├── .github
├── CONTRIBUTING.md
├── FUNDING.yml
├── ISSUE_TEMPLATE
│ ├── bug_report.md
│ └── feature_request.md
├── dependabot.yml
└── workflows
│ ├── coding-standards.yml
│ ├── mutation-tests.yml
│ ├── rector_checkstyle.yaml
│ ├── static-analyze.yml
│ ├── tests.yml
│ └── twig-lint.yml
├── .gitignore
├── .gitsplit.yml
├── LICENSE
├── Makefile
├── README.md
├── composer.json
├── ecs.php
├── infection.json.dist
├── phpstan.neon
├── phpunit.xml.dist
├── rector.php
├── src
├── Component
│ ├── AuthorizationCodeGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AbstractAuthorizationCode.php
│ │ ├── AuthorizationCode.php
│ │ ├── AuthorizationCodeGrantType.php
│ │ ├── AuthorizationCodeId.php
│ │ ├── AuthorizationCodeRepository.php
│ │ ├── AuthorizationCodeResponseType.php
│ │ ├── LICENSE
│ │ ├── PKCEMethod
│ │ │ ├── PKCEMethod.php
│ │ │ ├── PKCEMethodManager.php
│ │ │ ├── Plain.php
│ │ │ └── S256.php
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── AuthorizationEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AuthorizationEndpoint.php
│ │ ├── AuthorizationRequest
│ │ │ ├── AuthorizationRequest.php
│ │ │ └── AuthorizationRequestLoader.php
│ │ ├── AuthorizationRequestEntryEndpoint.php
│ │ ├── AuthorizationRequestHandler.php
│ │ ├── AuthorizationRequestStorage.php
│ │ ├── Consent
│ │ │ ├── Consent.php
│ │ │ └── ConsentRepository.php
│ │ ├── ConsentHandler.php
│ │ ├── Exception
│ │ │ └── OAuth2AuthorizationException.php
│ │ ├── Extension
│ │ │ ├── Extension.php
│ │ │ └── ExtensionManager.php
│ │ ├── Hook
│ │ │ ├── AuthorizationEndpointHook.php
│ │ │ ├── ConsentPrompt.php
│ │ │ ├── LoginPrompt.php
│ │ │ ├── NonePrompt.php
│ │ │ └── SelectAccountPrompt.php
│ │ ├── LICENSE
│ │ ├── LoginHandler.php
│ │ ├── Middleware
│ │ │ └── AuthorizationExceptionMiddleware.php
│ │ ├── ParameterChecker
│ │ │ ├── DisplayParameterChecker.php
│ │ │ ├── ParameterChecker.php
│ │ │ ├── ParameterCheckerManager.php
│ │ │ ├── PromptParameterChecker.php
│ │ │ ├── RedirectUriParameterChecker.php
│ │ │ ├── ResponseTypeParameterChecker.php
│ │ │ └── StateParameterChecker.php
│ │ ├── README.md
│ │ ├── ResponseMode
│ │ │ ├── FormPostResponseMode.php
│ │ │ ├── FormPostResponseRenderer.php
│ │ │ ├── FragmentResponseMode.php
│ │ │ ├── QueryResponseMode.php
│ │ │ ├── ResponseMode.php
│ │ │ └── ResponseModeManager.php
│ │ ├── ResponseModeGuesser.php
│ │ ├── ResponseType
│ │ │ ├── ResponseType.php
│ │ │ └── ResponseTypeManager.php
│ │ ├── ResponseTypeGuesser.php
│ │ ├── Rule
│ │ │ ├── RequestUriRule.php
│ │ │ ├── ResponseTypesRule.php
│ │ │ └── SectorIdentifierUriRule.php
│ │ ├── SelectAccountHandler.php
│ │ ├── User
│ │ │ ├── AuthenticationContextClassReferenceSupport.php
│ │ │ ├── AuthenticationMethodReferenceSupport.php
│ │ │ ├── MaxAgeParameterAuthenticationChecker.php
│ │ │ ├── UserAccountDiscovery.php
│ │ │ ├── UserAuthenticationChecker.php
│ │ │ └── UserAuthenticationCheckerManager.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── BearerTokenType
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AuthorizationHeaderTokenFinder.php
│ │ ├── BearerToken.php
│ │ ├── LICENSE
│ │ ├── QueryStringTokenFinder.php
│ │ ├── README.md
│ │ ├── RequestBodyTokenFinder.php
│ │ ├── TokenFinder.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ClientAuthentication
│ │ ├── AuthenticationMethod.php
│ │ ├── AuthenticationMethodManager.php
│ │ ├── ClientAssertionJwt.php
│ │ ├── ClientAuthenticationMiddleware.php
│ │ ├── ClientSecretBasic.php
│ │ ├── ClientSecretPost.php
│ │ ├── LICENSE
│ │ ├── None.php
│ │ ├── README.md
│ │ ├── Rule
│ │ │ └── ClientAuthenticationMethodRule.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ClientConfigurationEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── ClientConfigurationDeleteEndpoint.php
│ │ ├── ClientConfigurationEndpoint.php
│ │ ├── ClientConfigurationGetEndpoint.php
│ │ ├── ClientConfigurationPutEndpoint.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── Rule
│ │ │ └── ClientConfigurationRouteRule.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ClientCredentialsGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── ClientCredentialsGrantType.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ClientRegistrationEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AbstractInitialAccessToken.php
│ │ ├── ClientRegistrationEndpoint.php
│ │ ├── InitialAccessToken.php
│ │ ├── InitialAccessTokenId.php
│ │ ├── InitialAccessTokenMiddleware.php
│ │ ├── InitialAccessTokenRepository.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── Rule
│ │ │ └── SoftwareRule.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ClientRule
│ │ ├── AbstractInternationalizedRule.php
│ │ ├── ApplicationTypeParametersRule.php
│ │ ├── ClientIdIssuedAtRule.php
│ │ ├── CommonParametersRule.php
│ │ ├── ContactsParametersRule.php
│ │ ├── JwksRule.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── RedirectionUriRule.php
│ │ ├── Rule.php
│ │ ├── RuleHandler.php
│ │ ├── RuleManager.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── Core
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AccessToken
│ │ │ ├── AbstractAccessToken.php
│ │ │ ├── AccessToken.php
│ │ │ ├── AccessTokenId.php
│ │ │ ├── AccessTokenIntrospectionTypeHint.php
│ │ │ ├── AccessTokenRepository.php
│ │ │ └── AccessTokenRevocationTypeHint.php
│ │ ├── Client
│ │ │ ├── AbstractClient.php
│ │ │ ├── Client.php
│ │ │ ├── ClientId.php
│ │ │ └── ClientRepository.php
│ │ ├── DataBag
│ │ │ └── DataBag.php
│ │ ├── LICENSE
│ │ ├── Message
│ │ │ ├── Factory
│ │ │ │ ├── AccessDeniedResponseFactory.php
│ │ │ │ ├── AuthenticateResponseForClientFactory.php
│ │ │ │ ├── AuthenticateResponseForTokenFactory.php
│ │ │ │ ├── BadRequestResponseFactory.php
│ │ │ │ ├── MethodNotAllowedResponseFactory.php
│ │ │ │ ├── NotImplementedResponseFactory.php
│ │ │ │ ├── OAuth2ResponseFactory.php
│ │ │ │ ├── RedirectResponseFactory.php
│ │ │ │ └── ResponseFactory.php
│ │ │ ├── MessageExtension.php
│ │ │ ├── OAuth2Error.php
│ │ │ └── OAuth2MessageFactoryManager.php
│ │ ├── Middleware
│ │ │ ├── AccessTokenMiddleware.php
│ │ │ ├── Consumer.php
│ │ │ ├── HttpMethodMiddleware.php
│ │ │ ├── OAuth2MessageMiddleware.php
│ │ │ ├── Pipe.php
│ │ │ └── TerminalRequestHandler.php
│ │ ├── README.md
│ │ ├── ResourceOwner
│ │ │ ├── ResourceOwner.php
│ │ │ └── ResourceOwnerId.php
│ │ ├── ResourceServer
│ │ │ ├── ResourceServer.php
│ │ │ ├── ResourceServerId.php
│ │ │ └── ResourceServerRepository.php
│ │ ├── TokenType
│ │ │ ├── TokenType.php
│ │ │ ├── TokenTypeGuesser.php
│ │ │ ├── TokenTypeManager.php
│ │ │ └── TokenTypeMiddleware.php
│ │ ├── TrustedIssuer
│ │ │ ├── TrustedIssuer.php
│ │ │ └── TrustedIssuerRepository.php
│ │ ├── UserAccount
│ │ │ ├── UserAccount.php
│ │ │ ├── UserAccountId.php
│ │ │ └── UserAccountRepository.php
│ │ ├── Util
│ │ │ └── RequestBodyParser.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ImplicitGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── ImplicitGrantType.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── TokenResponseType.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── JwtBearerGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── JwtBearerGrantType.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── MetadataEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── LICENSE
│ │ ├── Metadata.php
│ │ ├── MetadataEndpoint.php
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── NoneGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AuthorizationStorage.php
│ │ ├── LICENSE
│ │ ├── NoneResponseType.php
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── OpenIdConnect
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── ConsentScreen
│ │ │ └── SessionStateParameterExtension.php
│ │ ├── IFrame
│ │ │ └── IFrameEndpoint.php
│ │ ├── IdToken.php
│ │ ├── IdTokenBuilder.php
│ │ ├── IdTokenBuilderFactory.php
│ │ ├── IdTokenGrant
│ │ │ ├── CodeIdTokenResponseType.php
│ │ │ ├── CodeIdTokenTokenResponseType.php
│ │ │ ├── CodeTokenResponseType.php
│ │ │ ├── IdTokenResponseType.php
│ │ │ └── IdTokenTokenResponseType.php
│ │ ├── IdTokenId.php
│ │ ├── IdTokenLoader.php
│ │ ├── OpenIdConnectExtension.php
│ │ ├── ParameterChecker
│ │ │ ├── ClaimsParameterChecker.php
│ │ │ └── NonceParameterChecker.php
│ │ ├── Rule
│ │ │ ├── IdTokenAlgorithmsRule.php
│ │ │ ├── SubjectTypeRule.php
│ │ │ ├── UserParametersRule.php
│ │ │ └── UserinfoEndpointAlgorithmsRule.php
│ │ ├── UserInfo
│ │ │ ├── Claim
│ │ │ │ ├── Address.php
│ │ │ │ ├── AuthenticationContextClassReference.php
│ │ │ │ ├── AuthenticationMethodReference.php
│ │ │ │ ├── AuthenticationTime.php
│ │ │ │ ├── Birthdate.php
│ │ │ │ ├── Claim.php
│ │ │ │ ├── ClaimManager.php
│ │ │ │ ├── ClaimSource.php
│ │ │ │ ├── ClaimSourceManager.php
│ │ │ │ ├── Email.php
│ │ │ │ ├── EmailVerified.php
│ │ │ │ ├── FamilyName.php
│ │ │ │ ├── Gender.php
│ │ │ │ ├── GivenName.php
│ │ │ │ ├── Locale.php
│ │ │ │ ├── MiddleName.php
│ │ │ │ ├── Name.php
│ │ │ │ ├── Nickname.php
│ │ │ │ ├── PhoneNumber.php
│ │ │ │ ├── PhoneNumberVerified.php
│ │ │ │ ├── Picture.php
│ │ │ │ ├── PreferredUsername.php
│ │ │ │ ├── Profile.php
│ │ │ │ ├── Source.php
│ │ │ │ ├── UpdatedAt.php
│ │ │ │ ├── Website.php
│ │ │ │ └── Zoneinfo.php
│ │ │ ├── Pairwise
│ │ │ │ ├── EncryptedSubjectIdentifier.php
│ │ │ │ └── PairwiseSubjectIdentifierAlgorithm.php
│ │ │ ├── ScopeSupport
│ │ │ │ ├── AddressScopeSupport.php
│ │ │ │ ├── EmailScopeSupport.php
│ │ │ │ ├── OpenIdScopeSupport.php
│ │ │ │ ├── PhoneScopeSupport.php
│ │ │ │ ├── ProfileScopeSupport.php
│ │ │ │ ├── UserInfoScopeSupport.php
│ │ │ │ └── UserInfoScopeSupportManager.php
│ │ │ └── UserInfo.php
│ │ └── UserInfoEndpoint
│ │ │ └── UserInfoEndpoint.php
│ ├── RefreshTokenGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── AbstractRefreshToken.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── RefreshToken.php
│ │ ├── RefreshTokenEndpointExtension.php
│ │ ├── RefreshTokenGrantType.php
│ │ ├── RefreshTokenId.php
│ │ ├── RefreshTokenIntrospectionTypeHint.php
│ │ ├── RefreshTokenRepository.php
│ │ ├── RefreshTokenRevocationTypeHint.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ResourceOwnerPasswordCredentialsGrant
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── ResourceOwnerPasswordCredentialManager.php
│ │ ├── ResourceOwnerPasswordCredentialsGrantType.php
│ │ ├── ResourceOwnerWithPasswordCredential.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── ResourceServerAuthentication
│ │ ├── AuthenticationMethod.php
│ │ ├── AuthenticationMethodManager.php
│ │ ├── AuthenticationMiddleware.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── Scope
│ │ ├── Checker.php
│ │ ├── LICENSE
│ │ ├── Policy
│ │ │ ├── DefaultScopePolicy.php
│ │ │ ├── ErrorScopePolicy.php
│ │ │ ├── NoScopePolicy.php
│ │ │ ├── ScopePolicy.php
│ │ │ └── ScopePolicyManager.php
│ │ ├── README.md
│ │ ├── Rule
│ │ │ ├── ScopePolicyDefaultRule.php
│ │ │ ├── ScopePolicyRule.php
│ │ │ └── ScopeRule.php
│ │ ├── Scope.php
