Server

Server class for OAuth2 This class serves as a convience class which wraps the other Controller classes

• Full name: \OAuth2\Server
• This class implements: \OAuth2\Controller\ResourceControllerInterface, \OAuth2\Controller\AuthorizeControllerInterface, \OAuth2\Controller\TokenControllerInterface, \OAuth2\OpenID\Controller\UserInfoControllerInterface

See Also:

• \OAuth2\Controller\ResourceController -
• \OAuth2\Controller\AuthorizeController -
• \OAuth2\Controller\TokenController -

Properties

response

protected \OAuth2\ResponseInterface $response

---

config

protected array $config

---

storages

protected array $storages

---

authorizeController

protected \OAuth2\Controller\AuthorizeControllerInterface $authorizeController

---

tokenController

protected \OAuth2\Controller\TokenControllerInterface $tokenController

---

resourceController

protected \OAuth2\Controller\ResourceControllerInterface $resourceController

---

userInfoController

protected \OAuth2\OpenID\Controller\UserInfoControllerInterface $userInfoController

---

grantTypes

protected array $grantTypes

---

responseTypes

protected array $responseTypes

---

tokenType

protected \OAuth2\TokenType\TokenTypeInterface $tokenType

---

scopeUtil

protected \OAuth2\ScopeInterface $scopeUtil

---

clientAssertionType

protected \OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType

---

storageMap

protected array $storageMap

---

responseTypeMap

protected array $responseTypeMap

---

Methods

__construct

public __construct(mixed $storage = array(), array $config = array(), array $grantTypes = array(), array $responseTypes = array(), \OAuth2\TokenType\TokenTypeInterface $tokenType = null, \OAuth2\ScopeInterface $scopeUtil = null, \OAuth2\ClientAssertionType\ClientAssertionTypeInterface $clientAssertionType = null): mixed

Parameters:

Parameter	Type	Description
$storage	mixed	(array or OAuth2\Storage) - single object or array of objects implementing the required storage types (ClientCredentialsInterface and AccessTokenInterface as a minimum)
$config	array	specify a different token lifetime, token header name, etc
$grantTypes	array	An array of OAuth2\GrantType\GrantTypeInterface to use for granting access tokens
$responseTypes	array	Response types to use. array keys should be "code" and "token" for Access Token and Authorization Code response types
$tokenType	\OAuth2\TokenType\TokenTypeInterface	The token type object to use. Valid token types are "bearer" and "mac"
$scopeUtil	\OAuth2\ScopeInterface	The scope utility class to use to validate scope
$clientAssertionType	\OAuth2\ClientAssertionType\ClientAssertionTypeInterface	The method in which to verify the client identity. Default is HttpBasic

---

getAuthorizeController

public getAuthorizeController(): \OAuth2\Controller\AuthorizeControllerInterface

---

getTokenController

public getTokenController(): \OAuth2\Controller\TokenController

---

getResourceController

public getResourceController(): \OAuth2\Controller\ResourceControllerInterface

---

getUserInfoController

public getUserInfoController(): \OAuth2\OpenID\Controller\UserInfoControllerInterface

---

setAuthorizeController

public setAuthorizeController(\OAuth2\Controller\AuthorizeControllerInterface $authorizeController): mixed

Parameters:

Parameter	Type	Description
$authorizeController	\OAuth2\Controller\AuthorizeControllerInterface

---

setTokenController

public setTokenController(\OAuth2\Controller\TokenControllerInterface $tokenController): mixed

Parameters:

Parameter	Type	Description
$tokenController	\OAuth2\Controller\TokenControllerInterface

---

setResourceController

public setResourceController(\OAuth2\Controller\ResourceControllerInterface $resourceController): mixed

Parameters:

Parameter	Type	Description
$resourceController	\OAuth2\Controller\ResourceControllerInterface

---

setUserInfoController

public setUserInfoController(\OAuth2\OpenID\Controller\UserInfoControllerInterface $userInfoController): mixed

Parameters:

Parameter	Type	Description
$userInfoController	\OAuth2\OpenID\Controller\UserInfoControllerInterface

---

handleUserInfoRequest

Return claims about the authenticated end-user.

public handleUserInfoRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): \OAuth2\ResponseInterface

This would be called from the "/UserInfo" endpoint as defined in the spec.

