|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Created by PhpStorm. |
|
4
|
|
|
* User: Alexandre |
|
5
|
|
|
* Date: 30/12/2017 |
|
6
|
|
|
* Time: 16:55 |
|
7
|
|
|
*/ |
|
8
|
|
|
|
|
9
|
|
|
namespace OAuth2OLD\Credential; |
|
10
|
|
|
|
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* Class AccessToken |
|
14
|
|
|
* @package OAuth2\credentials |
|
15
|
|
|
* |
|
16
|
|
|
* @see https://tools.ietf.org/html/rfc6749#section-1.4 |
|
17
|
|
|
* |
|
18
|
|
|
* Access Token |
|
19
|
|
|
* |
|
20
|
|
|
* Access tokens are credentials used to access protected resources. An |
|
21
|
|
|
* access token is a string representing an authorization issued to the |
|
22
|
|
|
* client. The string is usually opaque to the client. Tokens |
|
23
|
|
|
* represent specific scopes and durations of access, granted by the |
|
24
|
|
|
* resource owner, and enforced by the resource server and authorization |
|
25
|
|
|
* server. |
|
26
|
|
|
* |
|
27
|
|
|
* The token may denote an identifier used to retrieve the authorization |
|
28
|
|
|
* information or may self-contain the authorization information in a |
|
29
|
|
|
* verifiable manner (i.e., a token string consisting of some data and a |
|
30
|
|
|
* signature). Additional authentication credentials, which are beyond |
|
31
|
|
|
* the scope of this specification, may be required in order for the |
|
32
|
|
|
* client to use a token. |
|
33
|
|
|
* |
|
34
|
|
|
* The access token provides an abstraction layer, replacing different |
|
35
|
|
|
* authorization constructs (e.g., username and password) with a single |
|
36
|
|
|
* token understood by the resource server. This abstraction enables |
|
37
|
|
|
* issuing access tokens more restrictive than the authorization grant |
|
38
|
|
|
* used to obtain them, as well as removing the resource server's need |
|
39
|
|
|
* to understand a wide range of authentication methods. |
|
40
|
|
|
* |
|
41
|
|
|
* Access tokens can have different formats, structures, and methods of |
|
42
|
|
|
* utilization (e.g., cryptographic properties) based on the resource |
|
43
|
|
|
* server security requirements. Access token attributes and the |
|
44
|
|
|
* methods used to access protected resources are beyond the scope of |
|
45
|
|
|
* this specification and are defined by companion specifications such |
|
46
|
|
|
* as [RFC6750]. |
|
47
|
|
|
*/ |
|
48
|
|
|
class AccessToken extends Token |
|
49
|
|
|
{ |
|
50
|
|
|
const CHARS = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._"; |
|
51
|
|
|
const LENGTH = 15; |
|
52
|
|
|
|
|
53
|
|
|
static function generate($length = self::LENGTH) |
|
|
|
|
|
|
54
|
|
|
{ |
|
55
|
|
|
$token = ''; |
|
56
|
|
|
for ($i = 0; $i < $length; ++$i) { |
|
57
|
|
|
$token .= self::CHARS[random_int(0, strlen(self::CHARS) - 1)]; |
|
58
|
|
|
} |
|
59
|
|
|
return new self($token); |
|
60
|
|
|
} |
|
61
|
|
|
} |
php-guard /
oauth-server
Adding explicit visibility (
private,protected, orpublic) is generally recommend to communicate to other developers how, and from where this method is intended to be used.