redCOMPONENT-COM / redCORE

extensions/libraries/redcore/api/oauth2/Controller/TokenControllerInterface.php

Indentation +11 added lines, -11 removed lines

@@ -17,16 +17,16 @@
  */
 interface TokenControllerInterface
 {
-    /**
-     * handleTokenRequest
-     *
-     * @param $request
-     * OAuth2\RequestInterface - The current http request
-     * @param $response
-     * OAuth2\ResponseInterface - An instance of OAuth2\ResponseInterface to contain the response data
-     *
-     */
-    public function handleTokenRequest(RequestInterface $request, ResponseInterface $response);
+	/**
+	 * handleTokenRequest
+	 *
+	 * @param $request
+	 * OAuth2\RequestInterface - The current http request
+	 * @param $response
+	 * OAuth2\ResponseInterface - An instance of OAuth2\ResponseInterface to contain the response data
+	 *
+	 */
+	public function handleTokenRequest(RequestInterface $request, ResponseInterface $response);
 
-    public function grantAccessToken(RequestInterface $request, ResponseInterface $response);
+	public function grantAccessToken(RequestInterface $request, ResponseInterface $response);
 }

extensions/libraries/redcore/api/oauth2/Controller/ResourceControllerInterface.php

Indentation +2 added lines, -2 removed lines

@@ -20,7 +20,7 @@
  */
 interface ResourceControllerInterface
 {
-    public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
+	public function verifyResourceRequest(RequestInterface $request, ResponseInterface $response, $scope = null);
 
-    public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
+	public function getAccessTokenData(RequestInterface $request, ResponseInterface $response);
 }

extensions/libraries/redcore/api/oauth2/Storage/ClientInterface.php

Indentation +51 added lines, -51 removed lines

@@ -10,57 +10,57 @@
  */
 interface ClientInterface
 {
-    /**
-     * Get client details corresponding client_id.
-     *
-     * OAuth says we should store request URIs for each registered client.
-     * Implement this function to grab the stored URI for a given client id.
-     *
-     * @param $client_id
-     * Client identifier to be check with.
-     *
-     * @return array
-     *               Client details. The only mandatory key in the array is "redirect_uri".
-     *               This function MUST return FALSE if the given client does not exist or is
-     *               invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
-     *               <code>
-     *               return array(
-     *               "redirect_uri" => REDIRECT_URI,      // REQUIRED redirect_uri registered for the client
-     *               "client_id"    => CLIENT_ID,         // OPTIONAL the client id
-     *               "grant_types"  => GRANT_TYPES,       // OPTIONAL an array of restricted grant types
-     *               "user_id"      => USER_ID,           // OPTIONAL the user identifier associated with this client
-     *               "scope"        => SCOPE,             // OPTIONAL the scopes allowed for this client
-     *               );
-     *               </code>
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function getClientDetails($client_id);
+	/**
+	 * Get client details corresponding client_id.
+	 *
+	 * OAuth says we should store request URIs for each registered client.
+	 * Implement this function to grab the stored URI for a given client id.
+	 *
+	 * @param $client_id
+	 * Client identifier to be check with.
+	 *
+	 * @return array
+	 *               Client details. The only mandatory key in the array is "redirect_uri".
+	 *               This function MUST return FALSE if the given client does not exist or is
+	 *               invalid. "redirect_uri" can be space-delimited to allow for multiple valid uris.
+	 *               <code>
+	 *               return array(
+	 *               "redirect_uri" => REDIRECT_URI,      // REQUIRED redirect_uri registered for the client
+	 *               "client_id"    => CLIENT_ID,         // OPTIONAL the client id
+	 *               "grant_types"  => GRANT_TYPES,       // OPTIONAL an array of restricted grant types
+	 *               "user_id"      => USER_ID,           // OPTIONAL the user identifier associated with this client
+	 *               "scope"        => SCOPE,             // OPTIONAL the scopes allowed for this client
+	 *               );
+	 *               </code>
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function getClientDetails($client_id);
 
-    /**
-     * Get the scope associated with this client
-     *
-     * @return
-     * STRING the space-delineated scope list for the specified client_id
-     */
-    public function getClientScope($client_id);
+	/**
+	 * Get the scope associated with this client
+	 *
+	 * @return
+	 * STRING the space-delineated scope list for the specified client_id
+	 */
+	public function getClientScope($client_id);
 
-    /**
-     * Check restricted grant types of corresponding client identifier.
-     *
-     * If you want to restrict clients to certain grant types, override this
-     * function.
-     *
-     * @param $client_id
-     * Client identifier to be check with.
-     * @param $grant_type
-     * Grant type to be check with
-     *
-     * @return
-     * TRUE if the grant type is supported by this client identifier, and
-     * FALSE if it isn't.
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function checkRestrictedGrantType($client_id, $grant_type);
+	/**
+	 * Check restricted grant types of corresponding client identifier.
+	 *
+	 * If you want to restrict clients to certain grant types, override this
+	 * function.
+	 *
+	 * @param $client_id
+	 * Client identifier to be check with.
+	 * @param $grant_type
+	 * Grant type to be check with
+	 *
+	 * @return
+	 * TRUE if the grant type is supported by this client identifier, and
+	 * FALSE if it isn't.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function checkRestrictedGrantType($client_id, $grant_type);
 }

extensions/libraries/redcore/api/oauth2/Storage/JwtBearerInterface.php

Indentation +55 added lines, -55 removed lines

@@ -14,61 +14,61 @@
  */
 interface JwtBearerInterface
 {
-    /**
-     * Get the public key associated with a client_id
-     *
-     * @param $client_id
-     * Client identifier to be checked with.
-     *
-     * @return
-     * STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
-     */
-    public function getClientKey($client_id, $subject);
+	/**
+	 * Get the public key associated with a client_id
+	 *
+	 * @param $client_id
+	 * Client identifier to be checked with.
+	 *
+	 * @return
+	 * STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
+	 */
+	public function getClientKey($client_id, $subject);
 
-    /**
-     * Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
-     *
-     * @param $client_id
-     * Client identifier to match.
-     *
-     * @param $subject
-     * The subject to match.
-     *
-     * @param $audience
-     * The audience to match.
-     *
-     * @param $expiration
-     * The expiration of the jti.
-     *
-     * @param $jti
-     * The jti to match.
-     *
-     * @return
-     * An associative array as below, and return NULL if the jti does not exist.
-     * - issuer: Stored client identifier.
-     * - subject: Stored subject.
-     * - audience: Stored audience.
-     * - expires: Stored expiration in unix timestamp.
-     * - jti: The stored jti.
-     */
-    public function getJti($client_id, $subject, $audience, $expiration, $jti);
+	/**
+	 * Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
+	 *
+	 * @param $client_id
+	 * Client identifier to match.
+	 *
+	 * @param $subject
+	 * The subject to match.
+	 *
+	 * @param $audience
+	 * The audience to match.
+	 *
+	 * @param $expiration
+	 * The expiration of the jti.
+	 *
+	 * @param $jti
+	 * The jti to match.
+	 *
+	 * @return
+	 * An associative array as below, and return NULL if the jti does not exist.
+	 * - issuer: Stored client identifier.
+	 * - subject: Stored subject.
+	 * - audience: Stored audience.
+	 * - expires: Stored expiration in unix timestamp.
+	 * - jti: The stored jti.
+	 */
+	public function getJti($client_id, $subject, $audience, $expiration, $jti);
 