│ │ ├── ScopeParameterChecker.php
│ │ ├── ScopeRepository.php
│ │ ├── TokenEndpointScopeExtension.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── TokenEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── Extension
│ │ │ ├── TokenEndpointExtension.php
│ │ │ └── TokenEndpointExtensionManager.php
│ │ ├── GrantType.php
│ │ ├── GrantTypeData.php
│ │ ├── GrantTypeManager.php
│ │ ├── GrantTypeMiddleware.php
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── Rule
│ │ │ └── GrantTypesRule.php
│ │ ├── TokenEndpoint.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── TokenIntrospectionEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── TokenIntrospectionEndpoint.php
│ │ ├── TokenTypeHint.php
│ │ ├── TokenTypeHintManager.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ ├── TokenRevocationEndpoint
│ │ ├── .github
│ │ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── TokenRevocationEndpoint.php
│ │ ├── TokenRevocationGetEndpoint.php
│ │ ├── TokenRevocationPostEndpoint.php
│ │ ├── TokenTypeHint.php
│ │ ├── TokenTypeHintManager.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
│ └── WebFingerEndpoint
│ │ ├── .github
│ │ └── PULL_REQUEST_TEMPLATE.md
│ │ ├── IdentifierResolver
│ │ ├── AccountResolver.php
│ │ ├── EmailResolver.php
│ │ ├── Identifier.php
│ │ ├── IdentifierResolver.php
│ │ ├── IdentifierResolverManager.php
│ │ └── UriResolver.php
│ │ ├── LICENSE
│ │ ├── Link.php
│ │ ├── README.md
│ │ ├── ResourceDescriptor.php
│ │ ├── ResourceRepository.php
│ │ ├── WebFingerEndpoint.php
│ │ ├── composer.json
│ │ └── phpunit.xml.dist
├── SecurityBundle
│ ├── .github
│ │ └── PULL_REQUEST_TEMPLATE.md
│ ├── Annotation
│ │ ├── AnnotationDriver.php
│ │ ├── Checker
│ │ │ ├── Checker.php
│ │ │ ├── ClientIdChecker.php
│ │ │ ├── ResourceOwnerIdChecker.php
│ │ │ ├── ScopeChecker.php
│ │ │ └── TokenTypeChecker.php
│ │ └── OAuth2.php
│ ├── DependencyInjection
│ │ ├── Compiler
│ │ │ ├── SecurityAnnotationCheckerCompilerPass.php
│ │ │ └── TokenTypeCompilerPass.php
│ │ └── OAuth2FrameworkSecurityExtension.php
│ ├── EventListener
│ │ └── RequestListener.php
│ ├── LICENSE
│ ├── OAuth2FrameworkSecurityBundle.php
│ ├── Resolver
│ │ └── AccessTokenResolver.php
│ ├── Resources
│ │ └── config
│ │ │ └── security.php
│ ├── Security
│ │ ├── Authentication
│ │ │ ├── AccessTokenBadge.php
│ │ │ ├── DefaultFailureHandler.php
│ │ │ ├── OAuth2Provider.php
│ │ │ ├── OAuth2SecurityFactory.php
│ │ │ ├── OAuth2Token.php
│ │ │ └── ResourceOwner.php
│ │ └── ExpressionLanguageProvider.php
│ └── composer.json
├── ServerBundle
│ ├── .github
│ │ └── PULL_REQUEST_TEMPLATE.md
│ ├── Component
│ │ ├── ClientAuthentication
│ │ │ ├── ClientAssertionJwtSource.php
│ │ │ ├── ClientAuthenticationSource.php
│ │ │ ├── ClientSecretBasicSource.php
│ │ │ ├── ClientSecretPostSource.php
│ │ │ ├── Compiler
│ │ │ │ ├── ClientAssertionEncryptedJwtCompilerPass.php
│ │ │ │ ├── ClientAssertionJkuSupportCompilerPass.php
│ │ │ │ ├── ClientAssertionTrustedIssuerSupportCompilerPass.php
│ │ │ │ ├── ClientAuthenticationMethodCompilerPass.php
│ │ │ │ └── ClientJwtAssertionMetadataCompilerPass.php
│ │ │ └── NoneSource.php
│ │ ├── ClientRule
│ │ │ ├── ClientRuleCompilerPass.php
│ │ │ └── ClientRuleSource.php
│ │ ├── Component.php
│ │ ├── Core
│ │ │ ├── AccessTokenSource.php
│ │ │ ├── ClientSource.php
│ │ │ ├── Compiler
│ │ │ │ ├── OAuth2MessageExtensionCompilerClass.php
│ │ │ │ ├── OAuth2MessageFactoryCompilerClass.php
│ │ │ │ └── ResourceServerAuthenticationMethodCompilerPass.php
│ │ │ ├── ResourceServerSource.php
│ │ │ ├── ServicesSource.php
│ │ │ ├── TrustedIssuerSource.php
│ │ │ └── UserAccountSource.php
│ │ ├── Endpoint
│ │ │ ├── Authorization
│ │ │ │ ├── AuthorizationEndpointSource.php
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── AuthorizationEndpointRouteCompilerPass.php
│ │ │ │ │ ├── AuthorizationRequestEntryEndpointRouteCompilerPass.php
│ │ │ │ │ ├── AuthorizationRequestHookCompilerPass.php
│ │ │ │ │ ├── AuthorizationRequestMetadataCompilerPass.php
│ │ │ │ │ ├── ConsentScreenExtensionCompilerPass.php
│ │ │ │ │ ├── ParameterCheckerCompilerPass.php
│ │ │ │ │ ├── RequestObjectCompilerPass.php
│ │ │ │ │ ├── RequestObjectEncryptionCompilerPass.php
│ │ │ │ │ ├── RequestObjectReferenceCompilerPass.php
│ │ │ │ │ ├── ResponseModeCompilerPass.php
│ │ │ │ │ ├── ResponseTypeCompilerPass.php
│ │ │ │ │ ├── TemplatePathCompilerPass.php
│ │ │ │ │ └── UserAuthenticationCheckerCompilerPass.php
│ │ │ │ ├── FormPostResponseModeSource.php
│ │ │ │ ├── RequestObjectEncryptionSource.php
│ │ │ │ ├── RequestObjectReferenceSource.php
│ │ │ │ ├── RequestObjectSource.php
│ │ │ │ └── ResponseModeSource.php
│ │ │ ├── ClientConfiguration
│ │ │ │ ├── ClientConfigurationSource.php
│ │ │ │ └── Compiler
│ │ │ │ │ └── ClientConfigurationEndpointRouteCompilerPass.php
│ │ │ ├── ClientRegistration
│ │ │ │ ├── ClientRegistrationSource.php
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── ClientRegistrationEndpointRouteCompilerPass.php
│ │ │ │ │ └── InitialAccessTokenCompilerPass.php
│ │ │ │ ├── InitialAccessTokenSource.php
│ │ │ │ └── SoftwareStatementSource.php
│ │ │ ├── EndpointSource.php
│ │ │ ├── JwksUri
│ │ │ │ ├── JwksUriEndpointRouteCompilerPass.php
│ │ │ │ └── JwksUriEndpointSource.php
│ │ │ ├── Metadata
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── CommonMetadataCompilerPass.php
│ │ │ │ │ ├── CustomRoutesCompilerPass.php
│ │ │ │ │ ├── CustomValuesCompilerPass.php
│ │ │ │ │ ├── MetadataRouteCompilerPass.php
│ │ │ │ │ └── SignedMetadataCompilerPass.php
│ │ │ │ ├── CustomRouteSource.php
│ │ │ │ ├── CustomValuesSource.php
│ │ │ │ ├── MetadataEndpointSource.php
│ │ │ │ └── SignatureSource.php
│ │ │ ├── SessionManagement
│ │ │ │ ├── Compiler
│ │ │ │ │ └── SessionManagementRouteCompilerPass.php
│ │ │ │ └── SessionManagementEndpointSource.php
│ │ │ ├── Token
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── GrantTypeCompilerPass.php
│ │ │ │ │ ├── TokenEndpointExtensionCompilerPass.php
│ │ │ │ │ └── TokenRouteCompilerPass.php
│ │ │ │ └── TokenEndpointSource.php
│ │ │ ├── TokenIntrospection
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── TokenIntrospectionRouteCompilerPass.php
│ │ │ │ │ └── TokenTypeHintCompilerPass.php
│ │ │ │ └── TokenIntrospectionEndpointSource.php
│ │ │ └── TokenRevocation
│ │ │ │ ├── Compiler
│ │ │ │ ├── TokenRevocationRouteCompilerPass.php
│ │ │ │ └── TokenTypeHintCompilerPass.php
│ │ │ │ └── TokenRevocationEndpointSource.php
│ │ ├── Grant
│ │ │ ├── AuthorizationCode
│ │ │ │ ├── AuthorizationCodeSource.php
│ │ │ │ ├── AuthorizationCodeSupportForIdTokenBuilderCompilerPass.php
│ │ │ │ └── PKCEMethodCompilerPass.php
│ │ │ ├── ClientCredentials
│ │ │ │ └── ClientCredentialsSource.php
│ │ │ ├── GrantSource.php
│ │ │ ├── Implicit
│ │ │ │ └── ImplicitSource.php
│ │ │ ├── JwtBearer
│ │ │ │ ├── Compiler
│ │ │ │ │ ├── EncryptedAssertionCompilerPass.php
│ │ │ │ │ └── TrustedIssuerSupportCompilerPass.php
│ │ │ │ └── JwtBearerSource.php
│ │ │ ├── None
│ │ │ │ └── NoneSource.php
│ │ │ ├── RefreshToken
│ │ │ │ └── RefreshTokenSource.php
│ │ │ └── ResourceOwnerPasswordCredential
│ │ │ │ └── ResourceOwnerPasswordCredentialSource.php
│ │ ├── KeySet.php
│ │ ├── OpenIdConnect
│ │ │ ├── Compiler
│ │ │ │ ├── ClaimCompilerPass.php
│ │ │ │ ├── ClaimSourceCompilerPass.php
│ │ │ │ ├── ClaimsSupportedMetadataCompilerPass.php
│ │ │ │ ├── IdTokenMetadataCompilerPass.php
│ │ │ │ ├── JkuSupportForIdTokenBuilderCompilerPass.php
│ │ │ │ ├── OpenIdConnectExtensionEncryptionCompilerPass.php
│ │ │ │ ├── UserInfoPairwiseSubjectCompilerPass.php
│ │ │ │ ├── UserInfoScopeSupportCompilerPass.php
│ │ │ │ ├── UserinfoEndpointEncryptionCompilerPass.php
│ │ │ │ ├── UserinfoEndpointSignatureCompilerPass.php
│ │ │ │ └── UserinfoRouteCompilerPass.php
│ │ │ ├── IdTokenSource.php
│ │ │ ├── OpenIdConnectSource.php
│ │ │ ├── PairwiseSubjectSource.php
│ │ │ ├── ResponseTypeSource.php
│ │ │ ├── UserinfoEndpointEncryptionSource.php
│ │ │ ├── UserinfoEndpointSignatureSource.php
│ │ │ └── UserinfoEndpointSource.php
│ │ ├── Scope
│ │ │ ├── Compiler
│ │ │ │ ├── ScopeMetadataCompilerPass.php
│ │ │ │ └── ScopePolicyCompilerPass.php
│ │ │ └── ScopeSource.php
│ │ └── TokenType
│ │ │ ├── TokenTypeCompilerPass.php
│ │ │ └── TokenTypeSource.php
│ ├── Controller
│ │ ├── ClientConfigurationMiddleware.php
│ │ ├── MetadataController.php
│ │ └── PipeController.php
│ ├── DependencyInjection
│ │ ├── Compiler
│ │ │ └── HttpClientCompilerPass.php
│ │ ├── Configuration.php
│ │ └── OAuth2FrameworkExtension.php
│ ├── Doctrine
│ │ └── Type
│ │ │ ├── AccessTokenIdType.php
│ │ │ ├── AuthorizationCodeIdType.php
│ │ │ ├── ClientIdType.php
│ │ │ ├── DatabagType.php
│ │ │ ├── InitialAccessTokenIdType.php
│ │ │ ├── RefreshTokenIdType.php
│ │ │ ├── ResourceOwnerIdType.php
│ │ │ ├── ResourceServerIdType.php
│ │ │ └── UserAccountIdType.php
│ ├── LICENSE
│ ├── OAuth2FrameworkServerBundle.php
│ ├── Resources
│ │ ├── config
│ │ │ ├── client_authentication
│ │ │ │ ├── client_assertion_jwt.php
│ │ │ │ ├── client_authentication.php
│ │ │ │ ├── client_secret_basic.php
│ │ │ │ ├── client_secret_post.php
│ │ │ │ └── none.php
│ │ │ ├── client_rule
│ │ │ │ └── client_rule.php
│ │ │ ├── core
│ │ │ │ ├── access_token.php
│ │ │ │ ├── client.php
│ │ │ │ ├── message.php
│ │ │ │ └── services.php
│ │ │ ├── doctrine-mapping
│ │ │ │ ├── AccessToken
│ │ │ │ │ └── AbstractAccessToken.orm.yml
│ │ │ │ ├── AuthorizationCodeGrant
│ │ │ │ │ └── AbstractAuthorizationCode.orm.yml
│ │ │ │ ├── Client
│ │ │ │ │ └── AbstractClient.orm.yml
│ │ │ │ ├── ClientRegistrationEndpoint
│ │ │ │ │ └── AbstractAccessToken.orm.yml
│ │ │ │ └── RefreshTokenGrant
│ │ │ │ │ └── AbstractAccessToken.orm.yml
│ │ │ ├── endpoint
│ │ │ │ ├── authorization
│ │ │ │ │ ├── authorization.php
│ │ │ │ │ ├── form_post_response_mode.php
│ │ │ │ │ ├── response_mode.php
│ │ │ │ │ └── sector_identifier_uri.php
│ │ │ │ ├── client_configuration
│ │ │ │ │ └── client_configuration.php
│ │ │ │ ├── client_registration
│ │ │ │ │ ├── client_registration.php
│ │ │ │ │ ├── initial_access_token.php
│ │ │ │ │ └── software_statement.php
│ │ │ │ ├── metadata
│ │ │ │ │ └── metadata.php
│ │ │ │ ├── session_management
│ │ │ │ │ └── session_management.php
│ │ │ │ ├── token
│ │ │ │ │ └── token.php
│ │ │ │ ├── token_introspection
│ │ │ │ │ └── introspection.php
│ │ │ │ └── token_revocation
│ │ │ │ │ └── revocation.php
│ │ │ ├── grant
│ │ │ │ ├── authorization_code.php
│ │ │ │ ├── client_credentials.php
│ │ │ │ ├── grant.php
│ │ │ │ ├── implicit.php
│ │ │ │ ├── jwt_bearer.php
│ │ │ │ ├── none.php
│ │ │ │ ├── refresh_token.php
│ │ │ │ └── resource_owner_password_credential.php
│ │ │ ├── openid_connect
│ │ │ │ ├── id_token_hint.php
│ │ │ │ ├── openid_connect.php
│ │ │ │ ├── response_type
│ │ │ │ │ ├── code_id_token.php
│ │ │ │ │ ├── code_id_token_token.php
│ │ │ │ │ ├── code_token.php
│ │ │ │ │ ├── id_token.php
│ │ │ │ │ └── id_token_token.php
│ │ │ │ ├── userinfo_endpoint.php
│ │ │ │ └── userinfo_scope_support.php
