diogo/indieauth
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Doc clarifications

Browse Source
This commit is contained in:
Barnaby Walters 2021-06-11 01:33:36 +02:00
parent 196d8a887f
commit c0abe846cd
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Storage/TokenStorageInterface.php
View File

@ -29,7 +29,10 @@ namespace Taproot\IndieAuth\Storage;
* *
* Periodic deletion of expired tokens is out of the scope of this interface. Implementations may * Periodic deletion of expired tokens is out of the scope of this interface. Implementations may
* choose to offer a clean-up method, and potentially the option to call it once automatically * choose to offer a clean-up method, and potentially the option to call it once automatically
* on instanciation. * on instantiation.
*
* None of the methods defined on TokenStorageInterface should throw exceptions. Failure, for any
* reason, is indicated by returning either `null` or `false`, depending on the method.
*/ */
interface TokenStorageInterface { interface TokenStorageInterface {
/** /**
@ -54,9 +57,9 @@ interface TokenStorageInterface {
* callback, which will be present in `$data`. * callback, which will be present in `$data`.
* * Any keys added by the `transformAuthorizationCode` method on the currently active instance * * Any keys added by the `transformAuthorizationCode` method on the currently active instance
* of `Taproot\IndieAuth\Callback\AuthorizationFormInterface`. Typically this is the `scope` * of `Taproot\IndieAuth\Callback\AuthorizationFormInterface`. Typically this is the `scope`
* key, which is a valid scope string listing the scopes granted by the user on the consent * key, which is a valid space-separated scope string listing the scopes granted by the user on
* screen. Other implementations of `AuthorizationFormInterface` may add additional data, such * the consent screen. Other implementations of `AuthorizationFormInterface` may add additional
* as custom token-specific settings, or a custom token lifetime. * data, such as custom token-specific settings, or a custom token lifetime.
* *
* This method should store the data passed to it, generate a corresponding authorization code, * This method should store the data passed to it, generate a corresponding authorization code,
* and return an instance of `Storage\Token` containing both. Implementations will usually add * and return an instance of `Storage\Token` containing both. Implementations will usually add
@ -66,11 +69,12 @@ interface TokenStorageInterface {
* about how to store authorization code data. It could be a record in an auth code database * about how to store authorization code data. It could be a record in an auth code database
* table, a record in a table which is used for both auth codes and access tokens, or even * table, a record in a table which is used for both auth codes and access tokens, or even
* a stateless self-encrypted token note that in the latter case, you must persist a copy * a stateless self-encrypted token note that in the latter case, you must persist a copy
* of the auth code with its access token to check against, in order to prevent it being * of the auth code with its exchanged access token to check against, in order to prevent it
* exchanged for an access token more than once. * being exchanged more than once.
* *
* On an error, return null. The reason for the error is irrelevant for calling code, but its * On an error, return null. The reason for the error is irrelevant for calling code, but its
* recommended to log it for reference. * recommended to log it internally for reference. For the same reason, this method should not
* throw exceptions.
*/ */
public function createAuthCode(array $data): ?Token; public function createAuthCode(array $data): ?Token;