-    /**
-     * Store a used jti so that we can check against it to prevent replay attacks.
-     * @param $client_id
-     * Client identifier to insert.
-     *
-     * @param $subject
-     * The subject to insert.
-     *
-     * @param $audience
-     * The audience to insert.
-     *
-     * @param $expiration
-     * The expiration of the jti.
-     *
-     * @param $jti
-     * The jti to insert.
-     */
-    public function setJti($client_id, $subject, $audience, $expiration, $jti);
+	/**
+	 * Store a used jti so that we can check against it to prevent replay attacks.
+	 * @param $client_id
+	 * Client identifier to insert.
+	 *
+	 * @param $subject
+	 * The subject to insert.
+	 *
+	 * @param $audience
+	 * The audience to insert.
+	 *
+	 * @param $expiration
+	 * The expiration of the jti.
+	 *
+	 * @param $jti
+	 * The jti to insert.
+	 */
+	public function setJti($client_id, $subject, $audience, $expiration, $jti);
 }

extensions/libraries/redcore/api/oauth2/Storage/RefreshTokenInterface.php

Indentation +66 added lines, -66 removed lines

@@ -11,72 +11,72 @@
  */
 interface RefreshTokenInterface
 {
-    /**
-     * Grant refresh access tokens.
-     *
-     * Retrieve the stored data for the given refresh token.
-     *
-     * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
-     *
-     * @param $refresh_token
-     * Refresh token to be check with.
-     *
-     * @return
-     * An associative array as below, and NULL if the refresh_token is
-     * invalid:
-     * - refresh_token: Refresh token identifier.
-     * - client_id: Client identifier.
-     * - user_id: User identifier.
-     * - expires: Expiration unix timestamp, or 0 if the token doesn't expire.
-     * - scope: (optional) Scope values in space-separated string.
-     *
-     * @see http://tools.ietf.org/html/rfc6749#section-6
-     *
-     * @ingroup oauth2_section_6
-     */
-    public function getRefreshToken($refresh_token);
+	/**
+	 * Grant refresh access tokens.
+	 *
+	 * Retrieve the stored data for the given refresh token.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be check with.
+	 *
+	 * @return
+	 * An associative array as below, and NULL if the refresh_token is
+	 * invalid:
+	 * - refresh_token: Refresh token identifier.
+	 * - client_id: Client identifier.
+	 * - user_id: User identifier.
+	 * - expires: Expiration unix timestamp, or 0 if the token doesn't expire.
+	 * - scope: (optional) Scope values in space-separated string.
+	 *
+	 * @see http://tools.ietf.org/html/rfc6749#section-6
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function getRefreshToken($refresh_token);
 
-    /**
-     * Take the provided refresh token values and store them somewhere.
-     *
-     * This function should be the storage counterpart to getRefreshToken().
-     *
-     * If storage fails for some reason, we're not currently checking for
-     * any sort of success/failure, so you should bail out of the script
-     * and provide a descriptive fail message.
-     *
-     * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
-     *
-     * @param $refresh_token
-     * Refresh token to be stored.
-     * @param $client_id
-     * Client identifier to be stored.
-     * @param $user_id
-     * User identifier to be stored.
-     * @param $expires
-     * Expiration timestamp to be stored. 0 if the token doesn't expire.
-     * @param $scope
-     * (optional) Scopes to be stored in space-separated string.
-     *
-     * @ingroup oauth2_section_6
-     */
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null);
+	/**
+	 * Take the provided refresh token values and store them somewhere.
+	 *
+	 * This function should be the storage counterpart to getRefreshToken().
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be stored.
+	 * @param $client_id
+	 * Client identifier to be stored.
+	 * @param $user_id
+	 * User identifier to be stored.
+	 * @param $expires
+	 * Expiration timestamp to be stored. 0 if the token doesn't expire.
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null);
 
-    /**
-     * Expire a used refresh token.
-     *
-     * This is not explicitly required in the spec, but is almost implied.
-     * After granting a new refresh token, the old one is no longer useful and
-     * so should be forcibly expired in the data store so it can't be used again.
-     *
-     * If storage fails for some reason, we're not currently checking for
-     * any sort of success/failure, so you should bail out of the script
-     * and provide a descriptive fail message.
-     *
-     * @param $refresh_token
-     * Refresh token to be expirse.
-     *
-     * @ingroup oauth2_section_6
-     */
-    public function unsetRefreshToken($refresh_token);
+	/**
+	 * Expire a used refresh token.
+	 *
+	 * This is not explicitly required in the spec, but is almost implied.
+	 * After granting a new refresh token, the old one is no longer useful and
+	 * so should be forcibly expired in the data store so it can't be used again.
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be expirse.
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function unsetRefreshToken($refresh_token);
 }

extensions/libraries/redcore/api/oauth2/Storage/Redis.php

Indentation +296 added lines, -296 removed lines

@@ -16,302 +16,302 @@
  * </code>
  */
 class Redis implements AuthorizationCodeInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    UserCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    ScopeInterface,
-    OpenIDAuthorizationCodeInterface
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	UserCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	ScopeInterface,
+	OpenIDAuthorizationCodeInterface
 {
 
