Permalink
Browse files

resolving pull request #77

  • Loading branch information...
bshaffer committed Mar 22, 2013
2 parents 1b3f50a + bad8896 commit 46c6da5588c2d88bb88729f065a6c9ed9eda7c3f
View
@@ -45,7 +45,7 @@ to the constructor of `OAuth2_Storage_Pdo`:
$storage = new OAuth2_Storage_Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));
$server = new OAuth2_Server($storage);
$server->addGrantType(new OAuth2_GrantType_UserCredentials($storage)); // or some other grant type. This is the simplest
-$server->handleGrantRequest(OAuth2_Request::createFromGlobals())->send();
+$server->handleTokenRequest(OAuth2_Request::createFromGlobals())->send();
```
Let's break this down line by line. The first line is how the OAuth2 data is stored.
@@ -71,7 +71,7 @@ Call the `grantAccessToken` method to validate the request for the user credenti
if successful. Access the server's response object to send the successful response back, or the error response if applicable:
```php
-$server->handleGrantRequest(OAuth2_Request::createFromGlobals())->send();
+$server->handleTokenRequest(OAuth2_Request::createFromGlobals())->send();
```
This creates the `OAuth2_Request` object from PHP global variables (most common, you can override this if need be) and sends it to the server
@@ -90,11 +90,11 @@ Server Methods
>
> ~ OAuth2 ([draft #31](http://tools.ietf.org/html/rfc6749#section-1))
-Most OAuth2 APIs will have endpoints for `Authorize Requests`, `Grant Requests`, and `Access Requests`:
+Most OAuth2 APIs will have endpoints for `Authorize Requests`, `Token Requests`, and `Resource Requests`:
* **Authorize Requests** - An endpoint requiring the user to authenticate, which redirects back to the client with an `authorization code`
- * **Grant Requests** - An endpoint which the client uses to exchange the `authorization code` for an `access token`
- * **Access Requests** - Any API method requiring oauth2 authentication. The server will validate the incomming request, and then allow
+ * **Token Requests** - An endpoint which the client uses to exchange the `authorization code` for an `access token`
+ * **Resource Requests** - Any API method requiring oauth2 authentication. The server will validate the incomming request, and then allow
the application to serve back the protected resource
For these tyes of requests, this library provides the following methods:
@@ -109,25 +109,25 @@ For these tyes of requests, this library provides the following methods:
is valid, returns an array of retrieved client details together with input.
Applications should call this before displaying a login or authorization form to the user
-**Grant Requests**
+**Token Requests**
`grantAccessToken`
- * Receives a request object for a grant request, returns a token if the request is valid.
+ * Receives a request object for a token request, returns a token if the request is valid.
-`handleGrantRequest`
+`handleTokenRequest`
- * Receives a request object for a grant request, returns a response object for the appropriate response.
+ * Receives a request object for a token request, returns a response object for the appropriate response.
`getClientCredentials`
* parses the client credentials from the request and determines if they are valid
-**Access Requests**
+**Resource Requests**
-`verifyAccessRequest`
+`verifyResourceRequest`
- * Receives a request object for an access request, finds the token if it exists, and returns a Boolean for whether
+ * Receives a request object for a resource request, finds the token if it exists, and returns a Boolean for whether
the incomming request is valid
`getAccessTokenData`
@@ -290,7 +290,7 @@ access it:
// https://api.example.com/resource-requiring-postonwall-scope
$request = OAuth2_Request::createFromGlobals();
$scopeRequired = 'postonwall'; // this resource requires "postonwall" scope
- if (!$server->verifyAccessRequest($request, $scopeRequired)) {
+ if (!$server->verifyResourceRequest($request, $scopeRequired)) {
// if the scope required is different from what the token allows, this will send a "401 insufficient_scope" error
$server->getRequest()->send();
}
@@ -1,21 +0,0 @@
-<?php
-
-/**
- * This controller is called when a "resource" is requested.
- * call verifyAccessRequest in order to determine if the request
- * contains a valid token.