│ │ │ ├── resource_server
│ │ │ │ ├── authentication_middleware.php
│ │ │ │ └── resource_server.php
│ │ │ ├── routing
│ │ │ │ └── routing.yml
│ │ │ ├── scope
│ │ │ │ ├── policy.php
│ │ │ │ ├── policy_default.php
│ │ │ │ ├── policy_error.php
│ │ │ │ └── scope.php
│ │ │ └── token_type
│ │ │ │ ├── bearer_token.php
│ │ │ │ └── token_type.php
│ │ ├── translations
│ │ │ ├── OAuth2FrameworkServer.en.yml
│ │ │ ├── OAuth2FrameworkServer.fr.yml
│ │ │ ├── validators.en.yml
│ │ │ └── validators.fr.yml
│ │ └── views
│ │ │ ├── authorization
│ │ │ └── authorization.html.twig
│ │ │ ├── form_post
│ │ │ ├── response.html.twig
│ │ │ ├── response_body.html.twig
│ │ │ └── response_header.html.twig
│ │ │ └── iframe
│ │ │ └── iframe.html.twig
│ ├── Routing
│ │ └── RouteLoader.php
│ ├── Rule
│ │ └── ClientConfigurationRouteRule.php
│ ├── Service
│ │ ├── AuthorizationRequestSessionStorage.php
│ │ ├── IFrameEndpoint.php
│ │ ├── IgnoreAccountSelectionHandler.php
│ │ ├── MetadataBuilder.php
│ │ ├── RedirectAuthorizationRequestHandler.php
│ │ ├── SessionStateParameterExtension.php
│ │ └── TwigFormPostResponseRenderer.php
│ └── composer.json
└── WebFingerBundle
│ ├── .github
│ └── PULL_REQUEST_TEMPLATE.md
│ ├── Controller
│ └── PipeController.php
│ ├── DependencyInjection
│ ├── Compiler
│ │ └── IdentifierResolverCompilerPass.php
│ ├── Configuration.php
│ └── OAuth2FrameworkWebFingerExtension.php
│ ├── LICENSE
│ ├── Middleware
│ ├── Consumer.php
│ ├── Pipe.php
│ └── TerminalRequestHandler.php
│ ├── OAuth2FrameworkWebFingerBundle.php
│ ├── Resources
│ └── config
│ │ ├── routing
│ │ └── routing.php
│ │ └── services.php
│ ├── Service
│ └── RouteLoader.php
│ └── composer.json
└── tests
├── AppKernel.php
├── Component
├── AuthorizationCodeGrant
│ ├── AuthorizationCodeGrantTypeTest.php
│ ├── AuthorizationCodeResponseTypeTest.php
│ ├── AuthorizationCodeTest.php
│ └── PkceTest.php
├── AuthorizationEndpoint
│ ├── AuthorizationEndpointTest.php
│ ├── AuthorizationRequest
│ │ ├── AuthorizationRequestLoaderTest.php
│ │ └── AuthorizationRequestTest.php
│ ├── ParameterChecker
│ │ └── ParameterCheckerManagerTest.php
│ ├── ResponseMode
│ │ └── ResponseModeTest.php
│ ├── ResponseTypeManagerTest.php
│ ├── Rule
│ │ ├── RequestUriRuleTest.php
│ │ └── ResponseTypesRuleTest.php
│ └── User
│ │ └── MaxAgeParameterCheckerTest.php
├── BearerTokenType
│ └── BearerTokenTest.php
├── ClientAuthentication
│ ├── AuthenticationMethodManagerTest.php
│ ├── ClientAssertionJwtAuthenticationMethodTest.php
│ ├── ClientAuthenticationMiddlewareTest.php
│ ├── ClientSecretBasicAuthenticationMethodTest.php
│ ├── ClientSecretPostAuthenticationMethodTest.php
│ └── NoneAuthenticationMethodTest.php
├── ClientConfigurationEndpoint
│ ├── ClientConfigurationEndpointTest.php
│ ├── ClientConfigurationRouteRule.php
│ └── ClientRegistrationManagementRuleTest.php
├── ClientCredentialsGrant
│ └── ClientCredentialsGrantTypeTest.php
├── ClientRegistrationEndpoint
│ ├── ClientRegistrationEndpointTest.php
│ ├── InitialAccessToken.php
│ ├── InitialAccessTokenMiddlewareTest.php
│ └── InitialAccessTokenTest.php
├── ClientRule
│ ├── ApplicationTypeParameterRuleTest.php
│ ├── ClientIdIssuedAtRuleTest.php
│ ├── CommonParametersRuleTest.php
│ ├── ContactsParametersRuleTest.php
│ └── RedirectionUriRuleTest.php
├── Core
│ ├── AccessToken
│ │ ├── AccessTokenIntrospectionTypeHintTest.php
│ │ ├── AccessTokenRevocationTypeHintTest.php
│ │ └── AccessTokenTest.php
│ ├── DataBag
│ │ └── DataBagTest.php
│ └── TokenType
│ │ ├── TokenTypeMiddlewareTest.php
│ │ ├── TokenTypeParameterCheckerTest.php
│ │ └── TokenTypeTest.php
├── FakeAuthorizationRequestStorage.php
├── FakeConsentHandler.php
├── FakeFormPostRenderer.php
├── FakeLoginHandler.php
├── FakeSelectAccountHandler.php
├── ImplicitGrant
│ ├── AccessToken.php
│ ├── ImplicitGrantTypeTest.php
│ └── TokenResponseTypeTest.php
├── JwtBearerGrant
│ └── JwtBearerGrantTypeTest.php
├── MetadataEndpoint
│ ├── MetadataEndpointTest.php
│ └── MetadataTest.php
├── NoneGrant
│ └── TokenResponseTypeTest.php
├── OAuth2TestCase.php
├── OpenIdConnect
│ └── IdTokenAlgorithmsRuleTest.php
├── RefreshTokenGrant
│ ├── RefreshToken.php
│ ├── RefreshTokenGrantTypeTest.php
│ ├── RefreshTokenRevocationTypeHintTest.php
│ └── RefreshTokenTest.php
├── ResourceOwnerPasswordCredentialsGrant
│ └── ResourceOwnerPasswordCredentialsGrantTypeTest.php
├── ResourceServerAuthentication
│ └── AuthenticationMethodManagerTest.php
├── Scope
│ ├── AccessToken.php
│ ├── ScopeParameterCheckerTest.php
│ ├── ScopePolicyDefaultRuleTest.php
│ ├── ScopePolicyManagerTest.php
│ ├── ScopePolicyRuleTest.php
│ ├── ScopeRuleTest.php
│ └── TokenEndpointScopeExtensionTest.php
├── TokenEndpoint
│ ├── AccessToken.php
│ ├── FooGrantType.php
│ ├── GrantTypeMiddlewareTest.php
│ ├── GrantTypesRuleTest.php
│ └── TokenEndpointTest.php
├── TokenIntrospectionEndpoint
│ └── TokenIntrospectionEndpointTest.php
├── TokenRevocationEndpoint
│ ├── TokenRevocationGetEndpointTest.php
│ └── TokenRevocationPostEndpointTest.php
└── WebFingerEndpoint
│ └── WebFingerEndpointTest.php
├── ComposerJsonTest.php
├── SecurityBundle
└── Functional
│ └── Security
│ └── SecurityBundleTest.php
├── ServerBundle
└── Functional
│ ├── ClientRegistration
│ └── ClientRegistrationEndpointTest.php
│ ├── DataFixtureTestCase.php
│ ├── Grant
│ ├── AuthorizationCode
│ │ ├── AuthorizationCodeGrantTest.php
│ │ └── AuthorizationEndpointTest.php
│ ├── ClientCredentials
│ │ └── ClientCredentialsGrantTest.php
│ ├── Implicit
│ │ └── ImplicitGrantTest.php
│ ├── JwtBearer
│ │ └── JwtBearerGrantTest.php
│ ├── RefreshToken
│ │ └── RefreshTokenGrantTest.php
│ └── ResourceOwnerPasswordCredentialsGrant
│ │ └── ResourceOwnerPasswordCredentialsGrantTest.php
│ ├── Metadata
│ └── MetadataEndpointTest.php
│ └── Revocation
│ └── AccessToken
│ └── RevocationEndpointTest.php
├── TestBundle
├── Controller
│ ├── ApiController.php
│ └── DocumentationController.php
├── DependencyInjection
│ └── TestExtension.php
├── Entity
│ ├── AccessToken.php
│ ├── AuthorizationCode.php
│ ├── Client.php
│ ├── InitialAccessToken.php
│ ├── RefreshToken.php
│ ├── ResourceRepository.php
│ ├── ResourceServer.php
│ ├── Scope.php
│ ├── TrustedIssuer.php
│ └── UserAccount.php
├── Repository
│ ├── AccessTokenRepository.php
│ ├── AuthorizationCodeRepository.php
│ ├── AuthorizationRepository.php
│ ├── ClientRepository.php
│ ├── ConsentRepository.php
│ ├── InitialAccessTokenRepository.php
│ ├── RefreshTokenRepository.php
│ ├── ResourceOwnerPasswordCredentialRepository.php
│ ├── ResourceServerRepository.php
│ ├── ScopeRepository.php
│ ├── TrustedIssuerRepository.php
│ └── UserAccountRepository.php
├── Resources
│ └── config
│ │ └── services.php
├── Service
│ ├── ConsentHandler.php
│ ├── LoginHandler.php
│ ├── SymfonyUserAccountDiscovery.php
│ ├── UriPathResolver.php
│ └── UserProvider.php
└── TestBundle.php
├── WebFingerBundle
└── Functional
│ ├── ResourceRepository.php
│ └── WebFingerEndpointTest.php
└── config
├── config_test.yml
├── http.yml
├── jose.yml
├── oauth2_server.yml
├── routing.yml
├── security.yml
└── webfinger.yml
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | patreon: FlorentMorselli
2 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 |
5 | ---
6 |
7 | **Describe the bug**
8 | A clear and concise description of what the bug is.
9 |
10 | **To Reproduce**
11 | Steps to reproduce the behavior:
12 | 1. Go to '...'
13 | 2. Click on '....'
14 | 3. Scroll down to '....'
15 | 4. See error
16 |
17 | **Expected behavior**
18 | A clear and concise description of what you expected to happen.
19 |
20 | **Screenshots**
21 | If applicable, add screenshots to help explain your problem.
22 |
23 | **Desktop (please complete the following information):**
24 | - OS: [e.g. iOS]
25 | - Browser [e.g. chrome, safari]
26 | - Version [e.g. 22]
27 |
28 | **Smartphone (please complete the following information):**
29 | - Device: [e.g. iPhone6]
30 | - OS: [e.g. iOS8.1]
31 | - Browser [e.g. stock browser, safari]
32 | - Version [e.g. 22]
33 |
34 | **Additional context**
35 | Add any other context about the problem here.
36 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 |
5 | ---
6 |
7 | **Is your feature request related to a problem? Please describe.**
8 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
9 |
10 | **Describe the solution you'd like**
11 | A clear and concise description of what you want to happen.
12 |
13 | **Describe alternatives you've considered**
14 | A clear and concise description of any alternative solutions or features you've considered.
15 |
16 | **Additional context**
17 | Add any other context or screenshots about the feature request here.
18 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: composer
4 | directory: "/"
5 | schedule:
6 | interval: daily
7 | time: "04:00"
8 | open-pull-requests-limit: 10
--------------------------------------------------------------------------------
/.github/workflows/coding-standards.yml:
--------------------------------------------------------------------------------
1 | name: Coding Standards
2 |
3 | on: [push]
4 |
5 | jobs:
6 | tests:
7 | runs-on: ${{ matrix.operating-system }}
8 | strategy:
9 | matrix:
10 | operating-system: [ubuntu-latest]
11 | php-versions: ['8.0']
12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v2
17 | with:
18 | ref: ${{ github.head_ref }}
19 |
20 | - name: Setup PHP, with composer and extensions
21 | uses: shivammathur/setup-php@v2
22 | with:
23 | php-version: ${{ matrix.php-versions }}
24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid
25 | coverage: xdebug
26 |
27 | - name: Install Composer dependencies
28 | run: |
29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader
30 |
31 | - name: PHP-CS-FIXER
32 | run: make ci-cs
33 |
--------------------------------------------------------------------------------
/.github/workflows/rector_checkstyle.yaml:
--------------------------------------------------------------------------------
1 | name: Rector Checkstyle
2 |
3 | on: [push]
4 |
5 | jobs:
6 | tests:
7 | runs-on: ${{ matrix.operating-system }}
8 | strategy:
9 | matrix:
10 | operating-system: [ ubuntu-latest ]
11 | php-versions: ['8.0']
12 | steps:
13 | - name: Checkout
14 | uses: actions/checkout@v2
15 | with:
16 | ref: ${{ github.head_ref }}
17 |
18 | - name: Setup PHP, with composer and extensions
19 | uses: shivammathur/setup-php@v2
20 | with:
21 | php-version: ${{ matrix.php-versions }}
22 | extensions: json, mbstring, openssl, sqlite3, curl, uuid
23 | coverage: none
24 |
25 | - name: Install Composer dependencies
26 | run: composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader
27 |
28 | - name: Rector
29 | run: make rector
30 |
--------------------------------------------------------------------------------
/.github/workflows/static-analyze.yml:
--------------------------------------------------------------------------------
1 | name: Static Analyze
2 |
3 | on: [push]
4 |
5 | jobs:
6 | tests:
7 | runs-on: ${{ matrix.operating-system }}
