251 lines
48 KiB
HTML
251 lines
48 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<title>Code Coverage for /Users/barnabywalters/Documents/Programming/taproot/indieauth/src/Storage/TokenStorageInterface.php</title>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<link href="../phpunit_css/bootstrap.min.css" rel="stylesheet" type="text/css">
|
||
<link href="../phpunit_css/octicons.css" rel="stylesheet" type="text/css">
|
||
<link href="../phpunit_css/style.css" rel="stylesheet" type="text/css">
|
||
<link href="../phpunit_css/custom.css" rel="stylesheet" type="text/css">
|
||
</head>
|
||
<body>
|
||
<header>
|
||
<div class="container-fluid">
|
||
<div class="row">
|
||
<div class="col-md-12">
|
||
<nav aria-label="breadcrumb">
|
||
<ol class="breadcrumb">
|
||
<li class="breadcrumb-item"><a href="../index.html">/Users/barnabywalters/Documents/Programming/taproot/indieauth/src</a></li>
|
||
<li class="breadcrumb-item"><a href="index.html">Storage</a></li>
|
||
<li class="breadcrumb-item active">TokenStorageInterface.php</li>
|
||
|
||
</ol>
|
||
</nav>
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</header>
|
||
<div class="container-fluid">
|
||
<div class="table-responsive">
|
||
<table class="table table-bordered">
|
||
<thead>
|
||
<tr>
|
||
<td> </td>
|
||
<td colspan="10"><div align="center"><strong>Code Coverage</strong></div></td>
|
||
</tr>
|
||
<tr>
|
||
<td> </td>
|
||
<td colspan="3"><div align="center"><strong>Classes and Traits</strong></div></td>
|
||
<td colspan="4"><div align="center"><strong>Functions and Methods</strong></div></td>
|
||
<td colspan="3"><div align="center"><strong>Lines</strong></div></td>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="">Total</td>
|
||
<td class=" big"></td>
|
||
<td class=" small"><div align="right">n/a</div></td>
|
||
<td class=" small"><div align="right">0 / 0</div></td>
|
||
<td class=" big"></td>
|
||
<td class=" small"><div align="right">n/a</div></td>
|
||
<td class=" small"><div align="right">0 / 0</div></td>
|
||
<td class=" small"><abbr title="Change Risk Anti-Patterns (CRAP) Index">CRAP</abbr></td>
|
||
<td class=" big"></td>
|
||
<td class=" small"><div align="right">n/a</div></td>
|
||
<td class=" small"><div align="right">0 / 0</div></td>
|
||
</tr>
|
||
|
||
|
||
</tbody>
|
||
</table>
|
||
</div>
|
||
<table id="code" class="table table-borderless table-condensed">
|
||
<tbody>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="1" href="#1">1</a></td><td class="col-11 codeLine"><span class="default"><?php </span><span class="keyword">declare</span><span class="keyword">(</span><span class="default">strict_types</span><span class="keyword">=</span><span class="default">1</span><span class="keyword">)</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="2" href="#2">2</a></td><td class="col-11 codeLine"></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="3" href="#3">3</a></td><td class="col-11 codeLine"><span class="keyword">namespace</span><span class="default"> </span><span class="default">Taproot</span><span class="default">\</span><span class="default">IndieAuth</span><span class="default">\</span><span class="default">Storage</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="4" href="#4">4</a></td><td class="col-11 codeLine"></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="5" href="#5">5</a></td><td class="col-11 codeLine"><span class="comment">/**</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="6" href="#6">6</a></td><td class="col-11 codeLine"><span class="comment"> * Token Storage Interface</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="7" href="#7">7</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="8" href="#8">8</a></td><td class="col-11 codeLine"><span class="comment"> * This interface defines the bare minimum methods required by the Server class in order to </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="9" href="#9">9</a></td><td class="col-11 codeLine"><span class="comment"> * implement auth code issuing and exchange flows, as well as to let external code get access</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="10" href="#10">10</a></td><td class="col-11 codeLine"><span class="comment"> * tokens (for validating requests authenticated by an access_token) and revoke access tokens.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="11" href="#11">11</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="12" href="#12">12</a></td><td class="col-11 codeLine"><span class="comment"> * The contract made between Server and implementations of TokenStorageInterface can broadly</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="13" href="#13">13</a></td><td class="col-11 codeLine"><span class="comment"> * be summarized as follows:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="14" href="#14">14</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="15" href="#15">15</a></td><td class="col-11 codeLine"><span class="comment"> * * The Server class is responsible for performing all validation which is</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="16" href="#16">16</a></td><td class="col-11 codeLine"><span class="comment"> * defined in the IndieAuth spec and is not implementation-specific. For example: checking</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="17" href="#17">17</a></td><td class="col-11 codeLine"><span class="comment"> * validity of all the authorization request parameters, checking that client_id, request_uri</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="18" href="#18">18</a></td><td class="col-11 codeLine"><span class="comment"> * and code_verifier parameters in token exchange requests match with the stored data.