initial commit

Author: basz

.gitignore

@@ -0,0 +1,4 @@
+vendor/
+.php_cs.cache
+.idea
+composer.lock

.php_cs

@@ -0,0 +1,10 @@
+<?php
+
+$config = new \HF\CS\Config();
+$config->getFinder()->in(__DIR__)->exclude(['data', 'docs', 'etc', 'templates']);
+
+$cacheDir = getenv('TRAVIS') ? getenv('HOME') . '/.php-cs-fixer' : __DIR__;
+
+$config->setCacheFile($cacheDir . '/.php_cs.cache');
+
+return $config;

README.md

@@ -0,0 +1,54 @@
+# PLHW OAuth2 Client Provider
+
+OAuth2 Client provides means to retrieve and cache an access token to be used whilst communicating with our API.
+
+Currently this library only supports the `ClientCredentialGrant` OAuth2 methodology.
+
+
+## Installation
+
+```bash
+composer require plhw/hf-oauth2-client:^0.1
+```
+
+## Usage
+
+Your application needs to authenticate all requests to our api with a Bearer access token. This is done by adding a Authorization header.
+
+There are many ways to do this, so we'll leave that part to you (for now)
+
+Getting a token : see the example directory
+
+see api [documentation](https://api.plhw.nl/docs) for end points.
+
+## ClientCredentialsGrant
+
+For machine to machine communication OAuth2 ClientCredentialGrant is appropiate. 
+You must obtain the following information from us.
+
+1. client ID
+2. client secret
+3. scope
+
+Your client side application should communicate via a proxy to our server.
+
+```
+
+               
+   [webbrowser] <----- internet ----->   [application]   <----- internet -----> [api.plhw.nl]
+
+1.  request data    -> request ->      do we have valid access token?
+
+2.                                     NO, get access token   -> request  -> id,secret,scope
+
+3.                                                                                validate request
+
+4.                                     store token in cache   <- response <- access token
+                                                                     
+5.                                     YES, request & token.  -> request  -> validate token
+
+6.                                     data                   <- response <- data
+
+7.  data             <- response <-    data
+
+```

composer.json

@@ -0,0 +1,36 @@
+{
+  "name":              "plhw/hf-oauth2-client",
+  "description":       "Provides means to obtain token from our OAuth2 server",
+  "type":              "library",
+  "license":           "proprietary",
+  "authors":           [
+    {
+      "name":  "Bas Kamer",
+      "email": "[email protected]"
+    }
+  ],
+  "config":            {
+    "optimize-autoloader": true,
+    "sort-packages":       true
+  },
+  "require":           {
+    "php": "^5.6 || ^7.0",
+    "league/oauth2-client": "^2.2",
+    "roave/security-advisories": "dev-master",
+    "zendframework/zend-cache": "^2.7",
+    "zendframework/zend-serializer": "^2.8"
+  },
+  "require-dev":       {
+    "plhw/hf-cs-fixer-config":  "^1.0"
+  },
+  "autoload":          {
+    "psr-4": {
+      "HF\\OAuth2\\Client\\": "src/"
+    }
+  },
+  "autoload-dev":      {
+    "psr-4": {
+      "HFTest\\OAuth2\\Client\\": "test/src/"
+    }
+  }
+}

