| Methods |
abstract
protected
|
getListener(): ?HttpServer
Return an HTTP listener to receive OAuth 2.0 redirects from the provider,
or null to disable flows that require it
Return an HTTP listener to receive OAuth 2.0 redirects from the provider,
or null to disable flows that require it
Reference implementation:
<?php
class OAuth2TestClient extends OAuth2Client
{
protected function getListener(): ?HttpServer
{
$listener = new HttpServer(
Env::get('app_host', 'localhost'),
Env::getInt('app_port', 27755),
);
$proxyHost = Env::getNullable('app_proxy_host', null);
$proxyPort = Env::getNullableInt('app_proxy_port', null);
if ($proxyHost !== null && $proxyPort !== null) {
return $listener->withProxy(
$proxyHost,
$proxyPort,
Env::getNullableBool('app_proxy_tls', null),
Env::get('app_proxy_base_path', ''),
);
}
return $listener;
}
}
|
#
|
abstract
protected
|
getProvider(): AbstractProvider
Return an OAuth 2.0 provider to request and validate tokens that
authorize access to the resource server
Return an OAuth 2.0 provider to request and validate tokens that
authorize access to the resource server
Example:
The following provider could be used to authorize access to the Microsoft
Graph API on behalf of a user or application. redirectUri can be
omitted if support for the Authorization Code flow is not required.
The only scope required for access to the Microsoft Graph API is
https://graph.microsoft.com/.default
<?php
class OAuth2TestClient extends OAuth2Client
{
protected function getProvider(): GenericProvider
{
return new GenericProvider([
'clientId' => $this->AppId,
'clientSecret' => $this->Secret,
'redirectUri' => $this->getRedirectUri(),
'urlAuthorize' => sprintf('https://login.microsoftonline.com/%s/oauth2/authorize', $this->TenantId),
'urlAccessToken' => sprintf('https://login.microsoftonline.com/%s/oauth2/v2.0/token', $this->TenantId),
'urlResourceOwnerDetails' => sprintf('https://login.microsoftonline.com/%s/openid/userinfo', $this->TenantId),
'scopes' => ['openid', 'profile', 'email', 'offline_access', 'https://graph.microsoft.com/.default'],
'scopeSeparator' => ' ',
]);
}
}
|
#
|
abstract
protected
|
getFlow(): OAuth2Flow::*
Return the OAuth 2.0 flow to use
Return the OAuth 2.0 flow to use
|
#
|
abstract
protected
|
getJsonWebKeySetUrl(): ?string
Return the URL of the OAuth 2.0 provider's JSON Web Key Set, or null to
disable JWT signature validation and decoding
Return the URL of the OAuth 2.0 provider's JSON Web Key Set, or null to
disable JWT signature validation and decoding
Required for token signature validation. Check the provider's
https://server.com/.well-known/openid-configuration if unsure.
|
#
|
abstract
protected
|
receiveToken(AccessToken $token, array<string, mixed>|null $idToken, OAuth2GrantType::* $grantType): void
Called when an access token is received from the OAuth 2.0 provider
Called when an access token is received from the OAuth 2.0 provider
|
#
|
public
|
__construct()
Creates a new OAuth2Client object
Creates a new OAuth2Client object
|
#
|
final
protected
|
getRedirectUri(): ?string
Get the URI that receives redirects from the OAuth 2.0 provider
Get the URI that receives redirects from the OAuth 2.0 provider
Returns null if {@see OAuth2Client::getListener()} does not return an
HTTP listener.
|
#
|
final
public
|
getAccessToken(string[]|null $scopes = null): AccessToken
Get an OAuth 2.0 access token from the cache if possible, otherwise use a
refresh token to acquire one from theā¦
Get an OAuth 2.0 access token from the cache if possible, otherwise use a
refresh token to acquire one from the provider if possible, otherwise
flush all tokens and authorize with the provider from scratch
|
#
|
final
protected
|
refreshAccessToken(): ?AccessToken
If an unexpired refresh token is available, use it to get a new access
token from the provider if possible
If an unexpired refresh token is available, use it to get a new access
token from the provider if possible
|
#
|
final
protected
|
authorize(array<string, mixed> $options = []): AccessToken
Get an access token from the OAuth 2.0 provider
Get an access token from the OAuth 2.0 provider
|
#
|
final
public
|
flushTokens(): $this
Remove any tokens issued by the OAuth 2.0 provider from the cache
Remove any tokens issued by the OAuth 2.0 provider from the cache
|
#
|
final
public
|
getIdToken(): array<string, mixed>|null
Get the decoded ID token most recently issued with an access token by the
OAuth 2.0 provider
Get the decoded ID token most recently issued with an access token by the
OAuth 2.0 provider
|
#
|