-    private $cache;
-
-    /* The redis client */
-    protected $redis;
-
-    /* Configuration array */
-    protected $config;
-
-    /**
-     * Redis Storage!
-     *
-     * @param \Predis\Client $redis
-     * @param array          $config
-     */
-    public function __construct($redis, $config=array())
-    {
-        $this->redis = $redis;
-        $this->config = array_merge(array(
-            'client_key' => 'oauth_clients:',
-            'access_token_key' => 'oauth_access_tokens:',
-            'refresh_token_key' => 'oauth_refresh_tokens:',
-            'code_key' => 'oauth_authorization_codes:',
-            'user_key' => 'oauth_users:',
-            'jwt_key' => 'oauth_jwt:',
-            'scope_key' => 'oauth_scopes:',
-        ), $config);
-    }
-
-    protected function getValue($key)
-    {
-        if ( isset($this->cache[$key]) ) {
-            return $this->cache[$key];
-        }
-        $value = $this->redis->get($key);
-        if ( isset($value) ) {
-            return json_decode($value, true);
-        } else {
-            return false;
-        }
-    }
-
-    protected function setValue($key, $value, $expire=0)
-    {
-        $this->cache[$key] = $value;
-        $str = json_encode($value);
-        if ($expire > 0) {
-            $seconds = $expire - time();
-            $ret = $this->redis->setex($key, $seconds, $str);
-        } else {
-            $ret = $this->redis->set($key, $str);
-        }
-
-        // check that the key was set properly
-        // if this fails, an exception will usually thrown, so this step isn't strictly necessary
-        return is_bool($ret) ? $ret : $ret->getPayload() == 'OK';
-    }
-
-    protected function expireValue($key)
-    {
-        unset($this->cache[$key]);
-
-        return $this->redis->del($key);
-    }
-
-    /* AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        return $this->getValue($this->config['code_key'] . $code);
-    }
-
-    public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        return $this->setValue(
-            $this->config['code_key'] . $authorization_code,
-            compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
-            $expires
-        );
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-        $key = $this->config['code_key'] . $code;
-        unset($this->cache[$key]);
-
-        return $this->expireValue($key);
-    }
-
-    /* UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        $user = $this->getUserDetails($username);
-
-        return $user && $user['password'] === $password;
-    }
-
-    public function getUserDetails($username)
-    {
-        return $this->getUser($username);
-    }
-
-    public function getUser($username)
-    {
-        if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
-            return false;
-        }
-
-        // the default behavior is to use "username" as the user_id
-        return array_merge(array(
-            'user_id' => $username,
-        ), $userInfo);
-    }
-
-    public function setUser($username, $password, $first_name = null, $last_name = null)
-    {
-        return $this->setValue(
-            $this->config['user_key'] . $username,
-            compact('username', 'password', 'first_name', 'last_name')
-        );
-    }
-
-    /* ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        if (!$client = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        return isset($client['client_secret'])
-            && $client['client_secret'] == $client_secret;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        if (!$client = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        return empty($result['client_secret']);
-    }
-
-    /* ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        return $this->getValue($this->config['client_key'] . $client_id);
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        return $this->setValue(
-            $this->config['client_key'] . $client_id,
-            compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id')
-        );
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        $details = $this->getClientDetails($client_id);
-        if (isset($details['grant_types'])) {
-            $grant_types = explode(' ', $details['grant_types']);
-
-            return in_array($grant_type, (array) $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    /* RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        return $this->setValue(
-            $this->config['refresh_token_key'] . $refresh_token,
-            compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'),
-            $expires
-        );
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-        return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
-    }
-
-    /* AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        return $this->getValue($this->config['access_token_key'].$access_token);
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        return $this->setValue(
-            $this->config['access_token_key'].$access_token,
-            compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
-            $expires
-        );
-    }
-
-    public function unsetAccessToken($access_token)
-    {
-        return $this->expireValue($this->config['access_token_key'] . $access_token);
-    }
-
-    /* ScopeInterface */
-    public function scopeExists($scope)
-    {
-        $scope = explode(' ', $scope);
-
-        $result = $this->getValue($this->config['scope_key'].'supported:global');
-
-        $supportedScope = explode(' ', (string) $result);
-
-        return (count(array_diff($scope, $supportedScope)) == 0);
-    }
-
-    public function getDefaultScope($client_id = null)
-    {
-        if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
-            $result = $this->getValue($this->config['scope_key'].'default:global');
-        }
-
-        return $result;
-    }
-
-    public function setScope($scope, $client_id = null, $type = 'supported')
-    {
-        if (!in_array($type, array('default', 'supported'))) {
-            throw new \InvalidArgumentException('"$type" must be one of "default", "supported"');
-        }
-
-        if (is_null($client_id)) {
-            $key = $this->config['scope_key'].$type.':global';
-        } else {
-            $key = $this->config['scope_key'].$type.':'.$client_id;
-        }
-
-        return $this->setValue($key, $scope);
-    }
-
-    /*JWTBearerInterface */
-    public function getClientKey($client_id, $subject)
-    {
-        if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
-            return false;
-        }
-
-        if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
-            return $jwt['key'];
-        }
-
-        return null;
-    }
-
-    public function setClientKey($client_id, $key, $subject = null)
-    {
-        return $this->setValue($this->config['jwt_key'] . $client_id, array(
-            'key' => $key,
-            'subject' => $subject
-        ));
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs redis implementation.
-        throw new \Exception('getJti() for the Redis driver is currently unimplemented.');
-    }
-
-    public function setJti($client_id, $subject, $audience, $expiration, $jti)
-    {
-        //TODO: Needs redis implementation.
-        throw new \Exception('setJti() for the Redis driver is currently unimplemented.');
-    }
+	private $cache;
+
+	/* The redis client */
+	protected $redis;
+
+	/* Configuration array */
+	protected $config;
+
+	/**
+	 * Redis Storage!
+	 *
+	 * @param \Predis\Client $redis
+	 * @param array          $config
+	 */
+	public function __construct($redis, $config=array())
+	{
+		$this->redis = $redis;
+		$this->config = array_merge(array(
+			'client_key' => 'oauth_clients:',
+			'access_token_key' => 'oauth_access_tokens:',
+			'refresh_token_key' => 'oauth_refresh_tokens:',
+			'code_key' => 'oauth_authorization_codes:',
+			'user_key' => 'oauth_users:',
+			'jwt_key' => 'oauth_jwt:',
+			'scope_key' => 'oauth_scopes:',
+		), $config);
+	}
+
+	protected function getValue($key)
+	{
+		if ( isset($this->cache[$key]) ) {
+			return $this->cache[$key];
+		}
+		$value = $this->redis->get($key);
+		if ( isset($value) ) {
+			return json_decode($value, true);
+		} else {
+			return false;
+		}
+	}
+
+	protected function setValue($key, $value, $expire=0)
+	{
+		$this->cache[$key] = $value;
+		$str = json_encode($value);
+		if ($expire > 0) {
+			$seconds = $expire - time();
+			$ret = $this->redis->setex($key, $seconds, $str);
+		} else {
+			$ret = $this->redis->set($key, $str);
+		}
+
+		// check that the key was set properly
+		// if this fails, an exception will usually thrown, so this step isn't strictly necessary
+		return is_bool($ret) ? $ret : $ret->getPayload() == 'OK';
+	}
+
+	protected function expireValue($key)
+	{
+		unset($this->cache[$key]);
+
+		return $this->redis->del($key);
+	}
+
+	/* AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		return $this->getValue($this->config['code_key'] . $code);
+	}
+
+	public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		return $this->setValue(
+			$this->config['code_key'] . $authorization_code,
+			compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'scope', 'id_token'),
+			$expires
+		);
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+		$key = $this->config['code_key'] . $code;
+		unset($this->cache[$key]);
+
+		return $this->expireValue($key);
+	}
+
+	/* UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		$user = $this->getUserDetails($username);
+
+		return $user && $user['password'] === $password;
+	}
+
+	public function getUserDetails($username)
+	{
+		return $this->getUser($username);
+	}
+
+	public function getUser($username)
+	{
+		if (!$userInfo = $this->getValue($this->config['user_key'] . $username)) {
+			return false;
+		}
+
+		// the default behavior is to use "username" as the user_id
+		return array_merge(array(
+			'user_id' => $username,
+		), $userInfo);
+	}
+
+	public function setUser($username, $password, $first_name = null, $last_name = null)
+	{
+		return $this->setValue(
+			$this->config['user_key'] . $username,
+			compact('username', 'password', 'first_name', 'last_name')
+		);
+	}
+
+	/* ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		if (!$client = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		return isset($client['client_secret'])
+			&& $client['client_secret'] == $client_secret;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		if (!$client = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		return empty($result['client_secret']);
+	}
+
+	/* ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		return $this->getValue($this->config['client_key'] . $client_id);
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		return $this->setValue(
+			$this->config['client_key'] . $client_id,
+			compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id')
+		);
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		$details = $this->getClientDetails($client_id);
+		if (isset($details['grant_types'])) {
+			$grant_types = explode(' ', $details['grant_types']);
+
+			return in_array($grant_type, (array) $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	/* RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		return $this->getValue($this->config['refresh_token_key'] . $refresh_token);
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		return $this->setValue(
+			$this->config['refresh_token_key'] . $refresh_token,
+			compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope'),
+			$expires
+		);
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+		return $this->expireValue($this->config['refresh_token_key'] . $refresh_token);
+	}
+
+	/* AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		return $this->getValue($this->config['access_token_key'].$access_token);
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		return $this->setValue(
+			$this->config['access_token_key'].$access_token,
+			compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
+			$expires
+		);
+	}
+
+	public function unsetAccessToken($access_token)
+	{
+		return $this->expireValue($this->config['access_token_key'] . $access_token);
+	}
+
+	/* ScopeInterface */
+	public function scopeExists($scope)
+	{
+		$scope = explode(' ', $scope);
+
+		$result = $this->getValue($this->config['scope_key'].'supported:global');
+
+		$supportedScope = explode(' ', (string) $result);
+
+		return (count(array_diff($scope, $supportedScope)) == 0);
+	}
+
+	public function getDefaultScope($client_id = null)
+	{
+		if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
+			$result = $this->getValue($this->config['scope_key'].'default:global');
+		}
+
+		return $result;
+	}
+
+	public function setScope($scope, $client_id = null, $type = 'supported')
+	{
+		if (!in_array($type, array('default', 'supported'))) {
+			throw new \InvalidArgumentException('"$type" must be one of "default", "supported"');
+		}
+
+		if (is_null($client_id)) {
+			$key = $this->config['scope_key'].$type.':global';
+		} else {
+			$key = $this->config['scope_key'].$type.':'.$client_id;
+		}
+
+		return $this->setValue($key, $scope);
+	}
+
+	/*JWTBearerInterface */
+	public function getClientKey($client_id, $subject)
+	{
+		if (!$jwt = $this->getValue($this->config['jwt_key'] . $client_id)) {
+			return false;
+		}
+
+		if (isset($jwt['subject']) && $jwt['subject'] == $subject) {
+			return $jwt['key'];
+		}
+
+		return null;
+	}
+
+	public function setClientKey($client_id, $key, $subject = null)
+	{
+		return $this->setValue($this->config['jwt_key'] . $client_id, array(
+			'key' => $key,
+			'subject' => $subject
+		));
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs redis implementation.
+		throw new \Exception('getJti() for the Redis driver is currently unimplemented.');
+	}
+
+	public function setJti($client_id, $subject, $audience, $expiration, $jti)
+	{
+		//TODO: Needs redis implementation.
+		throw new \Exception('setJti() for the Redis driver is currently unimplemented.');
+	}
 }

