tbclla /
laravel-revolut-business
@@ -8,27 +8,27 @@ |
||
| 8 | 8 | |
| 9 | 9 | class DatabaseTokenRepository implements TokenRepository |
| 10 | 10 | { |
| 11 | - public function getAccessToken() |
|
| 12 | - { |
|
| 13 | - return AccessToken::active()->orderBy('id', 'desc')->first(); |
|
| 14 | - } |
|
| 11 | + public function getAccessToken() |
|
| 12 | + { |
|
| 13 | + return AccessToken::active()->orderBy('id', 'desc')->first(); |
|
| 14 | + } |
|
| 15 | 15 | |
| 16 | - public function getRefreshToken() |
|
| 17 | - { |
|
| 18 | - return RefreshToken::orderBy('id', 'desc')->first(); |
|
| 19 | - } |
|
| 16 | + public function getRefreshToken() |
|
| 17 | + { |
|
| 18 | + return RefreshToken::orderBy('id', 'desc')->first(); |
|
| 19 | + } |
|
| 20 | 20 | |
| 21 | - public function createAccessToken(string $value) |
|
| 22 | - { |
|
| 23 | - return AccessToken::create([ |
|
| 24 | - 'value' => $value |
|
| 25 | - ]); |
|
| 26 | - } |
|
| 21 | + public function createAccessToken(string $value) |
|
| 22 | + { |
|
| 23 | + return AccessToken::create([ |
|
| 24 | + 'value' => $value |
|
| 25 | + ]); |
|
| 26 | + } |
|
| 27 | 27 | |
| 28 | - public function createRefreshToken(string $value) |
|
| 29 | - { |
|
| 30 | - return RefreshToken::create([ |
|
| 31 | - 'value' => $value |
|
| 32 | - ]); |
|
| 33 | - } |
|
| 28 | + public function createRefreshToken(string $value) |
|
| 29 | + { |
|
| 30 | + return RefreshToken::create([ |
|
| 31 | + 'value' => $value |
|
| 32 | + ]); |
|
| 33 | + } |
|
| 34 | 34 | } |
@@ -6,35 +6,35 @@ |
||
| 6 | 6 | |
| 7 | 7 | class AuthorizationCode implements GrantsAccessTokens |
| 8 | 8 | { |
| 9 | - /** |
|
| 10 | - * The token value |
|
| 11 | - * |
|
| 12 | - * @var string |
|
| 13 | - */ |
|
| 14 | - public $value; |
|
| 9 | + /** |
|
| 10 | + * The token value |
|
| 11 | + * |
|
| 12 | + * @var string |
|
| 13 | + */ |
|
| 14 | + public $value; |
|
| 15 | 15 | |
| 16 | - /** |
|
| 17 | - * Create a new authorization code instance |
|
| 18 | - * |
|
| 19 | - * @param string $value The authorization code supplied by Revolut |
|
| 20 | - */ |
|
| 21 | - public function __construct(string $value) |
|
| 22 | - { |
|
| 23 | - $this->value = $value; |
|
| 24 | - } |
|
| 16 | + /** |
|
| 17 | + * Create a new authorization code instance |
|
| 18 | + * |
|
| 19 | + * @param string $value The authorization code supplied by Revolut |
|
| 20 | + */ |
|
| 21 | + public function __construct(string $value) |
|
| 22 | + { |
|
| 23 | + $this->value = $value; |
|
| 24 | + } |
|
| 25 | 25 | |
| 26 | - public function getValue() |
|
| 27 | - { |
|
| 28 | - return $this->value; |
|
| 29 | - } |
|
| 26 | + public function getValue() |
|
| 27 | + { |
|
| 28 | + return $this->value; |
|
| 29 | + } |
|
| 30 | 30 | |
| 31 | - public static function getType() |
|
| 32 | - { |
|
| 33 | - return 'code'; |
|
| 34 | - } |
|
| 31 | + public static function getType() |
|
| 32 | + { |
|
| 33 | + return 'code'; |
|
| 34 | + } |
|
| 35 | 35 | |
| 36 | - public static function getGrantType() |
|
| 37 | - { |
|
| 38 | - return 'authorization_code'; |
|
| 39 | - } |
|
| 36 | + public static function getGrantType() |
|
| 37 | + { |
|
| 38 | + return 'authorization_code'; |
|
| 39 | + } |
|
| 40 | 40 | } |
@@ -9,107 +9,107 @@ |
||
| 9 | 9 | |
| 10 | 10 | class TokenManager |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * The token repository |
|
| 14 | - * |
|
| 15 | - * @var \tbclla\Revolut\Interfaces\TokenRepository |
|
| 16 | - */ |
|
| 17 | - private $tokenRepository; |
|
| 12 | + /** |
|
| 13 | + * The token repository |
|
| 14 | + * |
|
| 15 | + * @var \tbclla\Revolut\Interfaces\TokenRepository |
|
| 16 | + */ |
|
| 17 | + private $tokenRepository; |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * The access token request |
|
| 21 | - * |
|
| 22 | - * @var \tbclla\Revolut\Auth\Requests\AccessTokenRequest |
|
| 23 | - */ |
|
| 24 | - private $accessTokenRequest; |
|
| 19 | + /** |
|
| 20 | + * The access token request |
|
| 21 | + * |
|
| 22 | + * @var \tbclla\Revolut\Auth\Requests\AccessTokenRequest |
|
| 23 | + */ |
|
| 24 | + private $accessTokenRequest; |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * Create a token manager |
|
| 28 | - * |
|
| 29 | - * @param \tbclla\Revolut\Interfaces\TokenRepository $tokenRepository |
|
| 30 | - * @param \tbclla\Revolut\Auth\Requests\AccessTokenRequest $accessTokenRequest |
|
| 31 | - * @return void |
|
| 32 | - */ |
|
| 33 | - public function __construct(TokenRepository $tokenRepository, AccessTokenRequest $accessTokenRequest) |
|
| 34 | - { |
|
| 35 | - $this->tokenRepository = $tokenRepository; |
|
| 36 | - $this->accessTokenRequest = $accessTokenRequest; |
|
| 37 | - } |
|
| 26 | + /** |
|
| 27 | + * Create a token manager |
|
| 28 | + * |
|
| 29 | + * @param \tbclla\Revolut\Interfaces\TokenRepository $tokenRepository |
|
| 30 | + * @param \tbclla\Revolut\Auth\Requests\AccessTokenRequest $accessTokenRequest |
|
| 31 | + * @return void |
|
| 32 | + */ |
|
| 33 | + public function __construct(TokenRepository $tokenRepository, AccessTokenRequest $accessTokenRequest) |
|
| 34 | + { |
|
| 35 | + $this->tokenRepository = $tokenRepository; |
