-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathServer.php
More file actions
153 lines (123 loc) · 5.63 KB
/
Server.php
File metadata and controls
153 lines (123 loc) · 5.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php declare(strict_types=1);
namespace Pdsinterop\Solid\Auth;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Entities\UserEntityInterface;
use League\OAuth2\Server\Exception\OAuthServerException;
use Pdsinterop\Solid\Auth\Entity\User;
use Pdsinterop\Solid\Auth\Enum\OpenId\OpenIdConnectMetadata as OidcMeta;
use Pdsinterop\Solid\Auth\Utils\Jwks;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
class Server
{
////////////////////////////// CLASS PROPERTIES \\\\\\\\\\\\\\\\\\\\\\\\\\\\
/** @var AuthorizationServer */
private $authorizationServer;
/** @var Config */
private $config;
/** @var Response */
private $response;
//////////////////////////////// PUBLIC API \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
final public function __construct(
AuthorizationServer $authorizationServer,
Config $config,
Response $response
) {
$this->authorizationServer = $authorizationServer;
$this->config = $config;
$this->response = $response;
}
final public function respondToAccessTokenRequest(Request $request) : Response
{
$authorizationServer = $this->authorizationServer;
$response = $this->response;
try {
return $authorizationServer->respondToAccessTokenRequest($request, $response);
} catch (OAuthServerException $serverException) {
return $this->createOauthServerExceptionResponse($response, $serverException);
}
}
/**
* @param Request $request
*
* @return Response
*
* @see https://openid.net/specs/openid-connect-registration-1_0.html
*/
final public function respondToDynamicClientRegistrationRequest(Request $request): Response {
return $this->response->withStatus(501);
}
final public function respondToAuthorizationRequest(
Request $request,
?User $user = null,
?bool $authorizationApproved = null,
?callable $callback = null
) : Response {
$serverConfig = $this->config->getServer();
$authorizationServer = $this->authorizationServer;
$response = $this->response;
try {
// Validate the HTTP request and return an AuthorizationRequest object.
$authRequest = $authorizationServer->validateAuthorizationRequest($request);
} catch (OAuthServerException $serverException) {
return $this->createOauthServerExceptionResponse($response, $serverException);
}
if ($user instanceof UserEntityInterface) {
// Once the user has logged in set the user on the AuthorizationRequest
$authRequest->setUser($user);
}
if ($user === null && $authorizationApproved === null) {
/*/ Step 1 Redirect the user to a login endpoint /*/
$loginUrl = ''; //@FIXME: The LOGIN_URL is NOT part of any RFC Spec so it can not (yet) be retrieved using `$serverConfig->get(Foo::LOGIN_URL);`
$response = $response->withHeader('Location', $loginUrl)->withStatus(302);
} elseif ($user instanceof UserEntityInterface && $authorizationApproved === null) {
/*/ Step 2: Redirect the user to an authorization form where the user can approve the scopes requested by the client./*/
$authorizationPageUrl = $serverConfig->get(OidcMeta::AUTHORIZATION_ENDPOINT);
$response = $response->withHeader('Location', $authorizationPageUrl)->withStatus(302);
} elseif (is_bool($authorizationApproved)) {
/*/ Step 3: Update approval status and redirect to Client `redirect_uri /*/
// Once the user has approved or denied the client update the status
$authRequest->setAuthorizationApproved($authorizationApproved);
// Return the HTTP redirect response
$response = $authorizationServer->completeAuthorizationRequest($authRequest, $response);
} else {
// @CHECKME: 404 or throw Exception?
$response = $response->withStatus(404);
}
// Allow calling code to retrieve or validate data from $authRequest
if (is_callable($callback)) {
// @CHECKME: Should this give access to the League\OAuth2 object or do we need to inject a Pdsinterop\Solid intermediate?
$callback($authRequest);
}
return $response;
}
final public function respondToJwksMetadataRequest(/*Jwks $jwks*/) : Response
{
$response = $this->response;
$key = $this->config->getKeys()->getPublicKey();
$jwks = new Jwks($key);
return $this->createJsonResponse($response, $jwks);
}
final public function respondToOpenIdMetadataRequest() : Response
{
$response = $this->response;
$serverConfig = $this->config->getServer();
return $this->createJsonResponse($response, $serverConfig);
}
final public function respondTo_Request(): Response {}
////////////////////////////// UTILITY METHODS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
private function createOauthServerExceptionResponse(Response $response, OAuthServerException $serverException): Response
{
return $serverException->generateHttpResponse($response, false, JSON_PRETTY_PRINT);
}
private function createJsonResponse(Response $response, $json = null) : Response
{
if ($json !== null) {
if ( ! is_string($json)) {
$json = json_encode($json, JSON_PRETTY_PRINT);
}
$response->getBody()->write($json);
}
return $response->withHeader('content-type', 'application/json; charset=UTF-8');
}
}