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="19" href="#19">19</a></td><td class="col-11 codeLine"><span class="comment"> * * The TokenStorageInterface class is responsible for performing implementation-specific</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="20" href="#20">20</a></td><td class="col-11 codeLine"><span class="comment"> * validation, such as assigning and checking expiry times for auth codes and access tokens.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="21" href="#21">21</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="22" href="#22">22</a></td><td class="col-11 codeLine"><span class="comment"> * Implementations of TokenStorageInterface will usually implement additional methods to allow</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="23" href="#23">23</a></td><td class="col-11 codeLine"><span class="comment"> * for lower-level querying, saving, updating and deletion of token data. These can be used to,</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="24" href="#24">24</a></td><td class="col-11 codeLine"><span class="comment"> * for example, implement a UI for users to review and revoke currently valid access tokens.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="25" href="#25">25</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="26" href="#26">26</a></td><td class="col-11 codeLine"><span class="comment"> * The behaviour of `TokenStorageInterface` is somewhat coupled with the implementation of your</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="27" href="#27">27</a></td><td class="col-11 codeLine"><span class="comment"> * authentication handler callback (documented in `Server::__construct`) and `AuthorizationFormInterface`,</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="28" href="#28">28</a></td><td class="col-11 codeLine"><span class="comment"> * so you should refer to the documentation for both while implementing `TokenStorageInterface`.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="29" href="#29">29</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="30" href="#30">30</a></td><td class="col-11 codeLine"><span class="comment"> * Periodic deletion of expired tokens is out of the scope of this interface. Implementations may</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="31" href="#31">31</a></td><td class="col-11 codeLine"><span class="comment"> * choose to offer a clean-up method, and potentially the option to call it once automatically </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="32" href="#32">32</a></td><td class="col-11 codeLine"><span class="comment"> * on instantiation.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="33" href="#33">33</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="34" href="#34">34</a></td><td class="col-11 codeLine"><span class="comment"> * None of the methods defined on TokenStorageInterface should throw exceptions. Failure, for any</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="35" href="#35">35</a></td><td class="col-11 codeLine"><span class="comment"> * reason, is indicated by returning either `null` or `false`, depending on the method.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="36" href="#36">36</a></td><td class="col-11 codeLine"><span class="comment"> */</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="37" href="#37">37</a></td><td class="col-11 codeLine"><span class="keyword">interface</span><span class="default"> </span><span class="default">TokenStorageInterface</span><span class="default"> </span><span class="keyword">{</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="38" href="#38">38</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="comment">/**</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="39" href="#39">39</a></td><td class="col-11 codeLine"><span class="comment"> * Create Authorization Code</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="40" href="#40">40</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="41" href="#41">41</a></td><td class="col-11 codeLine"><span class="comment"> * This method is called on a valid authorization token request. The `$data`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="42" href="#42">42</a></td><td class="col-11 codeLine"><span class="comment"> * array is guaranteed to have the following keys:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="43" href="#43">43</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="44" href="#44">44</a></td><td class="col-11 codeLine"><span class="comment"> * * `client_id`: the validated `client_id` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="45" href="#45">45</a></td><td class="col-11 codeLine"><span class="comment"> * * `redirect_uri`: the validated `redirect_uri` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="46" href="#46">46</a></td><td class="col-11 codeLine"><span class="comment"> * * `state`: the `state` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="47" href="#47">47</a></td><td class="col-11 codeLine"><span class="comment"> * * `code_challenge`: the `code_challenge` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="48" href="#48">48</a></td><td class="col-11 codeLine"><span class="comment"> * * `code_challenge_method`: the `code_challenge_method` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="49" href="#49">49</a></td><td class="col-11 codeLine"><span