OAuth2 supports authentication by OAuth2 2-legged flows.
It primary supports
- service account authorization
- authorization where a user already has an access token
| Constants |
| public Google |
| public Google |
| public Google |
| public Google |
| Properties |
| public static $knownGrantTypes = ['authorization_code', 'refresh_token', 'password', 'client_credentials'] The well known grant types.
|
| public static $knownSigningAlgorithms = ['HS256', 'HS512', 'HS384', 'RS256'] TODO: determine known methods from the keys of JWT::methods.
|
| Methods |
| public __construct(array $config) Create a new OAuthCredentials. The configuration array accepts various options
|
| public buildFullAuthorizationUri(array $config = []) Builds the authorization Uri that the user should be redirected to.
|
| public fetchAuthToken(?callable $httpHandler = NULL, array $headers = []) Fetches the auth tokens based on the current state.
|
| public generateCodeVerifier() : string Generates a random 128-character string for the "code_verifier" parameter in PKCE for OAuth 2.0. This is a cryptographically random string that is determined using random_int, hashed using "hash" and sha256, and base64 encoded. When this method is called, the code verifier is set on the object.
|
| public generateCredentialsRequest(?callable $httpHandler = NULL, array $headers = []) Generates a request for token credentials.
|
| public getAccessToken() Gets the current access token.
|
| public getAdditionalClaims() Gets the additional claims to be included in the JWT token.
|
| public getAudience() Gets the target audience when issuing assertions.
|
| public getAuthorizationUri() Gets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
|
public getCacheKey()
|
| public getClientId() Sets a unique identifier issued to the client to identify itself to the authorization server.
|
| public getClientName(?callable $httpHandler = NULL) Get the client ID. Alias of {@see \OAuth2::getClientId()}.
|
| public getClientSecret() Gets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
|
| public getCode() Gets the authorization code issued to this client.
|
public getCodeVerifier() : ?string
|
| public getExpiresAt() Gets the time the current access token expires at.
|
| public getExpiresIn() Gets the lifetime of the access token in seconds.
|
| public getExpiry() Gets the number of seconds assertions are valid for.
|
| public getExtensionParams() Gets the set of parameters used by extension when using an extension grant type.
|
| public getGrantedScope() Get the granted space-separated scopes (if they exist) for the last fetched token.
|
| public getGrantType() Gets the current grant type.
|
| public getIdToken() Gets the current ID token.
|
| public getIssuedAt() Gets the time the current access token was issued at.
|
| public getIssuedTokenType() Gets the additional claims to be included in the JWT token.
|
| public getIssuer() Gets the Issuer ID when using assertion profile.
|
| public getLastReceivedToken() The expiration of the last received token.
|
| public getPassword() Gets the resource owner's password.
|
| public getRedirectUri() Gets the redirection URI used in the initial request.
|
| public getRefreshToken() Gets the refresh token associated with the current access token.
|
| public getScope() Gets the scope of the access requests as a space-delimited String.
|
| public getSigningAlgorithm() Gets the signing algorithm when using an assertion profile.
|
| public getSigningKey() Gets the signing key when using an assertion profile.
|
| public getSigningKeyId() Gets the signing key id when using an assertion profile.
|
| public getState() Gets an arbitrary string designed to allow the client to maintain state.
|
| public getSub() Gets the target sub when issuing assertions.
|
| public getSubjectTokenFetcher() : ?Google Gets this instance's SubjectTokenFetcher
|
| public getSubjectTokenType() : ?string Gets the subject token type
|
| public getTokenCredentialUri() Gets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
|
| public getUsername() Gets the resource owner's username.
|
| public isExpired() Returns true if the acccess token has expired.
|
| public parseTokenResponse(Psr\Http\Message\ResponseInterface $resp) Parses the fetched tokens.
|
| public setAccessToken( $accessToken) Sets the current access token.
|
| public setAdditionalClaims(array $additionalClaims) Sets additional claims to be included in the JWT token
|
| public setAudience( $audience) Sets the target audience when issuing assertions.
|
| public setAuthorizationUri( $uri) Sets the authorization server's HTTP endpoint capable of authenticating the end-user and obtaining authorization.
|
| public setClientId( $clientId) Sets a unique identifier issued to the client to identify itself to the authorization server.
|
| public setClientSecret( $clientSecret) Sets a shared symmetric secret issued by the authorization server, which is used to authenticate the client.
|
| public setCode( $code) Sets the authorization code issued to this client.
|
| public setCodeVerifier(?string $codeVerifier) : void A cryptographically random string that is used to correlate the authorization request to the token request. The code verifier for PKCE for OAuth 2.0. When set, the authorization URI will contain the Code Challenge and Code Challenge Method querystring parameters, and the token URI will contain the Code Verifier parameter.
|
| public setExpiresAt( $expiresAt) Sets the time the current access token expires at.
|
| public setExpiresIn( $expiresIn) Sets the lifetime of the access token in seconds.
|
| public setExpiry( $expiry) Sets the number of seconds assertions are valid for.
|
| public setExtensionParams( $extensionParams) Sets the set of parameters used by extension when using an extension grant type.
|
| public setGrantedScope( $grantedScope) Sets the current ID token.
|
| public setGrantType( $grantType) Sets the current grant type.
|
| public setIdToken( $idToken) Sets the current ID token.