- *
- * ex:
- * > if (!$accessController->verifyAccessRequest(OAuth2_Request::createFromGlobals())) {
- * > $accessController->getResponse()->send(); // authorization failed
- * > die();
- * > }
- * > return json_encode($resource); // valid token! Send the stuff!
- *
- */
-interface OAuth2_Controller_AccessControllerInterface extends OAuth2_Response_ProviderInterface
-{
- public function verifyAccessRequest(OAuth2_RequestInterface $request, $scope = null);
-
- public function getAccessTokenData(OAuth2_RequestInterface $request, $scope = null);
-}
@@ -1,9 +1,9 @@
<?php
/**
- * @see OAuth2_Controller_AccessControllerInterface
+ * @see OAuth2_Controller_ResourceControllerInterface
*/
-class OAuth2_Controller_AccessController implements OAuth2_Controller_AccessControllerInterface
+class OAuth2_Controller_ResourceController implements OAuth2_Controller_ResourceControllerInterface
{
private $response;
private $tokenType;
@@ -26,7 +26,7 @@ public function __construct(OAuth2_TokenTypeInterface $tokenType, OAuth2_Storage
$this->scopeUtil = $scopeUtil;
}
- public function verifyAccessRequest(OAuth2_RequestInterface $request, $scope = null)
+ public function verifyResourceRequest(OAuth2_RequestInterface $request, $scope = null)
{
$token_data = $this->getAccessTokenData($request, $scope);
@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * This controller is called when a "resource" is requested.
+ * call verifyResourceRequest in order to determine if the request
+ * contains a valid token.
+ *
+ * ex:
+ * > if (!$resourceController->verifyResourceRequest(OAuth2_Request::createFromGlobals())) {
+ * > $resourceController->getResponse()->send(); // authorization failed
+ * > die();
+ * > }
+ * > return json_encode($resource); // valid token! Send the stuff!
+ *
+ */
+interface OAuth2_Controller_ResourceControllerInterface extends OAuth2_Response_ProviderInterface
+{
+ public function verifyResourceRequest(OAuth2_RequestInterface $request, $scope = null);
+
+ public function getAccessTokenData(OAuth2_RequestInterface $request);
+}
@@ -1,9 +1,9 @@
<?php
/**
- * @see OAuth2_Controller_GrantControllerInterface
+ * @see OAuth2_Controller_TokenControllerInterface
*/
-class OAuth2_Controller_GrantController implements OAuth2_Controller_GrantControllerInterface
+class OAuth2_Controller_TokenController implements OAuth2_Controller_TokenControllerInterface
{
private $response;
private $clientAssertionType;
@@ -31,7 +31,7 @@ public function __construct($clientAssertionType = null, OAuth2_ResponseType_Acc
$this->scopeUtil = $scopeUtil;
}
- public function handleGrantRequest(OAuth2_RequestInterface $request)
+ public function handleTokenRequest(OAuth2_RequestInterface $request)
{
if ($token = $this->grantAccessToken($request)) {
// @see http://tools.ietf.org/html/rfc6749#section-5.1
@@ -6,20 +6,20 @@
* It also validates the client's credentials
*
* ex:
- * > $response = $grantController->handleGrantRequest(OAuth2_Request::createFromGlobals());
+ * > $response = $tokenController->handleTokenRequest(OAuth2_Request::createFromGlobals());
* > $response->send();
*
*/
-interface OAuth2_Controller_GrantControllerInterface extends OAuth2_Response_ProviderInterface
+interface OAuth2_Controller_TokenControllerInterface extends OAuth2_Response_ProviderInterface
{
/**
- * handleGrantRequest
+ * handleTokenRequest
*
* @param $request
* OAuth2_RequestInterface - The current http request
*
**/
- public function handleGrantRequest(OAuth2_RequestInterface $request);
+ public function handleTokenRequest(OAuth2_RequestInterface $request);
public function grantAccessToken(OAuth2_RequestInterface $request);
}
@@ -19,7 +19,7 @@ class OAuth2_GrantType_JWTBearer implements OAuth2_GrantTypeInterface, OAuth2_Re
* @param OAuth2_Storage_JWTBearerInterface $storage
* A valid storage interface that implements storage hooks for the JWT bearer grant type.
