OAuth2
class OAuth2 implements FetchAuthTokenInterface (View source)
OAuth2 supports authentication by OAuth2 2-legged flows.
It primary supports - service account authorization - authorization where a user already has an access token
Constants
DEFAULT_EXPIRY_SECONDS |
|
DEFAULT_SKEW_SECONDS |
|
JWT_URN |
|
Properties
static | $knownSigningAlgorithms | TODO: determine known methods from the keys of JWT::methods. | |
static array | $knownGrantTypes | The well known grant types. |
Methods
Create a new OAuthCredentials.
Verifies the idToken if present.
Obtains the encoded jwt from the instance data.
Generates a request for token credentials.
Fetches the auth tokens based on the current state.
Obtains a key that can used to cache the results of #fetchAuthToken.
Parses the fetched tokens.
Updates an OAuth 2.0 client.
Builds the authorization Uri that the user should be redirected to.
Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
Gets the redirection URI used in the initial request.
Sets the redirection URI used in the initial request.
Gets the scope of the access requests as a space-delimited String.
Sets the scope of the access request, expressed either as an Array or as a space-delimited String.
Gets the current grant type.
Sets the current grant type.
Gets an arbitrary string designed to allow the client to maintain state.
Sets an arbitrary string designed to allow the client to maintain state.
Gets the authorization code issued to this client.
Sets the authorization code issued to this client.
Gets the resource owner's username.
Sets the resource owner's username.
Gets the resource owner's password.
Sets the resource owner's password.
Sets a unique identifier issued to the client to identify itself to the authorization server.
Sets a unique identifier issued to the client to identify itself to the authorization server.
Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
Gets the Issuer ID when using assertion profile.
Sets the Issuer ID when using assertion profile.
Gets the target sub when issuing assertions.
Sets the target sub when issuing assertions.
Gets the target audience when issuing assertions.
Sets the target audience when issuing assertions.
Gets the signing key when using an assertion profile.
Sets the signing key when using an assertion profile.
Gets the signing key id when using an assertion profile.
Sets the signing key id when using an assertion profile.
Gets the signing algorithm when using an assertion profile.
Sets the signing algorithm when using an assertion profile.
Gets the set of parameters used by extension when using an extension grant type.
Sets the set of parameters used by extension when using an extension grant type.
Gets the number of seconds assertions are valid for.
Sets the number of seconds assertions are valid for.
Gets the lifetime of the access token in seconds.
Sets the lifetime of the access token in seconds.
Gets the time the current access token expires at.
Returns true if the acccess token has expired.
Sets the time the current access token expires at.
Gets the time the current access token was issued at.
Sets the time the current access token was issued at.
Gets the current access token.
Sets the current access token.
Gets the current ID token.
Sets the current ID token.
Gets the refresh token associated with the current access token.
Sets the refresh token associated with the current access token.
Sets additional claims to be included in the JWT token
Gets the additional claims to be included in the JWT token.
The expiration of the last received token.
Get the client ID.
Details
at line 323
__construct(array $config)
Create a new OAuthCredentials.
The configuration array accepts various options
authorizationUri The authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
tokenCredentialUri The authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
clientId A unique identifier issued to the client to identify itself to the authorization server.
clientSecret A shared symmetric secret issued by the authorization server, which is used to authenticate the client.
scope The scope of the access request, expressed either as an Array or as a space-delimited String.
state An arbitrary string designed to allow the client to maintain state.
redirectUri The redirection URI used in the initial request.
username The resource owner's username.
password The resource owner's password.
issuer Issuer ID when using assertion profile
audience Target audience for assertions
expiry Number of seconds assertions are valid for
signingKey Signing key when using assertion profile
signingKeyId Signing key id when using assertion profile
refreshToken The refresh token associated with the access token to be refreshed.
accessToken The current access token for this client.
idToken The current ID token for this client.
extensionParams When using an extension grant type, this is the set of parameters used by that extension.
at line 391
null|object
verifyIdToken(string $publicKey = null, array $allowed_algs = array())
Verifies the idToken if present.
- if none is present, return null
- if present, but invalid, raises DomainException.
- otherwise returns the payload in the idtoken as a PHP object.
The behavior of this method varies depending on the version of
firebase/php-jwt
you are using. In versions lower than 3.0.0, if
$publicKey
is null, the key is decoded without being verified. In
newer versions, if a public key is not given, this method will throw an
\InvalidArgumentException
.
at line 415
string
toJwt(array $config = [])
Obtains the encoded jwt from the instance data.
at line 461
RequestInterface
generateCredentialsRequest()
Generates a request for token credentials.
at line 520
array
fetchAuthToken(callable $httpHandler = null)
Fetches the auth tokens based on the current state.
at line 540
string
getCacheKey()
Obtains a key that can used to cache the results of #fetchAuthToken.
