vendor/knpuniversity/oauth2-client-bundle/src/Client/OAuth2Client.php line 70

Open in your IDE?
  1. <?php
  3. /*
  4. * OAuth2 Client Bundle
  5. * Copyright (c) KnpUniversity <http://knpuniversity.com/>
  6. *
  7. * For the full copyright and license information, please view the LICENSE
  8. * file that was distributed with this source code.
  9. */
  11. namespace KnpU\OAuth2ClientBundle\Client;
  13. use KnpU\OAuth2ClientBundle\Exception\InvalidStateException;
  14. use KnpU\OAuth2ClientBundle\Exception\MissingAuthorizationCodeException;
  15. use League\OAuth2\Client\Provider\AbstractProvider;
  16. use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
  17. use League\OAuth2\Client\Token\AccessToken;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\RequestStack;
  20. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  22. class OAuth2Client implements OAuth2ClientInterface
  23. {
  24. public const OAUTH2_SESSION_STATE_KEY = 'knpu.oauth2_client_state';
  26. private AbstractProvider $provider;
  28. private RequestStack $requestStack;
  30. private bool $isStateless = false;
  32. /**
  33. * OAuth2Client constructor.
  34. */
  35. public function __construct(AbstractProvider $provider, RequestStack $requestStack)
  36. {
  37. $this->provider = $provider;
  38. $this->requestStack = $requestStack;
  39. }
  41. /**
  42. * Call this to avoid using and checking "state".
  43. */
  44. public function setAsStateless()
  45. {
  46. $this->isStateless = true;
  47. }
  49. /**
  50. * Creates a RedirectResponse that will send the user to the
  51. * OAuth2 server (e.g. send them to Facebook).
  52. *
  53. * @param array $scopes The scopes you want (leave empty to use default)
  54. * @param array $options Extra options to pass to the Provider's getAuthorizationUrl()
  55. * method. For example, <code>scope</code> is a common option.
  56. * Generally, these become query parameters when redirecting.
  57. *
  58. * @return RedirectResponse
  59. */
  60. public function redirect(array $scopes = [], array $options = [])
  61. {
  62. if (!empty($scopes)) {
  63. $options['scope'] = $scopes;
  64. }
  66. $url = $this->provider->getAuthorizationUrl($options);
  68. // set the state (unless we're stateless)
  69. if (!$this->isStateless()) {
  70. $this->getSession()->set(
  71. self::OAUTH2_SESSION_STATE_KEY,
  72. $this->provider->getState()
  73. );
  74. }
  76. return new RedirectResponse($url);
  77. }
  79. /**
  80. * Call this after the user is redirected back to get the access token.
  81. *
  82. * @param array $options Additional options that should be passed to the getAccessToken() of the underlying provider
  83. *
  84. * @return AccessToken|\League\OAuth2\Client\Token\AccessTokenInterface
  85. *
  86. * @throws InvalidStateException
  87. * @throws MissingAuthorizationCodeException
  88. * @throws IdentityProviderException If token cannot be fetched
  89. */
  90. public function getAccessToken(array $options = [])
  91. {
  92. if (!$this->isStateless()) {
  93. $expectedState = $this->getSession()->get(self::OAUTH2_SESSION_STATE_KEY);
  94. $actualState = $this->getCurrentRequest()->get('state');
  95. if (!$actualState || ($actualState !== $expectedState)) {
  96. throw new InvalidStateException('Invalid state');
  97. }
  98. }
  100. $code = $this->getCurrentRequest()->get('code');
  102. if (!$code) {
  103. throw new MissingAuthorizationCodeException('No "code" parameter was found (usually this is a query parameter)!');
  104. }
  106. return $this->provider->getAccessToken(
  107. 'authorization_code',
  108. array_merge(['code' => $code], $options)
  109. );
  110. }
  112. /**
  113. * Get a new AccessToken from a refresh token.
  114. *
  115. * @param array $options Additional options that should be passed to the getAccessToken() of the underlying provider
  116. *
  117. * @return AccessToken|\League\OAuth2\Client\Token\AccessTokenInterface
  118. *
  119. * @throws IdentityProviderException If token cannot be fetched
  120. */
  121. public function refreshAccessToken(string $refreshToken, array $options = [])
  122. {
  123. return $this->provider->getAccessToken(
  124. 'refresh_token',
  125. array_merge(['refresh_token' => $refreshToken], $options)
  126. );
  127. }
  129. /**
  130. * Returns the "User" information (called a resource owner).
  131. *
  132. * @return \League\OAuth2\Client\Provider\ResourceOwnerInterface
  133. */
  134. public function fetchUserFromToken(AccessToken $accessToken)
  135. {
  136. return $this->provider->getResourceOwner($accessToken);
  137. }
  139. /**
  140. * Shortcut to fetch the access token and user all at once.
  141. *
  142. * Only use this if you don't need the access token, but only
  143. * need the user.
  144. *
  145. * @return \League\OAuth2\Client\Provider\ResourceOwnerInterface
  146. */
  147. public function fetchUser()
  148. {
  149. /** @var AccessToken $token */
  150. $token = $this->getAccessToken();
  152. return $this->fetchUserFromToken($token);
  153. }
  155. /**
  156. * Returns the underlying OAuth2 provider.
  157. *
  158. * @return AbstractProvider
  159. */
  160. public function getOAuth2Provider()
  161. {
  162. return $this->provider;
  163. }
  165. protected function isStateless(): bool
  166. {
  167. return $this->isStateless;
  168. }
  170. /**
  171. * @return \Symfony\Component\HttpFoundation\Request
  172. */
  173. private function getCurrentRequest()
  174. {
  175. $request = $this->requestStack->getCurrentRequest();
  177. if (!$request) {
  178. throw new \LogicException('There is no "current request", and it is needed to perform this action');
  179. }
  181. return $request;
  182. }
  184. /**
  185. * @return SessionInterface
  186. */
  187. private function getSession()
  188. {
  189. if (!$this->getCurrentRequest()->hasSession()) {
  190. throw new \LogicException('In order to use "state", you must have a session. Set the OAuth2Client to stateless to avoid state');
  191. }
  193. return $this->getCurrentRequest()->getSession();
  194. }
  195. }