PHP OAuth2\ResponseInterface类代码示例

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$request->request('code')) {
         $response->setError(400, 'invalid_request', 'Missing parameter: "code" is required');
         return false;
     }
     $code = $request->request('code');
     if (!($authCode = $this->storage->getAuthorizationCode($code))) {
         $response->setError(400, 'invalid_grant', 'Authorization code doesn\'t exist or is invalid for the client');
         return false;
     }
     /*
      * 4.1.3 - ensure that the "redirect_uri" parameter is present if the "redirect_uri" parameter was included in the initial authorization request
      * @uri - http://tools.ietf.org/html/rfc6749#section-4.1.3
      */
     if (isset($authCode['redirect_uri']) && $authCode['redirect_uri']) {
         if (!$request->request('redirect_uri') || urldecode($request->request('redirect_uri')) != $authCode['redirect_uri']) {
             $response->setError(400, 'redirect_uri_mismatch', "The redirect URI is missing or do not match", "#section-4.1.3");
             return false;
         }
     }
     if (!isset($authCode['expires'])) {
         throw new Exception('Storage must return authcode with a value for "expires"');
     }
     if ($authCode["expires"] < time()) {
         $response->setError(400, 'invalid_grant', "The authorization code has expired");
         return false;
     }
     if (!isset($authCode['code'])) {
         $authCode['code'] = $code;
         // used to expire the code after the access token is granted
     }
     $this->authCode = $authCode;
     return true;
 }

 /**
  * Grant or deny a requested access token.
  * This would be called from the "/token" endpoint as defined in the spec.
  * You can call your endpoint whatever you want.
  *
  * @param $request - RequestInterface
  * Request object to grant access token
  *
  * @throws InvalidArgumentException
  * @throws LogicException
  *
  * @see http://tools.ietf.org/html/rfc6749#section-4
  * @see http://tools.ietf.org/html/rfc6749#section-10.6
  * @see http://tools.ietf.org/html/rfc6749#section-4.1.3
  *
  * @ingroup oauth2_section_4
  */
 public function grantAccessToken(RequestInterface $request, ResponseInterface $response)
 {
     if (strtolower($request->server('REQUEST_METHOD')) != 'post') {
         $response->setError(405, 'invalid_request', 'The request method must be POST when requesting an access token', '#section-3.2');
         $response->addHttpHeaders(array('Allow' => 'POST'));
         return null;
     }
     /* Determine grant type from request
      * and validate the request for that grant type
      */
     if (!($grantTypeIdentifier = $request->request('grant_type'))) {
         $response->setError(400, 'invalid_request', 'The grant type was not specified in the request');
         return null;
     }
     if (!isset($this->grantTypes[$grantTypeIdentifier])) {
         /* TODO: If this is an OAuth2 supported grant type that we have chosen not to implement, throw a 501 Not Implemented instead */
         $response->setError(400, 'unsupported_grant_type', sprintf('Grant type "%s" not supported', $grantTypeIdentifier));
         return null;
     }
     $grantType = $this->grantTypes[$grantTypeIdentifier];
     if (!$grantType->validateRequest($request, $response)) {
         return null;
     }
     /* Retrieve the client information from the request
      * ClientAssertionTypes allow for grant types which also assert the client data
      * in which case ClientAssertion is handled in the validateRequest method
      *
      * @see OAuth2\GrantType\JWTBearer
      * @see OAuth2\GrantType\ClientCredentials
      */
     if ($grantType instanceof ClientAssertionTypeInterface) {
         $clientId = $grantType->getClientId();
     } else {
         if (!$this->clientAssertionType->validateRequest($request, $response)) {
             return null;
         }
         $clientId = $this->clientAssertionType->getClientId();
         // validate the Client ID (if applicable)
         if (!is_null($storedClientId = $grantType->getClientId()) && $storedClientId != $clientId) {
             $response->setError(400, 'invalid_grant', sprintf('%s doesn\'t exist or is invalid for the client', $grantTypeIdentifier));
             return null;
         }
     }
     /*
      * Validate the scope of the token
      * If the grant type returns a value for the scope,
      * this value must be verified with the scope being requested
      */
     $availableScope = $grantType->getScope();
     if (!($requestedScope = $this->scopeUtil->getScopeFromRequest($request))) {
         $requestedScope = $availableScope ? $availableScope : $this->scopeUtil->getDefaultScope();
     }
     if ($requestedScope && !$this->scopeUtil->scopeExists($requestedScope, $clientId) || $availableScope && !$this->scopeUtil->checkScope($requestedScope, $availableScope)) {
         $response->setError(400, 'invalid_scope', 'An unsupported scope was requested');
         return null;
     }
     return $grantType->createAccessToken($this->accessToken, $clientId, $grantType->getUserId(), $requestedScope);
 }