The key is derived from the scopes.
at line 561
array
parseTokenResponse(ResponseInterface $resp)
Parses the fetched tokens.
at line 615
updateToken(array $config)
Updates an OAuth 2.0 client.
Example:
$oauth->updateToken([
'refresh_token' => 'n4E9O119d',
'access_token' => 'FJQbwq9',
'expires_in' => 3600
]);
at line 651
UriInterface
buildFullAuthorizationUri(array $config = [])
Builds the authorization Uri that the user should be redirected to.
at line 706
setAuthorizationUri(string $uri)
Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
at line 717
UriInterface
getAuthorizationUri()
Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
at line 728
string
getTokenCredentialUri()
Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
at line 739
setTokenCredentialUri(string $uri)
Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
at line 749
string
getRedirectUri()
Gets the redirection URI used in the initial request.
at line 759
setRedirectUri(string $uri)
Sets the redirection URI used in the initial request.
at line 784
string
getScope()
Gets the scope of the access requests as a space-delimited String.
at line 800
setScope(string|array $scope)
Sets the scope of the access request, expressed either as an Array or as a space-delimited String.
at line 828
string
getGrantType()
Gets the current grant type.
at line 861
setGrantType($grantType)
Sets the current grant type.
at line 881
string
getState()
Gets an arbitrary string designed to allow the client to maintain state.
at line 891
setState(string $state)
Sets an arbitrary string designed to allow the client to maintain state.
at line 899
getCode()
Gets the authorization code issued to this client.
at line 909
setCode(string $code)
Sets the authorization code issued to this client.
at line 917
getUsername()
Gets the resource owner's username.
at line 927
setUsername(string $username)
Sets the resource owner's username.
at line 935
getPassword()
Gets the resource owner's password.
at line 945
setPassword($password)
Sets the resource owner's password.
at line 954
getClientId()
Sets a unique identifier issued to the client to identify itself to the authorization server.
at line 965
setClientId($clientId)
Sets a unique identifier issued to the client to identify itself to the authorization server.
at line 974
getClientSecret()
Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
at line 985
setClientSecret($clientSecret)
Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
at line 993
getIssuer()
Gets the Issuer ID when using assertion profile.
at line 1003
setIssuer(string $issuer)
Sets the Issuer ID when using assertion profile.
at line 1011
getSub()
Gets the target sub when issuing assertions.
at line 1021
setSub(string $sub)
Sets the target sub when issuing assertions.
at line 1029
getAudience()
Gets the target audience when issuing assertions.
at line 1039
setAudience(string $audience)
Sets the target audience when issuing assertions.
at line 1047
getSigningKey()
Gets the signing key when using an assertion profile.
at line 1057
setSigningKey(string $signingKey)
Sets the signing key when using an assertion profile.
at line 1067
string
getSigningKeyId()
Gets the signing key id when using an assertion profile.
at line 1077
setSigningKeyId(string $signingKeyId)
Sets the signing key id when using an assertion profile.
at line 1087
string
getSigningAlgorithm()
Gets the signing algorithm when using an assertion profile.
at line 1097
setSigningAlgorithm(string $signingAlgorithm)
Sets the signing algorithm when using an assertion profile.
at line 1112
getExtensionParams()
Gets the set of parameters used by extension when using an extension grant type.
at line 1123
setExtensionParams($extensionParams)
Sets the set of parameters used by extension when using an extension grant type.
at line 1131
getExpiry()
Gets the number of seconds assertions are valid for.
at line 1141
setExpiry(int $expiry)
Sets the number of seconds assertions are valid for.
at line 1149
getExpiresIn()
Gets the lifetime of the access token in seconds.
at line 1159
setExpiresIn(int $expiresIn)
Sets the lifetime of the access token in seconds.
at line 1175
int
getExpiresAt()
Gets the time the current access token expires at.
at line 1193
bool
isExpired()
Returns true if the acccess token has expired.
at line 1206
setExpiresAt(int $expiresAt)
Sets the time the current access token expires at.
at line 1214
getIssuedAt()
Gets the time the current access token was issued at.
at line 1224
setIssuedAt(int $issuedAt)
Sets the time the current access token was issued at.
at line 1232
getAccessToken()
Gets the current access token.
at line 1242
setAccessToken(string $accessToken)
Sets the current access token.
at line 1250
getIdToken()
Gets the current ID token.
at line 1260
setIdToken($idToken)
Sets the current ID token.
at line 1268
getRefreshToken()
Gets the refresh token associated with the current access token.
at line 1278
setRefreshToken($refreshToken)
Sets the refresh token associated with the current access token.
at line 1288
setAdditionalClaims(array $additionalClaims)
Sets additional claims to be included in the JWT token
at line 1298
array
getAdditionalClaims()
Gets the additional claims to be included in the JWT token.
at line 1308
null|array
getLastReceivedToken()
The expiration of the last received token.
at line 1329
string
getClientName(callable $httpHandler = null)
Get the client ID.
Alias of {see Google\Auth\OAuth2::getClientId()}.