Spacing +11 added lines, -11 removed lines

@@ -39,7 +39,7 @@ 
      * @param \Predis\Client $redis
      * @param array          $config
      */
-    public function __construct($redis, $config=array())
+    public function __construct($redis, $config = array())
     {
         $this->redis = $redis;
         $this->config = array_merge(array(
@@ -55,18 +55,18 @@ 
 
     protected function getValue($key)
     {
-        if ( isset($this->cache[$key]) ) {
+        if (isset($this->cache[$key])) {
             return $this->cache[$key];
         }
         $value = $this->redis->get($key);
-        if ( isset($value) ) {
+        if (isset($value)) {
             return json_decode($value, true);
         } else {
             return false;
         }
     }
 
-    protected function setValue($key, $value, $expire=0)
+    protected function setValue($key, $value, $expire = 0)
     {
         $this->cache[$key] = $value;
         $str = json_encode($value);
@@ -215,13 +215,13 @@ 
     /* AccessTokenInterface */
     public function getAccessToken($access_token)
     {
-        return $this->getValue($this->config['access_token_key'].$access_token);
+        return $this->getValue($this->config['access_token_key'] . $access_token);
     }
 
     public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
     {
         return $this->setValue(
-            $this->config['access_token_key'].$access_token,
+            $this->config['access_token_key'] . $access_token,
             compact('access_token', 'client_id', 'user_id', 'expires', 'scope'),
             $expires
         );
@@ -237,7 +237,7 @@ 
     {
         $scope = explode(' ', $scope);
 
-        $result = $this->getValue($this->config['scope_key'].'supported:global');
+        $result = $this->getValue($this->config['scope_key'] . 'supported:global');
 
         $supportedScope = explode(' ', (string) $result);
 
@@ -246,8 +246,8 @@ 
 
     public function getDefaultScope($client_id = null)
     {
-        if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'].'default:'.$client_id)) {
-            $result = $this->getValue($this->config['scope_key'].'default:global');
+        if (is_null($client_id) || !$result = $this->getValue($this->config['scope_key'] . 'default:' . $client_id)) {
+            $result = $this->getValue($this->config['scope_key'] . 'default:global');
         }
 
         return $result;
@@ -260,9 +260,9 @@ 
         }
 
         if (is_null($client_id)) {
-            $key = $this->config['scope_key'].$type.':global';
+            $key = $this->config['scope_key'] . $type . ':global';
         } else {
-            $key = $this->config['scope_key'].$type.':'.$client_id;
+            $key = $this->config['scope_key'] . $type . ':' . $client_id;
         }
 
         return $this->setValue($key, $scope);

extensions/libraries/redcore/api/oauth2/Storage/Pdoredcore.php

Spacing +1 added lines, -1 removed lines

@@ -68,7 +68,7 @@
 		$clientId = $request->request('client_id');
 		$scopes = $this->getClientScope($clientId);
 
-		return array (
+		return array(
 			"user_id"   => $user->get('id'),
 			"username"  => $user->get('username'),
 			"name"      => $user->get('name'),