|
| public setIssuedAt( $issuedAt) Sets the time the current access token was issued at.
|
| public setIssuer( $issuer) Sets the Issuer ID when using assertion profile.
|
| public setPassword( $password) Sets the resource owner's password.
|
| public setRedirectUri( $uri) Sets the redirection URI used in the initial request.
|
| public setRefreshToken( $refreshToken) Sets the refresh token associated with the current access token.
|
| public setScope( $scope) Sets the scope of the access request, expressed either as an Array or as a space-delimited String.
|
| public setSigningAlgorithm( $signingAlgorithm) Sets the signing algorithm when using an assertion profile.
|
| public setSigningKey( $signingKey) Sets the signing key when using an assertion profile.
|
| public setSigningKeyId( $signingKeyId) Sets the signing key id when using an assertion profile.
|
| public setState( $state) Sets an arbitrary string designed to allow the client to maintain state.
|
| public setSub( $sub) Sets the target sub when issuing assertions.
|
| public setTokenCredentialUri( $uri) Sets the authorization server's HTTP endpoint capable of issuing tokens and refreshing expired tokens.
|
| public setUsername( $username) Sets the resource owner's username.
|
| public toJwt(array $config = []) Obtains the encoded jwt from the instance data.
|
| public updateToken(array $config) Updates an OAuth 2.0 client. Example:
|
| public verifyIdToken( $publicKey = NULL, $allowed_algs = []) Verifies the idToken if present.
The behavior of this method varies depending on the version of
|
| Constants |
| private Google |
| Properties |
| private $accessToken = NULL The current access token.
|
| private ?string $actorToken For STS requests. A security token that represents the identity of the acting party. |
| private ?string $actorTokenType For STS requests. An identifier that indicates the type of the security token in the actorToken parameter. |
| private $additionalClaims = NULL When using the toJwt function, these claims will be added to the JWT payload.
|
| private array $additionalOptions From STS response. An identifier for the representation of the issued security token.
|
| private $audience = NULL The target audience for assertions.
|
private $authorizationUri = NULL
|
| private $clientId = NULL A unique identifier issued to the client to identify itself to the authorization server.
|
| private $clientSecret = NULL A shared symmetric secret issued by the authorization server, which is used to authenticate the client.
|
| private $code = NULL The authorization code issued to this client. Only used by the authorization code access grant type.
|
| private $codeVerifier = NULL The code verifier for PKCE for OAuth 2.0. When set, the authorization URI will contain the Code Challenge and Code Challenge Method querystring parameters, and the token URI will contain the Code Verifier parameter.
|
| private $expiresAt = NULL The expiration time of the access token as a number of seconds since the unix epoch.
|
| private $expiresIn = NULL The lifetime in seconds of the current access token.
|
| private $expiry = NULL The number of seconds assertions are valid for.
|
| private $extensionParams = NULL When using an extension grant type, this is the set of parameters used by that extension.
|
| private $grantedScope = NULL The scopes granted to the current access token
|
| private $grantType = NULL The current grant type.
|
| private $idToken = NULL The current ID token.
|
| private $issuedAt = NULL The issue time of the access token as a number of seconds since the unix epoch.
|
| private ?string $issuedTokenType = NULL From STS response. An identifier for the representation of the issued security token. |
| private $issuer = NULL The issuer ID when using assertion profile.
|
| private $password = NULL The resource owner's password.
|
| private $redirectUri = NULL The redirection URI used in the initial request.
|
| private $refreshToken = NULL The refresh token associated with the access token to be refreshed.
|
| private ?string $resource For STS requests. A URI that indicates the target service or resource where the client intends to use the requested security token. |
| private $scope = NULL The scope of the access request, expressed either as an Array or as a space-delimited string.
|
| private $signingAlgorithm = NULL The signing algorithm when using an assertion profile.
|
| private $signingKey = NULL The signing key when using assertion profile.
|
| private $signingKeyId = NULL The signing key id when using assertion profile. Param kid in jwt header
|
| private $state = NULL An arbitrary string designed to allow the client to maintain state.
|
| private $sub = NULL The target sub when issuing assertions.
|
| private ?Google For STS requests. A fetcher for the "subject_token", which is a security token that represents the identity of the party on behalf of whom the request is being made. |
| private ?string $subjectTokenType For STS requests. An identifier, that indicates the type of the security token in the subjectToken parameter. |
private $tokenCredentialUri = NULL
|
| private $username = NULL The resource owner's username.
|
| Methods |
private addClientCredentials( $params)
|
private coerceUri( $uri)
|
| private generateRandomString(int $length) : string |
| private getCodeChallenge(string $randomString) : string |
| private getCodeChallengeMethod() : string |
private getFirebaseJwtKeys( $publicKey, $allowedAlgs)
|
| private isAbsoluteUri( $uri) Determines if the URI is absolute based on its scheme and host or path (RFC 3986).
|
private jwtDecode( $idToken, $publicKey, $allowedAlgs)
|
| Properties |
| public static $knownGrantTypes = ['authorization_code', 'refresh_token', 'password', 'client_credentials'] The well known grant types.
|
| public static $knownSigningAlgorithms = ['HS256', 'HS512', 'HS384', 'RS256'] TODO: determine known methods from the keys of JWT::methods.
|