Add compatibility with league/oauth2-server:^9

composer.json

@@ -20,7 +20,7 @@
  "ext-openssl": "*",
  "doctrine/doctrine-bundle": "^2.8.0",
  "doctrine/orm": "^2.14|^3.0",
- "league/oauth2-server": "^8.3",
+ "league/oauth2-server": "^9",
  "nyholm/psr7": "^1.4",
  "psr/http-factory": "^1.0",
  "symfony/event-dispatcher": "^5.4|^6.2|^7.0",

src/Command/CreateClientCommand.php

@@ -135,11 +135,11 @@ private function buildClientFromInput(InputInterface $input): ClientInterface
  $client->setActive(true);
  $client->setAllowPlainTextPkce($input->getOption('allow-plain-text-pkce'));
 
- /** @var list<string> $redirectUriStrings */
+ /** @var list<non-empty-string> $redirectUriStrings */
  $redirectUriStrings = $input->getOption('redirect-uri');
- /** @var list<string> $grantStrings */
+ /** @var list<non-empty-string> $grantStrings */
  $grantStrings = $input->getOption('grant-type');
- /** @var list<string> $scopeStrings */
+ /** @var list<non-empty-string> $scopeStrings */
  $scopeStrings = $input->getOption('scope');
 
  return $client

src/Command/ListClientsCommand.php

@@ -80,11 +80,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 
  private function getFindByCriteria(InputInterface $input): ClientFilter
  {
- /** @var list<string> $grantStrings */
+ /** @var list<non-empty-string> $grantStrings */
  $grantStrings = $input->getOption('grant-type');
- /** @var list<string> $redirectUriStrings */
+ /** @var list<non-empty-string> $redirectUriStrings */
  $redirectUriStrings = $input->getOption('redirect-uri');
- /** @var list<string> $scopeStrings */
+ /** @var list<non-empty-string> $scopeStrings */
  $scopeStrings = $input->getOption('scope');
 
  return ClientFilter::create()

src/Converter/UserConverter.php

@@ -10,6 +10,19 @@
 
 final class UserConverter implements UserConverterInterface
 {
+ public const DEFAULT_ANONYMOUS_USER_IDENTIFIER = 'anonymous';
+
+ /** @var non-empty-string */
+ private string $anonymousUserIdentifier;
+
+ /**
+ * @param non-empty-string $anonymousUserIdentifier
+ */
+ public function __construct(string $anonymousUserIdentifier = self::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+ {
+ $this->anonymousUserIdentifier = $anonymousUserIdentifier;
+ }
+
  /**
  * @psalm-suppress DeprecatedMethod
  * @psalm-suppress UndefinedInterfaceMethod
@@ -18,9 +31,16 @@ public function toLeague(?UserInterface $user): UserEntityInterface
  {
  $userEntity = new User();
  if ($user instanceof UserInterface) {
- $userEntity->setIdentifier(method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername());
+ $identifier = method_exists($user, 'getUserIdentifier') ? $user->getUserIdentifier() : $user->getUsername();
+ if ('' === $identifier) {
+ $identifier = $this->anonymousUserIdentifier;
+ }
+ } else {
+ $identifier = $this->anonymousUserIdentifier;
  }
 
+ $userEntity->setIdentifier($identifier);
+
  return $userEntity;
  }
 }

src/DBAL/Type/ImplodedArray.php

@@ -49,6 +49,7 @@ public function convertToPHPValue(mixed $value, AbstractPlatform $platform): arr
 
  \assert(\is_string($value), 'Expected $value of be either a string or null.');
 
+ /** @var list<non-empty-string> $values */
  $values = explode(self::VALUE_DELIMITER, $value);
 
  return $this->convertDatabaseValues($values);
@@ -87,7 +88,7 @@ private function assertValueCanBeImploded($value): void
  }
 
  /**
- * @param list<string> $values
+ * @param list<non-empty-string> $values
  *
  * @return list<T>
  */

src/DBAL/Type/Scope.php

@@ -22,7 +22,7 @@ public function getName(): string
  }
 
  /**
- * @param list<string> $values
+ * @param list<non-empty-string> $values
  *
  * @return list<ScopeModel>
  */

src/DependencyInjection/Configuration.php

@@ -5,6 +5,7 @@
 namespace League\Bundle\OAuth2ServerBundle\DependencyInjection;
 
 use Defuse\Crypto\Key;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\Model\AbstractClient;
 use League\Bundle\OAuth2ServerBundle\Model\Client;
 use Symfony\Component\Config\Definition\Builder\NodeDefinition;
@@ -31,6 +32,11 @@ public function getConfigTreeBuilder(): TreeBuilder
  ->defaultValue('ROLE_OAUTH2_')
  ->cannotBeEmpty()
  ->end()
+ ->scalarNode('anonymous_user_identifier')
+ ->info('Set a default user identifier for anonymous users')
+ ->defaultValue(UserConverter::DEFAULT_ANONYMOUS_USER_IDENTIFIER)
+ ->cannotBeEmpty()
+ ->end()
  ->end();
 
  return $treeBuilder;

