1. class
  2. Google
  3. \
  4. Auth
  5. \
  6. OAuth2

OAuth2

class OAuth2 implements FetchAuthTokenInterface (View source)

OAuth2 supports authentication by OAuth2 2-legged flows.

It primary supports

  • service account authorization
  • authorization where a user already has an access token

Constants

DEFAULT_EXPIRY_SECONDS

DEFAULT_SKEW_SECONDS

JWT_URN

Properties

static $knownSigningAlgorithms

TODO: determine known methods from the keys of JWT::methods.
static array $knownGrantTypes

The well known grant types.

Methods

__construct(array $config)

Create a new OAuthCredentials.

null|object
verifyIdToken(string $publicKey = null, array $allowed_algs = array())

Verifies the idToken if present.

string
toJwt(array $config = [])

Obtains the encoded jwt from the instance data.

RequestInterface
generateCredentialsRequest()

Generates a request for token credentials.

array
fetchAuthToken(callable $httpHandler = null)

Fetches the auth tokens based on the current state.

string
getCacheKey()

Obtains a key that can used to cache the results of #fetchAuthToken.

array
parseTokenResponse(ResponseInterface $resp)

Parses the fetched tokens.

updateToken(array $config)

Updates an OAuth 2.0 client.

UriInterface
buildFullAuthorizationUri(array $config = [])

Builds the authorization Uri that the user should be redirected to.

setAuthorizationUri(string $uri)

Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

UriInterface
getAuthorizationUri()

Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

string
getTokenCredentialUri()

Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

setTokenCredentialUri(string $uri)

Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

string
getRedirectUri()

Gets the redirection URI used in the initial request.

setRedirectUri(string $uri)

Sets the redirection URI used in the initial request.

string
getScope()

Gets the scope of the access requests as a space-delimited String.

setScope(string|array $scope)

Sets the scope of the access request, expressed either as an Array or as a space-delimited String.

string
getGrantType()

Gets the current grant type.

setGrantType($grantType)

Sets the current grant type.

string
getState()

Gets an arbitrary string designed to allow the client to maintain state.

setState(string $state)

Sets an arbitrary string designed to allow the client to maintain state.

getCode()

Gets the authorization code issued to this client.

setCode(string $code)

Sets the authorization code issued to this client.

getUsername()

Gets the resource owner's username.

setUsername(string $username)

Sets the resource owner's username.

getPassword()

Gets the resource owner's password.

setPassword($password)

Sets the resource owner's password.

getClientId()

Sets a unique identifier issued to the client to identify itself to the authorization server.

setClientId($clientId)

Sets a unique identifier issued to the client to identify itself to the authorization server.

getClientSecret()

Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

setClientSecret($clientSecret)

Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

getIssuer()

Gets the Issuer ID when using assertion profile.

setIssuer(string $issuer)

Sets the Issuer ID when using assertion profile.

getSub()

Gets the target sub when issuing assertions.

setSub(string $sub)

Sets the target sub when issuing assertions.

getAudience()

Gets the target audience when issuing assertions.

setAudience(string $audience)

Sets the target audience when issuing assertions.

getSigningKey()

Gets the signing key when using an assertion profile.

setSigningKey(string $signingKey)

Sets the signing key when using an assertion profile.

string
getSigningAlgorithm()

Gets the signing algorithm when using an assertion profile.

setSigningAlgorithm(string $signingAlgorithm)

Sets the signing algorithm when using an assertion profile.

getExtensionParams()

Gets the set of parameters used by extension when using an extension grant type.

setExtensionParams($extensionParams)

Sets the set of parameters used by extension when using an extension grant type.

getExpiry()

Gets the number of seconds assertions are valid for.

setExpiry(int $expiry)

Sets the number of seconds assertions are valid for.

getExpiresIn()

Gets the lifetime of the access token in seconds.

setExpiresIn(int $expiresIn)

Sets the lifetime of the access token in seconds.

int
getExpiresAt()

Gets the time the current access token expires at.

bool
isExpired()

Returns true if the acccess token has expired.

setExpiresAt(int $expiresAt)

Sets the time the current access token expires at.

getIssuedAt()

Gets the time the current access token was issued at.

setIssuedAt(int $issuedAt)

Sets the time the current access token was issued at.

getAccessToken()

Gets the current access token.

setAccessToken(string $accessToken)

Sets the current access token.

getIdToken()

Gets the current ID token.

setIdToken($idToken)

Sets the current ID token.

getRefreshToken()

Gets the refresh token associated with the current access token.

setRefreshToken($refreshToken)

Sets the refresh token associated with the current access token.

setAdditionalClaims(array $additionalClaims)

Sets additional claims to be included in the JWT token

array
getAdditionalClaims()

Gets the additional claims to be included in the JWT token.

null|array
getLastReceivedToken()

The expiration of the last received token.

