These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @author Alex Bilbie <[email protected]> |
||
4 | * @copyright Copyright (c) Alex Bilbie |
||
5 | * @license http://mit-license.org/ |
||
6 | * |
||
7 | * @link https://github.com/thephpleague/oauth2-server |
||
8 | */ |
||
9 | |||
10 | use League\OAuth2\Server\AuthorizationServer; |
||
11 | use League\OAuth2\Server\Grant\AuthCodeGrant; |
||
12 | use League\OAuth2\Server\Grant\RefreshTokenGrant; |
||
13 | use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware; |
||
14 | use League\OAuth2\Server\Middleware\ResourceServerMiddleware; |
||
15 | use League\OAuth2\Server\ResourceServer; |
||
16 | use OAuth2ServerExamples\Repositories\AccessTokenRepository; |
||
17 | use OAuth2ServerExamples\Repositories\AuthCodeRepository; |
||
18 | use OAuth2ServerExamples\Repositories\ClientRepository; |
||
19 | use OAuth2ServerExamples\Repositories\RefreshTokenRepository; |
||
20 | use OAuth2ServerExamples\Repositories\ScopeRepository; |
||
21 | use Psr\Http\Message\ResponseInterface; |
||
22 | use Psr\Http\Message\ServerRequestInterface; |
||
23 | use Slim\App; |
||
24 | use Zend\Diactoros\Stream; |
||
25 | |||
26 | include __DIR__ . '/../vendor/autoload.php'; |
||
27 | |||
28 | $app = new App([ |
||
29 | 'settings' => [ |
||
30 | 'displayErrorDetails' => true, |
||
31 | ], |
||
32 | AuthorizationServer::class => function () { |
||
33 | // Init our repositories |
||
34 | $clientRepository = new ClientRepository(); |
||
35 | $accessTokenRepository = new AccessTokenRepository(); |
||
36 | $scopeRepository = new ScopeRepository(); |
||
37 | $authCodeRepository = new AuthCodeRepository(); |
||
38 | $refreshTokenRepository = new RefreshTokenRepository(); |
||
39 | |||
40 | $privateKeyPath = 'file://' . __DIR__ . '/../private.key'; |
||
41 | |||
42 | // Setup the authorization server |
||
43 | $server = new AuthorizationServer( |
||
44 | $clientRepository, |
||
45 | $accessTokenRepository, |
||
46 | $scopeRepository, |
||
47 | $privateKeyPath, |
||
48 | 'lxZFUEsBCJ2Yb14IF2ygAHI5N4+ZAUXXaSeeJm6+twsUmIen' |
||
49 | ); |
||
50 | |||
51 | // Enable the authentication code grant on the server with a token TTL of 1 hour |
||
52 | $server->enableGrantType( |
||
53 | new AuthCodeGrant( |
||
54 | $authCodeRepository, |
||
55 | $refreshTokenRepository, |
||
56 | new \DateInterval('PT10M') |
||
57 | ), |
||
58 | new \DateInterval('PT1H') |
||
59 | ); |
||
60 | |||
61 | // Enable the refresh token grant on the server with a token TTL of 1 month |
||
62 | $server->enableGrantType( |
||
63 | new RefreshTokenGrant($refreshTokenRepository), |
||
64 | new \DateInterval('P1M') |
||
65 | ); |
||
66 | |||
67 | return $server; |
||
68 | }, |
||
69 | ResourceServer::class => function () { |
||
70 | $publicKeyPath = 'file://' . __DIR__ . '/../public.key'; |
||
71 | |||
72 | $server = new ResourceServer( |
||
73 | new AccessTokenRepository(), |
||
74 | $publicKeyPath |
||
75 | ); |
||
76 | |||
77 | return $server; |
||
78 | }, |
||
79 | ]); |
||
80 | |||
81 | // Access token issuer |
||
82 | $app->post('/access_token', function () { |
||
83 | })->add(new AuthorizationServerMiddleware($app->getContainer()->get(AuthorizationServer::class))); |
||
84 | |||
85 | // Secured API |
||
86 | $app->group('/api', function () { |
||
87 | $this->get('/user', function (ServerRequestInterface $request, ResponseInterface $response) { |
||
0 ignored issues
–
show
|
|||
88 | $params = []; |
||
89 | |||
90 | if (in_array('basic', $request->getAttribute('oauth_scopes', []))) { |
||
91 | $params = [ |
||
92 | 'id' => 1, |
||
93 | 'name' => 'Alex', |
||
94 | 'city' => 'London', |
||
95 | ]; |
||
96 | } |
||
97 | |||
98 | if (in_array('email', $request->getAttribute('oauth_scopes', []))) { |
||
99 | $params['email'] = '[email protected]'; |
||
100 | } |
||
101 | |||
102 | $body = new Stream('php://temp', 'r+'); |
||
103 | $body->write(json_encode($params)); |
||
104 | |||
105 | return $response->withBody($body); |
||
106 | }); |
||
107 | })->add(new ResourceServerMiddleware($app->getContainer()->get(ResourceServer::class))); |
||
108 | |||
109 | $app->run(); |
||
110 |
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.