[WIP] Add compatibility with league/oauth2-server:^9

composer.json

@@ -20,7 +20,7 @@
         "ext-openssl": "*",
         "doctrine/doctrine-bundle": "^2.8.0",
         "doctrine/orm": "^2.14|^3.0",
-        "league/oauth2-server": "^8.3",
+        "league/oauth2-server": "^9",
         "nyholm/psr7": "^1.4",
         "psr/http-factory": "^1.0",
         "symfony/event-dispatcher": "^5.4|^6.2|^7.0",

src/Command/CreateClientCommand.php

@@ -135,11 +135,11 @@ private function buildClientFromInput(InputInterface $input): ClientInterface
         $client->setActive(true);
         $client->setAllowPlainTextPkce($input->getOption('allow-plain-text-pkce'));
 
-        /** @var list<string> $redirectUriStrings */
+        /** @var list<non-empty-string> $redirectUriStrings */
         $redirectUriStrings = $input->getOption('redirect-uri');
-        /** @var list<string> $grantStrings */
+        /** @var list<non-empty-string> $grantStrings */
         $grantStrings = $input->getOption('grant-type');
-        /** @var list<string> $scopeStrings */
+        /** @var list<non-empty-string> $scopeStrings */
         $scopeStrings = $input->getOption('scope');
 
         return $client

src/Command/ListClientsCommand.php

@@ -80,11 +80,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
     private function getFindByCriteria(InputInterface $input): ClientFilter
     {
-        /** @var list<string> $grantStrings */
+        /** @var list<non-empty-string> $grantStrings */
         $grantStrings = $input->getOption('grant-type');
-        /** @var list<string> $redirectUriStrings */
+        /** @var list<non-empty-string> $redirectUriStrings */
         $redirectUriStrings = $input->getOption('redirect-uri');
-        /** @var list<string> $scopeStrings */
+        /** @var list<non-empty-string> $scopeStrings */
         $scopeStrings = $input->getOption('scope');
 
         return ClientFilter::create()

src/Converter/UserConverter.php

@@ -10,6 +10,19 @@
 
 final class UserConverter implements UserConverterInterface
 {
+    public const DEFAULT_ANONYMOUS_USER_IDENTIFIER = 'anonymous';
+
+    /** @var non-empty-string */
+    private string $anonymousUserIdentifier;
+
+    /**
+     * @param non-empty-string $anonymousUserIdentifier
+     */
+    public function __construct(string $anonymousUserIdentifier = self::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+    {
+        $this->anonymousUserIdentifier = $anonymousUserIdentifier;
+    }
+
     /**
      * @psalm-suppress DeprecatedMethod
      * @psalm-suppress UndefinedInterfaceMethod
@@ -18,9 +31,16 @@ public function toLeague(?UserInterface $user): UserEntityInterface
     {
         $userEntity = new User();
         if ($user instanceof UserInterface) {
-            $userEntity->setIdentifier(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());
+            $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+            if ('' === $identifier) {
+                $identifier = $this->anonymousUserIdentifier;
+            }
+        } else {
+            $identifier = $this->anonymousUserIdentifier;
         }
 
+        $userEntity->setIdentifier($identifier);
+
         return $userEntity;
     }
 }

src/DBAL/Type/ImplodedArray.php

@@ -49,6 +49,7 @@ public function convertToPHPValue(mixed $value, AbstractPlatform $platform): arr
 
         \assert(\is_string($value), 'Expected $value of be either a string or null.');
 
+        /** @var list<non-empty-string> $values */
         $values = explode(self::VALUE_DELIMITER, $value);
 
         return $this->convertDatabaseValues($values);
@@ -87,7 +88,7 @@ private function assertValueCanBeImploded($value): void
     }
 
     /**
-     * @param list<string> $values
+     * @param list<non-empty-string> $values
      *
      * @return list<T>
      */

src/DBAL/Type/Scope.php

@@ -22,7 +22,7 @@ public function getName(): string
     }
 
     /**
-     * @param list<string> $values
+     * @param list<non-empty-string> $values
      *
      * @return list<ScopeModel>
      */

src/DependencyInjection/Configuration.php

@@ -5,6 +5,7 @@
 namespace League\Bundle\OAuth2ServerBundle\DependencyInjection;
 
 use Defuse\Crypto\Key;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
 use League\Bundle\OAuth2ServerBundle\Model\Client;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
@@ -31,6 +32,11 @@ public function getConfigTreeBuilder(): TreeBuilder
                     ->defaultValue('ROLE_OAUTH2_')
                     ->cannotBeEmpty()
                 ->end()
+                ->scalarNode('anonymous_user_identifier')
+                    ->info('Set a default user identifier for anonymous users')
+                    ->defaultValue(UserConverter::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+                    ->cannotBeEmpty()
+                ->end()
             ->end();
 
         return $treeBuilder;