 /**
  * This is a convenience function that can be used to get the token, which can then
  * be passed to getAccessTokenData(). The constraints specified by the draft are
  * attempted to be adheared to in this method.
  *
  * As per the Bearer spec (draft 8, section 2) - there are three ways for a client
  * to specify the bearer token, in order of preference: Authorization Header,
  * POST and GET.
  *
  * NB: Resource servers MUST accept tokens via the Authorization scheme
  * (http://tools.ietf.org/html/rfc6750#section-2).
  *
  * @todo Should we enforce TLS/SSL in this function?
  *
  * @see http://tools.ietf.org/html/rfc6750#section-2.1
  * @see http://tools.ietf.org/html/rfc6750#section-2.2
  * @see http://tools.ietf.org/html/rfc6750#section-2.3
  *
  * Old Android version bug (at least with version 2.2)
  * @see http://code.google.com/p/android/issues/detail?id=6684
  *
  */
 public function getAccessTokenParameter(RequestInterface $request, ResponseInterface $response)
 {
     $headers = $request->headers('AUTHORIZATION');
     //        echo ($headers."bearer");
     /**
      * Ensure more than one method is not used for including an
      * access token
      *
      * @see http://tools.ietf.org/html/rfc6750#section-3.1
      */
     $methodsUsed = !empty($headers) + (bool) $request->query($this->config['token_param_name']) + (bool) $request->request($this->config['token_param_name']);
     //        echo ($methodsUsed);
     //        echo ("<br>".$this->config['token_param_name']."<br>");
     if ($methodsUsed > 1) {
         $response->setError(400, 'invalid_request', 'Only one method may be used to authenticate at a time (Auth header, GET or POST)');
         return null;
     }
     /**
      * If no authentication is provided, set the status code
      * to 401 and return no other error information
      *
      * @see http://tools.ietf.org/html/rfc6750#section-3.1
      */
     if ($methodsUsed == 0) {
         $response->setStatusCode(401);
         //            echo ("no auth");
         return null;
     }
     // HEADER: Get the access token from the header
     if (!empty($headers)) {
         if (!preg_match('/' . $this->config['token_bearer_header_name'] . '\\s(\\S+)/i', $headers, $matches)) {
             $response->setError(400, 'invalid_request', 'Malformed auth header');
             return null;
         }
         return $matches[1];
     }
     if ($request->request($this->config['token_param_name'])) {
         // // POST: Get the token from POST data
         if (!in_array(strtolower($request->server('REQUEST_METHOD')), array('post', 'put'))) {
             $response->setError(400, 'invalid_request', 'When putting the token in the body, the method must be POST or PUT', '#section-2.2');
             return null;
         }
         $contentType = $request->server('CONTENT_TYPE');
         if (false !== ($pos = strpos($contentType, ';'))) {
             $contentType = substr($contentType, 0, $pos);
         }
         if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
             // IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
             // @see http://tools.ietf.org/html/rfc6750#section-2.2
             $response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
             return null;
         }
         return $request->request($this->config['token_param_name']);
     }
     // GET method
     return $request->query($this->config['token_param_name']);
 }

 /**
  * Validate request via session data
  *
  * This is used for internal requests via ajax
  * 
  * @param   object  $request   Request object
  * @param   object  $response  Response object
  * @return  bool    Result of auth
  */
 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     // ensure we have needed params
     if (!$request->request("password") || !$request->request("username")) {
         $response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');
         return null;
     }
     // check username/password
     if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
         $response->setError(401, 'invalid_grant', 'Invalid username and password combination');
         return null;
     }
     // get user details by username
     $userInfo = $this->storage->getUserDetails($request->request("username"));
     // make sure we got an array of user details
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
         return null;
     }
     // if not set, something went wrong
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
     }
     // set our userinfo for later use
     $this->userInfo = $userInfo;
     // return sucess
     return true;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     $identifier = $this->getQuerystringIdentifier();
     if (!$request->request($identifier)) {
         $response->setError(400, 'invalid_request', 'Missing parameters: "' . $identifier . '" required');
         return null;
     }
     $fb_app_id = Config::get('api-foundation::fb_app_id');
     $fb_app_secret = Config::get('api-foundation::fb_app_secret');
     if (empty($fb_app_id)) {
         throw new \LogicException('Facebook APP ID not set.');
     }
     if (empty($fb_app_secret)) {
         throw new \LogicException('Facebook APP SECRET not set.');
     }
     FacebookSession::setDefaultApplication($fb_app_id, $fb_app_secret);
     try {
         $session = new FacebookSession($request->request($identifier));
     } catch (FacebookRequestException $e) {
         $response->setError(401, 'invalid_grant', $e->getMessage());
         return null;
     } catch (\Exception $e) {
         $response->setError(401, 'invalid_grant', $e->getMessage());
         return null;
     }
     if (!empty($session)) {
         try {
             $user_profile = (new FacebookRequest($session, 'GET', '/me'))->execute()->getGraphObject(GraphUser::className());
             $email = $user_profile->getProperty('email');
             if (empty($email)) {
                 $response->setError(400, 'invalid_request', "User's email address not available.");
                 return null;
             } else {
                 $userInfo = $this->storage->getUserInfoByFacebookId($user_profile->getId());
                 if (empty($userInfo)) {
                     $this->storage->createFacebookUser($user_profile);
                     $userInfo = $this->storage->getUserInfoByFacebookId($user_profile->getId());
                 }
             }
         } catch (FacebookRequestException $e) {
             $response->setError(401, 'invalid_grant', $e->getMessage());
             return null;
         }
     } else {
         $response->setError(401, 'invalid_grant', 'Facebook session could not be set with supplied access token.');
         return null;
     }
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information.');
         return null;
     }
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("You must set the user_id on the array.");
     }
     $this->userInfo = $userInfo;
     return true;
 }