8 | strategy:
9 | matrix:
10 | operating-system: [ubuntu-latest]
11 | php-versions: ['8.0']
12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v2
17 | with:
18 | ref: ${{ github.head_ref }}
19 |
20 | - name: Setup PHP, with composer and extensions
21 | uses: shivammathur/setup-php@v2
22 | with:
23 | php-version: ${{ matrix.php-versions }}
24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid
25 | coverage: xdebug
26 |
27 | - name: Install Composer dependencies
28 | run: |
29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader
30 |
31 | - name: PHPStan
32 | run: make st
33 |
--------------------------------------------------------------------------------
/.github/workflows/tests.yml:
--------------------------------------------------------------------------------
1 | name: Unit and Functional Tests
2 |
3 | on: [push]
4 |
5 | jobs:
6 | tests:
7 | runs-on: ${{ matrix.operating-system }}
8 | strategy:
9 | matrix:
10 | operating-system: [ ubuntu-latest ]
11 | php-versions: ['8.0']
12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v2
17 | with:
18 | ref: ${{ github.head_ref }}
19 |
20 | - name: Setup PHP, with composer and extensions
21 | uses: shivammathur/setup-php@v2
22 | with:
23 | php-version: ${{ matrix.php-versions }}
24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid
25 | coverage: xdebug
26 |
27 | - name: Install Composer dependencies
28 | run: |
29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader
30 |
31 | - name: Run tests
32 | run: make ci-cc
33 |
--------------------------------------------------------------------------------
/.github/workflows/twig-lint.yml:
--------------------------------------------------------------------------------
1 | name: Twig Lint
2 |
3 | on: [push]
4 |
5 | jobs:
6 | tests:
7 | runs-on: ${{ matrix.operating-system }}
8 | strategy:
9 | matrix:
10 | operating-system: [ ubuntu-latest ]
11 | php-versions: ['8.0']
12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
13 |
14 | steps:
15 | - name: Checkout
16 | uses: actions/checkout@v2
17 | with:
18 | ref: ${{ github.head_ref }}
19 |
20 | - name: Setup PHP, with composer and extensions
21 | uses: shivammathur/setup-php@v2
22 | with:
23 | php-version: ${{ matrix.php-versions }}
24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid
25 | coverage: xdebug
26 |
27 | - name: Install Composer dependencies
28 | run: |
29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader
30 |
31 | - name: Run tests
32 | run: make te
33 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.cache
2 | composer.lock
3 | oidctest/
4 |
--------------------------------------------------------------------------------
/infection.json.dist:
--------------------------------------------------------------------------------
1 | {
2 | "timeout": 10,
3 | "source": {
4 | "directories": [
5 | "src"
6 | ]
7 | },
8 | "logs": {
9 | "text": "infection-log.txt"
10 | }
11 | }
12 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationCodeGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/oauth2-framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationCodeGrant/AuthorizationCodeId.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationCodeGrant/PKCEMethod/PKCEMethod.php:
--------------------------------------------------------------------------------
1 | pkceMethods[$method->name()] = $method;
24 |
25 | return $this;
26 | }
27 |
28 | public function has(string $method): bool
29 | {
30 | return array_key_exists($method, $this->pkceMethods);
31 | }
32 |
33 | public function get(string $method): PKCEMethod
34 | {
35 | return $this->pkceMethods[$method];
36 | }
37 |
38 | /**
39 | * @return string[]
40 | */
41 | public function names(): array
42 | {
43 | return array_keys($this->pkceMethods);
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationCodeGrant/PKCEMethod/Plain.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/AuthorizationRequestHandler.php:
--------------------------------------------------------------------------------
1 | authorization;
25 | }
26 |
27 | public function getErrorDescription(): ?string
28 | {
29 | return $this->errorDescription;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/Extension/Extension.php:
--------------------------------------------------------------------------------
1 | extensions[] = $extension;
25 |
26 | return $this;
27 | }
28 |
29 | public function process(ServerRequestInterface $request, AuthorizationRequest $authorization): void
30 | {
31 | foreach ($this->extensions as $extension) {
32 | $extension->process($request, $authorization);
33 | }
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/Hook/AuthorizationEndpointHook.php:
--------------------------------------------------------------------------------
1 | hasQueryParam('state')) {
22 | return;
23 | }
24 |
25 | $authorization->setResponseParameter('state', $authorization->getQueryParam('state'));
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/README.md:
--------------------------------------------------------------------------------
1 | Authorization Endpoint for the OAuth2 Framework
2 | ===============================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/ResponseMode/FormPostResponseRenderer.php:
--------------------------------------------------------------------------------
1 | checkers[] = $checker;
24 |
25 | return $this;
26 | }
27 |
28 | public function isAuthenticationNeeded(AuthorizationRequest $authorization): bool
29 | {
30 | foreach ($this->checkers as $checker) {
31 | if ($checker->isAuthenticationNeeded($authorization)) {
32 | return true;
33 | }
34 | }
35 |
36 | return false;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Component/AuthorizationEndpoint/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/AuthorizationHeaderTokenFinder.php:
--------------------------------------------------------------------------------
1 | getHeader('AUTHORIZATION');
19 |
20 | foreach ($authorizationHeaders as $header) {
21 | if (preg_match('/' . preg_quote('Bearer', '/') . '\s([a-zA-Z0-9\-_\+~\/\.]+)/', $header, $matches) === 1) {
22 | return $matches[1];
23 | }
24 | }
25 |
26 | return null;
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/QueryStringTokenFinder.php:
--------------------------------------------------------------------------------
1 | getQueryParams();
19 |
20 | return $params['access_token'] ?? null;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/README.md:
--------------------------------------------------------------------------------
1 | Bearer Token Type for the OAuth2 Framework
2 | ==========================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/RequestBodyTokenFinder.php:
--------------------------------------------------------------------------------
1 | get('access_token');
22 | } catch (Throwable) {
23 | return null;
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Component/BearerTokenType/TokenFinder.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ClientAuthentication/README.md:
--------------------------------------------------------------------------------
1 | Client Authentication for the OAuth2 Framework
2 | ==============================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ClientAuthentication/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ClientConfigurationEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/ClientConfigurationEndpoint/README.md:
--------------------------------------------------------------------------------
1 | Client Configuration Endpoint for the OAuth2 Framework
2 | ======================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ClientConfigurationEndpoint/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ClientCredentialsGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/ClientCredentialsGrant/README.md:
--------------------------------------------------------------------------------
1 | Resource Owner Password Credentials Grant for the OAuth2 Framework
2 | ==================================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ClientCredentialsGrant/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ClientRegistrationEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/ClientRegistrationEndpoint/InitialAccessToken.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/ClientRegistrationEndpoint/InitialAccessTokenRepository.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ClientRule/ClientIdIssuedAtRule.php:
--------------------------------------------------------------------------------
1 | has('client_id_issued_at')) {
19 | $validatedParameters->set('client_id_issued_at', $commandParameters->get('client_id_issued_at'));
20 | } else {
21 | $validatedParameters->set('client_id_issued_at', time());
22 | }
23 |
24 | return $next->handle($clientId, $commandParameters, $validatedParameters);
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Component/ClientRule/README.md:
--------------------------------------------------------------------------------
1 | Client Rule for the OAuth2 Framework
2 | ====================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ClientRule/Rule.php:
--------------------------------------------------------------------------------
1 | callback = $callback;
21 | }
22 |
23 | public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters): DataBag
24 | {
25 | return call_user_func($this->callback, $clientId, $commandParameters, $validatedParameters);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/ClientRule/composer.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "oauth2-framework/client-rule",
3 | "type": "library",
4 | "description": "Client Rule for the OAuth2 Framework",
5 | "license": "MIT",
6 | "keywords": ["RFC6749", "RFC6750", "oauth2", "framework", "client", "rule", "library"],
7 | "homepage": "https://oauth2-framework.spomky-labs.com/",
8 | "authors": [
9 | {
10 | "name": "Florent Morselli",
11 | "homepage": "https://github.com/Spomky"
12 | },
13 | {
14 | "name": "All contributors",
15 | "homepage": "https://github.com/OAuth2-Framework/oauth2-framework/contributors"
16 | }
17 | ],
18 | "require": {
19 | "php": "^8.1",
20 | "league/uri": "^5.3",
21 | "oauth2-framework/core": "^2.0"
22 | },
23 | "autoload": {
24 | "psr-4": {
25 | "OAuth2Framework\\Component\\ClientRule\\": ""
26 | }
27 | },
28 | "config": {
29 | "sort-packages": true
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/Component/ClientRule/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/Core/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/oauth2-framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/Core/AccessToken/AccessTokenId.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/Core/Client/ClientId.php:
--------------------------------------------------------------------------------
1 | generator->valid()) {
26 | return $this->delegate->handle($request);
27 | }
28 |
29 | $current = $this->generator->current();
