|
<?php |
|
|
|
namespace Kanboard\Core\Http; |
|
|
|
use Kanboard\Core\Base; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class OAuth2 extends Base |
|
{ |
|
protected $clientId; |
|
protected $secret; |
|
protected $callbackUrl; |
|
protected $authUrl; |
|
protected $tokenUrl; |
|
protected $scopes; |
|
protected $tokenType; |
|
protected $accessToken; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function createService($clientId, $secret, $callbackUrl, $authUrl, $tokenUrl, array $scopes) |
|
{ |
|
$this->clientId = $clientId; |
|
$this->secret = $secret; |
|
$this->callbackUrl = $callbackUrl; |
|
$this->authUrl = $authUrl; |
|
$this->tokenUrl = $tokenUrl; |
|
$this->scopes = $scopes; |
|
|
|
return $this; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getState() |
|
{ |
|
if (! session_exists('oauthState')) { |
|
session_set('oauthState', $this->token->getToken()); |
|
} |
|
|
|
return session_get('oauthState'); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function isValidateState($state) |
|
{ |
|
return $state === $this->getState(); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAuthorizationUrl() |
|
{ |
|
$params = array( |
|
'response_type' => 'code', |
|
'client_id' => $this->clientId, |
|
'redirect_uri' => $this->callbackUrl, |
|
'scope' => implode(' ', $this->scopes), |
|
'state' => $this->getState(), |
|
); |
|
|
|
return $this->authUrl.'?'.http_build_query($params); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAuthorizationHeader() |
|
{ |
|
if (strtolower($this->tokenType) === 'bearer') { |
|
return 'Authorization: Bearer '.$this->accessToken; |
|
} |
|
|
|
return ''; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getAccessToken($code) |
|
{ |
|
if (empty($this->accessToken) && ! empty($code)) { |
|
$params = array( |
|
'code' => $code, |
|
'client_id' => $this->clientId, |
|
'client_secret' => $this->secret, |
|
'redirect_uri' => $this->callbackUrl, |
|
'grant_type' => 'authorization_code', |
|
'state' => $this->getState(), |
|
); |
|
|
|
$response = json_decode($this->httpClient->postForm($this->tokenUrl, $params, array('Accept: application/json')), true); |
|
|
|
$this->tokenType = isset($response['token_type']) ? $response['token_type'] : ''; |
|
$this->accessToken = isset($response['access_token']) ? $response['access_token'] : ''; |
|
} |
|
|
|
return $this->accessToken; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function setAccessToken($token, $type = 'bearer') |
|
{ |
|
$this->accessToken = $token; |
|
$this->tokenType = $type; |
|
return $this; |
|
} |
|
} |
|
|