 public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
 {
     if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
         return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
     }
     if ($this->config['allow_credentials_in_request_body']) {
         // Using POST for HttpBasic authorization is not recommended, but is supported by specification
         if (!is_null($request->request('client_id'))) {
             return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret'));
         }
     }
     if ($response) {
         $message = $this->config['allow_credentials_in_request_body'] ? ' or body' : '';
         $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers' . $message);
     }
     return null;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$request->request('client_id')) {
         $response->setError(400, 'invalid_request', 'Missing parameter: "client_id" is required');
         return false;
     }
     /*
      * Ensure that the client_id existed
      */
     $client_id = $request->request('client_id');
     if (!($client = $this->storage->getClientDetails($client_id))) {
         $response->setError(400, 'invalid_client', 'The client id supplied is invalid');
         return false;
     }
     $this->client = $client;
     return true;
 }

 protected function setNotAuthorizedResponse(RequestInterface $request, ResponseInterface $response, $redirect_uri, $user_id = null)
 {
     $prompt = $request->query('prompt', 'consent');
     if ($prompt == 'none') {
         if (is_null($user_id)) {
             $error = 'login_required';
             $error_message = 'The user must log in';
         } else {
             $error = 'interaction_required';
             $error_message = 'The user must grant access to your application';
         }
     } else {
         $error = 'consent_required';
         $error_message = 'The user denied access to your application';
     }
     $response->setRedirect($this->config['redirect_status_code'], $redirect_uri, $this->getState(), $error, $error_message);
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$this->_adapter->checkUserCredentials($request->request('identity'), $request->request('token'))) {
         $response->setError(401, 'invalid_grant', 'Invalid identity and token combination');
         return null;
     }
     $userInfo = $this->_adapter->getUserDetails($request->request('identity'));
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
         return null;
     }
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("You must set the user_id on the array returned by getUserDetails");
     }
     $this->_userInfo = $userInfo;
     return true;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$request->request("refresh_token")) {
         $response->setError(400, 'invalid_request', 'Missing parameter: "refresh_token" is required');
         return null;
     }
     if (!($refreshToken = $this->storage->getRefreshToken($request->request("refresh_token")))) {
         $response->setError(400, 'invalid_grant', 'Invalid refresh token');
         return null;
     }
     if ($refreshToken['expires'] > 0 && $refreshToken["expires"] < time()) {
         $response->setError(400, 'invalid_grant', 'Refresh token has expired');
         return null;
     }
     // store the refresh token locally so we can delete it when a new refresh token is generated
     $this->refreshToken = $refreshToken;
     return true;
 }