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object to grant access token
$response	\OAuth2\ResponseInterface	- Response object containing error messages (failure) or user claims (success)

Throws:

• InvalidArgumentException

• LogicException

See Also:

• http://openid.net/specs/openid-connect-core-1_0.html#UserInfo -

---

handleTokenRequest

Grant or deny a requested access token.

public handleTokenRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): \OAuth2\ResponseInterface

This would be called from the "/token" endpoint as defined in the spec. Obviously, you can call your endpoint whatever you want.

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object to grant access token
$response	\OAuth2\ResponseInterface	- Response object containing error messages (failure) or access token (success)

Throws:

• InvalidArgumentException

• LogicException

See Also:

• http://tools.ietf.org/html/rfc6749#section-4 - * http://tools.ietf.org/html/rfc6749#section-10.6 - * http://tools.ietf.org/html/rfc6749#section-4.1.3 -

---

grantAccessToken

Grant or deny a requested access token.

public grantAccessToken(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): mixed

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object to grant access token
$response	\OAuth2\ResponseInterface	- Response object

---

handleRevokeRequest

Handle a revoke token request This would be called from the "/revoke" endpoint as defined in the draft Token Revocation spec

public handleRevokeRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): \OAuth2\Response|\OAuth2\ResponseInterface

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface
$response	\OAuth2\ResponseInterface

See Also:

• https://tools.ietf.org/html/rfc7009#section-2 -

---

handleAuthorizeRequest

Redirect the user appropriately after approval.

public handleAuthorizeRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response, bool $is_authorized, mixed $user_id = null): \OAuth2\ResponseInterface

After the user has approved or denied the resource request the authorization server should call this function to redirect the user appropriately.

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- The request should have the follow parameters set in the querystring: - response_type: The requested response: an access token, an authorization code, or both. - client_id: The client identifier as described in Section 2. - redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed. - scope: (optional) The scope of the resource request expressed as a list of space-delimited strings. - state: (optional) An opaque value used by the client to maintain state between the request and callback.
$response	\OAuth2\ResponseInterface	- Response object
$is_authorized	bool	- TRUE or FALSE depending on whether the user authorized the access.
$user_id	mixed	- Identifier of user who authorized the client

See Also:

• http://tools.ietf.org/html/rfc6749#section-4 -

---

validateAuthorizeRequest

Pull the authorization request data out of the HTTP request.

public validateAuthorizeRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): bool

• The redirect_uri is OPTIONAL as per draft 20. But your implementation can enforce it by setting $config['enforce_redirect'] to true.
• The state is OPTIONAL but recommended to enforce CSRF. Draft 21 states, however, that CSRF protection is MANDATORY. You can enforce this by setting the $config['enforce_state'] to true.

The draft specifies that the parameters should be retrieved from GET, override the Response object to change this

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object
$response	\OAuth2\ResponseInterface	- Response object

Return Value:

The authorization parameters so the authorization server can prompt the user for approval if valid.

See Also:

• http://tools.ietf.org/html/rfc6749#section-4.1.1 - * http://tools.ietf.org/html/rfc6749#section-10.12 -

---

verifyResourceRequest

Verify the resource request

public verifyResourceRequest(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null, string $scope = null): mixed

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object
$response	\OAuth2\ResponseInterface	- Response object
$scope	string	- Scope

---

getAccessTokenData

Get access token data.

public getAccessTokenData(\OAuth2\RequestInterface $request, \OAuth2\ResponseInterface $response = null): mixed

Parameters:

Parameter	Type	Description
$request	\OAuth2\RequestInterface	- Request object
$response	\OAuth2\ResponseInterface	- Response object

---

addGrantType

public addGrantType(\OAuth2\GrantType\GrantTypeInterface $grantType, mixed $identifier = null): mixed

Parameters:

Parameter	Type	Description
$grantType	\OAuth2\GrantType\GrantTypeInterface
$identifier	mixed

---

addStorage

Set a storage object for the server

public addStorage(object $storage, mixed $key = null): mixed

Parameters:

Parameter	Type	Description
$storage	object	- An object implementing one of the Storage interfaces
$key	mixed	- If null, the storage is set to the key of each storage interface it implements

Throws:

• InvalidArgumentException

See Also:

• \OAuth2\storageMap -

---

addResponseType

public addResponseType(\OAuth2\ResponseType\ResponseTypeInterface $responseType, mixed $key = null): mixed

Parameters:

Parameter	Type	Description
$responseType	\OAuth2\ResponseType\ResponseTypeInterface
$key	mixed

Throws:

• InvalidArgumentException

---

getScopeUtil

public getScopeUtil(): \OAuth2\ScopeInterface

---

setScopeUtil

public setScopeUtil(\OAuth2\ScopeInterface $scopeUtil): mixed

Parameters:

Parameter	Type	Description
$scopeUtil	\OAuth2\ScopeInterface

---

createDefaultAuthorizeController

protected createDefaultAuthorizeController(): \OAuth2\Controller\AuthorizeControllerInterface

Throws:

• LogicException

---

createDefaultTokenController

protected createDefaultTokenController(): \OAuth2\Controller\TokenControllerInterface

Throws:

• LogicException

---

createDefaultResourceController

protected createDefaultResourceController(): \OAuth2\Controller\ResourceControllerInterface

Throws:

• LogicException

---

createDefaultUserInfoController

protected createDefaultUserInfoController(): \OAuth2\OpenID\Controller\UserInfoControllerInterface

Throws:

• LogicException

---

getDefaultTokenType

protected getDefaultTokenType(): \OAuth2\TokenType\Bearer

---

getDefaultResponseTypes

protected getDefaultResponseTypes(): array

Throws:

• LogicException

---

getDefaultGrantTypes

protected getDefaultGrantTypes(): array

Throws:

• LogicException

---

getAccessTokenResponseType

protected getAccessTokenResponseType(): \OAuth2\ResponseType\AccessToken

---

getIdTokenResponseType

protected getIdTokenResponseType(): \OAuth2\OpenID\ResponseType\IdToken

---

getIdTokenTokenResponseType

protected getIdTokenTokenResponseType(): \OAuth2\OpenID\ResponseType\IdTokenToken

---

createDefaultJwtAccessTokenStorage

For Resource Controller

protected createDefaultJwtAccessTokenStorage(): \OAuth2\Storage\JwtAccessToken

Throws:

• LogicException

---

createDefaultJwtAccessTokenResponseType

For Authorize and Token Controllers

protected createDefaultJwtAccessTokenResponseType(): \OAuth2\ResponseType\JwtAccessToken

Throws:

• LogicException

---

createDefaultAccessTokenResponseType

protected createDefaultAccessTokenResponseType(): \OAuth2\ResponseType\AccessToken

Throws:

• LogicException

---

createDefaultIdTokenResponseType

protected createDefaultIdTokenResponseType(): \OAuth2\OpenID\ResponseType\IdToken

Throws:

• LogicException

---

createDefaultIdTokenTokenResponseType

protected createDefaultIdTokenTokenResponseType(): \OAuth2\OpenID\ResponseType\IdTokenToken

---

validateOpenIdConnect

protected validateOpenIdConnect(): mixed

Throws:

• InvalidArgumentException

---

normalizeResponseType

protected normalizeResponseType(string $name): string

Parameters:

Parameter	Type	Description
$name	string

---

getResponse

public getResponse(): mixed

---

getStorages

public getStorages(): array

---

getStorage

public getStorage(string $name): object|null

Parameters:

Parameter	Type	Description
$name	string

---

getGrantTypes

public getGrantTypes(): array

---

getGrantType

public getGrantType(string $name): object|null

Parameters:

Parameter	Type	Description
$name	string

---

getResponseTypes

public getResponseTypes(): array

---

getResponseType

public getResponseType(string $name): object|null

Parameters:

Parameter	Type	Description
$name	string

---

getTokenType

public getTokenType(): \OAuth2\TokenType\TokenTypeInterface

---

getClientAssertionType

public getClientAssertionType(): \OAuth2\ClientAssertionType\ClientAssertionTypeInterface

---

setConfig

public setConfig(string $name, mixed $value): mixed

Parameters:

Parameter	Type	Description
$name	string
$value	mixed

---

getConfig

public getConfig(string $name, mixed $default = null): mixed

Parameters:

Parameter	Type	Description
$name	string
$default	mixed

---

---

Automatically generated on 2025-03-18