|
| 36 | + $this->accessTokenRequest = $accessTokenRequest; |
|
| 37 | + } |
|
| 38 | 38 | |
| 39 | - /** |
|
| 40 | - * Get an access token from the repository, |
|
| 41 | - * or request a new access token |
|
| 42 | - * |
|
| 43 | - * @return \tbclla\Revolut\Auth\AccessToken |
|
| 44 | - */ |
|
| 45 | - public function getAccessToken() |
|
| 46 | - { |
|
| 47 | - $accessToken = $this->tokenRepository->getAccessToken(); |
|
| 39 | + /** |
|
| 40 | + * Get an access token from the repository, |
|
| 41 | + * or request a new access token |
|
| 42 | + * |
|
| 43 | + * @return \tbclla\Revolut\Auth\AccessToken |
|
| 44 | + */ |
|
| 45 | + public function getAccessToken() |
|
| 46 | + { |
|
| 47 | + $accessToken = $this->tokenRepository->getAccessToken(); |
|
| 48 | 48 | |
| 49 | - return $accessToken ?? $this->refreshAccessToken(); |
|
| 50 | - } |
|
| 49 | + return $accessToken ?? $this->refreshAccessToken(); |
|
| 50 | + } |
|
| 51 | 51 | |
| 52 | - /** |
|
| 53 | - * Get a refresh token from the repository |
|
| 54 | - * |
|
| 55 | - * @return \tbclla\Revolut\Auth\RefreshToken|null |
|
| 56 | - */ |
|
| 57 | - public function getRefreshToken() |
|
| 58 | - { |
|
| 59 | - return $this->tokenRepository->getRefreshToken(); |
|
| 60 | - } |
|
| 52 | + /** |
|
| 53 | + * Get a refresh token from the repository |
|
| 54 | + * |
|
| 55 | + * @return \tbclla\Revolut\Auth\RefreshToken|null |
|
| 56 | + */ |
|
| 57 | + public function getRefreshToken() |
|
| 58 | + { |
|
| 59 | + return $this->tokenRepository->getRefreshToken(); |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - /** |
|
| 63 | - * Store a new access token |
|
| 64 | - * |
|
| 65 | - * @param string $value |
|
| 66 | - * @return \tbclla\Revolut\Auth\AccessToken |
|
| 67 | - */ |
|
| 68 | - public function createAccessToken(string $value) |
|
| 69 | - { |
|
| 70 | - return $this->tokenRepository->createAccessToken($value); |
|
| 71 | - } |
|
| 62 | + /** |
|
| 63 | + * Store a new access token |
|
| 64 | + * |
|
| 65 | + * @param string $value |
|
| 66 | + * @return \tbclla\Revolut\Auth\AccessToken |
|
| 67 | + */ |
|
| 68 | + public function createAccessToken(string $value) |
|
| 69 | + { |
|
| 70 | + return $this->tokenRepository->createAccessToken($value); |
|
| 71 | + } |
|
| 72 | 72 | |
| 73 | - /** |
|
| 74 | - * Store a new refresh token |
|
| 75 | - * |
|
| 76 | - * @param string $value |
|
| 77 | - * @return \tbclla\Revolut\Auth\RefreshToken |
|
| 78 | - */ |
|
| 79 | - public function createRefreshToken(string $value) |
|
| 80 | - { |
|
| 81 | - return $this->tokenRepository->createRefreshToken($value); |
|
| 82 | - } |
|
| 73 | + /** |
|
| 74 | + * Store a new refresh token |
|
| 75 | + * |
|
| 76 | + * @param string $value |
|
| 77 | + * @return \tbclla\Revolut\Auth\RefreshToken |
|
| 78 | + */ |
|
| 79 | + public function createRefreshToken(string $value) |
|
| 80 | + { |
|
| 81 | + return $this->tokenRepository->createRefreshToken($value); |
|
| 82 | + } |
|
| 83 | 83 | |
| 84 | - /** |
|
| 85 | - * Exchange a refresh token for a new access token |
|
| 86 | - * |
|
| 87 | - * @return \tbclla\Revolut\Auth\AccessToken |
|
| 88 | - * @throws \tbclla\Revolut\Exceptions\AppUnauthorizedException |
|
| 89 | - */ |
|
| 90 | - public function refreshAccessToken() |
|
| 91 | - { |
|
| 92 | - if (!$refreshToken = $this->getRefreshToken()) { |
|
| 93 | - throw new AppUnauthorizedException('No refresh token found. Re-authorization required.'); |
|
| 94 | - } |
|
| 84 | + /** |
|
| 85 | + * Exchange a refresh token for a new access token |
|
| 86 | + * |
|
| 87 | + * @return \tbclla\Revolut\Auth\AccessToken |
|
| 88 | + * @throws \tbclla\Revolut\Exceptions\AppUnauthorizedException |
|
| 89 | + */ |
|
| 90 | + public function refreshAccessToken() |
|
| 91 | + { |
|
| 92 | + if (!$refreshToken = $this->getRefreshToken()) { |
|
| 93 | + throw new AppUnauthorizedException('No refresh token found. Re-authorization required.'); |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | - return $this->requestAccessToken($refreshToken); |
|
| 97 | - } |
|
| 96 | + return $this->requestAccessToken($refreshToken); |
|
| 97 | + } |
|
| 98 | 98 | |
| 99 | - /** |
|
| 100 | - * Request a new access token |
|
| 101 | - * |
|
| 102 | - * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $token |
|
| 103 | - * @return \tbclla\Revolut\Auth\AccessToken |
|
| 104 | - */ |
|
| 105 | - public function requestAccessToken(GrantsAccessTokens $token) |
|
| 106 | - { |
|
| 107 | - $response = $this->accessTokenRequest->exchange($token); |
|
| 99 | + /** |
|
| 100 | + * Request a new access token |
|
| 101 | + * |
|
| 102 | + * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $token |
|
| 103 | + * @return \tbclla\Revolut\Auth\AccessToken |
|
| 104 | + */ |
|
| 105 | + public function requestAccessToken(GrantsAccessTokens $token) |
|
| 106 | + { |
|
| 107 | + $response = $this->accessTokenRequest->exchange($token); |
|
| 108 | 108 | |
| 109 | - if (isset($response['refresh_token'])) { |
|
| 110 | - $this->createRefreshToken($response['refresh_token']); |
|
| 111 | - } |
|
| 109 | + if (isset($response['refresh_token'])) { |