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
 use League\Bundle\OAuth2ServerBundle\Command\CreateClientCommand;
 use League\Bundle\OAuth2ServerBundle\Command\GenerateKeyPairCommand;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Grant as GrantType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\RedirectUri as RedirectUriType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Scope as ScopeType;
@@ -68,6 +69,9 @@ public function load(array $configs, ContainerBuilder $container)
         $container->findDefinition(OAuth2Authenticator::class)
             ->setArgument(3, $config['role_prefix']);
 
+        $container->findDefinition(UserConverter::class)
+            ->setArgument(0, $config['anonymous_user_identifier']);
+
         $container->registerForAutoconfiguration(GrantTypeInterface::class)
             ->addTag('league.oauth2_server.authorization_server.grant');
 

src/Event/AuthorizationRequestResolveEvent.php

@@ -6,7 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
+use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Contracts\EventDispatcher\Event;
@@ -17,7 +17,7 @@ final class AuthorizationRequestResolveEvent extends Event
     public const AUTHORIZATION_DENIED = false;
 
     /**
-     * @var AuthorizationRequest
+     * @var AuthorizationRequestInterface
      */
     private $authorizationRequest;
 
@@ -49,7 +49,7 @@ final class AuthorizationRequestResolveEvent extends Event
     /**
      * @param Scope[] $scopes
      */
-    public function __construct(AuthorizationRequest $authorizationRequest, array $scopes, ClientInterface $client)
+    public function __construct(AuthorizationRequestInterface $authorizationRequest, array $scopes, ClientInterface $client)
     {
         $this->authorizationRequest = $authorizationRequest;
         $this->scopes = $scopes;
@@ -137,12 +137,12 @@ public function getState(): ?string
         return $this->authorizationRequest->getState();
     }
 
-    public function getCodeChallenge(): string
+    public function getCodeChallenge(): ?string
     {
         return $this->authorizationRequest->getCodeChallenge();
     }
 
-    public function getCodeChallengeMethod(): string
+    public function getCodeChallengeMethod(): ?string
     {
         return $this->authorizationRequest->getCodeChallengeMethod();
     }

src/Event/AuthorizationRequestResolveEventFactory.php

@@ -6,7 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
+use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
 
 class AuthorizationRequestResolveEventFactory
 {
@@ -26,7 +26,7 @@ public function __construct(ScopeConverterInterface $scopeConverter, ClientManag
         $this->clientManager = $clientManager;
     }
 
-    public function fromAuthorizationRequest(AuthorizationRequest $authorizationRequest): AuthorizationRequestResolveEvent
+    public function fromAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): AuthorizationRequestResolveEvent
     {
         $scopes = $this->scopeConverter->toDomainArray(array_values($authorizationRequest->getScopes()));
 

src/Event/ScopeResolveEvent.php

@@ -27,14 +27,14 @@ final class ScopeResolveEvent extends Event
     private $client;
 
     /**
-     * @var string|null
+     * @var string|int|null
      */
     private $userIdentifier;
 
     /**
      * @param list<Scope> $scopes
      */
-    public function __construct(array $scopes, Grant $grant, AbstractClient $client, ?string $userIdentifier)
+    public function __construct(array $scopes, Grant $grant, AbstractClient $client, string|int|null $userIdentifier)
     {
         $this->scopes = $scopes;
         $this->grant = $grant;
@@ -68,7 +68,7 @@ public function getClient(): AbstractClient
         return $this->client;
     }
 
-    public function getUserIdentifier(): ?string
+    public function getUserIdentifier(): string|int|null
     {
         return $this->userIdentifier;
     }

src/EventListener/AddClientDefaultScopesListener.php

@@ -15,12 +15,12 @@
 class AddClientDefaultScopesListener
 {
     /**
-     * @var list<string>
+     * @var list<non-empty-string>
      */
     private $defaultScopes;
 
     /**
-     * @param list<string> $defaultScopes
+     * @param list<non-empty-string> $defaultScopes
      */
     public function __construct(array $defaultScopes)
     {

src/Model/AbstractClient.php

@@ -16,6 +16,7 @@
 abstract class AbstractClient implements ClientInterface
 {
     private string $name;
+    /** @var non-empty-string */
     protected string $identifier;
     private ?string $secret;
 