 /**
  * Internal function used to get the client credentials from HTTP basic
  * auth or POST data.
  *
  * According to the spec (draft 20), the client_id can be provided in
  * the Basic Authorization header (recommended) or via GET/POST.
  *
  * @return
  * A list containing the client identifier and password, for example
  * @code
  * return array(
  *     "client_id"     => CLIENT_ID,        // REQUIRED the client id
  *     "client_secret" => CLIENT_SECRET,    // REQUIRED the client secret
  * );
  * @endcode
  *
  * @link http://tools.ietf.org/html/rfc6749#section-2.3.1
  *
  * @ingroup oauth2_section_2
  */
 public function getClientCredentials(RequestInterface $request, ResponseInterface $response = null)
 {
     if (!is_null($request->headers('PHP_AUTH_USER')) && !is_null($request->headers('PHP_AUTH_PW'))) {
         return array('client_id' => $request->headers('PHP_AUTH_USER'), 'client_secret' => $request->headers('PHP_AUTH_PW'));
     }
     if ($this->config['allow_credentials_in_request_body']) {
         // Using POST for HttpBasic authorization is not recommended, but is supported by specification
         if (!is_null($request->request('client_id'))) {
             /**
              * client_secret can be null if the client's password is an empty string
              * @link http://tools.ietf.org/html/rfc6749#section-2.3.1
              */
             return array('client_id' => $request->request('client_id'), 'client_secret' => $request->request('client_secret', ''));
         }
     }
     if ($response) {
         $response->setError(400, 'invalid_client', 'Client credentials were not found in the headers or body');
     }
     return null;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     $token = $request->request("token");
     if (!$token) {
         $response->setError(400, 'invalid_request', 'Missing parameter: "token" is required');
         return null;
     }
     $socialUser = $this->getTokenInfo($token);
     if (!$socialUser) {
         $response->setError(401, 'invalid_grant', 'Invalid or expired token');
         return null;
     }
     $user_id = $this->getLocalUser($socialUser);
     if (!$user_id) {
         $response->setError(401, 'invalid_grant', 'Unable to identify or create user');
         return null;
     }
     $this->userInfo = ['user_id' => $user_id];
     return true;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$request->request("user_id") || !$request->request("provider") || !$request->request("provider_id") || !$request->request("provider_access_token")) {
         $response->setError(400, 'invalid_request', 'Missing parameters: "username" and "provider" and "provider_id" and "access_token" required');
         return null;
     }
     if (!$this->storage->getUserProviderAccessToken($request->request("provider"), $request->request("provider_id"), $request->request("user_id"))) {
         return null;
     }
     $userInfo = $this->storage->getUser($request->request("user_id"));
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
         return null;
     }
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
     }
     $this->userInfo = $userInfo;
     return true;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     $identifier = $this->getQuerystringIdentifier();
     if (!$request->request($identifier)) {
         $response->setError(400, 'invalid_request', 'Missing parameters: "' . $identifier . '" required');
         return null;
     }
     $gplus_server_code = $request->request($identifier);
     try {
         $this->google_client->authenticate($gplus_server_code);
         $token_data = json_decode($this->google_client->getAccessToken());
         $gplus_access_token = $token_data->access_token;
         $token_service = new Google_Service_Oauth2($this->google_client);
         $token_info = $token_service->tokeninfo(array('access_token' => $gplus_access_token));
         if ($token_info->getAudience() != \Config::get('api-foundation::gplus_client_id')) {
             $response->setError(400, 'invalid_request', "Google+ access token audience does not match.");
             return null;
         }
         $gplus_id = $token_info->getUserId();
         $email = $token_info->getEmail();
         if (empty($email)) {
             $response->setError(400, 'invalid_request', "User's Google+ email addresses are not available.");
             return null;
         }
         if (empty($gplus_id)) {
             $response->setError(400, 'invalid_request', "User's Google+ id not available.");
             return null;
         }
         $userInfo = $this->storage->getUserInfoByGPlusId($gplus_id);
         if (empty($userInfo)) {
             $gplus_user = GPlusUserFromGPlusAccessToken::make($this->google_client, $gplus_access_token);
             $this->storage->createGPlusUser($gplus_user, $token_info);
             $userInfo = $this->storage->getUserInfoByGPlusId($gplus_id);
         }
     } catch (\Google_Service_Exception $e) {
         $response->setError($e->getCode(), 'invalid_request', "Google Plus server code is invalid.");
         return null;
     } catch (\Google_Auth_Exception $e) {
         $response->setError($e->getCode(), 'invalid_request', "Google Plus server code is invalid.");
         return null;
     }
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information.');
         return null;
     }
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("You must set the user_id on the array.");
     }
     $this->userInfo = $userInfo;
     return true;
 }

 public function validateRequest(RequestInterface $request, ResponseInterface $response)
 {
     if (!$request->request("password") || !$request->request("username")) {
         $response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');
         return null;
     }
     if (!$this->storage->checkUserCredentials($request->request("username"), $request->request("password"))) {
         $response->setError(401, 'invalid_grant', 'Invalid username and password combination');
         return null;
     }
     $userInfo = $this->storage->getUserDetails($request->request("username"));
     if (empty($userInfo)) {
         $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');
         return null;
     }
     if (!isset($userInfo['user_id'])) {
         throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
     }
     $this->userInfo = $userInfo;
     return true;
 }