|
| 110 | + $this->createRefreshToken($response['refresh_token']); |
|
| 111 | + } |
|
| 112 | 112 | |
| 113 | - return $this->createAccessToken($response['access_token']); |
|
| 114 | - } |
|
| 113 | + return $this->createAccessToken($response['access_token']); |
|
| 114 | + } |
|
| 115 | 115 | } |
@@ -9,92 +9,92 @@ |
||
| 9 | 9 | |
| 10 | 10 | class AccessTokenRequest |
| 11 | 11 | { |
| 12 | - /** |
|
| 13 | - * The authentication endpoint |
|
| 14 | - * |
|
| 15 | - * @var string |
|
| 16 | - */ |
|
| 17 | - const ENDPOINT = '/auth/token'; |
|
| 12 | + /** |
|
| 13 | + * The authentication endpoint |
|
| 14 | + * |
|
| 15 | + * @var string |
|
| 16 | + */ |
|
| 17 | + const ENDPOINT = '/auth/token'; |
|
| 18 | 18 | |
| 19 | - /** |
|
| 20 | - * The client assertion |
|
| 21 | - * |
|
| 22 | - * @var \tbclla\Revolut\Auth\ClientAssertion |
|
| 23 | - */ |
|
| 24 | - private $clientAssertion; |
|
| 19 | + /** |
|
| 20 | + * The client assertion |
|
| 21 | + * |
|
| 22 | + * @var \tbclla\Revolut\Auth\ClientAssertion |
|
| 23 | + */ |
|
| 24 | + private $clientAssertion; |
|
| 25 | 25 | |
| 26 | - /** |
|
| 27 | - * The HTTP client |
|
| 28 | - * |
|
| 29 | - * @var \tbclla\Revolut\Interfaces\MakesHttpRequests |
|
| 30 | - */ |
|
| 31 | - private $httpClient; |
|
| 26 | + /** |
|
| 27 | + * The HTTP client |
|
| 28 | + * |
|
| 29 | + * @var \tbclla\Revolut\Interfaces\MakesHttpRequests |
|
| 30 | + */ |
|
| 31 | + private $httpClient; |
|
| 32 | 32 | |
| 33 | - /** |
|
| 34 | - * Create a new access token request instance |
|
| 35 | - * |
|
| 36 | - * @param \tbclla\Revolut\Auth\ClientAssertion $clientAssertion |
|
| 37 | - * @param \tbclla\Revolut\Interfaces\MakesHttpRequests $httpClient |
|
| 38 | - * @return void |
|
| 39 | - */ |
|
| 40 | - public function __construct(ClientAssertion $clientAssertion, MakesHttpRequests $httpClient) |
|
| 41 | - { |
|
| 42 | - $this->clientAssertion = $clientAssertion; |
|
| 43 | - $this->httpClient = $httpClient; |
|
| 44 | - } |
|
| 33 | + /** |
|
| 34 | + * Create a new access token request instance |
|
| 35 | + * |
|
| 36 | + * @param \tbclla\Revolut\Auth\ClientAssertion $clientAssertion |
|
| 37 | + * @param \tbclla\Revolut\Interfaces\MakesHttpRequests $httpClient |
|
| 38 | + * @return void |
|
| 39 | + */ |
|
| 40 | + public function __construct(ClientAssertion $clientAssertion, MakesHttpRequests $httpClient) |
|
| 41 | + { |
|
| 42 | + $this->clientAssertion = $clientAssertion; |
|
| 43 | + $this->httpClient = $httpClient; |
|
| 44 | + } |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * Exchange an authorization code or a refresh token for an access token |
|
| 48 | - * |
|
| 49 | - * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $requestToken |
|
| 50 | - * @return array |
|
| 51 | - */ |
|
| 52 | - public function exchange(GrantsAccessTokens $requestToken) |
|
| 53 | - { |
|
| 54 | - return $this->httpClient->post($this->uri(), [ |
|
| 55 | - 'form_params' => array_merge( |
|
| 56 | - $this->buildClientParams(), |
|
| 57 | - $this->buildGrantParams($requestToken) |
|
| 58 | - ) |
|
| 59 | - ]); |
|
| 60 | - } |
|
| 46 | + /** |
|
| 47 | + * Exchange an authorization code or a refresh token for an access token |
|
| 48 | + * |
|
| 49 | + * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $requestToken |
|
| 50 | + * @return array |
|
| 51 | + */ |
|
| 52 | + public function exchange(GrantsAccessTokens $requestToken) |
|
| 53 | + { |
|
| 54 | + return $this->httpClient->post($this->uri(), [ |
|
| 55 | + 'form_params' => array_merge( |
|
| 56 | + $this->buildClientParams(), |
|
| 57 | + $this->buildGrantParams($requestToken) |
|
| 58 | + ) |
|
| 59 | + ]); |
|
| 60 | + } |
|
| 61 | 61 | |
| 62 | - /** |
|
| 63 | - * Get the Uri for the request |
|
| 64 | - * |
|
| 65 | - * @return string |
|
| 66 | - */ |
|
| 67 | - public static function uri() |
|
| 68 | - { |
|
| 69 | - return RevolutClient::buildUri(self::ENDPOINT); |
|
| 70 | - } |
|
| 62 | + /** |
|
| 63 | + * Get the Uri for the request |
|
| 64 | + * |
|
| 65 | + * @return string |
|
| 66 | + */ |
|
| 67 | + public static function uri() |
|
| 68 | + { |
|
| 69 | + return RevolutClient::buildUri(self::ENDPOINT); |
|
| 70 | + } |
|
| 71 | 71 | |
| 72 | - /** |
|
| 73 | - * Build the client parameters |
|
| 74 | - * The request must inlude the client ID, the client assertion (JWT) and client assertion type |
|
| 75 | - * |
|
| 76 | - * @return array |
|
| 77 | - */ |
|
| 78 | - private function buildClientParams() |
|
| 79 | - { |
|
| 80 | - return [ |
|
| 81 | - 'client_assertion_type' => $this->clientAssertion::TYPE, |
|
| 82 | - 'client_id' => $this->clientAssertion->clientId, |
|
| 83 | - 'client_assertion' => $this->clientAssertion->build(), |
|
| 84 | - ]; |
|
| 85 | - } |
|
| 72 | + /** |
|
| 73 | + * Build the client parameters |
|
| 74 | + * The request must inlude the client ID, the client assertion (JWT) and client assertion type |
|
| 75 | + * |
|
| 76 | + * @return array |
|
| 77 | + */ |
|
| 78 | + private function buildClientParams() |
|
| 79 | + { |
|
| 80 | + return [ |
|
| 81 | + 'client_assertion_type' => $this->clientAssertion::TYPE, |
|
