feature #60 Add OAuth Client ID to OAuth2Token (robotjoosen)

This PR was merged into the 0.1-dev branch. Discussion ---------- Add OAuth Client ID to OAuth2Token This PR should help with issue #50. It adds Client ID to the Passport and Token. This way the client can be retrieved like this: ``` $clientId = $this->security->getToken()->getOAuthClientId(); $userRepository->findOneByClientId($clientId); ``` Commits ------- 8c0e70f Add OAuth Client ID to OAuth2Token
thephpleague · Nov 6, 2021 · c8c657e · c8c657e
2 parents 699c99c + 8c0e70f
commit c8c657e
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 2 deletions.
diff --git a/src/Security/Authentication/Token/OAuth2Token.php b/src/Security/Authentication/Token/OAuth2Token.php
@@ -18,10 +18,12 @@ final class OAuth2Token extends AbstractToken
     public function __construct(
         ?UserInterface $user,
         string $accessTokenId,
+        string $oauthClientId,
         array $scopes,
         string $rolePrefix
     ) {
         $this->setAttribute('access_token_id', $accessTokenId);
+        $this->setAttribute('oauth_client_id', $oauthClientId);
         $this->setAttribute('scopes', $scopes);
 
         // Build roles from scope
@@ -54,4 +56,10 @@ public function getCredentials(): string
         /** @var string */
         return $this->getAttribute('access_token_id');
     }
+
+    public function getOAuthClientId(): string
+    {
+        /** @var string */
+        return $this->getAttribute('oauth_client_id');
+    }
 }
diff --git a/src/Security/Authenticator/OAuth2Authenticator.php b/src/Security/Authenticator/OAuth2Authenticator.php
@@ -92,6 +92,9 @@ public function authenticate(Request $request): PassportInterface
         /** @var list<string> $scopes */
         $scopes = $psr7Request->getAttribute('oauth_scopes', []);
 
+        /** @var string $oauthClientId */
+        $oauthClientId = $psr7Request->getAttribute('oauth_client_id', '');
+
         $userLoader = function (string $userIdentifier): UserInterface {
             if ('' === $userIdentifier) {
                 return new NullUser();
@@ -109,6 +112,8 @@ public function authenticate(Request $request): PassportInterface
 
         $passport->setAttribute('accessTokenId', $accessTokenId);
 
+        $passport->setAttribute('oauthClientId', $oauthClientId);
+
         return $passport;
     }
 
@@ -127,7 +132,10 @@ public function createAuthenticatedToken(PassportInterface $passport, string $fi
         /** @var ScopeBadge $scopeBadge */
         $scopeBadge = $passport->getBadge(ScopeBadge::class);
 
-        $token = new OAuth2Token($passport->getUser(), $accessTokenId, $scopeBadge->getScopes(), $this->rolePrefix);
+        /** @var string $oauthClientId */
+        $oauthClientId = $passport->getAttribute('oauthClientId');
+
+        $token = new OAuth2Token($passport->getUser(), $accessTokenId, $oauthClientId, $scopeBadge->getScopes(), $this->rolePrefix);
         $token->setAuthenticated(true);
 
         return $token;

diff --git a/tests/Unit/OAuth2AuthenticatorTest.php b/tests/Unit/OAuth2AuthenticatorTest.php
@@ -143,6 +143,7 @@ public function testCreateAuthenticatedToken(): void
             new ScopeBadge(['scope_one', 'scope_two']),
         ]);
         $passport->setAttribute('accessTokenId', 'accessTokenId');
+        $passport->setAttribute('oauthClientId', 'oauthClientId');
 
         $authenticator = new OAuth2Authenticator(
             $this->createMock(HttpMessageFactoryInterface::class),

diff --git a/tests/Unit/OAuth2TokenTest.php b/tests/Unit/OAuth2TokenTest.php
@@ -15,16 +15,18 @@ public function testTokenSerialization(): void
     {
         $user = new User();
         $accessTokenId = 'accessTokenId';
+        $oauthClientId = 'oauthClientId';
         $scopes = [FixtureFactory::FIXTURE_SCOPE_FIRST];
         $rolePrefix = 'ROLE_OAUTH2_';
 
-        $token = new OAuth2Token($user, $accessTokenId, $scopes, $rolePrefix);
+        $token = new OAuth2Token($user, $accessTokenId, $oauthClientId, $scopes, $rolePrefix);
 
         /** @var OAuth2Token $unserializedToken */
         $unserializedToken = unserialize(serialize($token));
 
         $this->assertSame($user->getUsername(), $unserializedToken->getUser()->getUsername());
         $this->assertSame($accessTokenId, $token->getCredentials());
+        $this->assertSame($oauthClientId, $token->getOAuthClientId());
         $this->assertSame($scopes, $token->getScopes());
         $this->assertSame([sprintf('%s%s', $rolePrefix, strtoupper($scopes[0]))], $token->getRoleNames());