class="comment"> * * `requested_scope`: the value of the `scope` request parameter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="50" href="#50">50</a></td><td class="col-11 codeLine"><span class="comment"> * * `me`: the value of the `me` key from the authentication result returned from the authentication request handler callback</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="51" href="#51">51</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="52" href="#52">52</a></td><td class="col-11 codeLine"><span class="comment"> * It may also have additional keys, which can come from the following locations:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="53" href="#53">53</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="54" href="#54">54</a></td><td class="col-11 codeLine"><span class="comment"> * * All keys from the the authentication request handler callback result which do not clash </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="55" href="#55">55</a></td><td class="col-11 codeLine"><span class="comment"> * with the keys listed above (with the exception of `me`, which is always present). Usually</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="56" href="#56">56</a></td><td class="col-11 codeLine"><span class="comment"> * this is a `profile` key, but you may choose to return additional data from the authentication</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="57" href="#57">57</a></td><td class="col-11 codeLine"><span class="comment"> * callback, which will be present in `$data`.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="58" href="#58">58</a></td><td class="col-11 codeLine"><span class="comment"> * * Any keys added by the `transformAuthorizationCode` method on the currently active instance</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="59" href="#59">59</a></td><td class="col-11 codeLine"><span class="comment"> * of `Taproot\IndieAuth\Callback\AuthorizationFormInterface`. Typically this is the `scope`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="60" href="#60">60</a></td><td class="col-11 codeLine"><span class="comment"> * key, which is a valid space-separated scope string listing the scopes granted by the user on</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="61" href="#61">61</a></td><td class="col-11 codeLine"><span class="comment"> * the consent screen. Other implementations of `AuthorizationFormInterface` may add additional </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="62" href="#62">62</a></td><td class="col-11 codeLine"><span class="comment"> * data, such as custom token-specific settings, or a custom token lifetime.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="63" href="#63">63</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="64" href="#64">64</a></td><td class="col-11 codeLine"><span class="comment"> * This method should store the data passed to it, generate a corresponding authorization code</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="65" href="#65">65</a></td><td class="col-11 codeLine"><span class="comment"> * string, and return it.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="66" href="#66">66</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="67" href="#67">67</a></td><td class="col-11 codeLine"><span class="comment"> * The method call and data is structured such that implementations have a lot of flexibility</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="68" href="#68">68</a></td><td class="col-11 codeLine"><span class="comment"> * about how to store authorization code data. It could be a record in an auth code database</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="69" href="#69">69</a></td><td class="col-11 codeLine"><span class="comment"> * table, a record in a table which is used for both auth codes and access tokens, or even</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="70" href="#70">70</a></td><td class="col-11 codeLine"><span class="comment"> * a stateless self-encrypted token — note that in the latter case, you must persist a copy</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="71" href="#71">71</a></td><td class="col-11 codeLine"><span class="comment"> * of the auth code with its exchanged access token to check against, in order to prevent it </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="72" href="#72">72</a></td><td class="col-11 codeLine"><span class="comment"> * being exchanged more than once.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="73" href="#73">73</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="74" href="#74">74</a></td><td class="col-11 codeLine"><span class="comment"> * On an error, return null. The reason for the error is irrelevant for calling code, but it’s</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="75" href="#75">75</a></td><td class="col-11 codeLine"><span class="comment"> * recommended to log it internally for reference. For the same reason, this method should not </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="76" href="#76">76</a></td><td class="col-11 codeLine"><span class="comment"> * throw exceptions.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="77" href="#77">77</a></td><td class="col-11 codeLine"><span class="comment"> */</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="78" href="#78">78</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="keyword">public</span><span class="default"> </span><span class="keyword">function</span><span class="default"> </span><span class="default">createAuthCode</span><span class="keyword">(</span><span class="keyword">array</span><span class="default"> </span><span class="default">$data</span><span class="keyword">)</span><span class="keyword">:</span><span class="default"> </span><span class="keyword">?