* @param string $audience
- * The audience to validate the token against. This is usually the full URI of the OAuth grant requests endpoint.
+ * The audience to validate the token against. This is usually the full URI of the OAuth token requests endpoint.
* @param OAuth2_Encryption_JWT OPTIONAL $jwtUtil
* The class used to decode, encode and verify JWTs.
*/
View
@@ -3,22 +3,22 @@
/**
* Service class for OAuth
* This class serves only to wrap the other Controller classes
-* @see OAuth2_Controller_AccessController
+* @see OAuth2_Controller_ResourceController
* @see OAuth2_Controller_AuthorizeController
-* @see OAuth2_Controller_GrantController
+* @see OAuth2_Controller_TokenController
*/
-class OAuth2_Server implements OAuth2_Controller_AccessControllerInterface,
- OAuth2_Controller_AuthorizeControllerInterface, OAuth2_Controller_GrantControllerInterface
+class OAuth2_Server implements OAuth2_Controller_ResourceControllerInterface,
+ OAuth2_Controller_AuthorizeControllerInterface, OAuth2_Controller_TokenControllerInterface
{
// misc properties
protected $response;
protected $config;
protected $storages;
// servers
- protected $accessController;
+ protected $resourceController;
protected $authorizeController;
- protected $grantController;
+ protected $tokenController;
// config classes
protected $responseTypes;
@@ -90,9 +90,9 @@ public function __construct($storage = array(), array $config = array(), array $
$this->scopeUtil = $scopeUtil;
}
- public function getAccessController()
+ public function getResourceController()
{
- if (is_null($this->accessController)) {
+ if (is_null($this->resourceController)) {
if (is_null($this->config['token_type'])) {
$this->config['token_type'] = 'bearer';
}
@@ -109,9 +109,9 @@ public function getAccessController()
throw new LogicException("You must supply a storage object implementing OAuth2_Storage_AccessTokenInterface to use the access server");
}
$config = array_intersect_key($this->config, array('www_realm' => ''));
- $this->accessController = new OAuth2_Controller_AccessController($tokenType, $this->storages['access_token'], $config, $this->scopeUtil);
+ $this->resourceController = new OAuth2_Controller_ResourceController($tokenType, $this->storages['access_token'], $config, $this->scopeUtil);
}
- return $this->accessController;
+ return $this->resourceController;
}
public function getAuthorizeController()
@@ -129,9 +129,9 @@ public function getAuthorizeController()
return $this->authorizeController;
}
- public function getGrantController()
+ public function getTokenController()
{
- if (is_null($this->grantController)) {
+ if (is_null($this->tokenController)) {
if (!isset($this->storages['client_credentials'])) {
throw new LogicException("You must supply a storage object implementing OAuth2_Storage_ClientCredentialsInterface to use the grant server");
}
@@ -153,9 +153,9 @@ public function getGrantController()
if (0 == count($this->grantTypes)) {
$this->grantTypes = $this->getDefaultGrantTypes();
}
- $this->grantController = new OAuth2_Controller_GrantController($this->storages['client_credentials'], $this->accessTokenResponseType, $this->grantTypes, $this->scopeUtil);
+ $this->tokenController = new OAuth2_Controller_TokenController($this->storages['client_credentials'], $this->accessTokenResponseType, $this->grantTypes, $this->scopeUtil);
}
- return $this->grantController;
+ return $this->tokenController;
}
protected function getDefaultResponseTypes()
@@ -229,31 +229,31 @@ protected function getDefaultGrantTypes()
*
* @ingroup oauth2_section_4
*/
- public function handleGrantRequest(OAuth2_RequestInterface $request)
+ public function handleTokenRequest(OAuth2_RequestInterface $request)
{
- $value = $this->getGrantController()->handleGrantRequest($request);
- $this->response = $this->grantController->getResponse();
+ $value = $this->getTokenController()->handleTokenRequest($request);
+ $this->response = $this->tokenController->getResponse();
return $value;
}
public function grantAccessToken(OAuth2_RequestInterface $request)
{
- $value = $this->getGrantController()->grantAccessToken($request);
- $this->response = $this->grantController->getResponse();
+ $value = $this->getTokenController()->grantAccessToken($request);
+ $this->response = $this->tokenController->getResponse();
return $value;
}
public function getClientCredentials(OAuth2_RequestInterface $request)
{
- $value = $this->getGrantController()->getClientCredentials($request);
- $this->response = $this->grantController->getResponse();
+ $value = $this->getTokenController()->getClientCredentials($request);
+ $this->response = $this->tokenController->getResponse();
return $value;
}
/**
* Redirect the user appropriately after approval.