30 | $this->generator->next();
31 |
32 | return $current->process($request, $this);
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/Component/Core/Middleware/OAuth2MessageMiddleware.php:
--------------------------------------------------------------------------------
1 | handle($request);
25 | } catch (OAuth2Error $e) {
26 | return $this->auth2messageFactoryManager->getResponse($e);
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/Component/Core/Middleware/TerminalRequestHandler.php:
--------------------------------------------------------------------------------
1 | responseFactory = new Psr17Factory();
20 | }
21 |
22 | public function handle(ServerRequestInterface $request): ResponseInterface
23 | {
24 | return $this->responseFactory->createResponse();
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Component/Core/README.md:
--------------------------------------------------------------------------------
1 | Core component for the OAuth2 Framework
2 | =================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/Core/ResourceOwner/ResourceOwner.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public function getValue(): string
22 | {
23 | return $this->value;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/Component/Core/ResourceServer/ResourceServer.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/Core/ResourceServer/ResourceServerRepository.php:
--------------------------------------------------------------------------------
1 | tokenTypeParameterAllowed || ! $authorization->hasQueryParam('token_type')) {
25 | return $this->tokenTypeManager->getDefault();
26 | }
27 |
28 | return $this->tokenTypeManager->get($authorization->getQueryParam('token_type'));
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/Core/TrustedIssuer/TrustedIssuer.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ImplicitGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/ImplicitGrant/README.md:
--------------------------------------------------------------------------------
1 | Implicit Grant for the OAuth2 Framework
2 | =======================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ImplicitGrant/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/JwtBearerGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/JwtBearerGrant/README.md:
--------------------------------------------------------------------------------
1 | JWT Bearer Grant for the OAuth2 Framework
2 | =========================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/JwtBearerGrant/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/MetadataEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/MetadataEndpoint/Metadata.php:
--------------------------------------------------------------------------------
1 | values);
17 | }
18 |
19 | /**
20 | * @return mixed|null
21 | */
22 | public function get(string $key)
23 | {
24 | if (! $this->has($key)) {
25 | throw new InvalidArgumentException(sprintf('The value with key "%s" does not exist.', $key));
26 | }
27 |
28 | return $this->values[$key];
29 | }
30 |
31 | public function set(string $key, mixed $value): static
32 | {
33 | $this->values[$key] = $value;
34 |
35 | return $this;
36 | }
37 |
38 | public function all(): array
39 | {
40 | return $this->values;
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/src/Component/MetadataEndpoint/README.md:
--------------------------------------------------------------------------------
1 | Metadata Endpoint for the OAuth2 Framework
2 | ==========================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/MetadataEndpoint/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/NoneGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/NoneGrant/AuthorizationStorage.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/IdTokenId.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Address.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/AuthenticationTime.php:
--------------------------------------------------------------------------------
1 | getLastLoginAt() !== null;
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->getLastLoginAt();
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Birthdate.php:
--------------------------------------------------------------------------------
1 | has(self::CLAIM_NAME);
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get(self::CLAIM_NAME);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Claim.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/EmailVerified.php:
--------------------------------------------------------------------------------
1 | has(self::CLAIM_NAME);
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get(self::CLAIM_NAME);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/FamilyName.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Gender.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/GivenName.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Locale.php:
--------------------------------------------------------------------------------
1 | has(self::CLAIM_NAME);
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get(self::CLAIM_NAME);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/MiddleName.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Name.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Nickname.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/PhoneNumber.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/PhoneNumberVerified.php:
--------------------------------------------------------------------------------
1 | has(self::CLAIM_NAME);
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get(self::CLAIM_NAME);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Picture.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/PreferredUsername.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Profile.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Source.php:
--------------------------------------------------------------------------------
1 | availableClaims = $availableClaims;
22 | $this->source = $source;
23 | }
24 |
25 | /**
26 | * @return string[]
27 | */
28 | public function getAvailableClaims(): array
29 | {
30 | return $this->availableClaims;
31 | }
32 |
33 | public function getSource(): array
34 | {
35 | return $this->source;
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/UpdatedAt.php:
--------------------------------------------------------------------------------
1 | getLastUpdateAt() !== null;
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->getLastUpdateAt();
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Website.php:
--------------------------------------------------------------------------------
1 | has($this->getComputedClaimName($claimLocale));
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get($this->getComputedClaimName($claimLocale));
26 | }
27 |
28 | private function getComputedClaimName(?string $claimLocale): string
29 | {
30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME;
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Claim/Zoneinfo.php:
--------------------------------------------------------------------------------
1 | has(self::CLAIM_NAME);
21 | }
22 |
23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale)
24 | {
25 | return $userAccount->get(self::CLAIM_NAME);
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/Component/OpenIdConnect/UserInfo/Pairwise/PairwiseSubjectIdentifierAlgorithm.php:
--------------------------------------------------------------------------------
1 | getValue();
19 | }
20 |
21 | public static function create(string $value): static
22 | {
23 | return new self($value);
24 | }
25 |
26 | public function getValue(): string
27 | {
28 | return $this->value;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/Component/RefreshTokenGrant/RefreshTokenRepository.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ResourceOwnerPasswordCredentialsGrant/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/ResourceOwnerPasswordCredentialsGrant/README.md:
--------------------------------------------------------------------------------
1 | Client Credentials Grant for the OAuth2 Framework
2 | =================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ResourceOwnerPasswordCredentialsGrant/ResourceOwnerPasswordCredentialManager.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/ResourceServerAuthentication/README.md:
--------------------------------------------------------------------------------
1 | Client Authentication for the OAuth2 Framework
2 | ==============================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/ResourceServerAuthentication/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/Scope/Checker.php:
--------------------------------------------------------------------------------
1 | 1) {
16 | throw new InvalidArgumentException(sprintf('Scope "%s" appears more than once.', $scope));
17 | }
18 | }
19 |
20 | public static function checkCharset(string $scope): void
21 | {
22 | if (preg_match('/^[\x20\x23-\x5B\x5D-\x7E]+$/', $scope) !== 1) {
23 | throw new InvalidArgumentException('Scope contains illegal characters.');
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/Component/Scope/Policy/DefaultScopePolicy.php:
--------------------------------------------------------------------------------
1 | has('default_scope') ? $client->get('default_scope') : $this->getDefaultScopes();
29 | }
30 |
31 | private function getDefaultScopes(): string
32 | {
33 | return $this->defaultScopes;
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/Component/Scope/Policy/ErrorScopePolicy.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/TokenEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/TokenEndpoint/Extension/TokenEndpointExtension.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/TokenIntrospectionEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/TokenIntrospectionEndpoint/README.md:
--------------------------------------------------------------------------------
1 | Token Introspection Endpoint for the OAuth2 Framework
2 | =====================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/TokenIntrospectionEndpoint/TokenTypeHint.php:
--------------------------------------------------------------------------------
1 | tokenTypeHints;
25 | }
26 |
27 | public function add(TokenTypeHint $tokenTypeHint): static
28 | {
29 | $this->tokenTypeHints[$tokenTypeHint->hint()] = $tokenTypeHint;
30 |
31 | return $this;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/Component/TokenIntrospectionEndpoint/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/TokenRevocationEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/TokenRevocationEndpoint/README.md:
--------------------------------------------------------------------------------
1 | Token Revocation Endpoint for the OAuth2 Framework