</span><span class="default">string</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="79" href="#79">79</a></td><td class="col-11 codeLine"></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="80" href="#80">80</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="comment">/**</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="81" href="#81">81</a></td><td class="col-11 codeLine"><span class="comment"> * Exchange Authorization Code for Access Token</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="82" href="#82">82</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="83" href="#83">83</a></td><td class="col-11 codeLine"><span class="comment"> * Attempt to exchange an authorization code identified by `$code` for</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="84" href="#84">84</a></td><td class="col-11 codeLine"><span class="comment"> * an access token. Return an array of access token data to be passed onto</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="85" href="#85">85</a></td><td class="col-11 codeLine"><span class="comment"> * the client app on success, and null on error.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="86" href="#86">86</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="87" href="#87">87</a></td><td class="col-11 codeLine"><span class="comment"> * This method is called at the beginning of a code exchange request, before</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="88" href="#88">88</a></td><td class="col-11 codeLine"><span class="comment"> * further error checking or validation is applied. It should proceed as</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="89" href="#89">89</a></td><td class="col-11 codeLine"><span class="comment"> * follows.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="90" href="#90">90</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="91" href="#91">91</a></td><td class="col-11 codeLine"><span class="comment"> * * Attempt to fetch the authorization code data identified by $code. If</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="92" href="#92">92</a></td><td class="col-11 codeLine"><span class="comment"> * it does not exist or has expired, return null;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="93" href="#93">93</a></td><td class="col-11 codeLine"><span class="comment"> * * Pass the authorization code data array to $validateAuthCode for validation.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="94" href="#94">94</a></td><td class="col-11 codeLine"><span class="comment"> * If there is a problem with the code, a `Taproot\IndieAuth\IndieAuthException`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="95" href="#95">95</a></td><td class="col-11 codeLine"><span class="comment"> * will be thrown. This method should catch it, invalidate the authorization</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="96" href="#96">96</a></td><td class="col-11 codeLine"><span class="comment"> * code data, then re-throw the exception for handling by Server.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="97" href="#97">97</a></td><td class="col-11 codeLine"><span class="comment"> * * If the authorization code data passed all checks, convert it into an access</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="98" href="#98">98</a></td><td class="col-11 codeLine"><span class="comment"> * token, invalidate the auth code to prevent re-use, and store the access token</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="99" href="#99">99</a></td><td class="col-11 codeLine"><span class="comment"> * data internally.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="100" href="#100">100</a></td><td class="col-11 codeLine"><span class="comment"> * * Return an array of access token data to be passed onto the client app. It MUST</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="101" href="#101">101</a></td><td class="col-11 codeLine"><span class="comment"> * contain the following keys:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="102" href="#102">102</a></td><td class="col-11 codeLine"><span class="comment"> * * `me`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="103" href="#103">103</a></td><td class="col-11 codeLine"><span class="comment"> * * `access_token`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="104" href="#104">104</a></td><td class="col-11 codeLine"><span class="comment"> * Additonally, it SHOULD contain the following keys:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="105" href="#105">105</a></td><td class="col-11 codeLine"><span class="comment"> * * `scope`, if the token grants any scope</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="106" href="#106">106</a></td><td class="col-11 codeLine"><span class="comment"> * And MAY contain additional keys, such as:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="107" href="#107">107</a></td><td class="col-11 codeLine"><span class="comment"> * * `profile`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="108" href="#108">108</a></td><td class="col-11 codeLine"><span class="comment"> * * `expires_at`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="109" href="#109">109</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="110" href="#110">110</a></td><td class="col-11 codeLine"><span