*
- * After the user has approved or denied the access request the
+ * After the user has approved or denied the resource request the
* authorization server should call this function to redirect the user
* appropriately.
*
@@ -265,7 +265,7 @@ public function getClientCredentials(OAuth2_RequestInterface $request)
* - redirect_uri: An absolute URI to which the authorization server
* will redirect the user-agent to when the end-user authorization
* step is completed.
- * - scope: (optional) The scope of the access request expressed as a
+ * - scope: (optional) The scope of the resource request expressed as a
* list of space-delimited strings.
* - state: (optional) An opaque value used by the client to maintain
* state between the request and callback.
@@ -313,27 +313,27 @@ public function validateAuthorizeRequest(OAuth2_RequestInterface $request)
return $value;
}
- public function verifyAccessRequest(OAuth2_RequestInterface $request, $scope = null)
+ public function verifyResourceRequest(OAuth2_RequestInterface $request, $scope = null)
{
- $value = $this->getAccessController()->verifyAccessRequest($request, $scope);
- $this->response = $this->accessController->getResponse();
+ $value = $this->getResourceController()->verifyResourceRequest($request, $scope);
+ $this->response = $this->resourceController->getResponse();
return $value;
}
public function getAccessTokenData(OAuth2_RequestInterface $request, $scope = null)
{
- $value = $this->getAccessController()->getAccessTokenData($request, $scope);
- $this->response = $this->accessController->getResponse();
+ $value = $this->getResourceController()->getAccessTokenData($request, $scope);
+ $this->response = $this->resourceController->getResponse();
return $value;
}
public function addGrantType(OAuth2_GrantTypeInterface $grantType)
{
$this->grantTypes[] = $grantType;
- // persist added grant type down to GrantController
- if (!is_null($this->grantController)) {
- $this->getGrantController()->addGrantType($grantType);
+ // persist added grant type down to TokenController
+ if (!is_null($this->tokenController)) {
+ $this->getTokenController()->addGrantType($grantType);
}
}
@@ -10,7 +10,7 @@ public function testNoCode()
'client_id' => 'Test Client ID', // valid client id
'client_secret' => 'TestSecret', // valid client secret
));
- $response = $server->handleGrantRequest($request);
+ $response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_request');
@@ -26,7 +26,7 @@ public function testInvalidCode()
'client_secret' => 'TestSecret', // valid client secret
'code' => 'InvalidCode', // invalid authorization code
));
- $response = $server->handleGrantRequest($request);
+ $response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
@@ -42,13 +42,13 @@ public function testCodeCannotBeUsedTwice()
'client_secret' => 'TestSecret', // valid client secret
'code' => 'testcode', // valid code
));
- $response = $server->handleGrantRequest($request);
+ $response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotNull($response->getParameter('access_token'));
// try to use the same code again
- $response = $server->handleGrantRequest($request);
+ $response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_grant');
@@ -10,7 +10,7 @@ public function testInvalidCredentials()
'client_id' => 'Test Client ID', // valid client id
'client_secret' => 'FakeSecret', // valid client secret
));
- $response = $server->handleGrantRequest($request);
+ $response = $server->handleTokenRequest($request);
$this->assertEquals($response->getStatusCode(), 400);
$this->assertEquals($response->getParameter('error'), 'invalid_client');
Oops, something went wrong.

0 comments on commit 46c6da5

Please sign in to comment.