| 82 | + 'client_id' => $this->clientAssertion->clientId, |
|
| 83 | + 'client_assertion' => $this->clientAssertion->build(), |
|
| 84 | + ]; |
|
| 85 | + } |
|
| 86 | 86 | |
| 87 | - /** |
|
| 88 | - * Build the grant parameters |
|
| 89 | - * |
|
| 90 | - * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $requestToken |
|
| 91 | - * @return array |
|
| 92 | - */ |
|
| 93 | - private function buildGrantParams(GrantsAccessTokens $requestToken) |
|
| 94 | - { |
|
| 95 | - return [ |
|
| 96 | - 'grant_type' => $requestToken->getGrantType(), |
|
| 97 | - $requestToken->getType() => $requestToken->getValue(), |
|
| 98 | - ]; |
|
| 99 | - } |
|
| 87 | + /** |
|
| 88 | + * Build the grant parameters |
|
| 89 | + * |
|
| 90 | + * @param \tbclla\Revolut\Interfaces\GrantsAccessTokens $requestToken |
|
| 91 | + * @return array |
|
| 92 | + */ |
|
| 93 | + private function buildGrantParams(GrantsAccessTokens $requestToken) |
|
| 94 | + { |
|
| 95 | + return [ |
|
| 96 | + 'grant_type' => $requestToken->getGrantType(), |
|
| 97 | + $requestToken->getType() => $requestToken->getValue(), |
|
| 98 | + ]; |
|
| 99 | + } |
|
| 100 | 100 | } |
@@ -4,113 +4,113 @@ |
||
| 4 | 4 | |
| 5 | 5 | class AuthorizationCodeRequest |
| 6 | 6 | { |
| 7 | - /** |
|
| 8 | - * The sandbox URL |
|
| 9 | - * |
|
| 10 | - * @var string |
|
| 11 | - */ |
|
| 12 | - const SANDBOX_URL = 'https://sandbox-business.revolut.com'; |
|
| 7 | + /** |
|
| 8 | + * The sandbox URL |
|
| 9 | + * |
|
| 10 | + * @var string |
|
| 11 | + */ |
|
| 12 | + const SANDBOX_URL = 'https://sandbox-business.revolut.com'; |
|
| 13 | 13 | |
| 14 | - /** |
|
| 15 | - * The production URL |
|
| 16 | - * |
|
| 17 | - * @var string |
|
| 18 | - */ |
|
| 19 | - const PRODUCTION_URL = 'https://business.revolut.com'; |
|
| 14 | + /** |
|
| 15 | + * The production URL |
|
| 16 | + * |
|
| 17 | + * @var string |
|
| 18 | + */ |
|
| 19 | + const PRODUCTION_URL = 'https://business.revolut.com'; |
|
| 20 | 20 | |
| 21 | - /** |
|
| 22 | - * The app authorization endpoint |
|
| 23 | - * |
|
| 24 | - * @var string |
|
| 25 | - */ |
|
| 26 | - const ENDPOINT = '/app-confirm'; |
|
| 21 | + /** |
|
| 22 | + * The app authorization endpoint |
|
| 23 | + * |
|
| 24 | + * @var string |
|
| 25 | + */ |
|
| 26 | + const ENDPOINT = '/app-confirm'; |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * A token repository |
|
| 30 | - * |
|
| 31 | - * @var string The client Id |
|
| 32 | - */ |
|
| 33 | - private $clientId; |
|
| 28 | + /** |
|
| 29 | + * A token repository |
|
| 30 | + * |
|
| 31 | + * @var string The client Id |
|
| 32 | + */ |
|
| 33 | + private $clientId; |
|
| 34 | 34 | |
| 35 | - /** |
|
| 36 | - * A token repository |
|
| 37 | - * |
|
| 38 | - * @var string The redirect URI |
|
| 39 | - */ |
|
| 40 | - private $redirectUri; |
|
| 35 | + /** |
|
| 36 | + * A token repository |
|
| 37 | + * |
|
| 38 | + * @var string The redirect URI |
|
| 39 | + */ |
|
| 40 | + private $redirectUri; |
|
| 41 | 41 | |
| 42 | - /** |
|
| 43 | - * A token repository |
|
| 44 | - * |
|
| 45 | - * @var bool The environment |
|
| 46 | - */ |
|
| 47 | - private $sandbox; |
|
| 42 | + /** |
|
| 43 | + * A token repository |
|
| 44 | + * |
|
| 45 | + * @var bool The environment |
|
| 46 | + */ |
|
| 47 | + private $sandbox; |
|
| 48 | 48 | |
| 49 | - /** |
|
| 50 | - * A state value |
|
| 51 | - * |
|
| 52 | - * @var string |
|
| 53 | - */ |
|
| 54 | - public $state; |
|
| 49 | + /** |
|
| 50 | + * A state value |
|
| 51 | + * |
|
| 52 | + * @var string |
|
| 53 | + */ |
|
| 54 | + public $state; |
|
| 55 | 55 | |
| 56 | - /** |
|
| 57 | - * Create a new request |
|
| 58 | - * |
|
| 59 | - * @param string $clientId The Revolut Business Client ID |
|
| 60 | - * @param string $redirectUri The OAuth redirect URI |
|
| 61 | - * @param bool $sandbox Whether or not to use the sandbox environment |
|
| 62 | - * @return void |
|
| 63 | - */ |
|
| 64 | - public function __construct(string $clientId, string $redirectUri, bool $sandbox = true) |
|
| 65 | - { |
|
| 66 | - $this->clientId = $clientId; |
|
| 67 | - $this->redirectUri = $redirectUri; |
|
| 68 | - $this->sandbox = $sandbox; |
|
| 69 | - $this->state = $this->generateState(); |
|
| 70 | - } |
|
| 56 | + /** |
|
| 57 | + * Create a new request |
|
| 58 | + * |
|
| 59 | + * @param string $clientId The Revolut Business Client ID |
|
| 60 | + * @param string $redirectUri The OAuth redirect URI |
|
| 61 | + * @param bool $sandbox Whether or not to use the sandbox environment |
|
| 62 | + * @return void |
|
| 63 | + */ |
|
| 64 | + public function __construct(string $clientId, string $redirectUri, bool $sandbox = true) |
|
| 65 | + { |
|
| 66 | + $this->clientId = $clientId; |
|
| 67 | + $this->redirectUri = $redirectUri; |
|
| 68 | + $this->sandbox = $sandbox; |
|
| 69 | + $this->state = $this->generateState(); |
|
| 70 | + } |
|
| 71 | 71 | |
| 72 | - /** |
|
| 73 | - * Build the request |
|
| 74 | - * |
|
| 75 | - * @return string |
|
| 76 | - */ |
|
| 77 | - public function build() |
|
| 78 | - { |
|
| 79 | - return $this->baseUri() . self::ENDPOINT . '?' . $this->buildQuery(); |
|
| 80 | - } |
|
| 72 | + /** |
|