Details

at line 312
__construct(array $config)

Create a new OAuthCredentials.

The configuration array accepts various options

  • authorizationUri The authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

  • tokenCredentialUri The authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

  • clientId A unique identifier issued to the client to identify itself to the authorization server.

  • clientSecret A shared symmetric secret issued by the authorization server, which is used to authenticate the client.

  • scope The scope of the access request, expressed either as an Array or as a space-delimited String.

  • state An arbitrary string designed to allow the client to maintain state.

  • redirectUri The redirection URI used in the initial request.

  • username The resource owner's username.

  • password The resource owner's password.

  • issuer Issuer ID when using assertion profile

  • audience Target audience for assertions

  • expiry Number of seconds assertions are valid for

  • signingKey Signing key when using assertion profile

  • refreshToken The refresh token associated with the access token to be refreshed.

  • accessToken The current access token for this client.

  • idToken The current ID token for this client.

  • extensionParams When using an extension grant type, this is the set of parameters used by that extension.

Parameters

array $config

Configuration array

at line 368
null|object verifyIdToken(string $publicKey = null, array $allowed_algs = array())

Verifies the idToken if present.

  • if none is present, return null
  • if present, but invalid, raises DomainException.
  • otherwise returns the payload in the idtoken as a PHP object.

if $publicKey is null, the key is decoded without being verified.

Parameters

string $publicKey

The public key to use to authenticate the token
array $allowed_algs

List of supported verification algorithms

Return Value

null|object

at line 393
string toJwt(array $config = [])

Obtains the encoded jwt from the instance data.

Parameters

array $config

array optional configuration parameters

Return Value

string

at line 435
RequestInterface generateCredentialsRequest()

Generates a request for token credentials.

Return Value

RequestInterface

the authorization Url.

at line 495
array fetchAuthToken(callable $httpHandler = null)

Fetches the auth tokens based on the current state.

Parameters

callable $httpHandler

callback which delivers psr7 request

Return Value

array

a hash of auth tokens

at line 515
string getCacheKey()

Obtains a key that can used to cache the results of #fetchAuthToken.

The key is derived from the scopes.

Return Value

string

a key that may be used to cache the auth token.

at line 538
array parseTokenResponse(ResponseInterface $resp)

Parses the fetched tokens.

Parameters

ResponseInterface $resp

the response.

Return Value

array

the tokens parsed from the response body.

Exceptions

Exception

at line 590
updateToken(array $config)

Updates an OAuth 2.0 client.

Parameters

array $config

The configuration parameters related to the token.

  • refresh_token The refresh token associated with the access token to be refreshed.

  • access_token The current access token for this client.

  • id_token The current ID token for this client.

  • expires_in The time in seconds until access token expiration.

  • expires_at The time as an integer number of seconds since the Epoch

  • issued_at The timestamp that the token was issued at.

Examples

client.updateToken([
  'refresh_token' => 'n4E9O119d',
  'access_token' => 'FJQbwq9',
  'expires_in' => 3600
])

at line 628
UriInterface buildFullAuthorizationUri(array $config = [])

Builds the authorization Uri that the user should be redirected to.

Parameters

array $config

configuration options that customize the return url

Return Value

UriInterface

the authorization Url.

Exceptions

InvalidArgumentException

at line 679
setAuthorizationUri(string $uri)

Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

Parameters

string $uri

at line 690
UriInterface getAuthorizationUri()

Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.

Return Value

UriInterface

at line 701
string getTokenCredentialUri()

Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Return Value

string

at line 712
setTokenCredentialUri(string $uri)

Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.

Parameters

string $uri

at line 722
string getRedirectUri()

Gets the redirection URI used in the initial request.

Return Value

string

at line 732
setRedirectUri(string $uri)

Sets the redirection URI used in the initial request.

Parameters

string $uri

at line 756
string getScope()

Gets the scope of the access requests as a space-delimited String.

Return Value

string

at line 773
setScope(string|array $scope)

Sets the scope of the access request, expressed either as an Array or as a space-delimited String.

