|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Created by PhpStorm. |
|
4
|
|
|
* User: GCC-MED |
|
5
|
|
|
* Date: 09/03/2018 |
|
6
|
|
|
* Time: 16:59 |
|
7
|
|
|
*/ |
|
8
|
|
|
|
|
9
|
|
|
namespace OAuth2\ClientAuthentication; |
|
10
|
|
|
|
|
11
|
|
|
|
|
12
|
|
|
use OAuth2\Roles\ClientInterface; |
|
13
|
|
|
use OAuth2\Roles\ClientTypes\ConfidentialClient; |
|
14
|
|
|
use OAuth2\Storages\ClientStorageInterface; |
|
15
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* Class ClientSecretPostAuthenticationMethod |
|
19
|
|
|
* @package OAuth2\ClientAuthentication |
|
20
|
|
|
* |
|
21
|
|
|
* @see https://tools.ietf.org/html/rfc6749#section-2.3.1 |
|
22
|
|
|
* The authorization server MAY support including the |
|
23
|
|
|
* client credentials in the request-body using the following |
|
24
|
|
|
* parameters: |
|
25
|
|
|
* |
|
26
|
|
|
* client_id |
|
27
|
|
|
* REQUIRED. The client identifier issued to the client during |
|
28
|
|
|
* the registration process described by Section 2.2. |
|
29
|
|
|
* |
|
30
|
|
|
* client_secret |
|
31
|
|
|
* REQUIRED. The client secret. The client MAY omit the |
|
32
|
|
|
* parameter if the client secret is an empty string. |
|
33
|
|
|
* |
|
34
|
|
|
* Including the client credentials in the request-body using the two |
|
35
|
|
|
* parameters is NOT RECOMMENDED and SHOULD be limited to clients unable |
|
36
|
|
|
* to directly utilize the HTTP Basic authentication scheme (or other |
|
37
|
|
|
* password-based HTTP authentication schemes). The parameters can only |
|
38
|
|
|
* be transmitted in the request-body and MUST NOT be included in the |
|
39
|
|
|
* request URI. |
|
40
|
|
|
*/ |
|
41
|
|
|
class ClientSecretPostAuthenticationMethod implements ClientAuthenticationMethodInterface, PasswordAuthenticationInterface |
|
|
|
|
|
|
42
|
|
|
{ |
|
43
|
|
|
/** |
|
44
|
|
|
* @var ClientStorageInterface |
|
45
|
|
|
*/ |
|
46
|
|
|
private $clientStorage; |
|
47
|
|
|
|
|
48
|
|
|
public function __construct(ClientStorageInterface $clientStorage) |
|
49
|
|
|
{ |
|
50
|
|
|
$this->clientStorage = $clientStorage; |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
public function support(ServerRequestInterface $request, array $requestData): bool |
|
54
|
|
|
{ |
|
55
|
|
|
return !empty($requestData['client_id']) && !empty($requestData['client_secret']); |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
public function authenticate(ServerRequestInterface $request, array $requestData): ?ClientInterface |
|
59
|
|
|
{ |
|
60
|
|
|
$client = $this->clientStorage->get($requestData['client_id']); |
|
61
|
|
|
if ($client instanceof ConfidentialClient && $client->getPassword() == $requestData['client_secret']) { |
|
62
|
|
|
return $client; |
|
63
|
|
|
} |
|
64
|
|
|
return null; |
|
65
|
|
|
} |
|
66
|
|
|
} |
php-guard /
oauth-server
Alexandre Le Borgne
This interface has been deprecated. The supplier of the interface has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the interface will be removed and what other interface to use instead.