| 73 | + * Build the request |
|
| 74 | + * |
|
| 75 | + * @return string |
|
| 76 | + */ |
|
| 77 | + public function build() |
|
| 78 | + { |
|
| 79 | + return $this->baseUri() . self::ENDPOINT . '?' . $this->buildQuery(); |
|
| 80 | + } |
|
| 81 | 81 | |
| 82 | - /** |
|
| 83 | - * Build the base URI |
|
| 84 | - * |
|
| 85 | - * @return string |
|
| 86 | - */ |
|
| 87 | - private function baseUri() |
|
| 88 | - { |
|
| 89 | - return $this->sandbox ? self::SANDBOX_URL : self::PRODUCTION_URL; |
|
| 90 | - } |
|
| 82 | + /** |
|
| 83 | + * Build the base URI |
|
| 84 | + * |
|
| 85 | + * @return string |
|
| 86 | + */ |
|
| 87 | + private function baseUri() |
|
| 88 | + { |
|
| 89 | + return $this->sandbox ? self::SANDBOX_URL : self::PRODUCTION_URL; |
|
| 90 | + } |
|
| 91 | 91 | |
| 92 | - /** |
|
| 93 | - * Build the query |
|
| 94 | - * |
|
| 95 | - * @return string |
|
| 96 | - */ |
|
| 97 | - private function buildQuery() |
|
| 98 | - { |
|
| 99 | - return http_build_query([ |
|
| 100 | - 'response_type' => 'request_token', |
|
| 101 | - 'client_id' => $this->clientId, |
|
| 102 | - 'redirect_uri' => $this->redirectUri, |
|
| 103 | - 'state' => $this->state |
|
| 104 | - ]); |
|
| 105 | - } |
|
| 92 | + /** |
|
| 93 | + * Build the query |
|
| 94 | + * |
|
| 95 | + * @return string |
|
| 96 | + */ |
|
| 97 | + private function buildQuery() |
|
| 98 | + { |
|
| 99 | + return http_build_query([ |
|
| 100 | + 'response_type' => 'request_token', |
|
| 101 | + 'client_id' => $this->clientId, |
|
| 102 | + 'redirect_uri' => $this->redirectUri, |
|
| 103 | + 'state' => $this->state |
|
| 104 | + ]); |
|
| 105 | + } |
|
| 106 | 106 | |
| 107 | - /** |
|
| 108 | - * Generate a state value |
|
| 109 | - * |
|
| 110 | - * @return string |
|
| 111 | - */ |
|
| 112 | - private function generateState() |
|
| 113 | - { |
|
| 114 | - return base64_encode(random_bytes(32)); |
|
| 115 | - } |
|
| 107 | + /** |
|
| 108 | + * Generate a state value |
|
| 109 | + * |
|
| 110 | + * @return string |
|
| 111 | + */ |
|
| 112 | + private function generateState() |
|
| 113 | + { |
|
| 114 | + return base64_encode(random_bytes(32)); |
|
| 115 | + } |
|
| 116 | 116 | } |
@@ -16,95 +16,95 @@ |
||
| 16 | 16 | */ |
| 17 | 17 | abstract class Token extends Model |
| 18 | 18 | { |
| 19 | - use Encryptable; |
|
| 19 | + use Encryptable; |
|
| 20 | 20 | |
| 21 | - /** |
|
| 22 | - * Whether or not to use timestamps |
|
| 23 | - * |
|
| 24 | - * @var bool |
|
| 25 | - */ |
|
| 26 | - public $timestamps = false; |
|
| 21 | + /** |
|
| 22 | + * Whether or not to use timestamps |
|
| 23 | + * |
|
| 24 | + * @var bool |
|
| 25 | + */ |
|
| 26 | + public $timestamps = false; |
|
| 27 | 27 | |
| 28 | - /** |
|
| 29 | - * The attributes that are fillable |
|
| 30 | - * |
|
| 31 | - * @var array |
|
| 32 | - */ |
|
| 33 | - protected $fillable = ['value']; |
|
| 28 | + /** |
|
| 29 | + * The attributes that are fillable |
|
| 30 | + * |
|
| 31 | + * @var array |
|
| 32 | + */ |
|
| 33 | + protected $fillable = ['value']; |
|
| 34 | 34 | |
| 35 | - /** |
|
| 36 | - * The attributes that should be cast to native types. |
|
| 37 | - * |
|
| 38 | - * @var array |
|
| 39 | - */ |
|
| 40 | - protected $casts = [ |
|
| 41 | - 'is_encrypted' => 'boolean', |
|
| 42 | - 'expires_at' => 'datetime', |
|
| 43 | - 'created_at' => 'datetime', |
|
| 44 | - ]; |
|
| 35 | + /** |
|
| 36 | + * The attributes that should be cast to native types. |
|
| 37 | + * |
|
| 38 | + * @var array |
|
| 39 | + */ |
|
| 40 | + protected $casts = [ |
|
| 41 | + 'is_encrypted' => 'boolean', |
|
| 42 | + 'expires_at' => 'datetime', |
|
| 43 | + 'created_at' => 'datetime', |
|
| 44 | + ]; |
|
| 45 | 45 | |
| 46 | - /** |
|
| 47 | - * The "booting" method of the model. |
|
| 48 | - * |
|
| 49 | - * @return void |
|
| 50 | - */ |
|
| 51 | - protected static function boot() |
|
| 52 | - { |
|
| 53 | - parent::boot(); |
|
| 46 | + /** |
|
| 47 | + * The "booting" method of the model. |
|
| 48 | + * |
|
| 49 | + * @return void |
|
| 50 | + */ |
|
| 51 | + protected static function boot() |
|
| 52 | + { |
|
| 53 | + parent::boot(); |
|
| 54 | 54 | |
| 55 | - static::creating(function($model) { |
|
| 56 | - $model->type = static::getType(); |
|
| 57 | - $model->expires_at = static::getExpiration(); |
|
| 58 | - }); |
|
| 55 | + static::creating(function($model) { |
|
| 56 | + $model->type = static::getType(); |
|
| 57 | + $model->expires_at = static::getExpiration(); |
|
| 58 | + }); |
|
| 59 | 59 | |
| 60 | - static::addGlobalScope('type', function(Builder $builder) { |
|
| 61 | - $builder->whereType(static::getType()); |
|
| 62 | - }); |
|
| 63 | - } |
|
| 60 | + static::addGlobalScope('type', function(Builder $builder) { |
|
| 61 | + $builder->whereType(static::getType()); |
|
| 62 | + }); |
|
| 63 | + } |
|
| 64 | 64 | |
| 65 | - /** |
|
| 66 | - * Get the name of the tokens table |
|
| 67 | - * |
|
| 68 | - * @return string |
|
| 69 | - */ |
|
| 70 | - public function getTable() |
|
| 71 | - { |
|
| 72 | - return config('revolut.tokens.table_name'); |
|
| 73 | - } |
|
| 65 | + /** |
|
| 66 | + * Get the name of the tokens table |
|
| 67 | + * |
|
