Pdo

Simple PDO storage for all storage types

NOTE: This class is meant to get users started quickly. If your application requires further customization, extend this class or create your own.

NOTE: Passwords are stored in plaintext, which is never a good idea. Be sure to override this for your application

Full name: \OAuth2\Storage\Pdo
This class implements: \OAuth2\Storage\AuthorizationCodeInterface, \OAuth2\Storage\AccessTokenInterface, \OAuth2\Storage\ClientCredentialsInterface, \OAuth2\Storage\UserCredentialsInterface, \OAuth2\Storage\RefreshTokenInterface, \OAuth2\Storage\JwtBearerInterface, \OAuth2\Storage\ScopeInterface, \OAuth2\Storage\PublicKeyInterface, \OAuth2\OpenID\Storage\UserClaimsInterface, \OAuth2\OpenID\Storage\AuthorizationCodeInterface

Properties

db

protected \PDO $db

config

protected array $config

Methods

__construct

public __construct(mixed $connection, array $config = array()): mixed

Parameters:

Parameter	Type	Description
`$connection`	mixed
`$config`	array

Throws:

InvalidArgumentException

checkClientCredentials

Make sure that the client credentials is valid.

public checkClientCredentials(string $client_id, null|string $client_secret = null): bool

Parameters:

Parameter	Type	Description
`$client_id`	string
`$client_secret`	null\|string

isPublicClient

Determine if the client is a "public" client, and therefore does not require passing credentials for certain grant types

public isPublicClient(string $client_id): bool

Parameters:

Parameter	Type	Description
`$client_id`	string

getClientDetails

Get client details corresponding client_id.

public getClientDetails(string $client_id): array|mixed

Parameters:

Parameter	Type	Description
`$client_id`	string

setClientDetails

public setClientDetails(string $client_id, null|string $client_secret = null, null|string $redirect_uri = null, null|array $grant_types = null, null|string $scope = null, null|string $user_id = null): bool

Parameters:

Parameter	Type	Description
`$client_id`	string
`$client_secret`	null\|string
`$redirect_uri`	null\|string
`$grant_types`	null\|array
`$scope`	null\|string
`$user_id`	null\|string

checkRestrictedGrantType

Check restricted grant types of corresponding client identifier.

public checkRestrictedGrantType(mixed $client_id, mixed $grant_type): bool

Parameters:

Parameter	Type	Description
`$client_id`	mixed
`$grant_type`	mixed

getAccessToken

Look up the supplied oauth_token from storage.

public getAccessToken(string $access_token): array|bool|mixed|null

Parameters:

Parameter	Type	Description
`$access_token`	string

setAccessToken

Store the supplied access token values to storage.

public setAccessToken(string $access_token, mixed $client_id, mixed $user_id, int $expires, string $scope = null): bool

Parameters:

Parameter	Type	Description
`$access_token`	string
`$client_id`	mixed
`$user_id`	mixed
`$expires`	int
`$scope`	string

unsetAccessToken

public unsetAccessToken(mixed $access_token): bool

Parameters:

Parameter	Type	Description
`$access_token`	mixed

getAuthorizationCode

Fetch authorization code data (probably the most common grant type).

public getAuthorizationCode(string $code): mixed

Parameters:

Parameter	Type	Description
`$code`	string

setAuthorizationCode

Take the provided authorization code values and store them somewhere.

public setAuthorizationCode(string $code, mixed $client_id, mixed $user_id, string $redirect_uri, int $expires, string $scope = null, string $id_token = null, mixed $code_challenge = null, mixed $code_challenge_method = null): bool|mixed

Parameters:

Parameter	Type	Description
`$code`	string
`$client_id`	mixed
`$user_id`	mixed
`$redirect_uri`	string
`$expires`	int
`$scope`	string
`$id_token`	string
`$code_challenge`	mixed
`$code_challenge_method`	mixed

setAuthorizationCodeWithIdToken

private setAuthorizationCodeWithIdToken(string $code, mixed $client_id, mixed $user_id, string $redirect_uri, string $expires, string $scope = null, string $id_token = null, mixed $code_challenge = null, mixed $code_challenge_method = null): bool

Parameters:

Parameter	Type	Description
`$code`	string
`$client_id`	mixed
`$user_id`	mixed
`$redirect_uri`	string
`$expires`	string
`$scope`	string
`$id_token`	string
`$code_challenge`	mixed
`$code_challenge_method`	mixed

expireAuthorizationCode

once an Authorization Code is used, it must be expired

public expireAuthorizationCode(string $code): bool

Parameters:

Parameter	Type	Description
`$code`	string

checkUserCredentials

Grant access tokens for basic user credentials.

public checkUserCredentials(string $username, string $password): bool

Parameters:

Parameter	Type	Description
`$username`	string
`$password`	string

getUserDetails

public getUserDetails(string $username): array|bool

Parameters:

Parameter	Type	Description
`$username`	string

getUserClaims

Return claims about the provided user id.

public getUserClaims(mixed $user_id, string $claims): array|bool

Parameters:

Parameter	Type	Description
`$user_id`	mixed
`$claims`	string

getUserClaim

protected getUserClaim(string $claim, array $userDetails): array

Parameters:

Parameter	Type	Description
`$claim`	string
`$userDetails`	array

getRefreshToken

Grant refresh access tokens.

public getRefreshToken(string $refresh_token): bool|mixed

Parameters:

Parameter	Type	Description
`$refresh_token`	string

setRefreshToken

Take the provided refresh token values and store them somewhere.

public setRefreshToken(string $refresh_token, mixed $client_id, mixed $user_id, string $expires, string $scope = null): bool

Parameters:

Parameter	Type	Description
`$refresh_token`	string
`$client_id`	mixed
`$user_id`	mixed
`$expires`	string
`$scope`	string

unsetRefreshToken

Expire a used refresh token.

public unsetRefreshToken(string $refresh_token): bool

Parameters:

Parameter	Type	Description
`$refresh_token`	string

checkPassword

plaintext passwords are bad! Override this for your application

protected checkPassword(array $user, string $password): bool

Parameters:

Parameter	Type	Description
`$user`	array
`$password`	string

hashPassword

protected hashPassword(mixed $password): mixed

Parameters:

Parameter	Type	Description
`$password`	mixed

getUser

public getUser(string $username): array|bool

Parameters:

Parameter	Type	Description
`$username`	string

setUser

plaintext passwords are bad! Override this for your application

public setUser(string $username, string $password, string $firstName = null, string $lastName = null): bool

Parameters:

Parameter	Type	Description
`$username`	string
`$password`	string
`$firstName`	string
`$lastName`	string

scopeExists

Check if the provided scope exists.

public scopeExists(string $scope): bool

Parameters:

Parameter	Type	Description
`$scope`	string

getDefaultScope

The default scope to use in the event the client does not request one. By returning "false", a request_error is returned by the server to force a scope request by the client. By returning "null", opt out of requiring scopes

public getDefaultScope(mixed $client_id = null): null|string

Parameters:

Parameter	Type	Description
`$client_id`	mixed

getClientKey

Get the public key associated with a client_id

public getClientKey(mixed $client_id, mixed $subject): string

Parameters:

Parameter	Type	Description
`$client_id`	mixed
`$subject`	mixed

getClientScope

Get the scope associated with this client

public getClientScope(mixed $client_id): bool|null

Parameters:

Parameter	Type	Description
`$client_id`	mixed

getJti

Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.

public getJti(mixed $client_id, mixed $subject, mixed $audience, mixed $expires, mixed $jti): array|null

Parameters:

Parameter	Type	Description
`$client_id`	mixed
`$subject`	mixed
`$audience`	mixed
`$expires`	mixed
`$jti`	mixed

setJti

Store a used jti so that we can check against it to prevent replay attacks.

public setJti(mixed $client_id, mixed $subject, mixed $audience, mixed $expires, mixed $jti): bool

Parameters:

Parameter	Type	Description
`$client_id`	mixed
`$subject`	mixed
`$audience`	mixed
`$expires`	mixed
`$jti`	mixed

getPublicKey

public getPublicKey(mixed $client_id = null): mixed

Parameters:

Parameter	Type	Description
`$client_id`	mixed

getPrivateKey

public getPrivateKey(mixed $client_id = null): mixed

Parameters:

Parameter	Type	Description
`$client_id`	mixed

getEncryptionAlgorithm

public getEncryptionAlgorithm(mixed $client_id = null): string

Parameters:

Parameter	Type	Description
`$client_id`	mixed

getBuildSql

DDL to create OAuth2 database and tables for PDO storage

public getBuildSql(string $dbName = &#039;oauth2_server_php&#039;): string

Parameters:

Parameter	Type	Description
`$dbName`	string

See Also:

https://github.com/dsquier/oauth2-server-php-mysql -

Automatically generated on 2025-03-18