@@ -33,6 +34,8 @@ abstract class AbstractClient implements ClientInterface
 
     /**
      * @psalm-mutation-free
+     *
+     * @param non-empty-string $identifier
      */
     public function __construct(string $name, string $identifier, ?string $secret)
     {

src/Model/ClientInterface.php

@@ -13,6 +13,9 @@
  */
 interface ClientInterface
 {
+    /**
+     * @return non-empty-string
+     */
     public function getIdentifier(): string;
 
     public function getSecret(): ?string;

src/Repository/AccessTokenRepository.php

@@ -42,12 +42,13 @@ public function __construct(
         $this->scopeConverter = $scopeConverter;
     }
 
-    public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
+    public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, ?string $userIdentifier = null): AccessTokenEntityInterface
     {
-        /** @var int|string|null $userIdentifier */
         $accessToken = new AccessTokenEntity();
         $accessToken->setClient($clientEntity);
-        $accessToken->setUserIdentifier($userIdentifier);
+        if (null !== $userIdentifier && '' !== $userIdentifier) {
+            $accessToken->setUserIdentifier($userIdentifier);
+        }
 
         foreach ($scopes as $scope) {
             $accessToken->addScope($scope);
@@ -69,10 +70,7 @@ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEnt
         $this->accessTokenManager->save($accessToken);
     }
 
-    /**
-     * @param string $tokenId
-     */
-    public function revokeAccessToken($tokenId): void
+    public function revokeAccessToken(string $tokenId): void
     {
         $accessToken = $this->accessTokenManager->find($tokenId);
 
@@ -85,10 +83,7 @@ public function revokeAccessToken($tokenId): void
         $this->accessTokenManager->save($accessToken);
     }
 
-    /**
-     * @param string $tokenId
-     */
-    public function isAccessTokenRevoked($tokenId): bool
+    public function isAccessTokenRevoked(string $tokenId): bool
     {
         $accessToken = $this->accessTokenManager->find($tokenId);
 
@@ -105,9 +100,6 @@ private function buildAccessTokenModel(AccessTokenEntityInterface $accessTokenEn
         $client = $this->clientManager->find($accessTokenEntity->getClient()->getIdentifier());
 
         $userIdentifier = $accessTokenEntity->getUserIdentifier();
-        if (null !== $userIdentifier) {
-            $userIdentifier = (string) $userIdentifier;
-        }
 
         return new AccessTokenModel(
             $accessTokenEntity->getIdentifier(),

src/Repository/AuthCodeRepository.php

@@ -46,10 +46,7 @@ public function getNewAuthCode(): AuthCode
         return new AuthCode();
     }
 
-    /**
-     * @return void
-     */
-    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void
     {
         $authorizationCode = $this->authorizationCodeManager->find($authCodeEntity->getIdentifier());
 
@@ -62,7 +59,7 @@ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
         $this->authorizationCodeManager->save($authorizationCode);
     }
 
-    public function revokeAuthCode($codeId): void
+    public function revokeAuthCode(string $codeId): void
     {
         $authorizationCode = $this->authorizationCodeManager->find($codeId);
 
@@ -75,7 +72,7 @@ public function revokeAuthCode($codeId): void
         $this->authorizationCodeManager->save($authorizationCode);
     }
 
-    public function isAuthCodeRevoked($codeId): bool
+    public function isAuthCodeRevoked(string $codeId): bool
     {
         $authorizationCode = $this->authorizationCodeManager->find($codeId);
 
@@ -93,7 +90,7 @@ private function buildAuthorizationCode(AuthCodeEntityInterface $authCodeEntity)
 
         $userIdentifier = $authCodeEntity->getUserIdentifier();
         if (null !== $userIdentifier) {
-            $userIdentifier = (string) $userIdentifier;
+            $userIdentifier = $userIdentifier;
         }
 
         return new AuthorizationCode(

src/Repository/ClientRepository.php

@@ -7,6 +7,7 @@
 use League\Bundle\OAuth2ServerBundle\Entity\Client as ClientEntity;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 
 final class ClientRepository implements ClientRepositoryInterface
@@ -21,7 +22,7 @@ public function __construct(ClientManagerInterface $clientManager)
         $this->clientManager = $clientManager;
     }
 
-    public function getClientEntity($clientIdentifier)
+    public function getClientEntity(string $clientIdentifier): ?ClientEntityInterface
     {
         $client = $this->clientManager->find($clientIdentifier);
 
@@ -32,7 +33,7 @@ public function getClientEntity($clientIdentifier)
         return $this->buildClientEntity($client);
     }
 
-    public function validateClient($clientIdentifier, $clientSecret, $grantType): bool
+    public function validateClient(string $clientIdentifier, ?string $clientSecret, ?string $grantType): bool
     {
         $client = $this->clientManager->find($clientIdentifier);