| 68 | + * @return string |
|
| 69 | + */ |
|
| 70 | + public function getTable() |
|
| 71 | + { |
|
| 72 | + return config('revolut.tokens.table_name'); |
|
| 73 | + } |
|
| 74 | 74 | |
| 75 | - /** |
|
| 76 | - * Check if the token has expired |
|
| 77 | - * |
|
| 78 | - * @return bool |
|
| 79 | - */ |
|
| 80 | - public function hasExpired() |
|
| 81 | - { |
|
| 82 | - return $this->expires_at ? $this->expires_at < now() : false; |
|
| 83 | - } |
|
| 75 | + /** |
|
| 76 | + * Check if the token has expired |
|
| 77 | + * |
|
| 78 | + * @return bool |
|
| 79 | + */ |
|
| 80 | + public function hasExpired() |
|
| 81 | + { |
|
| 82 | + return $this->expires_at ? $this->expires_at < now() : false; |
|
| 83 | + } |
|
| 84 | 84 | |
| 85 | - /** |
|
| 86 | - * Scope a query to only inlcude active tokens |
|
| 87 | - * |
|
| 88 | - * @param \Illuminate\Database\Eloquent\Builder $query |
|
| 89 | - * @param bool $isActive |
|
| 90 | - * @return \Illuminate\Database\Eloquent\Builder |
|
| 91 | - */ |
|
| 92 | - public function scopeActive($query, bool $isActive = true) |
|
| 93 | - { |
|
| 94 | - $col = 'expires_at'; |
|
| 85 | + /** |
|
| 86 | + * Scope a query to only inlcude active tokens |
|
| 87 | + * |
|
| 88 | + * @param \Illuminate\Database\Eloquent\Builder $query |
|
| 89 | + * @param bool $isActive |
|
| 90 | + * @return \Illuminate\Database\Eloquent\Builder |
|
| 91 | + */ |
|
| 92 | + public function scopeActive($query, bool $isActive = true) |
|
| 93 | + { |
|
| 94 | + $col = 'expires_at'; |
|
| 95 | 95 | |
| 96 | - return $isActive |
|
| 97 | - ? $query->where($col, '>', now())->orWhereNull($col) |
|
| 98 | - : $query->where($col, '<=', now()); |
|
| 99 | - } |
|
| 96 | + return $isActive |
|
| 97 | + ? $query->where($col, '>', now())->orWhereNull($col) |
|
| 98 | + : $query->where($col, '<=', now()); |
|
| 99 | + } |
|
| 100 | 100 | |
| 101 | - /** |
|
| 102 | - * Delete all expired access tokens |
|
| 103 | - * |
|
| 104 | - * @return int The number of deleted tokens |
|
| 105 | - */ |
|
| 106 | - public static function clearExpired() |
|
| 107 | - { |
|
| 108 | - return (int) self::active(false)->delete(); |
|
| 109 | - } |
|
| 101 | + /** |
|
| 102 | + * Delete all expired access tokens |
|
| 103 | + * |
|
| 104 | + * @return int The number of deleted tokens |
|
| 105 | + */ |
|
| 106 | + public static function clearExpired() |
|
| 107 | + { |
|
| 108 | + return (int) self::active(false)->delete(); |
|
| 109 | + } |
|
| 110 | 110 | } |
@@ -7,27 +7,27 @@ |
||
| 7 | 7 | |
| 8 | 8 | class AccessToken extends Token implements PersistableToken |
| 9 | 9 | { |
| 10 | - /** |
|
| 11 | - * The name of the token |
|
| 12 | - * |
|
| 13 | - * @var string |
|
| 14 | - */ |
|
| 15 | - const TYPE = 'access_token'; |
|
| 10 | + /** |
|
| 11 | + * The name of the token |
|
| 12 | + * |
|
| 13 | + * @var string |
|
| 14 | + */ |
|
| 15 | + const TYPE = 'access_token'; |
|
| 16 | 16 | |
| 17 | - /** |
|
| 18 | - * The time to live in minutes |
|
| 19 | - * |
|
| 20 | - * @var int |
|
| 21 | - */ |
|
| 22 | - const TTL = 40; |
|
| 17 | + /** |
|
| 18 | + * The time to live in minutes |
|
| 19 | + * |
|
| 20 | + * @var int |
|
| 21 | + */ |
|
| 22 | + const TTL = 40; |
|
| 23 | 23 | |
| 24 | - public static function getType() |
|
| 25 | - { |
|
| 26 | - return self::TYPE; |
|
| 27 | - } |
|
| 24 | + public static function getType() |
|
| 25 | + { |
|
| 26 | + return self::TYPE; |
|
| 27 | + } |
|
| 28 | 28 | |
| 29 | - public static function getExpiration() |
|
| 30 | - { |
|
| 31 | - return now()->addMinutes(self::TTL); |
|
| 32 | - } |
|
| 29 | + public static function getExpiration() |
|
| 30 | + { |
|
| 31 | + return now()->addMinutes(self::TTL); |
|
| 32 | + } |
|
| 33 | 33 | } |
@@ -8,49 +8,49 @@ |
||
| 8 | 8 | |
| 9 | 9 | class RefreshToken extends Token implements GrantsAccessTokens, PersistableToken |
| 10 | 10 | { |
| 11 | - /** |
|
| 12 | - * The type of the token |
|
| 13 | - * |
|
| 14 | - * @var string |
|
| 15 | - */ |
|
| 16 | - const TYPE = 'refresh_token'; |
|
| 17 | - |
|
| 18 | - /** |
|
| 19 | - * The grant type of the token |
|
| 20 | - * |
|
| 21 | - * @var string |
|
| 22 | - */ |
|
| 23 | - const GRANT_TYPE = 'refresh_token'; |
|
| 24 | - |
|
| 25 | - public function getValue() |
|
| 26 | - { |
|
| 27 | - return $this->value; |
|
| 28 | - } |
|
| 29 | - |
|
| 30 | - public static function getType() |
|
| 31 | - { |
|
| 32 | - return self::TYPE; |
|
| 33 | - } |
|
| 34 | - |
|
| 35 | - public static function getGrantType() |
|
| 36 | - { |
|
| 37 | - return self::GRANT_TYPE; |
|
| 38 | - } |
|
| 39 | - |
|
| 40 | - public static function getExpiration() |
|
| 41 | - { |
|
| 42 | - return null; |
|
| 43 | - } |
|
| 44 | - |
|
| 45 | - /** |
|
| 46 | - * Delete all expired refresh tokens |
|
| 47 | - * |
|
| 48 | - * @return int The number of deleted tokens |
|
| 49 | - */ |
|
| 50 | - public static function clearExpired() |
|
| 51 | - { |
|
| 52 | - $latest = self::latest()->select('id')->first(); |
|
| 53 | - |
|
| 54 | - return (int) self::where('id', '!=', $latest->id)->delete(); |
|
| 55 | - } |
|
| 11 | + /** |
|
| 12 | + * The type of the token |
|
| 13 | + * |
