forked from Flowpack/Flowpack.OAuth2.Client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAbstractHttpTokenEndpoint.php
152 lines (134 loc) · 5.81 KB
/
AbstractHttpTokenEndpoint.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
namespace Flowpack\OAuth2\Client\Endpoint;
/* *
* This script belongs to the TYPO3 Flow package "Flowpack.OAuth2.Client".*
* *
* It is free software; you can redistribute it and/or modify it under *
* the terms of the GNU General Public License, either version 3 of the *
* License, or (at your option) any later version. *
* *
* The TYPO3 project - inspiring people to share! *
* */
use Flowpack\OAuth2\Client\Exception as OAuth2Exception;
use Neos\Flow\Annotations as Flow;
use Neos\Flow\Http\Request;
use Neos\Flow\Http\Uri;
use Neos\Utility\Arrays;
/**
*/
abstract class AbstractHttpTokenEndpoint implements TokenEndpointInterface
{
/**
* @Flow\Inject
* @var \Neos\Flow\Http\Client\CurlEngine
*/
protected $requestEngine;
/**
* @var string
*/
protected $endpointUri;
/**
* The client identifier as per http://tools.ietf.org/html/rfc6749#section-2.2
* Filled via Objects.yaml
*
*@var string
*/
protected $clientIdentifier;
/**
* The client secret as per http://tools.ietf.org/html/rfc6749#section-2.3.1
* Filled via Objects.yaml
*
*@var string
*/
protected $clientSecret;
/**
*/
protected function initializeObject()
{
$this->requestEngine->setOption(CURLOPT_CAINFO, FLOW_PATH_PACKAGES . 'Application/Flowpack.OAuth2.Client/Resources/Private/cacert.pem');
$this->requestEngine->setOption(CURLOPT_SSL_VERIFYPEER, true);
}
/**
* Requests an access token for Client Credentials Grant as specified in section 4.4.2
*
* @param string $code The authorization code received from the authorization server.
* @param string $redirectUri REQUIRED, if the "redirect_uri" parameter was included in the authorization request as described in Section 4.1.1, and their values MUST be identical.
* @param string $clientIdentifier REQUIRED, if the client is not authenticating with the authorization server as described in Section 3.2.1.
* @return mixed
* @see http://tools.ietf.org/html/rfc6749#section-4.1.3
*/
public function requestAuthorizationCodeGrantAccessToken($code, $redirectUri = null, $clientIdentifier = null)
{
$accessToken = $this->requestAccessToken(TokenEndpointInterface::GRANT_TYPE_AUTHORIZATION_CODE, array(
'code' => $code,
'redirect_uri' => $redirectUri,
'client_id' => $clientIdentifier
));
return $accessToken;
}
/**
* Requests an access token for Resource Owner Password Credentials Grant as specified in section 4.3.2
*
* @param string $username The resource owner username.
* @param string $password The resource owner password.
* @param array $scope The scope of the access request as described by http://tools.ietf.org/html/rfc6749#section-3.3
* @return mixed
* @see http://tools.ietf.org/html/rfc6749#section-4.3.2
*/
public function requestResourceOwnerPasswordCredentialsGrantAccessToken($username, $password, $scope = array())
{
// TODO: Implement requestResourceOwnerPasswordCredentialsGrantAccessToken() method.
}
/**
* Requests an access token for Client Credentials Grant as specified in section 4.4.2
*
* @param array $scope The scope of the access request as described by http://tools.ietf.org/html/rfc6749#section-3.3
* @return mixed
* @see http://tools.ietf.org/html/rfc6749#section-4.4.2
*/
public function requestClientCredentialsGrantAccessToken($scope = array())
{
$accessToken = $this->requestAccessToken(TokenEndpointInterface::GRANT_TYPE_CLIENT_CREDENTIALS, $scope);
return $accessToken;
}
/**
* @return string
*/
public function __toString()
{
return $this->endpointUri;
}
/**
* @param string $grantType One of this' interface GRANT_TYPE_* constants
* @param array $additionalParameters Additional parameters for the request
* @return mixed
* @throws \Flowpack\OAuth2\Client\Exception
* @see http://tools.ietf.org/html/rfc6749#section-4.1.3
*/
protected function requestAccessToken($grantType, $additionalParameters = array())
{
$parameters = array(
'grant_type' => $grantType,
'client_id' => $this->clientIdentifier,
'client_secret' => $this->clientSecret
);
$parameters = Arrays::arrayMergeRecursiveOverrule($parameters, $additionalParameters, false, false);
$request = Request::create(new Uri($this->endpointUri), 'POST', $parameters);
$request->setHeader('Content-Type', 'application/x-www-form-urlencoded');
$response = $this->requestEngine->sendRequest($request);
if ($response->getStatusCode() !== 200) {
throw new OAuth2Exception(sprintf('The response when requesting the access token was not as expected, code and message was: %d %s', $response->getStatusCode(), $response->getContent()), 1383749757);
}
// expects Tokens from Facebook or Google
// google returns json
// facebook an string with parameters
parse_str($response->getContent(), $responseComponentsParsedString);
if (!array_key_exists('access_token', $responseComponentsParsedString)){
$responseComponents = $response->getContent();
$responseComponents = json_decode($responseComponents, true);
} else {
$responseComponents = $responseComponentsParsedString;
}
return $responseComponents;
}
}