|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Created by PhpStorm. |
|
4
|
|
|
* User: GCC-MED |
|
5
|
|
|
* Date: 09/03/2018 |
|
6
|
|
|
* Time: 16:58 |
|
7
|
|
|
*/ |
|
8
|
|
|
|
|
9
|
|
|
namespace OAuth2\ClientAuthentication; |
|
10
|
|
|
|
|
11
|
|
|
|
|
12
|
|
|
use OAuth2\Roles\ClientInterface; |
|
13
|
|
|
use OAuth2\Roles\ClientTypes\ConfidentialClient; |
|
14
|
|
|
use OAuth2\Storages\ClientStorageInterface; |
|
15
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* Class ClientSecretBasicAuthenticationMethod |
|
19
|
|
|
* @package OAuth2\ClientAuthentication |
|
20
|
|
|
* |
|
21
|
|
|
* @see https://tools.ietf.org/html/rfc6749#section-2.3.1 |
|
22
|
|
|
* Clients in possession of a client password MAY use the HTTP Basic |
|
23
|
|
|
* authentication scheme as defined in [RFC2617] to authenticate with |
|
24
|
|
|
* the authorization server. The client identifier is encoded using the |
|
25
|
|
|
* "application/x-www-form-urlencoded" encoding algorithm per |
|
26
|
|
|
* Appendix B, and the encoded value is used as the username; the client |
|
27
|
|
|
* password is encoded using the same algorithm and used as the |
|
28
|
|
|
* password. The authorization server MUST support the HTTP Basic |
|
29
|
|
|
* authentication scheme for authenticating clients that were issued a |
|
30
|
|
|
* client password. |
|
31
|
|
|
* |
|
32
|
|
|
* For example (with extra line breaks for display purposes only): |
|
33
|
|
|
* |
|
34
|
|
|
* Authorization: Basic czZCaGRSa3F0Mzo3RmpmcDBaQnIxS3REUmJuZlZkbUl3 |
|
35
|
|
|
*/ |
|
36
|
|
|
class ClientSecretBasicAuthenticationMethod implements ClientAuthenticationMethodInterface, PasswordAuthenticationInterface |
|
|
|
|
|
|
37
|
|
|
{ |
|
38
|
|
|
/** |
|
39
|
|
|
* @var ClientStorageInterface |
|
40
|
|
|
*/ |
|
41
|
|
|
private $clientStorage; |
|
42
|
|
|
|
|
43
|
|
|
public function __construct(ClientStorageInterface $clientStorage) |
|
44
|
|
|
{ |
|
45
|
|
|
$this->clientStorage = $clientStorage; |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
public function support(ServerRequestInterface $request, array $requestData): bool |
|
49
|
|
|
{ |
|
50
|
|
|
$header = $request->getHeader('Authorization')[0] ?? null; |
|
51
|
|
|
return strpos($header, 'Basic') === 0; |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
public function authenticate(ServerRequestInterface $request, array $requestData): ?ClientInterface |
|
55
|
|
|
{ |
|
56
|
|
|
$header = $request->getHeader('Authorization')[0]; |
|
57
|
|
|
$token = explode(' ', $header)[1] ?? null; |
|
58
|
|
|
if ($token) { |
|
59
|
|
|
$credentials = explode(':', base64_decode($token)); |
|
60
|
|
|
if (count($credentials) == 2) { |
|
61
|
|
|
$client = $this->clientStorage->get($credentials[0]); |
|
62
|
|
|
if ($client instanceof ConfidentialClient && $client->getPassword() === $credentials[1]) { |
|
63
|
|
|
return $client; |
|
64
|
|
|
} |
|
65
|
|
|
} |
|
66
|
|
|
} |
|
67
|
|
|
return null; |
|
68
|
|
|
} |
|
69
|
|
|
} |
php-guard /
oauth-server
This interface has been deprecated. The supplier of the interface has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the interface will be removed and what other interface to use instead.