From 74a5797c30505b992c4b25489f3fe1f462e0d4fd Mon Sep 17 00:00:00 2001 From: Barnaby Walters Date: Sun, 13 Jun 2021 14:40:53 +0200 Subject: [PATCH] Added pseudocode example --- ...dieAuth-Storage-FilesystemJsonStorage.html | 25 ++++++++++++++- ...dieAuth-Storage-TokenStorageInterface.html | 31 ++++++++++++++++--- src/Storage/TokenStorageInterface.php | 29 ++++++++++++++++- 3 files changed, 79 insertions(+), 6 deletions(-) diff --git a/docs/classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html b/docs/classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html index 75774eb..7d0105b 100644 --- a/docs/classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html +++ b/docs/classes/Taproot-IndieAuth-Storage-FilesystemJsonStorage.html @@ -835,7 +835,30 @@ And MAY contain additional keys, such as:

If the authorization code was redeemed at the authorization endpoint, Server will only pass the me and profile keys onto the client. In both cases, it will filter out code_challenge keys to prevent that data from accidentally being leaked to -clients.

+clients. If an access token is present, the server will add token_type: Bearer +automatically.

+

A typical implementation might look like this:

+
function exchangeAuthCodeForAccessToken(string $code, callable $validateAuthCode): ?array {
+  if (is_null($authCodeData = $this->fetchAuthCode($code))) {
+    return null;
+  }
+
+  if (isExpired($authCodeData)) {
+    return null;
+  }
+
+  try {
+    $validateAuthCode($authCodeData);
+  } catch (IndieAuthException $e) {
+    $this->deleteAuthCode($code);
+    throw $e;
+  }
+
+  return $this->newTokenFromAuthCodeData($authCodeData);
+}
+
+

Refer to reference implementations in the Taproot\IndieAuth\Storage namespace for +reference.

Parameters
diff --git a/docs/classes/Taproot-IndieAuth-Storage-TokenStorageInterface.html b/docs/classes/Taproot-IndieAuth-Storage-TokenStorageInterface.html index 94ed968..463c91e 100644 --- a/docs/classes/Taproot-IndieAuth-Storage-TokenStorageInterface.html +++ b/docs/classes/Taproot-IndieAuth-Storage-TokenStorageInterface.html @@ -267,7 +267,7 @@ throw exceptions.

Exchange Authorization Code for Access Token

@@ -316,7 +316,30 @@ And MAY contain additional keys, such as:

If the authorization code was redeemed at the authorization endpoint, Server will only pass the me and profile keys onto the client. In both cases, it will filter out code_challenge keys to prevent that data from accidentally being leaked to -clients.

+clients. If an access token is present, the server will add token_type: Bearer +automatically.

+

A typical implementation might look like this:

+
function exchangeAuthCodeForAccessToken(string $code, callable $validateAuthCode): ?array {
+  if (is_null($authCodeData = $this->fetchAuthCode($code))) {
+    return null;
+  }
+
+  if (isExpired($authCodeData)) {
+    return null;
+  }
+
+  try {
+    $validateAuthCode($authCodeData);
+  } catch (IndieAuthException $e) {
+    $this->deleteAuthCode($code);
+    throw $e;
+  }
+
+  return $this->newTokenFromAuthCodeData($authCodeData);
+}
+
+

Refer to reference implementations in the Taproot\IndieAuth\Storage namespace for +reference.

Parameters
@@ -364,7 +387,7 @@ clients.

Get Access Token

@@ -410,7 +433,7 @@ null if it is expired or invalid.

Revoke Access Token

diff --git a/src/Storage/TokenStorageInterface.php b/src/Storage/TokenStorageInterface.php index 387b185..c1e6836 100644 --- a/src/Storage/TokenStorageInterface.php +++ b/src/Storage/TokenStorageInterface.php @@ -110,7 +110,34 @@ interface TokenStorageInterface { * If the authorization code was redeemed at the authorization endpoint, Server will * only pass the `me` and `profile` keys onto the client. In both cases, it will filter * out `code_challenge` keys to prevent that data from accidentally being leaked to - * clients. + * clients. If an access token is present, the server will add `token_type: Bearer` + * automatically. + * + * A typical implementation might look like this: + * + * ```php + * function exchangeAuthCodeForAccessToken(string $code, callable $validateAuthCode): ?array { + * if (is_null($authCodeData = $this->fetchAuthCode($code))) { + * return null; + * } + * + * if (isExpired($authCodeData)) { + * return null; + * } + * + * try { + * $validateAuthCode($authCodeData); + * } catch (IndieAuthException $e) { + * $this->deleteAuthCode($code); + * throw $e; + * } + * + * return $this->newTokenFromAuthCodeData($authCodeData); + * } + * ``` + * + * Refer to reference implementations in the `Taproot\IndieAuth\Storage` namespace for + * reference. * * @param string $code The Authorization Code to attempt to exchange. * @param callable $validateAuthCode A callable to perform additional validation if valid auth code data is found. Takes `array $authCodeData`, raises `Taproot\IndieAuth\IndieAuthException` on invalid data, which should be bubbled up to the caller after any clean-up. Returns void.