Skip to content
Browse files

Add support for for implicit grant flow.

  • Loading branch information...
1 parent a5c6af0 commit 1744b68bfa83aaa290d0129ef7a3b08ec6a3f034 @andreassolberg committed Mar 23, 2012
Showing with 93 additions and 38 deletions.
  1. +9 −2 README.md
  2. +61 −34 lib/soauth.php
  3. 0 www/client/callback.php
  4. 0 www/client/client.php
  5. +22 −1 www/server/protected.php
  6. +1 −1 www/server/server.php
View
11 README.md
@@ -35,6 +35,11 @@ Example object:
}
+ db.clients.insert({"client_id": "andreas", "redirect_uri": "http://localhost/~andreas/jso/demo/"});
+
+
+
+
### Providers (used by the OAuth Consumer)
@@ -62,7 +67,6 @@ Here is another example, adding Facebook to your provider list:
-
### Other storage collections
* **codes** includes authorization codes temporarily. Used by the OAuth Provider.
@@ -78,4 +82,7 @@ To reset all templrary storage:
Source and download available here:
- https://github.com/andreassolberg/solberg-oauth
+ https://github.com/andreassolberg/solberg-oauth
+
+
+
View
95 lib/soauth.php
@@ -5,7 +5,6 @@
* Read more here: https://github.com/andreassolberg/solberg-oauth
*/
-
assert_options(ASSERT_ACTIVE, 1);
assert_options(ASSERT_WARNING, 1);
assert_options(ASSERT_QUIET_EVAL, 0);
@@ -15,6 +14,9 @@
*/
class So_log {
protected static $db;
+
+ // Logged error messages beyond this level, will not
+ // be logged
protected static $logLevel = 4;
protected static $stacktrace = true;
@@ -36,11 +38,11 @@ private static function log($level, $message, $obj = array()) {
$obj['_message'] = $message;
$obj['_level'] = $level;
- $obj['_time'] = time();
+ $obj['_time'] = floor(microtime(true)*1000);
if (self::$stacktrace) {
$debug = debug_backtrace();
$obj['_location'] = $debug[2]['function'] . ' (line ' . $debug[2]['line'] . ')';
- // $obj['_stacktrace'] = $debug;
+ // $obj['_stacktrace'] = $debug; Generates a lot of data...
}
self::$db->log->insert($obj);
@@ -129,10 +131,12 @@ public function setAuthorization(So_Authorization $auth) {
$this->db->authorization->insert($auth->getObj());
}
}
+
+
- public function putAccessToken($provider_id, $userid, So_AccessToken $accesstoken) {
+ public function putAccessToken($id, $userid, So_AccessToken $accesstoken) {
$obj = $accesstoken->getObj();
- $obj['provider_id'] = $provider_id;
+ $obj['id'] = $id;
$obj['userid'] = $userid;
$this->db->tokens->insert($obj);
@@ -146,8 +150,8 @@ public function putAccessToken($provider_id, $userid, So_AccessToken $accesstoke
/*
* Returns null or an array of So_AccessToken objects.
*/
- public function getTokens($provider_id, $userid) {
- $result = $this->extractList('tokens', array('provider_id' => $provider_id, 'userid' => $userid));
+ public function getTokens($id, $userid) {
+ $result = $this->extractList('tokens', array('id' => $id, 'userid' => $userid));
if ($result === null) return null;
$objs = array();
@@ -268,6 +272,8 @@ function getHTTP($provider_id, $user_id, $url, array $requestScope = null, array
// $url .= '?access_token=' . $token->access_token ;
+ error_log("Getting data from url: " . $url);
+ error_log(" Using header: " . $token->getAuthorizationHeader());
$result = file_get_contents($url, false, $context);
return $result;
}
@@ -464,31 +470,42 @@ private function authorization($userid) {
$this->store->setAuthorization($authorization);
}
if (!$authorization->includeScopes($request->scope)) {
- error_log('Authz: Missing scopes from what is requied. OBtain additional scopes');
+ error_log('Authz: Missing scopes from what is requied. Obtain additional scopes');
// Missing scopes from what is requied. OBtain additional scopes...
$authorization->scope = $request->scope;
$this->store->setAuthorization($authorization);
}
- $authcode = So_AuthorizationCode::generate($request->client_id, $userid);
- $this->store->putCode($authcode);
-
- $response = $request->getResponse(array('code' => $authcode->code));
- $response->sendRedirect($url);
-
-
- // echo '<h1>Request</h1><pre>';
- // print_r($request);
- // echo '</pre>';
- //
- // echo '<h1>Client</h1><pre>';
- // print_r($clientconfig);
- // echo '</pre>';
- //
- // echo '<h1>URL</h1><pre>';
- // print_r($url);
- // echo '</pre>';
-
+
+ // Handle the various response types. code or token
+ if ($request->response_type === 'token') {
+
+
+ $accesstoken = So_AccessToken::generate($clientconfig['client_id'], $userid, null, false);
+ $this->store->putAccessToken($request->client_id, $userid, $accesstoken);
+ error_log('Ive generated a token: ' . var_export($accesstoken->getToken(), true));
+ $tokenresponse = new So_TokenResponse($accesstoken->getToken());
+ if ($request->state) {
+ $tokenresponse->state = $request->state;
+ }
+
+ $tokenresponse->sendRedirect($url, true);