|
| 14 | + * @var string |
|
| 15 | + */ |
|
| 16 | + const TYPE = 'refresh_token'; |
|
| 17 | + |
|
| 18 | + /** |
|
| 19 | + * The grant type of the token |
|
| 20 | + * |
|
| 21 | + * @var string |
|
| 22 | + */ |
|
| 23 | + const GRANT_TYPE = 'refresh_token'; |
|
| 24 | + |
|
| 25 | + public function getValue() |
|
| 26 | + { |
|
| 27 | + return $this->value; |
|
| 28 | + } |
|
| 29 | + |
|
| 30 | + public static function getType() |
|
| 31 | + { |
|
| 32 | + return self::TYPE; |
|
| 33 | + } |
|
| 34 | + |
|
| 35 | + public static function getGrantType() |
|
| 36 | + { |
|
| 37 | + return self::GRANT_TYPE; |
|
| 38 | + } |
|
| 39 | + |
|
| 40 | + public static function getExpiration() |
|
| 41 | + { |
|
| 42 | + return null; |
|
| 43 | + } |
|
| 44 | + |
|
| 45 | + /** |
|
| 46 | + * Delete all expired refresh tokens |
|
| 47 | + * |
|
| 48 | + * @return int The number of deleted tokens |
|
| 49 | + */ |
|
| 50 | + public static function clearExpired() |
|
| 51 | + { |
|
| 52 | + $latest = self::latest()->select('id')->first(); |
|
| 53 | + |
|
| 54 | + return (int) self::where('id', '!=', $latest->id)->delete(); |
|
| 55 | + } |
|
| 56 | 56 | } |
@@ -8,143 +8,143 @@ |
||
| 8 | 8 | |
| 9 | 9 | class ClientAssertion |
| 10 | 10 | { |
| 11 | - /** |
|
| 12 | - * The client assertion type |
|
| 13 | - * @link https://revolut-engineering.github.io/api-docs/business-api/#oauth-exchange-authorisation-code |
|
| 14 | - * |
|
| 15 | - * @var string |
|
| 16 | - */ |
|
| 17 | - const TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; |
|
| 18 | - |
|
| 19 | - /** |
|
| 20 | - * The JWT's audience parameter |
|
| 21 | - * @link https://revolut-engineering.github.io/api-docs/business-api/#authentication-setting-up-access-to-your-business-account |
|
| 22 | - * |
|
| 23 | - * @var string |
|
| 24 | - */ |
|
| 25 | - const AUDIENCE = 'https://revolut.com'; |
|
| 26 | - |
|
| 27 | - /** |
|
| 28 | - * The JWT's algorythm parameter |
|
| 29 | - * @link https://revolut-engineering.github.io/api-docs/business-api/#authentication-setting-up-access-to-your-business-account |
|
| 30 | - * |
|
| 31 | - * @var string |
|
| 32 | - */ |
|
| 33 | - const ALGORYTHM = 'RS256'; |
|
| 34 | - |
|
| 35 | - /** |
|
| 36 | - * The JWT client |
|
| 37 | - * |
|
| 38 | - * @var \firebase\JWT\JWT |
|
| 39 | - */ |
|
| 40 | - private $jwtClient; |
|
| 41 | - |
|
| 42 | - /** |
|
| 43 | - * The client ID |
|
| 44 | - * |
|
| 45 | - * @var string |
|
| 46 | - */ |
|
| 47 | - public $clientId; |
|
| 48 | - |
|
| 49 | - /** |
|
| 50 | - * The private key path |
|
| 51 | - * |
|
| 52 | - * @var string |
|
| 53 | - */ |
|
| 54 | - private $privateKey; |
|
| 55 | - |
|
| 56 | - /** |
|
| 57 | - * The redirect URI |
|
| 58 | - * |
|
| 59 | - * @var string |
|
| 60 | - */ |
|
| 61 | - private $redirectUri; |
|
| 62 | - |
|
| 63 | - /** |
|
| 64 | - * Create a new client assertion |
|
| 65 | - * |
|
| 66 | - * @param string $clientId The client ID |
|
| 67 | - * @param string $privateKey The path to the private key |
|
| 68 | - * @param string $redirectUri The Oauth redirect URI |
|
| 69 | - * @return void |
|
| 70 | - */ |
|
| 71 | - public function __construct(string $clientId, string $privateKey, string $redirectUri) |
|
| 72 | - { |
|
| 73 | - $this->jwtClient = new JWT; |
|
| 74 | - $this->clientId = $clientId; |
|
| 75 | - $this->privateKey = $privateKey; |
|
| 76 | - $this->redirectUri = $redirectUri; |
|
| 77 | - } |
|
| 78 | - |
|
| 79 | - /** |
|
| 80 | - * Build the JWT |
|
| 81 | - * |
|
| 82 | - * @return string The assertion string |
|
| 83 | - * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 84 | - */ |
|
| 85 | - public function build() |
|
| 86 | - { |
|
| 87 | - try { |
|
| 88 | - return $this->jwtClient->encode($this->buildPayload(), $this->getPrivateKey(), self::ALGORYTHM); |
|
| 89 | - } catch (Exception $e) { |
|
| 90 | - throw new ConfigurationException('Failed to create JWT - ' . $e->getMessage(), null, $e); |
|
| 91 | - } |
|
| 92 | - } |
|
| 93 | - |
|
| 94 | - /** |
|
| 95 | - * Build the payload for the JWT |
|
| 96 | - * |
|
| 97 | - * @return array |
|
| 98 | - */ |
|
| 99 | - private function buildPayload() |
|
| 100 | - { |
|
| 101 | - return [ |
|
| 102 | - 'sub' => $this->clientId, |
|
| 103 | - 'iss' => $this->getIssuer(), |
|
| 104 | - 'exp' => self::getExpiration(), |
|
| 105 | - 'aud' => self::AUDIENCE, |
|
| 106 | - ]; |
|
| 107 | - } |
|
| 108 | - |
|
| 109 | - /** |
|
| 110 | - * Get the contents of the private key |
|
| 111 | - * |
|
| 112 | - * @return string |
|
| 113 | - * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 114 | - */ |
|
| 115 | - private function getPrivateKey() |
|
| 116 | - { |
|
| 117 | - try { |
|
| 118 | - return file_get_contents($this->privateKey); |
|
| 119 | - } catch (Exception $e) { |
|
| 120 | - throw new ConfigurationException('Private Key not configured correctly! ' . $e->getMessage(), null, $e); |
|
| 121 | - } |
|
| 122 | - } |
|
| 123 | - |
|
| 124 | - /** |
|
| 125 | - * Get the JWT issuer |
|
| 126 | - * |
|
| 127 | - * @return string |
|
| 128 | - * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 129 | - */ |
|