2 | ==================================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/TokenRevocationEndpoint/TokenRevocationPostEndpoint.php:
--------------------------------------------------------------------------------
1 | $parameters->get('token'),
18 | 'token_type_hint' => $parameters->get('token_type_hint'),
19 | ], static function (null|string $item): bool {
20 | return $item !== null;
21 | });
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/Component/TokenRevocationEndpoint/TokenTypeHint.php:
--------------------------------------------------------------------------------
1 | tokenTypeHints;
25 | }
26 |
27 | public function add(TokenTypeHint $tokenTypeHint): static
28 | {
29 | $this->tokenTypeHints[$tokenTypeHint->hint()] = $tokenTypeHint;
30 |
31 | return $this;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/Component/TokenRevocationEndpoint/phpunit.xml.dist:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/IdentifierResolver/Identifier.php:
--------------------------------------------------------------------------------
1 | id;
24 | }
25 |
26 | public function getDomain(): string
27 | {
28 | return $this->domain;
29 | }
30 |
31 | public function getPort(): ?int
32 | {
33 | return $this->port;
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/IdentifierResolver/IdentifierResolver.php:
--------------------------------------------------------------------------------
1 | resolvers[] = $resolver;
24 |
25 | return $this;
26 | }
27 |
28 | public function resolve(string $resource): Identifier
29 | {
30 | foreach ($this->resolvers as $resolver) {
31 | if ($resolver->supports($resource)) {
32 | return $resolver->resolve($resource);
33 | }
34 | }
35 |
36 | throw new InvalidArgumentException('Resource not supported.');
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/IdentifierResolver/UriResolver.php:
--------------------------------------------------------------------------------
1 | getScheme() === 'https' && $uri->getHost() !== null && $userInfo->getUser() !== null;
23 | }
24 |
25 | public function resolve(string $resource): Identifier
26 | {
27 | $uri = Uri::createFromString($resource);
28 | $userInfo = UserInfo::createFromUri($uri);
29 |
30 | return Identifier::create($userInfo->getUser(), $uri->getHost(), $uri->getPort());
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/README.md:
--------------------------------------------------------------------------------
1 | WebFinger Endpoint for the OAuth2 Framework
2 | ===========================================
3 |
4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY.
5 |
6 | **Please do not submit any Pull Request here.**
7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead.
8 |
9 | # Documentation
10 |
11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/
12 |
13 | # Licence
14 |
15 | This software is release under [MIT licence](LICENSE).
16 |
--------------------------------------------------------------------------------
/src/Component/WebFingerEndpoint/ResourceRepository.php:
--------------------------------------------------------------------------------
1 |
2 |
12 |
13 |
14 | ./Tests/
15 |
16 |
17 |
18 |
19 |
20 | ./
21 |
22 | ./vendor
23 | ./Tests
24 | ./src
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/src/SecurityBundle/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/SecurityBundle/Annotation/Checker/Checker.php:
--------------------------------------------------------------------------------
1 | getClientId() === null) {
16 | return;
17 | }
18 |
19 | if ($configuration->getClientId() !== $token->getClientId()) {
20 | throw new Exception('Client not authorized.');
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/SecurityBundle/Annotation/Checker/ResourceOwnerIdChecker.php:
--------------------------------------------------------------------------------
1 | getResourceOwnerId() === null) {
16 | return;
17 | }
18 |
19 | if ($configuration->getResourceOwnerId() !== $token->getResourceOwnerId()) {
20 | throw new Exception('Resource owner not authorized.');
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/SecurityBundle/Annotation/Checker/TokenTypeChecker.php:
--------------------------------------------------------------------------------
1 | getTokenType() === null) {
16 | return;
17 | }
18 |
19 | if ($configuration->getTokenType() !== $token->getTokenType()) {
20 | throw new Exception(sprintf(
21 | 'Token type "%s" not allowed. Please use "%s"',
22 | $token->getTokenType(),
23 | $configuration->getTokenType()
24 | ));
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/SecurityBundle/DependencyInjection/Compiler/TokenTypeCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition('oauth2_security.token_type_manager')) {
16 | return;
17 | }
18 |
19 | $definition = $container->getDefinition('oauth2_security.token_type_manager');
20 | $taggedServices = $container->findTaggedServiceIds('oauth2_security_token_type');
21 | foreach ($taggedServices as $id => $tags) {
22 | $definition->addMethodCall('add', [new Reference($id)]);
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/SecurityBundle/DependencyInjection/OAuth2FrameworkSecurityExtension.php:
--------------------------------------------------------------------------------
1 | registerForAutoconfiguration(Checker::class)->addTag('oauth2_security_annotation_checker');
18 |
19 | $loader = new PhpFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config/'));
20 | $loader->load('security.php');
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/src/SecurityBundle/Security/Authentication/AccessTokenBadge.php:
--------------------------------------------------------------------------------
1 | accessToken->isRevoked() && ! $this->accessToken->hasExpired();
25 | }
26 |
27 | public function getAccessToken(): AccessToken
28 | {
29 | return $this->accessToken;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/src/SecurityBundle/Security/Authentication/ResourceOwner.php:
--------------------------------------------------------------------------------
1 | id;
38 | }
39 |
40 | public function getUsername(): string
41 | {
42 | return $this->id;
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/src/ServerBundle/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/ClientRule/ClientRuleCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(RuleManager::class)) {
17 | return;
18 | }
19 |
20 | $client_manager = $container->getDefinition(RuleManager::class);
21 |
22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_client_rule');
23 | foreach ($taggedServices as $id => $attributes) {
24 | $client_manager->addMethodCall('add', [new Reference($id)]);
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Component.php:
--------------------------------------------------------------------------------
1 | hasDefinition('twig.loader.filesystem')) {
15 | return;
16 | }
17 |
18 | $loader = $container->getDefinition('twig.loader.filesystem');
19 | $loader->addMethodCall('addPath', [__DIR__ . '/../../../../Resources/views', 'OAuth2FrameworkServerBundle']);
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Endpoint/JwksUri/JwksUriEndpointRouteCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(MetadataBuilder::class) || ! $container->has(
16 | 'jose.key_set.oauth2_server.endpoint.jwks_uri'
17 | )) {
18 | return;
19 | }
20 |
21 | $routeName = 'jwkset_jose.controller.oauth2_server.endpoint.jwks_uri';
22 | $definition = $container->getDefinition(MetadataBuilder::class);
23 | $definition->addMethodCall('addRoute', ['jwks_uri', $routeName]);
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Endpoint/Metadata/Compiler/CommonMetadataCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(MetadataBuilder::class)) {
16 | return;
17 | }
18 |
19 | $metadata = $container->getDefinition(MetadataBuilder::class);
20 | $issuer = $container->getParameter('oauth2_server.server_uri');
21 | $metadata->addMethodCall('addKeyValuePair', ['issuer', $issuer]);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Endpoint/Metadata/Compiler/CustomRoutesCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(MetadataBuilder::class)) {
16 | return;
17 | }
18 |
19 | $definition = $container->getDefinition(MetadataBuilder::class);
20 | $customRoutes = $container->getParameter('oauth2_server.endpoint.metadata.custom_routes');
21 | foreach ($customRoutes as $key => $parameters) {
22 | $definition->addMethodCall('addRoute', [$key, $parameters['route_name'], $parameters['route_parameters']]);
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Endpoint/Metadata/Compiler/CustomValuesCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(MetadataBuilder::class)) {
16 | return;
17 | }
18 |
19 | $definition = $container->getDefinition(MetadataBuilder::class);
20 | $customValues = $container->getParameter('oauth2_server.endpoint.metadata.custom_values');
21 | foreach ($customValues as $key => $parameters) {
22 | $definition->addMethodCall('addKeyValuePair', [$key, $parameters]);
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/OpenIdConnect/Compiler/ClaimCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(ClaimManager::class)) {
17 | return;
18 | }
19 |
20 | $definition = $container->getDefinition(ClaimManager::class);
21 |
22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_claim');
23 | foreach ($taggedServices as $id => $attributes) {
24 | $definition->addMethodCall('add', [new Reference($id)]);
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/OpenIdConnect/Compiler/ClaimSourceCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(ClaimSourceManager::class)) {
17 | return;
18 | }
19 |
20 | $definition = $container->getDefinition(ClaimSourceManager::class);
21 |
22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_claim_source');
23 | foreach ($taggedServices as $id => $attributes) {
24 | $definition->addMethodCall('add', [new Reference($id)]);
25 | }
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/OpenIdConnect/Compiler/UserInfoPairwiseSubjectCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasAlias('oauth2_server.openid_connect.pairwise.service')) {
17 | return;
18 | }
19 |
20 | $definition = $container->getDefinition(UserInfo::class);
21 | $definition->addMethodCall(
22 | 'enablePairwiseSubject',
23 | [new Reference('oauth2_server.openid_connect.pairwise.service')]
24 | );
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/ServerBundle/Component/Scope/Compiler/ScopeMetadataCompilerPass.php:
--------------------------------------------------------------------------------
1 | hasDefinition(MetadataBuilder::class) || ! $container->hasAlias(ScopeRepository::class)) {
18 | return;
19 | }
20 | $metadata = $container->getDefinition(MetadataBuilder::class);
21 | $metadata->addMethodCall('setScopeRepository', [new Reference(ScopeRepository::class)]);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/src/ServerBundle/DependencyInjection/Compiler/HttpClientCompilerPass.php:
--------------------------------------------------------------------------------
1 | has(ClientInterface::class)) {
18 | return;
19 | }
20 | if (! $container->has(Psr18Client::class)) {
21 | $container->setDefinition(Psr18Client::class, new Definition(Psr18Client::class));
22 | }
23 |
24 | $container->setAlias(ClientInterface::class, Psr18Client::class);
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/ServerBundle/DependencyInjection/Configuration.php:
--------------------------------------------------------------------------------
1 | alias);
25 | $rootNode = $treeBuilder->getRootNode();
26 |
27 | foreach ($this->components as $component) {
28 | $component->getNodeDefinition($rootNode, $rootNode);
29 | }
30 |
31 | return $treeBuilder;
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/client_authentication/client_assertion_jwt.php:
--------------------------------------------------------------------------------
1 | services()
11 | ->defaults()
12 | ->private()
13 | ->autoconfigure()
14 | ;
15 |
16 | $container->set(ClientAssertionJwt::class)
17 | ->args([
18 | service('jose.jws_verifier.client_authentication.client_assertion_jwt'),
19 | service('jose.header_checker.client_authentication.client_assertion_jwt'),
20 | service('jose.claim_checker.client_authentication.client_assertion_jwt'),
21 | '%oauth2_server.client_authentication.client_assertion_jwt.secret_lifetime%',
22 | ])
23 | ;
24 | };
25 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/client_authentication/client_secret_basic.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ;
14 |
15 | $container->set(ClientSecretBasic::class)
16 | ->args([
17 | '%oauth2_server.client_authentication.client_secret_basic.realm%',
18 | '%oauth2_server.client_authentication.client_secret_basic.secret_lifetime%',
19 | ])
20 | ;
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/client_authentication/client_secret_post.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ;
14 |
15 | $container->set(ClientSecretPost::class)
16 | ->args(['%oauth2_server.client_authentication.client_secret_post.secret_lifetime%'])
17 | ;
18 | };
19 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/client_authentication/none.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ;
14 |
15 | $container->set(None::class);
16 | };
17 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/core/access_token.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ;
13 |
14 | $container->set(RouteLoader::class)
15 | ->tag('routing.loader')
16 | ;
17 | };
18 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/doctrine-mapping/AccessToken/AbstractAccessToken.orm.yml:
--------------------------------------------------------------------------------
1 | OAuth2Framework\Component\Core\AccessToken\AbstractAccessToken:
2 | type: mappedSuperclass
3 | fields:
4 | expiresAt:
5 | type: date_immutable
6 | resourceOwnerId:
7 | type: resource_owner_id
8 | clientId:
9 | type: client_id
10 | parameter:
11 | type: databag
12 | metadata:
13 | type: databag
14 | revoked:
15 | type: boolean
16 | resourceServerId:
17 | type: resource_server_id
18 | nullable: true
19 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/doctrine-mapping/AuthorizationCodeGrant/AbstractAuthorizationCode.orm.yml:
--------------------------------------------------------------------------------
1 | OAuth2Framework\Component\AuthorizationCodeGrant\AbstractAuthorizationCode:
2 | type: mappedSuperclass
3 | fields:
4 | queryParameters:
5 | type: array
6 | redirectUri:
7 | type: string
8 | used:
9 | type: boolean
10 | expiresAt:
11 | type: date_immutable
12 | userAccountId:
13 | type: user_account_id
14 | clientId:
15 | type: client_id
16 | parameter:
17 | type: databag
18 | metadata:
19 | type: databag
20 | revoked:
21 | type: boolean
22 | resourceServerId:
23 | type: resource_server_id
24 | nullable: true
25 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/doctrine-mapping/Client/AbstractClient.orm.yml:
--------------------------------------------------------------------------------
1 | OAuth2Framework\Component\Core\Client\AbstractClient:
2 | type: mappedSuperclass
3 | fields:
4 | ownerId:
5 | type: resource_owner_id
6 | nullable: true
7 | parameter:
8 | type: databag
9 | deleted:
10 | type: boolean
11 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/doctrine-mapping/ClientRegistrationEndpoint/AbstractAccessToken.orm.yml:
--------------------------------------------------------------------------------
1 | OAuth2Framework\Component\ClientRegistrationEndpoint\AbstractInitialAccessToken:
2 | type: mappedSuperclass
3 | fields:
4 | expiresAt:
5 | type: date_immutable
6 | userAccountId:
7 | type: user_account_id
8 | revoked:
9 | type: boolean
10 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/doctrine-mapping/RefreshTokenGrant/AbstractAccessToken.orm.yml:
--------------------------------------------------------------------------------
1 | OAuth2Framework\Component\RefreshTokenGrant\AbstractRefreshToken:
2 | type: mappedSuperclass
3 | fields:
4 | accessTokenIds:
5 | type: array
6 | expiresAt:
7 | type: date_immutable
8 | resourceOwnerId:
9 | type: resource_owner_id
10 | clientId:
11 | type: client_id
12 | parameter:
13 | type: databag
14 | metadata:
15 | type: databag
16 | revoked:
17 | type: boolean
18 | resourceServerId:
19 | type: resource_server_id
20 | nullable: true
21 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/endpoint/authorization/form_post_response_mode.php:
--------------------------------------------------------------------------------
1 | services()
12 | ->defaults()
13 | ->private()
14 | ->autoconfigure()
15 | ;
16 |
17 | $container->set(TwigFormPostResponseRenderer::class)
18 | ->args([service('twig'), '%oauth2_server.endpoint.authorization.response_mode.form_post.template%'])
19 | ;
20 |
21 | $container->set(FormPostResponseMode::class)
22 | ->args([service(TwigFormPostResponseRenderer::class)])
23 | ;
24 | };
25 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/endpoint/authorization/sector_identifier_uri.php:
--------------------------------------------------------------------------------
1 | services()
11 | ->defaults()
12 | ->private()
13 | ->autoconfigure()
14 | ;
15 |
16 | $container->set(SectorIdentifierUriRule::class)
17 | ->args([service('oauth2_server.http_client')])
18 | ;
19 | };
20 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/grant/client_credentials.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ;
14 |
15 | $container->set(ClientCredentialsGrantType::class);
16 | };
17 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/grant/grant.php:
--------------------------------------------------------------------------------
1 | services()
12 | ->defaults()
13 | ->private()
14 | ->autoconfigure()
15 | ->autowire()
16 | ;
17 |
18 | $container->set(GrantTypeManager::class);
19 | $container->set(ResponseTypeManager::class);
20 | $container->set(GrantTypesRule::class);
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/grant/implicit.php:
--------------------------------------------------------------------------------
1 | services()
14 | ->defaults()
15 | ->private()
16 | ->autoconfigure()
17 | ;
18 |
19 | $container->set(ImplicitGrantType::class);
20 |
21 | $container->set(TokenResponseType::class)
22 | ->args([
23 | service(AccessTokenRepository::class),
24 | '%oauth2_server.access_token_lifetime%',
25 | service(TokenTypeGuesser::class),
26 | ])
27 | ;
28 | };
29 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/grant/none.php:
--------------------------------------------------------------------------------
1 | services()
11 | ->defaults()
12 | ->private()
13 | ->autoconfigure()
14 | ;
15 |
16 | $container->set(NoneResponseType::class)
17 | ->args([service('oauth2_server.grant.none.authorization_storage')])
18 | ;
19 | };
20 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/openid_connect/id_token_hint.php:
--------------------------------------------------------------------------------
1 | services()
11 | ->defaults()
12 | ->private()
13 | ->autoconfigure()
14 | ;
15 |
16 | $container->set(IdTokenLoader::class)
17 | ->args([
18 | service('jose.jws_loader.oauth2_server.openid_connect.id_token.signature'),
19 | service('jose.key_set.oauth2_server.openid_connect.id_token'),
20 | '%oauth2_server.openid_connect.id_token.signature_algorithms%',
21 | ])
22 | ;
23 | };
24 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/openid_connect/response_type/code_id_token.php:
--------------------------------------------------------------------------------
1 | services()
13 | ->defaults()
14 | ->private()
15 | ->autoconfigure()
16 | ;
17 |
18 | $container->set(CodeIdTokenResponseType::class)
19 | ->args([service(AuthorizationCodeResponseType::class), service(IdTokenResponseType::class)])
20 | ;
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/openid_connect/response_type/code_token.php:
--------------------------------------------------------------------------------
1 | services()
13 | ->defaults()
14 | ->private()
15 | ->autoconfigure()
16 | ;
17 |
18 | $container->set(CodeTokenResponseType::class)
19 | ->args([service(AuthorizationCodeResponseType::class), service(TokenResponseType::class)])
20 | ;
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/openid_connect/response_type/id_token_token.php:
--------------------------------------------------------------------------------
1 | services()
13 | ->defaults()
14 | ->private()
15 | ->autoconfigure()
16 | ;
17 |
18 | $container->set(IdTokenTokenResponseType::class)
19 | ->args([service(IdTokenResponseType::class), service(TokenResponseType::class)])
20 | ;
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/openid_connect/userinfo_scope_support.php:
--------------------------------------------------------------------------------
1 | services()
13 | ->defaults()
14 | ->private()
15 | ->autoconfigure()
16 | ;
17 |
18 | $container->set(AddressScopeSupport::class);
19 | $container->set(EmailScopeSupport::class);
20 | $container->set(PhoneScopeSupport::class);
21 | $container->set(ProfileScopeSupport::class);
22 | };
23 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/resource_server/authentication_middleware.php:
--------------------------------------------------------------------------------
1 | services()
13 | ->defaults()
14 | ->private()
15 | ->autoconfigure()
16 | ;
17 |
18 | $container->set(AuthenticationMiddleware::class)
19 | ->args([service(ResourceServerRepository::class), service(AuthenticationMethodManager::class)])
20 | ;
21 | };
22 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/resource_server/resource_server.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ;
14 |
15 | $container->set(AuthenticationMethodManager::class);
16 | };
17 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/routing/routing.yml:
--------------------------------------------------------------------------------
1 | oauth2_server_routes:
2 | resource: '.'