extensions/libraries/redcore/api/oauth2/Storage/DynamoDB.php

Indentation +491 added lines, -491 removed lines

@@ -32,496 +32,496 @@
  * @author Frederic AUGUSTE <frederic.auguste at gmail dot com>
  */
 class DynamoDB implements
-    AuthorizationCodeInterface,
-    AccessTokenInterface,
-    ClientCredentialsInterface,
-    UserCredentialsInterface,
-    RefreshTokenInterface,
-    JwtBearerInterface,
-    ScopeInterface,
-    PublicKeyInterface,
-    UserClaimsInterface,
-    OpenIDAuthorizationCodeInterface
+	AuthorizationCodeInterface,
+	AccessTokenInterface,
+	ClientCredentialsInterface,
+	UserCredentialsInterface,
+	RefreshTokenInterface,
+	JwtBearerInterface,
+	ScopeInterface,
+	PublicKeyInterface,
+	UserClaimsInterface,
+	OpenIDAuthorizationCodeInterface
 {
-    protected $client;
-    protected $config;
-
-    public function __construct($connection, $config = array())
-    {
-        if (!($connection instanceof DynamoDbClient)) {
-            if (!is_array($connection)) {
-                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
-            }
-            if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) {
-                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
-            }
-            $this->client = DynamoDbClient::factory(array(
-                'key' => $connection["key"],
-                'secret' => $connection["secret"],
-                'region' =>$connection["region"]
-            ));
-        } else {
-            $this->client = $connection;
-        }
-
-        $this->config = array_merge(array(
-            'client_table' => 'oauth_clients',
-            'access_token_table' => 'oauth_access_tokens',
-            'refresh_token_table' => 'oauth_refresh_tokens',
-            'code_table' => 'oauth_authorization_codes',
-            'user_table' => 'oauth_users',
-            'jwt_table'  => 'oauth_jwt',
-            'scope_table'  => 'oauth_scopes',
-            'public_key_table'  => 'oauth_public_keys',
-        ), $config);
-    }
-
-    /* OAuth2\Storage\ClientCredentialsInterface */
-    public function checkClientCredentials($client_id, $client_secret = null)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['client_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-
-        return  $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
-    }
-
-    public function isPublicClient($client_id)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['client_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-
-        if ($result->count()==0) {
-            return false ;
-        }
-
-        return empty($result["Item"]["client_secret"]);
-    }
-
-    /* OAuth2\Storage\ClientInterface */
-    public function getClientDetails($client_id)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['client_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $result = $this->dynamo2array($result);
-        foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
-            if (!array_key_exists ($val, $result)) {
-                $result[$val] = null;
-            }
-        }
-
-        return $result;
-    }
-
-    public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
-    {
-        $clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
-        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });
-
-        $this->client->putItem(array(
-            'TableName' =>  $this->config['client_table'],
-            'Item' => $this->client->formatAttributes($clientData)
-        ));
-
-        return true;
-    }
-
-    public function checkRestrictedGrantType($client_id, $grant_type)
-    {
-        $details = $this->getClientDetails($client_id);
-        if (isset($details['grant_types'])) {
-            $grant_types = explode(' ', $details['grant_types']);
-
-            return in_array($grant_type, (array) $grant_types);
-        }
-
-        // if grant_types are not defined, then none are restricted
-        return true;
-    }
-
-    /* OAuth2\Storage\AccessTokenInterface */
-    public function getAccessToken($access_token)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['access_token_table'],
-            "Key" => array('access_token'   => array('S' => $access_token))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-        if (array_key_exists ('expires', $token)) {
-            $token['expires'] = strtotime($token['expires']);
-        }
-
-        return $token;
-    }
-
-    public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        $clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
-
-        $this->client->putItem(array(
-            'TableName' =>  $this->config['access_token_table'],
-            'Item' => $this->client->formatAttributes($clientData)
-        ));
-
-        return true;
-
-    }
-
-    public function unsetAccessToken($access_token)
-    {
-        $this->client->deleteItem(array(
-            'TableName' =>  $this->config['access_token_table'],
-            'Key' => $this->client->formatAttributes(array("access_token" => $access_token))
-        ));
-
-        return true;
-    }
-
-    /* OAuth2\Storage\AuthorizationCodeInterface */
-    public function getAuthorizationCode($code)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['code_table'],
-            "Key" => array('authorization_code'   => array('S' => $code))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-        if (!array_key_exists("id_token", $token )) {
-            $token['id_token'] = null;
-        }
-        $token['expires'] = strtotime($token['expires']);
-
-        return $token;
-
-    }
-
-    public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
-
-        $this->client->putItem(array(
-            'TableName' =>  $this->config['code_table'],
-            'Item' => $this->client->formatAttributes($clientData)
-        ));
-
-        return true;
-    }
-
-    public function expireAuthorizationCode($code)
-    {
-
-        $this->client->deleteItem(array(
-            'TableName' =>  $this->config['code_table'],
-            'Key' => $this->client->formatAttributes(array("authorization_code" => $code))
-        ));
-
-        return true;
-    }
-
-    /* OAuth2\Storage\UserCredentialsInterface */
-    public function checkUserCredentials($username, $password)
-    {
-        if ($user = $this->getUser($username)) {
-            return $this->checkPassword($user, $password);
-        }
-
-        return false;
-    }
-
-    public function getUserDetails($username)
-    {
-        return $this->getUser($username);
-    }
-
-    /* UserClaimsInterface */
-    public function getUserClaims($user_id, $claims)
-    {
-        if (!$userDetails = $this->getUserDetails($user_id)) {
-            return false;
-        }
-
-        $claims = explode(' ', trim($claims));
-        $userClaims = array();
-
-        // for each requested claim, if the user has the claim, set it in the response
-        $validClaims = explode(' ', self::VALID_CLAIMS);
-        foreach ($validClaims as $validClaim) {
-            if (in_array($validClaim, $claims)) {
-                if ($validClaim == 'address') {
-                    // address is an object with subfields
-                    $userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
-                } else {
-                    $userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
-                }
-            }
-        }
-
-        return $userClaims;
-    }
-
-    protected function getUserClaim($claim, $userDetails)
-    {
-        $userClaims = array();
-        $claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
-        $claimValues = explode(' ', $claimValuesString);
-
-        foreach ($claimValues as $value) {
-            if ($value == 'email_verified') {
-                $userClaims[$value] = $userDetails[$value]=='true' ? true : false;
-            } else {
-                $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
-            }
-        }
-
-        return $userClaims;
-    }
-
-    /* OAuth2\Storage\RefreshTokenInterface */
-    public function getRefreshToken($refresh_token)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['refresh_token_table'],
-            "Key" => array('refresh_token'   => array('S' => $refresh_token))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-        $token['expires'] = strtotime($token['expires']);
-
-        return $token;
-    }
-
-    public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
-    {
-        // convert expires to datestring
-        $expires = date('Y-m-d H:i:s', $expires);
-
-        $clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
-
-        $this->client->putItem(array(
-            'TableName' =>  $this->config['refresh_token_table'],
-            'Item' => $this->client->formatAttributes($clientData)
-        ));
-
-        return true;
-    }
-
-    public function unsetRefreshToken($refresh_token)
-    {
-       $this->client->deleteItem(array(
-            'TableName' =>  $this->config['refresh_token_table'],
-            'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token))
-        ));
-
-        return true;
-    }
-
-    // plaintext passwords are bad!  Override this for your application
-    protected function checkPassword($user, $password)
-    {
-        return $user['password'] == sha1($password);
-    }
-
-    public function getUser($username)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['user_table'],
-            "Key" => array('username'   => array('S' => $username))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-        $token['user_id'] = $username;
-
-        return $token;
-    }
-
-    public function setUser($username, $password, $first_name = null, $last_name = null)
-    {
-        // do not store in plaintext
-        $password = sha1($password);
-
-        $clientData = compact('username', 'password', 'first_name', 'last_name');
-        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });
-
-        $this->client->putItem(array(
-            'TableName' =>  $this->config['user_table'],
-            'Item' => $this->client->formatAttributes($clientData)
-        ));
-
-        return true;
-
-    }
-
-    /* ScopeInterface */
-    public function scopeExists($scope)
-    {
-        $scope = explode(' ', $scope);
-        $count = 0;
-        foreach ($scope as $key => $val) {
-            $result = $this->client->query(array(
-                'TableName'     => $this->config['scope_table'],
-                'Select'        => 'COUNT',
-                'KeyConditions' => array(
-                    'scope' => array(
-                        'AttributeValueList' => array(array('S' => $val)),
-                        'ComparisonOperator' => 'EQ'
-                    )
-                )
-            ));
-            $count += $result['Count'];
-        }
-
-        return $count == count($scope);
-    }
-
-    public function getDefaultScope($client_id = null)
-    {
-
-        $result = $this->client->query(array(
-            'TableName' => $this->config['scope_table'],
-            'IndexName' => 'is_default-index',
-            'Select' => 'ALL_ATTRIBUTES',
-            'KeyConditions' => array(
-                'is_default' => array(
-                    'AttributeValueList' => array(array('S' => 'true')),
-                    'ComparisonOperator' => 'EQ',
-                ),
-            )
-        ));
-        $defaultScope = array();
-        if ($result->count() > 0) {
-            $array = $result->toArray();
-            foreach ($array["Items"] as $item) {
-                $defaultScope[]  = $item['scope']['S'];
-            }
-
-            return empty($defaultScope) ? null : implode(' ', $defaultScope);
-        }
-
-        return null;
-    }
-
-    /* JWTBearerInterface */
-    public function getClientKey($client_id, $subject)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['jwt_table'],
-            "Key" => array('client_id'   => array('S' => $client_id), 'subject' => array('S' => $subject))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-
-        return $token['public_key'];
-    }
-
-    public function getClientScope($client_id)
-    {
-        if (!$clientDetails = $this->getClientDetails($client_id)) {
-            return false;
-        }
-
-        if (isset($clientDetails['scope'])) {
-            return $clientDetails['scope'];
-        }
-
-        return null;
-    }
-
-    public function getJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        //TODO not use.
-    }
-
-    public function setJti($client_id, $subject, $audience, $expires, $jti)
-    {
-        //TODO not use.
-    }
-
-    /* PublicKeyInterface */
-    public function getPublicKey($client_id = '0')
-    {
-
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['public_key_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-
-        return $token['public_key'];
-
-    }
-
-    public function getPrivateKey($client_id = '0')