+ return;
+
+
+ } else if ($request->response_type === 'code') {
+
+ $authcode = So_AuthorizationCode::generate($request->client_id, $userid);
+ $this->store->putCode($authcode);
+
+ $response = $request->getResponse(array('code' => $authcode->code));
+ $response->sendRedirect($url);
+ return;
+
+ } else {
+ throw new Exception('Unsupported response_type in request. Only supported code and token.');
+ }
+
}
private function token() {
@@ -504,6 +521,7 @@ private function token() {
$tokenrequest->checkCredentials($clientconfig['client_id'], $clientconfig['client_secret']);
$code = $this->store->getCode($clientconfig['client_id'], $tokenrequest->code);
$accesstoken = So_AccessToken::generate($clientconfig['client_id'], $code->userid);
+ $this->store->putAccessToken($clientconfig['client_id'], $code->userid, $accesstoken);
error_log('Ive generated a token: ' . var_export($accesstoken->getToken(), true));
$tokenresponse = new So_TokenResponse($accesstoken->getToken());
@@ -631,14 +649,17 @@ class So_AccessToken {
function __construct() {
}
- static function generate($client_id, $userid, $scope = null) {
+ static function generate($client_id, $userid, $scope = null, $refreshtoken = true) {
$n = new So_AccessToken();
$n->userid = $userid;
$n->client_id = $client_id;
$n->issued = time();
$n->validuntil = time() + 600;
$n->access_token = So_Utils::gen_uuid();
- $n->refresh_token = So_Utils::gen_uuid();
+ if ($refreshtoken) {
+ $n->refresh_token = So_Utils::gen_uuid();
+ }
+
$n->token_type = 'bearer';
if ($scope) {
@@ -756,8 +777,13 @@ function asQS() {
return join('&', $qs);
}
- public function sendRedirect($endpoint) {
- $redirurl = $endpoint . '?' . $this->asQS();
+ public function sendRedirect($endpoint, $hash = false) {
+ if ($hash) {
+ $redirurl = $endpoint . '#' . $this->asQS();
+ } else {
+ $redirurl = $endpoint . '?' . $this->asQS();
+ }
+
header('Location: ' . $redirurl);
exit;
}
@@ -857,8 +883,8 @@ public function post($endpoint) {
array(
'method' => 'POST',
'header' => "Content-type: application/x-www-form-urlencoded\r\n" .
- '',
-// $this->getAuthorizationHeader() . "\r\n",
+ '',
+// $this->getAuthorizationHeader() . "\r\n",
'content' => $postdata
)
);
@@ -947,7 +973,7 @@ function __construct($message) {
}
class So_TokenResponse extends So_Response {
- public $access_token, $token_type, $expires_in, $refresh_token, $scope;
+ public $access_token, $token_type, $expires_in, $refresh_token, $scope, $state;
function __construct($message) {
// Hack to add support for Facebook. Token type is missing.
@@ -959,6 +985,7 @@ function __construct($message) {
$this->expires_in = So_Utils::optional($message, 'expires_in');
$this->refresh_token = So_Utils::optional($message, 'refresh_token');
$this->scope = So_Utils::optional($message, 'scope');
+ $this->state = So_Utils::optional($message, 'state');
}
}
View
0 www/client/callback.php 100644 → 100755
File mode changed.
View
0 www/client/client.php 100644 → 100755
File mode changed.
View
23 www/server/protected.php
@@ -5,6 +5,25 @@
* Read more here: https://github.com/andreassolberg/solberg-oauth
*/
+
+// Specify domains from which requests are allowed
+header('Access-Control-Allow-Origin: *');
+
+// Specify which request methods are allowed
+header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
+
+// Additional headers which may be sent along with the CORS request
+// The X-Requested-With header allows jQuery requests to go through
+header('Access-Control-Allow-Headers: X-Requested-With, Authorization');
+
+// Set the age to 1 day to improve speed/caching.
+header('Access-Control-Max-Age: 86400');
+
+// Exit early so the page isn't fully loaded for options requests
+if (strtolower($_SERVER['REQUEST_METHOD']) == 'options') {
+ exit();
+}
+
// Load the OAuth library
require_once('../../lib/soauth.php');
@@ -17,7 +36,9 @@
$server = new So_Server();
$token = $server->checkToken();
- if ($token->userid !== 'andreas') throw new Exception('Youre not authorized to access this information.');
+// print_r($token);
+
+ if ($token->userid !== 'test') throw new Exception('Youre not authorized to access this information.');
header('Content-Type: application/json');
echo json_encode(array('poot' => '1', 'userid' => $token->userid));
View
2 www/server/server.php
@@ -12,7 +12,7 @@
// Loading SimpleSAMLphp for doing authentication at the OAuth provider.
// Read more about SimpleSAMLphp here: http://simplesamlphp.org/
-require_once('../../../../../simplesamlphp-idp/lib/_autoload.php');
+require_once('../../../../simplesamlphp-idp/lib/_autoload.php');

0 comments on commit 1744b68

Please sign in to comment.
Something went wrong with that request. Please try again.