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -8,6 +8,7 @@
 use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
 use League\Bundle\OAuth2ServerBundle\Command\CreateClientCommand;
 use League\Bundle\OAuth2ServerBundle\Command\GenerateKeyPairCommand;
+use League\Bundle\OAuth2ServerBundle\Converter\UserConverter;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Grant as GrantType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\RedirectUri as RedirectUriType;
 use League\Bundle\OAuth2ServerBundle\DBAL\Type\Scope as ScopeType;
@@ -68,6 +69,9 @@ public function load(array $configs, ContainerBuilder $container)
  $container->findDefinition(OAuth2Authenticator::class)
  ->setArgument(3, $config['role_prefix']);
 
+ $container->findDefinition(UserConverter::class)
+ ->setArgument(0, $config['anonymous_user_identifier']);
+
  $container->registerForAutoconfiguration(GrantTypeInterface::class)
  ->addTag('league.oauth2_server.authorization_server.grant');
 

src/Event/AuthorizationRequestResolveEvent.php

@@ -6,7 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
 use League\Bundle\OAuth2ServerBundle\ValueObject\Scope;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
+use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Contracts\EventDispatcher\Event;
@@ -17,7 +17,7 @@ final class AuthorizationRequestResolveEvent extends Event
  public const AUTHORIZATION_DENIED = false;
 
  /**
- * @var AuthorizationRequest
+ * @var AuthorizationRequestInterface
  */
  private $authorizationRequest;
 
@@ -49,7 +49,7 @@ final class AuthorizationRequestResolveEvent extends Event
  /**
  * @param Scope[] $scopes
  */
- public function __construct(AuthorizationRequest $authorizationRequest, array $scopes, ClientInterface $client)
+ public function __construct(AuthorizationRequestInterface $authorizationRequest, array $scopes, ClientInterface $client)
  {
  $this->authorizationRequest = $authorizationRequest;
  $this->scopes = $scopes;
@@ -137,12 +137,12 @@ public function getState(): ?string
  return $this->authorizationRequest->getState();
  }
 
- public function getCodeChallenge(): string
+ public function getCodeChallenge(): ?string
  {
  return $this->authorizationRequest->getCodeChallenge();
  }
 
- public function getCodeChallengeMethod(): string
+ public function getCodeChallengeMethod(): ?string
  {
  return $this->authorizationRequest->getCodeChallengeMethod();
  }

src/Event/AuthorizationRequestResolveEventFactory.php

@@ -6,7 +6,7 @@
 
 use League\Bundle\OAuth2ServerBundle\Converter\ScopeConverterInterface;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
+use League\OAuth2\Server\RequestTypes\AuthorizationRequestInterface;
 
 class AuthorizationRequestResolveEventFactory
 {
@@ -26,7 +26,7 @@ public function __construct(ScopeConverterInterface $scopeConverter, ClientManag
  $this->clientManager = $clientManager;
  }
 
- public function fromAuthorizationRequest(AuthorizationRequest $authorizationRequest): AuthorizationRequestResolveEvent
+ public function fromAuthorizationRequest(AuthorizationRequestInterface $authorizationRequest): AuthorizationRequestResolveEvent
  {
  $scopes = $this->scopeConverter->toDomainArray(array_values($authorizationRequest->getScopes()));
 

src/Event/ScopeResolveEvent.php

@@ -27,14 +27,14 @@ final class ScopeResolveEvent extends Event
  private $client;
 
  /**
- * @var string|null
+ * @var string|int|null
  */
  private $userIdentifier;
 
  /**
  * @param list<Scope> $scopes
  */
- public function __construct(array $scopes, Grant $grant, AbstractClient $client, ?string $userIdentifier)
+ public function __construct(array $scopes, Grant $grant, AbstractClient $client, string|int|null $userIdentifier)
  {
  $this->scopes = $scopes;
  $this->grant = $grant;
@@ -68,7 +68,7 @@ public function getClient(): AbstractClient
  return $this->client;
  }
 
- public function getUserIdentifier(): ?string
+ public function getUserIdentifier(): string|int|null
  {
  return $this->userIdentifier;
  }

src/EventListener/AddClientDefaultScopesListener.php

@@ -15,12 +15,12 @@
 class AddClientDefaultScopesListener
 {
  /**
- * @var list<string>
+ * @var list<non-empty-string>
  */
  private $defaultScopes;
 
  /**
- * @param list<string> $defaultScopes
+ * @param list<non-empty-string> $defaultScopes
  */
  public function __construct(array $defaultScopes)
  {

src/Model/AbstractClient.php

@@ -16,6 +16,7 @@
 abstract class AbstractClient implements ClientInterface
 {
  private string $name;
+ /** @var non-empty-string */
  protected string $identifier;
  private ?string $secret;
 