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['public_key_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-        if ($result->count()==0) {
-            return false ;
-        }
-        $token = $this->dynamo2array($result);
-
-        return $token['private_key'];
-    }
-
-    public function getEncryptionAlgorithm($client_id = null)
-    {
-        $result = $this->client->getItem(array(
-            "TableName"=> $this->config['public_key_table'],
-            "Key" => array('client_id'   => array('S' => $client_id))
-        ));
-        if ($result->count()==0) {
-            return 'RS256' ;
-        }
-        $token = $this->dynamo2array($result);
-
-        return $token['encryption_algorithm'];
-    }
-
-    /**
-     * Transform dynamodb resultset to an array.
-     * @param $dynamodbResult
-     * @return $array
-     */
-    private function dynamo2array($dynamodbResult)
-    {
-        $result = array();
-        foreach ($dynamodbResult["Item"] as $key => $val) {
-            $result[$key] = $val["S"];
-            $result[] = $val["S"];
-        }
-
-        return $result;
-    }
+	protected $client;
+	protected $config;
+
+	public function __construct($connection, $config = array())
+	{
+		if (!($connection instanceof DynamoDbClient)) {
+			if (!is_array($connection)) {
+				throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
+			}
+			if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) {
+				throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
+			}
+			$this->client = DynamoDbClient::factory(array(
+				'key' => $connection["key"],
+				'secret' => $connection["secret"],
+				'region' =>$connection["region"]
+			));
+		} else {
+			$this->client = $connection;
+		}
+
+		$this->config = array_merge(array(
+			'client_table' => 'oauth_clients',
+			'access_token_table' => 'oauth_access_tokens',
+			'refresh_token_table' => 'oauth_refresh_tokens',
+			'code_table' => 'oauth_authorization_codes',
+			'user_table' => 'oauth_users',
+			'jwt_table'  => 'oauth_jwt',
+			'scope_table'  => 'oauth_scopes',
+			'public_key_table'  => 'oauth_public_keys',
+		), $config);
+	}
+
+	/* OAuth2\Storage\ClientCredentialsInterface */
+	public function checkClientCredentials($client_id, $client_secret = null)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['client_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+
+		return  $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
+	}
+
+	public function isPublicClient($client_id)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['client_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+
+		if ($result->count()==0) {
+			return false ;
+		}
+
+		return empty($result["Item"]["client_secret"]);
+	}
+
+	/* OAuth2\Storage\ClientInterface */
+	public function getClientDetails($client_id)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['client_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$result = $this->dynamo2array($result);
+		foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
+			if (!array_key_exists ($val, $result)) {
+				$result[$val] = null;
+			}
+		}
+
+		return $result;
+	}
+
+	public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
+	{
+		$clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
+		$clientData = array_filter($clientData, function ($value) { return !is_null($value); });
+
+		$this->client->putItem(array(
+			'TableName' =>  $this->config['client_table'],
+			'Item' => $this->client->formatAttributes($clientData)
+		));
+
+		return true;
+	}
+
+	public function checkRestrictedGrantType($client_id, $grant_type)
+	{
+		$details = $this->getClientDetails($client_id);
+		if (isset($details['grant_types'])) {
+			$grant_types = explode(' ', $details['grant_types']);
+
+			return in_array($grant_type, (array) $grant_types);
+		}
+
+		// if grant_types are not defined, then none are restricted
+		return true;
+	}
+
+	/* OAuth2\Storage\AccessTokenInterface */
+	public function getAccessToken($access_token)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['access_token_table'],
+			"Key" => array('access_token'   => array('S' => $access_token))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+		if (array_key_exists ('expires', $token)) {
+			$token['expires'] = strtotime($token['expires']);
+		}
+
+		return $token;
+	}
+
+	public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		$clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
+		$clientData = array_filter($clientData, function ($value) { return !empty($value); });
+
+		$this->client->putItem(array(
+			'TableName' =>  $this->config['access_token_table'],
+			'Item' => $this->client->formatAttributes($clientData)
+		));
+
+		return true;
+
+	}
+
+	public function unsetAccessToken($access_token)
+	{
+		$this->client->deleteItem(array(
+			'TableName' =>  $this->config['access_token_table'],
+			'Key' => $this->client->formatAttributes(array("access_token" => $access_token))
+		));
+
+		return true;
+	}
+
+	/* OAuth2\Storage\AuthorizationCodeInterface */
+	public function getAuthorizationCode($code)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['code_table'],
+			"Key" => array('authorization_code'   => array('S' => $code))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+		if (!array_key_exists("id_token", $token )) {
+			$token['id_token'] = null;
+		}
+		$token['expires'] = strtotime($token['expires']);
+
+		return $token;
+
+	}
+
+	public function setAuthorizationCode($authorization_code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		$clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
+		$clientData = array_filter($clientData, function ($value) { return !empty($value); });
+
+		$this->client->putItem(array(
+			'TableName' =>  $this->config['code_table'],
+			'Item' => $this->client->formatAttributes($clientData)
+		));
+
+		return true;
+	}
+
+	public function expireAuthorizationCode($code)
+	{
+
+		$this->client->deleteItem(array(
+			'TableName' =>  $this->config['code_table'],
+			'Key' => $this->client->formatAttributes(array("authorization_code" => $code))
+		));
+
+		return true;
+	}
+
+	/* OAuth2\Storage\UserCredentialsInterface */
+	public function checkUserCredentials($username, $password)
+	{
+		if ($user = $this->getUser($username)) {
+			return $this->checkPassword($user, $password);
+		}
+
+		return false;
+	}
+
+	public function getUserDetails($username)
+	{
+		return $this->getUser($username);
+	}
+
+	/* UserClaimsInterface */
+	public function getUserClaims($user_id, $claims)
+	{
+		if (!$userDetails = $this->getUserDetails($user_id)) {
+			return false;
+		}
+
+		$claims = explode(' ', trim($claims));
+		$userClaims = array();
+
+		// for each requested claim, if the user has the claim, set it in the response
+		$validClaims = explode(' ', self::VALID_CLAIMS);
+		foreach ($validClaims as $validClaim) {
+			if (in_array($validClaim, $claims)) {
+				if ($validClaim == 'address') {
+					// address is an object with subfields
+					$userClaims['address'] = $this->getUserClaim($validClaim, $userDetails['address'] ?: $userDetails);
+				} else {
+					$userClaims = array_merge($userClaims, $this->getUserClaim($validClaim, $userDetails));
+				}
+			}
+		}
+
+		return $userClaims;
+	}
+
+	protected function getUserClaim($claim, $userDetails)
+	{
+		$userClaims = array();
+		$claimValuesString = constant(sprintf('self::%s_CLAIM_VALUES', strtoupper($claim)));
+		$claimValues = explode(' ', $claimValuesString);
+
+		foreach ($claimValues as $value) {
+			if ($value == 'email_verified') {
+				$userClaims[$value] = $userDetails[$value]=='true' ? true : false;
+			} else {
+				$userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
+			}
+		}
+
+		return $userClaims;
+	}
+
+	/* OAuth2\Storage\RefreshTokenInterface */
+	public function getRefreshToken($refresh_token)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['refresh_token_table'],
+			"Key" => array('refresh_token'   => array('S' => $refresh_token))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+		$token['expires'] = strtotime($token['expires']);
+
+		return $token;
+	}
+
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null)
+	{
+		// convert expires to datestring
+		$expires = date('Y-m-d H:i:s', $expires);
+
+		$clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
+		$clientData = array_filter($clientData, function ($value) { return !empty($value); });
+
+		$this->client->putItem(array(
+			'TableName' =>  $this->config['refresh_token_table'],
+			'Item' => $this->client->formatAttributes($clientData)
+		));
+
+		return true;
+	}
+
+	public function unsetRefreshToken($refresh_token)
+	{
+	   $this->client->deleteItem(array(
+			'TableName' =>  $this->config['refresh_token_table'],
+			'Key' => $this->client->formatAttributes(array("refresh_token" => $refresh_token))
+		));
+
+		return true;
+	}
+
+	// plaintext passwords are bad!  Override this for your application
+	protected function checkPassword($user, $password)
+	{
+		return $user['password'] == sha1($password);
+	}
+
+	public function getUser($username)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['user_table'],
+			"Key" => array('username'   => array('S' => $username))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+		$token['user_id'] = $username;
+
+		return $token;
+	}
+
+	public function setUser($username, $password, $first_name = null, $last_name = null)
+	{
+		// do not store in plaintext
+		$password = sha1($password);
+
+		$clientData = compact('username', 'password', 'first_name', 'last_name');
+		$clientData = array_filter($clientData, function ($value) { return !is_null($value); });
+
+		$this->client->putItem(array(
+			'TableName' =>  $this->config['user_table'],
+			'Item' => $this->client->formatAttributes($clientData)
+		));
+
+		return true;
+
+	}
+
+	/* ScopeInterface */
+	public function scopeExists($scope)
+	{
+		$scope = explode(' ', $scope);
+		$count = 0;
+		foreach ($scope as $key => $val) {
+			$result = $this->client->query(array(
+				'TableName'     => $this->config['scope_table'],
+				'Select'        => 'COUNT',
+				'KeyConditions' => array(
+					'scope' => array(
+						'AttributeValueList' => array(array('S' => $val)),
+						'ComparisonOperator' => 'EQ'
+					)
+				)
+			));
+			$count += $result['Count'];
+		}
+
+		return $count == count($scope);
+	}
+
+	public function getDefaultScope($client_id = null)
+	{
+
+		$result = $this->client->query(array(
+			'TableName' => $this->config['scope_table'],
+			'IndexName' => 'is_default-index',
+			'Select' => 'ALL_ATTRIBUTES',
+			'KeyConditions' => array(
+				'is_default' => array(
+					'AttributeValueList' => array(array('S' => 'true')),
+					'ComparisonOperator' => 'EQ',
+				),
+			)
+		));
+		$defaultScope = array();
+		if ($result->count() > 0) {
+			$array = $result->toArray();
+			foreach ($array["Items"] as $item) {
+				$defaultScope[]  = $item['scope']['S'];
+			}
+
+			return empty($defaultScope) ? null : implode(' ', $defaultScope);
+		}
+
+		return null;
+	}
+
+	/* JWTBearerInterface */
+	public function getClientKey($client_id, $subject)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['jwt_table'],
+			"Key" => array('client_id'   => array('S' => $client_id), 'subject' => array('S' => $subject))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+
+		return $token['public_key'];
+	}
+
+	public function getClientScope($client_id)
+	{
+		if (!$clientDetails = $this->getClientDetails($client_id)) {
+			return false;
+		}
+
+		if (isset($clientDetails['scope'])) {
+			return $clientDetails['scope'];
+		}
+
+		return null;
+	}
+
+	public function getJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		//TODO not use.
+	}
+
+	public function setJti($client_id, $subject, $audience, $expires, $jti)
+	{
+		//TODO not use.
+	}
+
+	/* PublicKeyInterface */
+	public function getPublicKey($client_id = '0')
+	{
+
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['public_key_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+
+		return $token['public_key'];
+
+	}
+
+	public function getPrivateKey($client_id = '0')
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['public_key_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+		if ($result->count()==0) {
+			return false ;
+		}
+		$token = $this->dynamo2array($result);
+
+		return $token['private_key'];
+	}
+
+	public function getEncryptionAlgorithm($client_id = null)
+	{
+		$result = $this->client->getItem(array(
+			"TableName"=> $this->config['public_key_table'],
+			"Key" => array('client_id'   => array('S' => $client_id))
+		));
+		if ($result->count()==0) {
+			return 'RS256' ;
+		}
+		$token = $this->dynamo2array($result);
+
+		return $token['encryption_algorithm'];
+	}
+
+	/**
+	 * Transform dynamodb resultset to an array.
+	 * @param $dynamodbResult
+	 * @return $array
+	 */
+	private function dynamo2array($dynamodbResult)
+	{
+		$result = array();
+		foreach ($dynamodbResult["Item"] as $key => $val) {
+			$result[$key] = $val["S"];
+			$result[] = $val["S"];
+		}
+
+		return $result;
+	}
 }