| 130 | - private function getIssuer() |
|
| 131 | - { |
|
| 132 | - $domain = parse_url($this->redirectUri); |
|
| 133 | - |
|
| 134 | - if (empty($domain['host'])) { |
|
| 135 | - throw new ConfigurationException('Invalid redirect URI.'); |
|
| 136 | - } |
|
| 137 | - |
|
| 138 | - return $domain['host']; |
|
| 139 | - } |
|
| 140 | - |
|
| 141 | - /** |
|
| 142 | - * Get the expiration time in the form of a unix timestamp |
|
| 143 | - * |
|
| 144 | - * @return int |
|
| 145 | - */ |
|
| 146 | - private static function getExpiration() |
|
| 147 | - { |
|
| 148 | - return time() + (60 * 5); |
|
| 149 | - } |
|
| 11 | + /** |
|
| 12 | + * The client assertion type |
|
| 13 | + * @link https://revolut-engineering.github.io/api-docs/business-api/#oauth-exchange-authorisation-code |
|
| 14 | + * |
|
| 15 | + * @var string |
|
| 16 | + */ |
|
| 17 | + const TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'; |
|
| 18 | + |
|
| 19 | + /** |
|
| 20 | + * The JWT's audience parameter |
|
| 21 | + * @link https://revolut-engineering.github.io/api-docs/business-api/#authentication-setting-up-access-to-your-business-account |
|
| 22 | + * |
|
| 23 | + * @var string |
|
| 24 | + */ |
|
| 25 | + const AUDIENCE = 'https://revolut.com'; |
|
| 26 | + |
|
| 27 | + /** |
|
| 28 | + * The JWT's algorythm parameter |
|
| 29 | + * @link https://revolut-engineering.github.io/api-docs/business-api/#authentication-setting-up-access-to-your-business-account |
|
| 30 | + * |
|
| 31 | + * @var string |
|
| 32 | + */ |
|
| 33 | + const ALGORYTHM = 'RS256'; |
|
| 34 | + |
|
| 35 | + /** |
|
| 36 | + * The JWT client |
|
| 37 | + * |
|
| 38 | + * @var \firebase\JWT\JWT |
|
| 39 | + */ |
|
| 40 | + private $jwtClient; |
|
| 41 | + |
|
| 42 | + /** |
|
| 43 | + * The client ID |
|
| 44 | + * |
|
| 45 | + * @var string |
|
| 46 | + */ |
|
| 47 | + public $clientId; |
|
| 48 | + |
|
| 49 | + /** |
|
| 50 | + * The private key path |
|
| 51 | + * |
|
| 52 | + * @var string |
|
| 53 | + */ |
|
| 54 | + private $privateKey; |
|
| 55 | + |
|
| 56 | + /** |
|
| 57 | + * The redirect URI |
|
| 58 | + * |
|
| 59 | + * @var string |
|
| 60 | + */ |
|
| 61 | + private $redirectUri; |
|
| 62 | + |
|
| 63 | + /** |
|
| 64 | + * Create a new client assertion |
|
| 65 | + * |
|
| 66 | + * @param string $clientId The client ID |
|
| 67 | + * @param string $privateKey The path to the private key |
|
| 68 | + * @param string $redirectUri The Oauth redirect URI |
|
| 69 | + * @return void |
|
| 70 | + */ |
|
| 71 | + public function __construct(string $clientId, string $privateKey, string $redirectUri) |
|
| 72 | + { |
|
| 73 | + $this->jwtClient = new JWT; |
|
| 74 | + $this->clientId = $clientId; |
|
| 75 | + $this->privateKey = $privateKey; |
|
| 76 | + $this->redirectUri = $redirectUri; |
|
| 77 | + } |
|
| 78 | + |
|
| 79 | + /** |
|
| 80 | + * Build the JWT |
|
| 81 | + * |
|
| 82 | + * @return string The assertion string |
|
| 83 | + * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 84 | + */ |
|
| 85 | + public function build() |
|
| 86 | + { |
|
| 87 | + try { |
|
| 88 | + return $this->jwtClient->encode($this->buildPayload(), $this->getPrivateKey(), self::ALGORYTHM); |
|
| 89 | + } catch (Exception $e) { |
|
| 90 | + throw new ConfigurationException('Failed to create JWT - ' . $e->getMessage(), null, $e); |
|
| 91 | + } |
|
| 92 | + } |
|
| 93 | + |
|
| 94 | + /** |
|
| 95 | + * Build the payload for the JWT |
|
| 96 | + * |
|
| 97 | + * @return array |
|
| 98 | + */ |
|
| 99 | + private function buildPayload() |
|
| 100 | + { |
|
| 101 | + return [ |
|
| 102 | + 'sub' => $this->clientId, |
|
| 103 | + 'iss' => $this->getIssuer(), |
|
| 104 | + 'exp' => self::getExpiration(), |
|
| 105 | + 'aud' => self::AUDIENCE, |
|
| 106 | + ]; |
|
| 107 | + } |
|
| 108 | + |
|
| 109 | + /** |
|
| 110 | + * Get the contents of the private key |
|
| 111 | + * |
|
| 112 | + * @return string |
|
| 113 | + * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 114 | + */ |
|
| 115 | + private function getPrivateKey() |
|
| 116 | + { |
|
| 117 | + try { |
|
| 118 | + return file_get_contents($this->privateKey); |
|
| 119 | + } catch (Exception $e) { |
|
| 120 | + throw new ConfigurationException('Private Key not configured correctly! ' . $e->getMessage(), null, $e); |
|
| 121 | + } |
|
| 122 | + } |
|
| 123 | + |
|
| 124 | + /** |
|
| 125 | + * Get the JWT issuer |
|
| 126 | + * |
|
| 127 | + * @return string |
|
| 128 | + * @throws \tbclla\Revolut\Exceptions\ConfigurationException |
|
| 129 | + */ |
|
| 130 | + private function getIssuer() |
|
| 131 | + { |
|
| 132 | + $domain = parse_url($this->redirectUri); |
|
| 133 | + |
|
| 134 | + if (empty($domain['host'])) { |
|
| 135 | + throw new ConfigurationException('Invalid redirect URI.'); |
|
| 136 | + } |
|
| 137 | + |
|
| 138 | + return $domain['host']; |
|
| 139 | + } |
|
| 140 | + |
|
| 141 | + /** |
|
| 142 | + * Get the expiration time in the form of a unix timestamp |
|
| 143 | + * |
|
| 144 | + * @return int |
|
| 145 | + */ |
|
| 146 | + private static function getExpiration() |
|
| 147 | + { |
|
| 148 | + return time() + (60 * 5); |
|
| 149 | + } |
|
| 150 | 150 | } |