data/cache/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

example/get-client-credentials.php

@@ -0,0 +1,71 @@
+#!/usr/bin/env php
+<?php
+
+declare(strict_types = 1);
+
+$autoloadFiles = [
+    __DIR__ . '/../../../vendor/autoload.php',
+    __DIR__ . '/../../vendor/autoload.php',
+    __DIR__ . '/../vendor/autoload.php',
+    __DIR__ . '/vendor/autoload.php',
+];
+
+chdir(__DIR__ . '/..');
+
+foreach ($autoloadFiles as $autoloadFile) {
+    if (file_exists($autoloadFile)) {
+        require_once $autoloadFile;
+    }
+}
+
+use HF\OAuth2\Client\Provider\PLHWProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use Zend\Cache\StorageFactory;
+
+$env          = 'development';
+$clientId     = 'get from us';
+$clientSecret = 'get from us';
+$scope        = 'get_from_us';
+
+$provider = new PLHWProvider([
+    'clientId'     => $clientId,
+    'clientSecret' => $clientSecret,
+], [], $env);
+
+// setup a cache
+$cache = StorageFactory::factory([
+    'adapter' => [
+        'name'    => 'filesystem',
+        'options' => [
+            'cache_dir' => './data/cache',
+        ],
+    ],
+    'plugins' => ['serializer'],
+]);
+
+$cacheKey = sha1('plhw-oauth2-token' . $scope);
+
+/** @var AccessToken $accessToken */
+try {
+    // try to get a token from the cache
+    $accessToken = $cache->getItem($cacheKey, $success);
+
+    if ($accessToken === null || ! $success || $accessToken->hasExpired()) {
+        // try to get a new access token
+        $accessToken = $provider->getAccessToken('client_credentials', [
+            'scope' => $scope,
+        ]);
+
+        $cache->setItem($cacheKey, $accessToken);
+    }
+} catch (IdentityProviderException $e) {
+    print_r($e->getResponseBody());
+
+    exit(1);
+}
+
+print $accessToken->getToken() . PHP_EOL;
+print_r($accessToken->getValues()) . PHP_EOL;
+
+return $accessToken;

src/Provider/PLHWProvider.php

@@ -0,0 +1,131 @@
+<?php
+
+declare(strict_types = 1);
+
+namespace HF\OAuth2\Client\Provider;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Provider\GenericResourceOwner;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
+use Psr\Http\Message\ResponseInterface;
+
+class PLHWProvider extends AbstractProvider
+{
+    use BearerAuthorizationTrait;
+
+    private $env = 'production';
+
+    /**
+     * @var array|null
+     */
+    private $defaultScopes = null;
+
+    /**
+     * @var string
+     */
+    private $scopeSeparator = ' ';
+
+    /**
+     * @var string
+     */
+    private $responseError = 'error';
+
+    /**
+     * @var string
+     */
+    private $responseCode;
+
+    /**
+     * @var string
+     */
+    private $responseResourceOwnerId = 'user_id';
+
+    public function __construct(array $options = [], array $collaborators = [], $env = 'production')
+    {
+        $this->env = $env;
+
+        if (! in_array($this->env, ['production', 'testing', 'development'])) {
+            throw new \InvalidArgumentException(sprintf("Not a valid environment '%s' given", $this->env));
+        }
+
+        parent::__construct($options, $collaborators);
+    }
+
+    /**
+     * Get authorization url to begin OAuth flow
+     *
+     * @return string
+     */
+    public function getBaseAuthorizationUrl()
+    {
+        return sprintf('https://api%s.plhw.nl/oauth2/authorize', $this->env === 'production' ? '' : '-' . $this->env);
+    }
+
+    /**
+     * Get access token url to retrieve token
+     *
+     * @return string
+     */
+    public function getBaseAccessTokenUrl(array $params)
+    {
+        return sprintf('https://api%s.plhw.nl/oauth2/token', $this->env === 'production' ? '' : '-' . $this->env);
+    }
+
+    /**
+     * Get provider url to fetch user details
+     *
+     * @param  AccessToken $token
+     *
+     * @return string
+     */
+    public function getResourceOwnerDetailsUrl(AccessToken $token)
+    {
+        return sprintf('https://api%s.plhw.nl/identity/me', $this->env === 'production' ? '' : '-' . $this->env);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function checkResponse(ResponseInterface $response, $data)
+    {
+        if (! empty($data[$this->responseError])) {
+            $error = $data[$this->responseError];
+            $code  = $this->responseCode ? $data[$this->responseCode] : 0;
+            throw new IdentityProviderException($error, $code, $data);
+        }
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function createResourceOwner(array $response, AccessToken $token)
+    {
+        return new GenericResourceOwner($response, $this->responseResourceOwnerId);
+    }
+
+    /**
+     * Returns the default scopes used by this provider.
+     *
+     * This should only be the scopes that are required to request the details
+     * of the resource owner, rather than all the available scopes.
+     *
+     * @return array|null
+     */
+    protected function getDefaultScopes()
+    {
+        return $this->defaultScopes;
+    }
+
+    /**
+     * Returns the string that should be used to separate scopes when building
+     * the URL for requesting an access token.
+     *
+     * @return string Scope separator, defaults to ','
+     */
+    protected function getScopeSeparator()
+    {
+        return $this->scopeSeparator;
+    }
+}