class="comment"> * If the authorization code was redeemed at the authorization endpoint, Server will</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="111" href="#111">111</a></td><td class="col-11 codeLine"><span class="comment"> * only pass the `me` and `profile` keys onto the client. In both cases, it will filter</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="112" href="#112">112</a></td><td class="col-11 codeLine"><span class="comment"> * out `code_challenge` keys to prevent that data from accidentally being leaked to</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="113" href="#113">113</a></td><td class="col-11 codeLine"><span class="comment"> * clients. If an access token is present, the server will add `token_type: Bearer`</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="114" href="#114">114</a></td><td class="col-11 codeLine"><span class="comment"> * automatically.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="115" href="#115">115</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="116" href="#116">116</a></td><td class="col-11 codeLine"><span class="comment"> * A typical implementation might look like this:</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="117" href="#117">117</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="118" href="#118">118</a></td><td class="col-11 codeLine"><span class="comment"> * ```php</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="119" href="#119">119</a></td><td class="col-11 codeLine"><span class="comment"> * function exchangeAuthCodeForAccessToken(string $code, callable $validateAuthCode): ?array {</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="120" href="#120">120</a></td><td class="col-11 codeLine"><span class="comment"> * if (is_null($authCodeData = $this->fetchAuthCode($code))) {</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="121" href="#121">121</a></td><td class="col-11 codeLine"><span class="comment"> * return null;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="122" href="#122">122</a></td><td class="col-11 codeLine"><span class="comment"> * }</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="123" href="#123">123</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="124" href="#124">124</a></td><td class="col-11 codeLine"><span class="comment"> * if (isExpired($authCodeData)) {</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="125" href="#125">125</a></td><td class="col-11 codeLine"><span class="comment"> * return null;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="126" href="#126">126</a></td><td class="col-11 codeLine"><span class="comment"> * }</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="127" href="#127">127</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="128" href="#128">128</a></td><td class="col-11 codeLine"><span class="comment"> * try {</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="129" href="#129">129</a></td><td class="col-11 codeLine"><span class="comment"> * $validateAuthCode($authCodeData);</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="130" href="#130">130</a></td><td class="col-11 codeLine"><span class="comment"> * } catch (IndieAuthException $e) {</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="131" href="#131">131</a></td><td class="col-11 codeLine"><span class="comment"> * $this->deleteAuthCode($code);</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="132" href="#132">132</a></td><td class="col-11 codeLine"><span class="comment"> * throw $e;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="133" href="#133">133</a></td><td class="col-11 codeLine"><span class="comment"> * }</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="134" href="#134">134</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="135" href="#135">135</a></td><td class="col-11 codeLine"><span class="comment"> * return $this->newTokenFromAuthCodeData($authCodeData);</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="136" href="#136">136</a></td><td class="col-11 codeLine"><span class="comment"> * }</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="137" href="#137">137</a></td><td class="col-11 codeLine"><span class="comment"> * ```</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="138" href="#138">138</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="139" href="#139">139</a></td><td class="col-11 codeLine"><span class="comment"> * Refer to reference implementations in the `Taproot\IndieAuth\Storage` namespace for</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="140" href="#140">140</a></td><td class="col-11 codeLine"><span class="comment"> * reference.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="141" href="#141">141</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="142" href="#142">142</a></td><td class="col-11 codeLine"><span class="comment"> * @param string $code The Authorization Code to attempt to exchange.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="143" href="#143">143</a></td><td class="col-11 codeLine"><span class="comment"> * @param callable $validateAuthCode A callable to perform additional validation if valid auth code data is found. Takes `array $authCodeData`, raises `Taproot\IndieAuth\IndieAuthException` on invalid data, which should be bubbled up to the caller after any clean-up. Returns void.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="144" href="#144">144</a></td><td class="col-11 codeLine"><span class="comment"> * @return array|null An array of access token data to return to the client on success, null on any error.