Merge branch 'review-http'

Author: lkrms

phpstan-baseline-7.4.neon

@@ -40,6 +40,7 @@ parameters:
 			paths:
 				- src/Toolkit/Core/Facade/*
 				- tests/unit/Toolkit/Core/Facade/*
+				- tests/fixtures/Toolkit/Http/OAuth2/OAuth2Client/OAuth2TestClient.php
 		-
 			identifier: salient.needless.coalesce
 			paths:

phpstan-baseline-8.3.neon

@@ -8,12 +8,15 @@
 interface CredentialInterface
 {
     /**
-     * Get the authentication scheme of the credential, e.g. "Bearer"
+     * Get the authentication scheme of the credential, e.g. "Basic", "Digest"
+     * or "Bearer"
      */
     public function getAuthenticationScheme(): string;
 
     /**
-     * Get the credential
+     * Get the credential, e.g. a Base64-encoded user ID/password pair, a
+     * comma-delimited list of authorization parameters or an OAuth 2.0 access
+     * token
      */
     public function getCredential(): string;
 }

phpstan.neon.dist

@@ -0,0 +1,42 @@
+<?php declare(strict_types=1);
+
+namespace Salient\Http;
+
+use Salient\Contract\Core\Immutable;
+use Salient\Contract\Http\CredentialInterface;
+
+/**
+ * @api
+ */
+class GenericCredential implements CredentialInterface, Immutable
+{
+    private string $AuthenticationScheme;
+    private string $Credential;
+
+    /**
+     * @api
+     */
+    public function __construct(
+        string $credential,
+        string $authenticationScheme
+    ) {
+        $this->AuthenticationScheme = $authenticationScheme;
+        $this->Credential = $credential;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getAuthenticationScheme(): string
+    {
+        return $this->AuthenticationScheme;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getCredential(): string
+    {
+        return $this->Credential;
+    }
+}

src/Toolkit/Contract/Http/CredentialInterface.php

@@ -0,0 +1,52 @@
+<?php declare(strict_types=1);
+
+namespace Salient\Http;
+
+use Salient\Utility\Date;
+use DateTimeImmutable;
+use DateTimeInterface;
+use InvalidArgumentException;
+
+/**
+ * @api
+ */
+class GenericToken extends GenericCredential
+{
+    private ?DateTimeImmutable $Expires;
+
+    /**
+     * @api
+     *
+     * @param DateTimeInterface|int|null $expires `null` if the token's lifetime
+     * is unknown or unlimited, otherwise a {@see DateTimeInterface} or Unix
+     * timestamp representing its expiration time.
+     */
+    public function __construct(
+        string $token,
+        string $authenticationScheme,
+        $expires = null
+    ) {
+        if (is_int($expires) && $expires < 0) {
+            throw new InvalidArgumentException(
+                sprintf('Invalid timestamp: %d', $expires),
+            );
+        }
+
+        $this->Expires = $expires instanceof DateTimeInterface
+            ? Date::immutable($expires)
+            : ($expires !== null
+                ? new DateTimeImmutable('@' . $expires)
+                : null);
+
+        parent::__construct($token, $authenticationScheme);
+    }
+
+    /**
+     * Get the expiration time of the token, or null if its lifetime is unknown
+     * or unlimited
+     */
+    public function getExpires(): ?DateTimeImmutable
+    {
+        return $this->Expires;
+    }
+}

src/Toolkit/Http/GenericCredential.php

@@ -0,0 +1,47 @@
+<?php declare(strict_types=1);
+
+namespace Salient\Http\OAuth2;
+
+/**
+ * @api
+ */
+interface HasGrantType
+{
+    /**
+     * Authorization code
+     *
+     * - \[RFC6749] Section 4.1 ("Authorization Code Grant")
+     * - \[OpenID.Core] Section 3.1 ("Authentication using the Authorization
+     *   Code Flow")
+     * - \[OpenID.Core] Section 3.3 ("Authentication using the Hybrid Flow")
+     */
+    public const GRANT_AUTHORIZATION_CODE = 'authorization_code';
+
+    /**
+     * Resource owner password
+     *
+     * - \[RFC6749] Section 4.3 ("Resource Owner Password Credentials Grant")
+     */
+    public const GRANT_PASSWORD = 'password';
+
+    /**
+     * Client credentials
+     *
+     * - \[RFC6749] Section 4.4 ("Client Credentials Grant")
+     */
+    public const GRANT_CLIENT_CREDENTIALS = 'client_credentials';
+
+    /**
+     * Device code
+     *
+     * - \[RFC8628] ("OAuth 2.0 Device Authorization Grant")
+     */
+    public const GRANT_DEVICE_CODE = 'urn:ietf:params:oauth:grant-type:device_code';
+
+    /**
+     * Refresh token
+     *
+     * - \[RFC6749] Section 6 ("Refreshing an Access Token")
+     */
+    public const GRANT_REFRESH_TOKEN = 'refresh_token';
+}

src/Toolkit/Http/GenericToken.php

@@ -0,0 +1,60 @@
+<?php declare(strict_types=1);
+
+namespace Salient\Http\OAuth2;
+
+/**
+ * @api
+ */
+interface HasResponseType
+{
+    /**
+     * Authorization code
+     *
+     * - \[RFC6749] Section 4.1 ("Authorization Code Grant")
+     * - \[OpenID.Core] Section 3.1 ("Authentication using the Authorization
+     *   Code Flow")
+     */
+    public const RESPONSE_CODE = 'code';
+
+    /**
+     * Token
+     *
+     * - \[RFC6749] Section 4.2 ("Implicit Grant")
+     */
+    public const RESPONSE_TOKEN = 'token';
+
+    /**
+     * ID token
+     *
+     * - \[OpenID.Core] Section 3.2 ("Authentication using the Implicit Flow")
+     */
+    public const RESPONSE_ID_TOKEN = 'id_token';
+
+    /**
+     * ID token + token
+     *
+     * - \[OpenID.Core] Section 3.2 ("Authentication using the Implicit Flow")
+     */
+    public const RESPONSE_ID_TOKEN_TOKEN = 'id_token token';
+
+    /**
+     * Authorization code + ID token
+     *
+     * - \[OpenID.Core] Section 3.3 ("Authentication using the Hybrid Flow")
+     */
+    public const RESPONSE_CODE_ID_TOKEN = 'code id_token';
+
+    /**
+     * Authorization code + token
+     *
+     * - \[OpenID.Core] Section 3.3 ("Authentication using the Hybrid Flow")
+     */
+    public const RESPONSE_CODE_TOKEN = 'code token';
+
+    /**
+     * Authorization code + ID token + token
+     *
+     * - \[OpenID.Core] Section 3.3 ("Authentication using the Hybrid Flow")
+     */
+    public const RESPONSE_CODE_ID_TOKEN_TOKEN = 'code id_token token';
+}