@@ -33,6 +34,8 @@ abstract class AbstractClient implements ClientInterface
 
  /**
  * @psalm-mutation-free
+ *
+ * @param non-empty-string $identifier
  */
  public function __construct(string $name, string $identifier, ?string $secret)
  {

src/Model/ClientInterface.php

@@ -13,6 +13,9 @@
  */
 interface ClientInterface
 {
+ /**
+ * @return non-empty-string
+ */
  public function getIdentifier(): string;
 
  public function getSecret(): ?string;

src/Repository/AccessTokenRepository.php

@@ -42,12 +42,13 @@ public function __construct(
  $this->scopeConverter = $scopeConverter;
  }
 
- public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
+ public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, ?string $userIdentifier = null): AccessTokenEntityInterface
  {
- /** @var int|string|null $userIdentifier */
  $accessToken = new AccessTokenEntity();
  $accessToken->setClient($clientEntity);
- $accessToken->setUserIdentifier($userIdentifier);
+ if (null !== $userIdentifier && '' !== $userIdentifier) {
+ $accessToken->setUserIdentifier($userIdentifier);
+ }
 
  foreach ($scopes as $scope) {
  $accessToken->addScope($scope);
@@ -69,10 +70,7 @@ public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEnt
  $this->accessTokenManager->save($accessToken);
  }
 
- /**
- * @param string $tokenId
- */
- public function revokeAccessToken($tokenId): void
+ public function revokeAccessToken(string $tokenId): void
  {
  $accessToken = $this->accessTokenManager->find($tokenId);
 
@@ -85,10 +83,7 @@ public function revokeAccessToken($tokenId): void
  $this->accessTokenManager->save($accessToken);
  }
 
- /**
- * @param string $tokenId
- */
- public function isAccessTokenRevoked($tokenId): bool
+ public function isAccessTokenRevoked(string $tokenId): bool
  {
  $accessToken = $this->accessTokenManager->find($tokenId);
 
@@ -105,9 +100,6 @@ private function buildAccessTokenModel(AccessTokenEntityInterface $accessTokenEn
  $client = $this->clientManager->find($accessTokenEntity->getClient()->getIdentifier());
 
  $userIdentifier = $accessTokenEntity->getUserIdentifier();
- if (null !== $userIdentifier) {
- $userIdentifier = (string) $userIdentifier;
- }
 
  return new AccessTokenModel(
  $accessTokenEntity->getIdentifier(),

src/Repository/AuthCodeRepository.php

@@ -46,10 +46,7 @@ public function getNewAuthCode(): AuthCode
  return new AuthCode();
  }
 
- /**
- * @return void
- */
- public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
+ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void
  {
  $authorizationCode = $this->authorizationCodeManager->find($authCodeEntity->getIdentifier());
 
@@ -62,7 +59,7 @@ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
  $this->authorizationCodeManager->save($authorizationCode);
  }
 
- public function revokeAuthCode($codeId): void
+ public function revokeAuthCode(string $codeId): void
  {
  $authorizationCode = $this->authorizationCodeManager->find($codeId);
 
@@ -75,7 +72,7 @@ public function revokeAuthCode($codeId): void
  $this->authorizationCodeManager->save($authorizationCode);
  }
 
- public function isAuthCodeRevoked($codeId): bool
+ public function isAuthCodeRevoked(string $codeId): bool
  {
  $authorizationCode = $this->authorizationCodeManager->find($codeId);
 
@@ -93,7 +90,7 @@ private function buildAuthorizationCode(AuthCodeEntityInterface $authCodeEntity)
 
  $userIdentifier = $authCodeEntity->getUserIdentifier();
  if (null !== $userIdentifier) {
- $userIdentifier = (string) $userIdentifier;
+ $userIdentifier = $userIdentifier;
  }
 
  return new AuthorizationCode(

src/Repository/ClientRepository.php

@@ -7,6 +7,7 @@
 use League\Bundle\OAuth2ServerBundle\Entity\Client as ClientEntity;
 use League\Bundle\OAuth2ServerBundle\Manager\ClientManagerInterface;
 use League\Bundle\OAuth2ServerBundle\Model\ClientInterface;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 
 final class ClientRepository implements ClientRepositoryInterface
@@ -21,7 +22,7 @@ public function __construct(ClientManagerInterface $clientManager)
  $this->clientManager = $clientManager;
  }
 
- public function getClientEntity($clientIdentifier)
+ public function getClientEntity(string $clientIdentifier): ?ClientEntityInterface
  {
  $client = $this->clientManager->find($clientIdentifier);
 
@@ -32,7 +33,7 @@ public function getClientEntity($clientIdentifier)
  return $this->buildClientEntity($client);
  }
 
- public function validateClient($clientIdentifier, $clientSecret, $grantType): bool
+ public function validateClient(string $clientIdentifier, ?string $clientSecret, ?string $grantType): bool
  {
  $client = $this->clientManager->find($clientIdentifier);