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="145" href="#145">145</a></td><td class="col-11 codeLine"><span class="comment"> */</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="146" href="#146">146</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="keyword">public</span><span class="default"> </span><span class="keyword">function</span><span class="default"> </span><span class="default">exchangeAuthCodeForAccessToken</span><span class="keyword">(</span><span class="default">string</span><span class="default"> </span><span class="default">$code</span><span class="keyword">,</span><span class="default"> </span><span class="keyword">callable</span><span class="default"> </span><span class="default">$validateAuthCode</span><span class="keyword">)</span><span class="keyword">:</span><span class="default"> </span><span class="keyword">?</span><span class="keyword">array</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="147" href="#147">147</a></td><td class="col-11 codeLine"></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="148" href="#148">148</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="comment">/**</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="149" href="#149">149</a></td><td class="col-11 codeLine"><span class="comment"> * Get Access Token</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="150" href="#150">150</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="151" href="#151">151</a></td><td class="col-11 codeLine"><span class="comment"> * Fetch access token data identified by the token `$token`, returning </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="152" href="#152">152</a></td><td class="col-11 codeLine"><span class="comment"> * null if it is expired or invalid.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="153" href="#153">153</a></td><td class="col-11 codeLine"><span class="comment"> */</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="154" href="#154">154</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="keyword">public</span><span class="default"> </span><span class="keyword">function</span><span class="default"> </span><span class="default">getAccessToken</span><span class="keyword">(</span><span class="default">string</span><span class="default"> </span><span class="default">$token</span><span class="keyword">)</span><span class="keyword">:</span><span class="default"> </span><span class="keyword">?</span><span class="keyword">array</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="155" href="#155">155</a></td><td class="col-11 codeLine"></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="156" href="#156">156</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="comment">/**</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="157" href="#157">157</a></td><td class="col-11 codeLine"><span class="comment"> * Revoke Access Token</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="158" href="#158">158</a></td><td class="col-11 codeLine"><span class="comment"> * </span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="159" href="#159">159</a></td><td class="col-11 codeLine"><span class="comment"> * Revoke the access token identified by `$token`. Return true on success,</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="160" href="#160">160</a></td><td class="col-11 codeLine"><span class="comment"> * or false on error, including if the token did not exist.</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="161" href="#161">161</a></td><td class="col-11 codeLine"><span class="comment"> */</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="162" href="#162">162</a></td><td class="col-11 codeLine"><span class="default"> </span><span class="keyword">public</span><span class="default"> </span><span class="keyword">function</span><span class="default"> </span><span class="default">revokeAccessToken</span><span class="keyword">(</span><span class="default">string</span><span class="default"> </span><span class="default">$token</span><span class="keyword">)</span><span class="keyword">:</span><span class="default"> </span><span class="default">bool</span><span class="keyword">;</span></td></tr>
|
||
<tr class=" d-flex"><td class="col-1 text-right"><a id="163" href="#163">163</a></td><td class="col-11 codeLine"><span class="keyword">}</span></td></tr>
|
||
|
||
</tbody>
|
||
</table>
|
||
|
||
|
||
<footer>
|
||
<hr/>
|
||
<h4>Legend</h4>
|
||
<p><span class="success"><strong>Executed</strong></span><span class="danger"><strong>Not Executed</strong></span><span class="warning"><strong>Dead Code</strong></span></p>
|
||
<p>
|
||
<small>Generated by <a href="https://github.com/sebastianbergmann/php-code-coverage" target="_top">php-code-coverage 9.2.6</a> using <a href="https://secure.php.net/" target="_top">PHP 7.4.19</a> with <a href="https://xdebug.org/">Xdebug 3.0.4</a> and <a href="https://phpunit.de/">PHPUnit 9.5.5</a> at Mon Jun 14 21:52:39 UTC 2021.</small>
|
||
</p>
|
||
<a title="Back to the top" id="toplink" href="#">
|
||
<svg xmlns="http://www.w3.org/2000/svg" width="12" height="16" viewBox="0 0 12 16"><path fill-rule="evenodd" d="M12 11L6 5l-6 6h12z"/></svg>
|
||
</a>
|
||
</footer>
|
||
</div>
|
||
<script src="../phpunit_js/jquery.min.js" type="text/javascript"></script>
|
||
<script src="../phpunit_js/popper.min.js" type="text/javascript"></script>
|
||
<script src="../phpunit_js/bootstrap.min.js" type="text/javascript"></script>
|
||
<script src="../phpunit_js/file.js" type="text/javascript"></script>
|
||
</body>
|
||
</html>
|