Parameters

string|array $scope

Exceptions

InvalidArgumentException

at line 799
string getGrantType()

Gets the current grant type.

Return Value

string

at line 833
setGrantType($grantType)

Sets the current grant type.

Parameters

$grantType

Exceptions

InvalidArgumentException

at line 852
string getState()

Gets an arbitrary string designed to allow the client to maintain state.

Return Value

string

at line 862
setState(string $state)

Sets an arbitrary string designed to allow the client to maintain state.

Parameters

string $state

at line 870
getCode()

Gets the authorization code issued to this client.

at line 880
setCode(string $code)

Sets the authorization code issued to this client.

Parameters

string $code

at line 888
getUsername()

Gets the resource owner's username.

at line 898
setUsername(string $username)

Sets the resource owner's username.

Parameters

string $username

at line 906
getPassword()

Gets the resource owner's password.

at line 916
setPassword($password)

Sets the resource owner's password.

Parameters

$password

at line 925
getClientId()

Sets a unique identifier issued to the client to identify itself to the authorization server.

at line 936
setClientId($clientId)

Sets a unique identifier issued to the client to identify itself to the authorization server.

Parameters

$clientId

at line 945
getClientSecret()

Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

at line 956
setClientSecret($clientSecret)

Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.

Parameters

$clientSecret

at line 964
getIssuer()

Gets the Issuer ID when using assertion profile.

at line 974
setIssuer(string $issuer)

Sets the Issuer ID when using assertion profile.

Parameters

string $issuer

at line 982
getSub()

Gets the target sub when issuing assertions.

at line 992
setSub(string $sub)

Sets the target sub when issuing assertions.

Parameters

string $sub

at line 1000
getAudience()

Gets the target audience when issuing assertions.

at line 1010
setAudience(string $audience)

Sets the target audience when issuing assertions.

Parameters

string $audience

at line 1018
getSigningKey()

Gets the signing key when using an assertion profile.

at line 1028
setSigningKey(string $signingKey)

Sets the signing key when using an assertion profile.

Parameters

string $signingKey

at line 1038
string getSigningAlgorithm()

Gets the signing algorithm when using an assertion profile.

Return Value

string

at line 1048
setSigningAlgorithm(string $signingAlgorithm)

Sets the signing algorithm when using an assertion profile.

Parameters

string $signingAlgorithm

at line 1063
getExtensionParams()

Gets the set of parameters used by extension when using an extension grant type.

at line 1074
setExtensionParams($extensionParams)

Sets the set of parameters used by extension when using an extension grant type.

Parameters

$extensionParams

at line 1082
getExpiry()

Gets the number of seconds assertions are valid for.

at line 1092
setExpiry(int $expiry)

Sets the number of seconds assertions are valid for.

Parameters

int $expiry

at line 1100
getExpiresIn()

Gets the lifetime of the access token in seconds.

at line 1110
setExpiresIn(int $expiresIn)

Sets the lifetime of the access token in seconds.

Parameters

int $expiresIn

at line 1126
int getExpiresAt()

Gets the time the current access token expires at.

Return Value

int

at line 1144
bool isExpired()

Returns true if the acccess token has expired.

Return Value

bool

at line 1157
setExpiresAt(int $expiresAt)

Sets the time the current access token expires at.

Parameters

int $expiresAt

at line 1165
getIssuedAt()

Gets the time the current access token was issued at.

at line 1175
setIssuedAt(int $issuedAt)

Sets the time the current access token was issued at.

Parameters

int $issuedAt

at line 1183
getAccessToken()

Gets the current access token.

at line 1193
setAccessToken(string $accessToken)

Sets the current access token.

Parameters

string $accessToken

at line 1201
getIdToken()

Gets the current ID token.

at line 1211
setIdToken($idToken)

Sets the current ID token.

Parameters

$idToken

at line 1219
getRefreshToken()

Gets the refresh token associated with the current access token.

at line 1229
setRefreshToken($refreshToken)

Sets the refresh token associated with the current access token.

Parameters

$refreshToken

at line 1239
setAdditionalClaims(array $additionalClaims)

Sets additional claims to be included in the JWT token

Parameters

array $additionalClaims

at line 1249
array getAdditionalClaims()

Gets the additional claims to be included in the JWT token.

Return Value

array

at line 1259
null|array getLastReceivedToken()

The expiration of the last received token.

Return Value

null|array

{ The last received access token.