3 | type: 'oauth2_server'
4 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/scope/policy.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ->autowire()
14 | ;
15 |
16 | $container->set(ScopePolicyRule::class);
17 | };
18 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/scope/policy_default.php:
--------------------------------------------------------------------------------
1 | services()
11 | ->defaults()
12 | ->private()
13 | ->autoconfigure()
14 | ->autowire()
15 | ;
16 |
17 | $container->set(DefaultScopePolicy::class)
18 | ->args(['%oauth2_server.scope.policy.default.scope%'])
19 | ->tag('oauth2_server_scope_policy', [
20 | 'policy_name' => 'default',
21 | ])
22 | ;
23 |
24 | $container->set(ScopePolicyDefaultRule::class)
25 | ->tag('oauth2_server_client_rule')
26 | ;
27 | };
28 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/scope/policy_error.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ->autowire()
14 | ;
15 |
16 | $container->set(ErrorScopePolicy::class)
17 | ->args(['%oauth2_server.scope.policy.default.scope%'])
18 | ->tag('oauth2_server_scope_policy', [
19 | 'policy_name' => 'error',
20 | ])
21 | ;
22 | };
23 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/config/token_type/bearer_token.php:
--------------------------------------------------------------------------------
1 | services()
10 | ->defaults()
11 | ->private()
12 | ->autoconfigure()
13 | ->autowire()
14 | ;
15 |
16 | $container->set(BearerToken::class)
17 | ->args(['Unused', false, false, false])
18 | ->tag('oauth2_server_token_type', [
19 | 'scheme' => 'Bearer',
20 | ])
21 | ;
22 | };
23 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/translations/OAuth2FrameworkServer.en.yml:
--------------------------------------------------------------------------------
1 | authorization:
2 | form:
3 | save: "Allow next authorization requests for this client with the same parameters"
4 | accept: 'Accept'
5 | reject: 'Reject'
6 | message: 'A client, with public Id "%client_id%", needs your authorization to get access on your resources.'
7 | scope: "The client requests access to the following scope(s)"
8 | no_scope: "The client does not request any scope"
9 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/translations/OAuth2FrameworkServer.fr.yml:
--------------------------------------------------------------------------------
1 | authorization:
2 | form:
3 | save: "Autoriser les futures requêtes de ce client avec les mêmes paramètres."
4 | accept: "Accepter"
5 | reject: "Rejeter"
6 | message: "Un client, avec l'ID publique « %client_id% », a besoin de votre autorisation pour accéder à vos resources."
7 | scope: "Le client souhaite avoir accès aux scopes suivants"
8 | no_scope: "Le client n'a demandé l'accès à aucun scope"
9 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/translations/validators.en.yml:
--------------------------------------------------------------------------------
1 | spomky_labs:
2 | oauth2_server:
3 | password:
4 | mismatch: 'The entered passwords do not match'
5 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/translations/validators.fr.yml:
--------------------------------------------------------------------------------
1 | spomky_labs:
2 | oauth2_server:
3 | password:
4 | mismatch: 'Les deux mots de passe ne sont pas identiques'
5 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/views/form_post/response.html.twig:
--------------------------------------------------------------------------------
1 | {% spaceless %}
2 |
3 |
4 | {% include "@OAuth2FrameworkServerBundle/form_post/response_header.html.twig" %}
5 | {% include "@OAuth2FrameworkServerBundle/form_post/response_body.html.twig" %}
6 |
7 | {% endspaceless %}
8 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/views/form_post/response_body.html.twig:
--------------------------------------------------------------------------------
1 | {% spaceless %}
2 |
3 |
8 |
9 | {% endspaceless %}
10 |
--------------------------------------------------------------------------------
/src/ServerBundle/Resources/views/form_post/response_header.html.twig:
--------------------------------------------------------------------------------
1 | {% spaceless %}
2 |
3 | Authorization Form
4 |
5 |
6 |
7 | {% endspaceless %}
8 |
--------------------------------------------------------------------------------
/src/ServerBundle/Service/IgnoreAccountSelectionHandler.php:
--------------------------------------------------------------------------------
1 | templateEngine->render(
21 | $this->template,
22 | [
23 | 'redirect_uri' => $redirectUri,
24 | 'inputs' => $data,
25 | ]
26 | );
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | Please do not send any PR here.
2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework
3 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/Middleware/Consumer.php:
--------------------------------------------------------------------------------
1 | generator->valid()) {
26 | return $this->delegate->handle($request);
27 | }
28 |
29 | $current = $this->generator->current();
30 | $this->generator->next();
31 |
32 | return $current->process($request, $this);
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/Middleware/Pipe.php:
--------------------------------------------------------------------------------
1 | middlewares[] = $value;
23 | }
24 |
25 | public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
26 | {
27 | return (new Consumer($this->getGenerator(), $handler))->handle($request);
28 | }
29 |
30 | private function getGenerator(): Generator
31 | {
32 | yield from $this->middlewares;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/Middleware/TerminalRequestHandler.php:
--------------------------------------------------------------------------------
1 | createResponse();
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/OAuth2FrameworkWebFingerBundle.php:
--------------------------------------------------------------------------------
1 | addCompilerPass(new IdentifierResolverCompilerPass());
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/src/WebFingerBundle/Resources/config/routing/routing.php:
--------------------------------------------------------------------------------
1 | import('.', 'webfinger');
9 | };
10 |
--------------------------------------------------------------------------------
/tests/Component/AuthorizationEndpoint/ResponseTypeManagerTest.php:
--------------------------------------------------------------------------------
1 | expectException(InvalidArgumentException::class);
21 | $this->expectExceptionMessage('The response type "bar" is not supported.');
22 | $manager = $this->getResponseTypeManager();
23 |
24 | static::assertTrue($manager->has('code'));
25 | static::assertFalse($manager->has('bar'));
26 | static::assertSame(['token', 'none', 'code'], $manager->list());
27 | static::assertCount(3, $manager->all());
28 |
29 | $manager->get('bar');
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/tests/Component/ClientConfigurationEndpoint/ClientConfigurationRouteRule.php:
--------------------------------------------------------------------------------
1 | getValue());
15 | }
16 |
17 | protected function generateRegistrationAccessToken(): string
18 | {
19 | return base64_encode(random_bytes(16));
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/tests/Component/Core/DataBag/DataBagTest.php:
--------------------------------------------------------------------------------
1 | 'bar',
22 | ]);
23 | $data->set('foo', 'BAR');
24 |
25 | static::assertInstanceOf(DataBag::class, $data);
26 | static::assertTrue($data->has('foo'));
27 | static::assertFalse($data->has('---'));
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/tests/Component/Core/TokenType/TokenTypeMiddlewareTest.php:
--------------------------------------------------------------------------------
1 | expectException(InvalidArgumentException::class);
22 | $this->expectExceptionMessage('Unsupported token type "bar".');
23 | $request = $this->buildRequest('GET', [
24 | 'token_type' => 'bar',
25 | ]);
26 |
27 | $this->getTokenTypeMiddleware()
28 | ->process($request, new TerminalRequestHandler())
29 | ;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/tests/Component/FakeConsentHandler.php:
--------------------------------------------------------------------------------
1 | createResponse(303);
22 |
23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/consent');
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/tests/Component/FakeFormPostRenderer.php:
--------------------------------------------------------------------------------
1 | createResponse(303);
22 |
23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/login');
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/tests/Component/FakeSelectAccountHandler.php:
--------------------------------------------------------------------------------
1 | createResponse(303);
22 |
23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/select_account');
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/tests/Component/MetadataEndpoint/MetadataTest.php:
--------------------------------------------------------------------------------
1 | has('foo'));
23 | $metadata->set('foo', 'bar');
24 | static::assertTrue($metadata->has('foo'));
25 | static::assertSame('bar', $metadata->get('foo'));
26 |
27 | try {
28 | $metadata->get('bar');
29 | } catch (InvalidArgumentException $e) {
30 | static::assertSame('The value with key "bar" does not exist.', $e->getMessage());
31 | }
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/tests/Component/ResourceServerAuthentication/AuthenticationMethodManagerTest.php:
--------------------------------------------------------------------------------
1 | getAuthenticationMethodManager()
26 | ->list());
27 | static::assertCount(4, $this->getAuthenticationMethodManager()->all());
28 | static::assertSame(
29 | ['Basic realm="My Service",charset="UTF-8"'],
30 | $this->getAuthenticationMethodManager()
31 | ->getSchemesParameters()
32 | );
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/tests/TestBundle/DependencyInjection/TestExtension.php:
--------------------------------------------------------------------------------
1 | load('services.php');
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/tests/TestBundle/Entity/Client.php:
--------------------------------------------------------------------------------
1 | clientId;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/tests/TestBundle/Entity/ResourceServer.php:
--------------------------------------------------------------------------------
1 | resourceServerId;
25 | }
26 |
27 | public function getAuthenticationMethod(): string
28 | {
29 | return 'none';
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/tests/TestBundle/Repository/AuthorizationRepository.php:
--------------------------------------------------------------------------------
1 | authorizations[] = $authorization;
25 | }
26 |
27 | /**
28 | * @return AuthorizationRequest[]
29 | */
30 | public function getAuthorizations(): array
31 | {
32 | return $this->authorizations;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/tests/TestBundle/Repository/ConsentRepository.php:
--------------------------------------------------------------------------------
1 | getClient()
15 | ->getClientId()
16 | ->getValue() === 'CLIENT_ID_2' && $authorizationRequest->getUserAccount()
17 | ->getPublicId()
18 | ->getValue() === 'john.1'
19 | ;
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/tests/TestBundle/Repository/ResourceServerRepository.php:
--------------------------------------------------------------------------------
1 | getValue() === 'http://foo.com') {
17 | return new ResourceServer($resourceServerId);
18 | }
19 |
20 | return null;
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/tests/TestBundle/Repository/TrustedIssuerRepository.php:
--------------------------------------------------------------------------------
1 |
15 | */
16 | private array $trustedIssuers = [];
17 |
18 | public function save(TrustedIssuerInterface $trustedIssuer): void
19 | {
20 | $this->trustedIssuers[$trustedIssuer->name()] = $trustedIssuer;
21 | }
22 |
23 | public function find(string $trustedIssuer): ?TrustedIssuerInterface
24 | {
25 | return $this->trustedIssuers[$trustedIssuer] ?? null;
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/tests/TestBundle/TestBundle.php:
--------------------------------------------------------------------------------
1 |