Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Own grantType for federation auth #54

Open
bdart opened this issue Sep 29, 2015 · 1 comment
Open

Own grantType for federation auth #54

bdart opened this issue Sep 29, 2015 · 1 comment

Comments

@bdart
Copy link

bdart commented Sep 29, 2015

Actually it is quite cool to use this as an auth service that handles different apps or resource servers. I want to use it as an central auth instance. So the only point that is missing actually for it is that I can login/register alternatively with Facebook or Google or something like this at the Auth Service.

So actually I need a new grant_type or? that takes up the signed_request that is returned e.g. by FaceBook and validated so that I can somehow create the new token for our system.

So add new granttype to config and storage map e.g.:

           'storageMap' => [
                'user_credentials' => 'api\models\User',
                'federation_credentials' => 'api\models\Auth'
            ],
           'grantTypes' => [
                'client_credentials' => [
                    'class' => 'OAuth2\GrantType\ClientCredentials',
                    'allow_public_clients' => false
                ],
                'user_credentials' => [
                    'class' => 'OAuth2\GrantType\UserCredentials'
                ],
                'refresh_token' => [
                    'class' => 'OAuth2\GrantType\RefreshToken',
                    'always_issue_new_refresh_token' => true
                ],
                'federation_credentials' => [
                    'class' => 'api\components\auth\ExternalCredentials'
                ]
            ],

ExternalCredentials may look like this? (could not test it):

namespace api\components\auth;

use OAuth2\GrantType\GrantTypeInterface;
use OAuth2\RequestInterface;
use OAuth2\ResponseInterface;
use OAuth2\ResponseType\AccessTokenInterface;

class ExternalCredentials implements GrantTypeInterface
{
    private $userInfo;

    protected $storage;

    public function __construct(ExternalCredentialsInterface $storage)
    {
        $this->storage = $storage;
    }

    public function getQuerystringIdentifier()
    {
        return 'signed_request';
    }

    public function validateRequest(RequestInterface $request, ResponseInterface $response)
    {
        if (!$request->request("signed_request")) {
            $response->setError(400, 'invalid_request', 'Missing parameters: "username" and "password" required');

            return null;
        }

        if (!$this->storage->checkUserCredentials($request->request("signed_request"))) {
            $response->setError(401, 'invalid_grant', 'Invalid signed request');

            return null;
        }

        $userInfo = $this->storage->getUserDetails($request->request("signed_request"));

        if (empty($userInfo)) {
            $response->setError(400, 'invalid_grant', 'Unable to retrieve user information');

            return null;
        }

        if (!isset($userInfo['user_id'])) {
            throw new \LogicException("you must set the user_id on the array returned by getUserDetails");
        }

        $this->userInfo = $userInfo;

        return true;
    }

    public function getClientId()
    {
        return null;
    }

    public function getUserId()
    {
        return $this->userInfo['user_id'];
    }

    public function getScope()
    {
        return isset($this->userInfo['scope']) ? $this->userInfo['scope'] : null;
    }

    public function createAccessToken(AccessTokenInterface $accessToken, $client_id, $user_id, $scope)
    {
        return $accessToken->createAccessToken($client_id, $user_id, $scope);
    }
}

And I have to manually add to filsh's and bshaffer's repo the new grant type? This seems not like the perfect way. How can I add my own grant_type?

@yang-he
Copy link

yang-he commented May 6, 2017

@bdart see here: #101

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants