTokenCredentialUri(string $uri)

Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Parameters

string $uri

Return Value

void

at line 770
?string getRedirectUri()

Gets the redirection URI used in the initial request.

Return Value

?string

at line 781
void setRedirectUri(?string $uri)

Sets the redirection URI used in the initial request.

Parameters

?string $uri

Return Value

void

at line 806
?string getScope()

Gets the scope of the access requests as a space-delimited String.

Return Value

?string

at line 823
void setScope(string|array|null $scope)

Sets the scope of the access request, expressed either as an Array or as a space-delimited String.

Parameters

string|array|null $scope

Return Value

void

Exceptions

InvalidArgumentException

at line 851
?string getGrantType()

Gets the current grant type.

Return Value

?string

at line 885
void setGrantType(string $grantType)

Sets the current grant type.

Parameters

string $grantType

Return Value

void

Exceptions

InvalidArgumentException

at line 905
string getState()

Gets an arbitrary string designed to allow the client to maintain state.

Return Value

string

at line 916
void setState(string $state)

Sets an arbitrary string designed to allow the client to maintain state.

Parameters

string $state

Return Value

void

at line 926
string getCode()

Gets the authorization code issued to this client.

Return Value

string

at line 937
void setCode(string $code)

Sets the authorization code issued to this client.

Parameters

string $code

Return Value

void

at line 947
string getUsername()

Gets the resource owner's username.

Return Value

string

at line 958
void setUsername(string $username)

Sets the resource owner's username.

Parameters

string $username

Return Value

void

at line 968
string getPassword()

Gets the resource owner's password.

Return Value

string

at line 979
void setPassword(string $password)

Sets the resource owner's password.

Parameters

string $password

Return Value

void

at line 990
string getClientId()

Sets a unique identifier issued to the client to identify itself to the authorization server.

Return Value

string

at line 1002
void setClientId(string $clientId)

Sets a unique identifier issued to the client to identify itself to the authorization server.

Parameters

string $clientId

Return Value

void

at line 1013
string getClientSecret()

Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

Return Value

string

at line 1025
void setClientSecret(string $clientSecret)

Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

Parameters

string $clientSecret

Return Value

void

at line 1035
?string getIssuer()

Gets the Issuer ID when using assertion profile.

Return Value

?string

at line 1046
void setIssuer(string $issuer)

Sets the Issuer ID when using assertion profile.

Parameters

string $issuer

Return Value

void

at line 1056
?string getSub()

Gets the target sub when issuing assertions.

Return Value

?string

at line 1067
void setSub(string $sub)

Sets the target sub when issuing assertions.

Parameters

string $sub

Return Value

void

at line 1077
?string getAudience()

Gets the target audience when issuing assertions.

Return Value

?string

at line 1088
void setAudience(string $audience)

Sets the target audience when issuing assertions.

Parameters

string $audience

Return Value

void

at line 1098
?string getSigningKey()

Gets the signing key when using an assertion profile.

Return Value

?string

at line 1109
void setSigningKey(string $signingKey)

Sets the signing key when using an assertion profile.

Parameters

string $signingKey

Return Value

void

at line 1119
?string getSigningKeyId()

Gets the signing key id when using an assertion profile.

Return Value

?string

at line 1130
void setSigningKeyId(string $signingKeyId)

Sets the signing key id when using an assertion profile.

Parameters

string $signingKeyId

Return Value

void

at line 1140
?string getSigningAlgorithm()

Gets the signing algorithm when using an assertion profile.

Return Value

?string

at line 1151
void setSigningAlgorithm(?string $signingAlgorithm)

Sets the signing algorithm when using an assertion profile.

Parameters

?string $signingAlgorithm

Return Value

void

at line 1168
array getExtensionParams()

Gets the set of parameters used by extension when using an extension grant type.

Return Value

array

at line 1180
void setExtensionParams(array $extensionParams)

Sets the set of parameters used by extension when using an extension grant type.

Parameters

array $extensionParams

Return Value

void

at line 1190
int getExpiry()

Gets the number of seconds assertions are valid for.

Return Value

int

at line 1201
void setExpiry(int $expiry)

Sets the number of seconds assertions are valid for.

Parameters

int $expiry

Return Value

void

at line 1211
int getExpiresIn()

Gets the lifetime of the access token in seconds.

Return Value

int

at line 1222
void setExpiresIn(?int $expiresIn)

Sets the lifetime of the access token in seconds.

Parameters

?int $expiresIn

Return Value

void

at line 1238
?int getExpiresAt()

Gets the time the current access token expires at.

Return Value

?int

at line 1256
bool isExpired()

Returns true if the acccess token has expired.

Return Value

bool

at line 1270
void setExpiresAt(int $expiresAt)

Sets the time the current access token expires at.

Parameters

int $expiresAt

Return Value

void

at line 1280
?int getIssuedAt()

Gets the time the current access token was issued at.

Return Value

?int

at line 1291
void setIssuedAt(int $issuedAt)

Sets the time the current access token was issued at.

Parameters

int $issuedAt

Return Value

void

at line 1301
?string getAccessToken()

Gets the current access token.

Return Value

?string

at line 1312
void setAccessToken(string $accessToken)

Sets the current access token.

Parameters

string $accessToken

Return Value

void

at line 1322
?string getIdToken()

Gets the current ID token.

Return Value

?string

at line 1333
void setIdToken(string $idToken)

Sets the current ID token.

Parameters

string $idToken

Return Value

void

at line 1343
?string getRefreshToken()

Gets the refresh token associated with the current access token.

Return Value

?string

at line 1354
void setRefreshToken(string $refreshToken)

Sets the refresh token associated with the current access token.

Parameters

string $refreshToken

Return Value

void

at line 1365
void setAdditionalClaims(array $additionalClaims)

Sets additional claims to be included in the JWT token

Parameters

array $additionalClaims

Return Value

void

at line 1375
array getAdditionalClaims()

Gets the additional claims to be included in the JWT token.

Return Value

array

at line 1385
null|array getLastReceivedToken()

The expiration of the last received token.

Return Value

null|array { The last received access token.

@type string $access_token The access token string.
@type int $expires_at The time the token expires as a UNIX timestamp.

}

at line 1424
string getClientName(callable $httpHandler = null)

Get the client ID.

Alias of {see Google\Auth\OAuth2::getClientId()}.

Parameters

callable $httpHandler

Return Value

string