Spacing +32 added lines, -32 removed lines

@@ -52,7 +52,7 @@ 
             if (!is_array($connection)) {
                 throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
             }
-            if (!array_key_exists("key",$connection) || !array_key_exists("secret",$connection) || !array_key_exists("region",$connection) ) {
+            if (!array_key_exists("key", $connection) || !array_key_exists("secret", $connection) || !array_key_exists("region", $connection)) {
                 throw new \InvalidArgumentException('First argument to OAuth2\Storage\Dynamodb must be an instance a configuration array containt key, secret, region');
             }
             $this->client = DynamoDbClient::factory(array(
@@ -84,7 +84,7 @@ 
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
 
-        return  $result->count()==1 && $result["Item"]["client_secret"]["S"] == $client_secret;
+        return  $result->count() == 1 && $result["Item"]["client_secret"]["S"] == $client_secret;
     }
 
     public function isPublicClient($client_id)
@@ -94,8 +94,8 @@ 
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
 
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
 
         return empty($result["Item"]["client_secret"]);
@@ -108,12 +108,12 @@ 
             "TableName"=> $this->config['client_table'],
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $result = $this->dynamo2array($result);
         foreach (array('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id') as $key => $val) {
-            if (!array_key_exists ($val, $result)) {
+            if (!array_key_exists($val, $result)) {
                 $result[$val] = null;
             }
         }
@@ -124,7 +124,7 @@ 
     public function setClientDetails($client_id, $client_secret = null, $redirect_uri = null, $grant_types = null, $scope = null, $user_id = null)
     {
         $clientData = compact('client_id', 'client_secret', 'redirect_uri', 'grant_types', 'scope', 'user_id');
-        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });
+        $clientData = array_filter($clientData, function($value) { return !is_null($value); });
 
         $this->client->putItem(array(
             'TableName' =>  $this->config['client_table'],
@@ -154,11 +154,11 @@ 
             "TableName"=> $this->config['access_token_table'],
             "Key" => array('access_token'   => array('S' => $access_token))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
-        if (array_key_exists ('expires', $token)) {
+        if (array_key_exists('expires', $token)) {
             $token['expires'] = strtotime($token['expires']);
         }
 
@@ -171,7 +171,7 @@ 
         $expires = date('Y-m-d H:i:s', $expires);
 
