-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathAccessTokenTrait.php
118 lines (98 loc) · 3.15 KB
/
AccessTokenTrait.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
/**
* @author Alex Bilbie <[email protected]>
* @copyright Copyright (c) Alex Bilbie
* @license http://mit-license.org/
*
* @link https://github.com/thephpleague/oauth2-server
*/
declare(strict_types=1);
namespace League\OAuth2\Server\Entities\Traits;
use DateTimeImmutable;
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Signer\Rsa\Sha256;
use Lcobucci\JWT\Token;
use League\OAuth2\Server\CryptKeyInterface;
use League\OAuth2\Server\Entities\ClientEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use RuntimeException;
trait AccessTokenTrait
{
private CryptKeyInterface $privateKey;
private Configuration $jwtConfiguration;
/**
* Set the private key used to encrypt this access token.
*/
public function setPrivateKey(CryptKeyInterface $privateKey): void
{
$this->privateKey = $privateKey;
}
/**
* Initialise the JWT Configuration.
*/
public function initJwtConfiguration(): void
{
$privateKeyContents = $this->privateKey->getKeyContents();
if ($privateKeyContents === '') {
throw new RuntimeException('Private key is empty');
}
$this->jwtConfiguration = Configuration::forAsymmetricSigner(
new Sha256(),
InMemory::plainText($privateKeyContents, $this->privateKey->getPassPhrase() ?? ''),
InMemory::plainText('empty', 'empty')
);
}
/**
* Configure the JWT builder instance.
*/
protected function withJwtBuilder(Builder $builder): Builder
{
return $builder;
}
/**
* Generate a JWT from the access token
*/
private function convertToJWT(): Token
{
$this->initJwtConfiguration();
return $this->withJwtBuilder($this->jwtConfiguration->builder()
->permittedFor($this->getClient()->getIdentifier())
->identifiedBy($this->getIdentifier())
->issuedAt(new DateTimeImmutable())
->canOnlyBeUsedAfter(new DateTimeImmutable())
->expiresAt($this->getExpiryDateTime())
->relatedTo($this->getSubjectIdentifier())
->withClaim('scopes', $this->getScopes()))
->getToken($this->jwtConfiguration->signer(), $this->jwtConfiguration->signingKey());
}
/**
* Generate a string representation from the access token
*/
public function toString(): string
{
return $this->convertToJWT()->toString();
}
abstract public function getClient(): ClientEntityInterface;
abstract public function getExpiryDateTime(): DateTimeImmutable;
/**
* @return non-empty-string|null
*/
abstract public function getUserIdentifier(): string|null;
/**
* @return ScopeEntityInterface[]
*/
abstract public function getScopes(): array;
/**
* @return non-empty-string
*/
abstract public function getIdentifier(): string;
/**
* @return non-empty-string
*/
private function getSubjectIdentifier(): string
{
return $this->getUserIdentifier() ?? $this->getClient()->getIdentifier();
}
}