         $clientData = compact('access_token', 'client_id', 'user_id', 'expires', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
+        $clientData = array_filter($clientData, function($value) { return !empty($value); });
 
         $this->client->putItem(array(
             'TableName' =>  $this->config['access_token_table'],
@@ -199,11 +199,11 @@ 
             "TableName"=> $this->config['code_table'],
             "Key" => array('authorization_code'   => array('S' => $code))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
-        if (!array_key_exists("id_token", $token )) {
+        if (!array_key_exists("id_token", $token)) {
             $token['id_token'] = null;
         }
         $token['expires'] = strtotime($token['expires']);
@@ -218,7 +218,7 @@ 
         $expires = date('Y-m-d H:i:s', $expires);
 
         $clientData = compact('authorization_code', 'client_id', 'user_id', 'redirect_uri', 'expires', 'id_token', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
+        $clientData = array_filter($clientData, function($value) { return !empty($value); });
 
         $this->client->putItem(array(
             'TableName' =>  $this->config['code_table'],
@@ -288,7 +288,7 @@ 
 
         foreach ($claimValues as $value) {
             if ($value == 'email_verified') {
-                $userClaims[$value] = $userDetails[$value]=='true' ? true : false;
+                $userClaims[$value] = $userDetails[$value] == 'true' ? true : false;
             } else {
                 $userClaims[$value] = isset($userDetails[$value]) ? $userDetails[$value] : null;
             }
@@ -304,8 +304,8 @@ 
             "TableName"=> $this->config['refresh_token_table'],
             "Key" => array('refresh_token'   => array('S' => $refresh_token))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
         $token['expires'] = strtotime($token['expires']);
@@ -319,7 +319,7 @@ 
         $expires = date('Y-m-d H:i:s', $expires);
 
         $clientData = compact('refresh_token', 'client_id', 'user_id', 'expires', 'scope');
-        $clientData = array_filter($clientData, function ($value) { return !empty($value); });
+        $clientData = array_filter($clientData, function($value) { return !empty($value); });
 
         $this->client->putItem(array(
             'TableName' =>  $this->config['refresh_token_table'],
@@ -351,8 +351,8 @@ 
             "TableName"=> $this->config['user_table'],
             "Key" => array('username'   => array('S' => $username))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
         $token['user_id'] = $username;
@@ -366,7 +366,7 @@ 
         $password = sha1($password);
 
         $clientData = compact('username', 'password', 'first_name', 'last_name');
-        $clientData = array_filter($clientData, function ($value) { return !is_null($value); });
+        $clientData = array_filter($clientData, function($value) { return !is_null($value); });
 
         $this->client->putItem(array(
             'TableName' =>  $this->config['user_table'],
@@ -417,7 +417,7 @@ 
         if ($result->count() > 0) {
             $array = $result->toArray();
             foreach ($array["Items"] as $item) {
-                $defaultScope[]  = $item['scope']['S'];
+                $defaultScope[] = $item['scope']['S'];
             }
 
             return empty($defaultScope) ? null : implode(' ', $defaultScope);
@@ -433,8 +433,8 @@ 
             "TableName"=> $this->config['jwt_table'],
             "Key" => array('client_id'   => array('S' => $client_id), 'subject' => array('S' => $subject))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
 
@@ -472,8 +472,8 @@ 
             "TableName"=> $this->config['public_key_table'],
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
 
@@ -487,8 +487,8 @@ 
             "TableName"=> $this->config['public_key_table'],
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
-        if ($result->count()==0) {
-            return false ;
+        if ($result->count() == 0) {
+            return false;
         }
         $token = $this->dynamo2array($result);
 
@@ -501,8 +501,8 @@ 
             "TableName"=> $this->config['public_key_table'],
             "Key" => array('client_id'   => array('S' => $client_id))
         ));
-        if ($result->count()==0) {
-            return 'RS256' ;
+        if ($result->count() == 0) {
+            return 'RS256';
         }
         $token = $this->dynamo2array($result);
 

extensions/libraries/redcore/api/oauth2/Storage/AccessTokenInterface.php

Indentation +48 added lines, -48 removed lines

@@ -10,54 +10,54 @@
  */
 interface AccessTokenInterface
 {
-    /**
-     * Look up the supplied oauth_token from storage.
-     *
-     * We need to retrieve access token data as we create and verify tokens.
-     *
-     * @param $oauth_token
-     * oauth_token to be check with.
-     *
-     * @return
-     * An associative array as below, and return NULL if the supplied oauth_token
-     * is invalid:
-     * - expires: Stored expiration in unix timestamp.
-     * - client_id: (optional) Stored client identifier.
-     * - user_id: (optional) Stored user identifier.
-     * - scope: (optional) Stored scope values in space-separated string.
-     * - id_token: (optional) Stored id_token (if "use_openid_connect" is true).
-     *
-     * @ingroup oauth2_section_7
-     */
-    public function getAccessToken($oauth_token);
+	/**
+	 * Look up the supplied oauth_token from storage.
+	 *
+	 * We need to retrieve access token data as we create and verify tokens.
+	 *
+	 * @param $oauth_token
+	 * oauth_token to be check with.
+	 *
+	 * @return
+	 * An associative array as below, and return NULL if the supplied oauth_token
+	 * is invalid:
+	 * - expires: Stored expiration in unix timestamp.
+	 * - client_id: (optional) Stored client identifier.
+	 * - user_id: (optional) Stored user identifier.
+	 * - scope: (optional) Stored scope values in space-separated string.
+	 * - id_token: (optional) Stored id_token (if "use_openid_connect" is true).
+	 *
+	 * @ingroup oauth2_section_7
+	 */
+	public function getAccessToken($oauth_token);
 
-    /**
-     * Store the supplied access token values to storage.
-     *
-     * We need to store access token data as we create and verify tokens.
-     *
-     * @param $oauth_token    oauth_token to be stored.
-     * @param $client_id      client identifier to be stored.
-     * @param $user_id        user identifier to be stored.
-     * @param int    $expires expiration to be stored as a Unix timestamp.
-     * @param string $scope   OPTIONAL Scopes to be stored in space-separated string.
-     *
-     * @ingroup oauth2_section_4
-     */
-    public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null);
+	/**
+	 * Store the supplied access token values to storage.
+	 *
+	 * We need to store access token data as we create and verify tokens.
+	 *
+	 * @param $oauth_token    oauth_token to be stored.
+	 * @param $client_id      client identifier to be stored.
+	 * @param $user_id        user identifier to be stored.
+	 * @param int    $expires expiration to be stored as a Unix timestamp.
+	 * @param string $scope   OPTIONAL Scopes to be stored in space-separated string.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null);
 
-    /**
-     * Expire an access token.
-     *
-     * This is not explicitly required in the spec, but if defined in a draft RFC for token
-     * revoking (RFC 7009) https://tools.ietf.org/html/rfc7009
-     *
-     * @param $access_token
-     * Access token to be expired.
-     *
-     * @ingroup oauth2_section_6
-     *
-     * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
-     */
-    //public function unsetAccessToken($access_token);
+	/**
+	 * Expire an access token.
+	 *
+	 * This is not explicitly required in the spec, but if defined in a draft RFC for token
+	 * revoking (RFC 7009) https://tools.ietf.org/html/rfc7009
+	 *
+	 * @param $access_token
+	 * Access token to be expired.
+	 *
+	 * @ingroup oauth2_section_6
+	 *
+	 * @todo v2.0 include this method in interface. Omitted to maintain BC in v1.x
+	 */
+	//public function unsetAccessToken($access_token);
 }