├── .github ├── FUNDING.yml ├── dependabot.yml ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── workflows │ ├── rector_checkstyle.yaml │ ├── twig-lint.yml │ ├── static-analyze.yml │ ├── tests.yml │ └── coding-standards.yml ├── .gitignore ├── tests ├── config │ ├── http.yml │ ├── webfinger.yml │ ├── jose.yml │ └── routing.yml ├── TestBundle │ ├── TestBundle.php │ ├── DependencyInjection │ │ └── TestExtension.php │ ├── Repository │ │ ├── ConsentRepository.php │ │ ├── ResourceServerRepository.php │ │ ├── TrustedIssuerRepository.php │ │ └── AuthorizationRepository.php │ └── Entity │ │ ├── ResourceServer.php │ │ └── Client.php └── Component │ ├── FakeFormPostRenderer.php │ ├── ClientConfigurationEndpoint │ └── ClientConfigurationRouteRule.php │ ├── Core │ ├── DataBag │ │ └── DataBagTest.php │ └── TokenType │ │ └── TokenTypeMiddlewareTest.php │ ├── FakeLoginHandler.php │ ├── FakeConsentHandler.php │ ├── FakeSelectAccountHandler.php │ ├── AuthorizationEndpoint │ └── ResponseTypeManagerTest.php │ ├── MetadataEndpoint │ └── MetadataTest.php │ └── ResourceServerAuthentication │ └── AuthenticationMethodManagerTest.php ├── src ├── ServerBundle │ ├── Resources │ │ ├── config │ │ │ ├── routing │ │ │ │ └── routing.yml │ │ │ ├── core │ │ │ │ ├── client.php │ │ │ │ ├── access_token.php │ │ │ │ └── services.php │ │ │ ├── doctrine-mapping │ │ │ │ ├── Client │ │ │ │ │ └── AbstractClient.orm.yml │ │ │ │ ├── ClientRegistrationEndpoint │ │ │ │ │ └── AbstractAccessToken.orm.yml │ │ │ │ ├── AccessToken │ │ │ │ │ └── AbstractAccessToken.orm.yml │ │ │ │ ├── RefreshTokenGrant │ │ │ │ │ └── AbstractAccessToken.orm.yml │ │ │ │ └── AuthorizationCodeGrant │ │ │ │ │ └── AbstractAuthorizationCode.orm.yml │ │ │ ├── client_authentication │ │ │ │ ├── none.php │ │ │ │ ├── client_secret_post.php │ │ │ │ ├── client_secret_basic.php │ │ │ │ └── client_assertion_jwt.php │ │ │ ├── scope │ │ │ │ ├── policy.php │ │ │ │ ├── policy_error.php │ │ │ │ └── policy_default.php │ │ │ ├── grant │ │ │ │ ├── client_credentials.php │ │ │ │ ├── none.php │ │ │ │ ├── grant.php │ │ │ │ └── implicit.php │ │ │ ├── resource_server │ │ │ │ ├── resource_server.php │ │ │ │ └── authentication_middleware.php │ │ │ ├── token_type │ │ │ │ └── bearer_token.php │ │ │ ├── endpoint │ │ │ │ └── authorization │ │ │ │ │ ├── sector_identifier_uri.php │ │ │ │ │ └── form_post_response_mode.php │ │ │ └── openid_connect │ │ │ │ ├── id_token_hint.php │ │ │ │ ├── response_type │ │ │ │ ├── id_token_token.php │ │ │ │ ├── code_token.php │ │ │ │ └── code_id_token.php │ │ │ │ └── userinfo_scope_support.php │ │ ├── translations │ │ │ ├── validators.en.yml │ │ │ ├── validators.fr.yml │ │ │ ├── OAuth2FrameworkServer.en.yml │ │ │ └── OAuth2FrameworkServer.fr.yml │ │ └── views │ │ │ └── form_post │ │ │ ├── response.html.twig │ │ │ ├── response_header.html.twig │ │ │ └── response_body.html.twig │ ├── .github │ │ └── PULL_REQUEST_TEMPLATE.md │ ├── Service │ │ ├── IgnoreAccountSelectionHandler.php │ │ └── TwigFormPostResponseRenderer.php │ ├── Component │ │ ├── Component.php │ │ ├── Endpoint │ │ │ ├── Authorization │ │ │ │ └── Compiler │ │ │ │ │ └── TemplatePathCompilerPass.php │ │ │ ├── Metadata │ │ │ │ └── Compiler │ │ │ │ │ ├── CommonMetadataCompilerPass.php │ │ │ │ │ ├── CustomValuesCompilerPass.php │ │ │ │ │ └── CustomRoutesCompilerPass.php │ │ │ └── JwksUri │ │ │ │ └── JwksUriEndpointRouteCompilerPass.php │ │ ├── Scope │ │ │ └── Compiler │ │ │ │ └── ScopeMetadataCompilerPass.php │ │ ├── ClientRule │ │ │ └── ClientRuleCompilerPass.php │ │ └── OpenIdConnect │ │ │ └── Compiler │ │ │ ├── UserInfoPairwiseSubjectCompilerPass.php │ │ │ ├── ClaimCompilerPass.php │ │ │ └── ClaimSourceCompilerPass.php │ └── DependencyInjection │ │ ├── Compiler │ │ └── HttpClientCompilerPass.php │ │ └── Configuration.php ├── Component │ ├── Core │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── UserAccount │ │ │ ├── UserAccountRepository.php │ │ │ ├── UserAccountId.php │ │ │ └── UserAccount.php │ │ ├── TrustedIssuer │ │ │ ├── TrustedIssuerRepository.php │ │ │ └── TrustedIssuer.php │ │ ├── ResourceServer │ │ │ ├── ResourceServer.php │ │ │ ├── ResourceServerRepository.php │ │ │ └── ResourceServerId.php │ │ ├── Message │ │ │ ├── MessageExtension.php │ │ │ └── Factory │ │ │ │ ├── BadRequestResponseFactory.php │ │ │ │ ├── AccessDeniedResponseFactory.php │ │ │ │ ├── NotImplementedResponseFactory.php │ │ │ │ ├── MethodNotAllowedResponseFactory.php │ │ │ │ └── ResponseFactory.php │ │ ├── Client │ │ │ ├── ClientId.php │ │ │ └── ClientRepository.php │ │ ├── ResourceOwner │ │ │ ├── ResourceOwner.php │ │ │ └── ResourceOwnerId.php │ │ ├── README.md │ │ ├── AccessToken │ │ │ └── AccessTokenId.php │ │ ├── Middleware │ │ │ ├── TerminalRequestHandler.php │ │ │ ├── Consumer.php │ │ │ └── OAuth2MessageMiddleware.php │ │ ├── phpunit.xml.dist │ │ ├── composer.json │ │ └── TokenType │ │ │ └── TokenTypeGuesser.php │ ├── ImplicitGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── NoneGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── AuthorizationStorage.php │ │ ├── README.md │ │ ├── phpunit.xml.dist │ │ └── composer.json │ ├── OpenIdConnect │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── UserInfo │ │ │ ├── ScopeSupport │ │ │ │ ├── UserInfoScopeSupport.php │ │ │ │ ├── OpenIdScopeSupport.php │ │ │ │ ├── AddressScopeSupport.php │ │ │ │ ├── EmailScopeSupport.php │ │ │ │ ├── PhoneScopeSupport.php │ │ │ │ └── ProfileScopeSupport.php │ │ │ ├── Claim │ │ │ │ ├── ClaimSource.php │ │ │ │ ├── Claim.php │ │ │ │ ├── Locale.php │ │ │ │ ├── Birthdate.php │ │ │ │ ├── Zoneinfo.php │ │ │ │ ├── UpdatedAt.php │ │ │ │ ├── EmailVerified.php │ │ │ │ ├── AuthenticationTime.php │ │ │ │ ├── PhoneNumberVerified.php │ │ │ │ ├── Source.php │ │ │ │ ├── Name.php │ │ │ │ ├── Email.php │ │ │ │ ├── Gender.php │ │ │ │ ├── Address.php │ │ │ │ ├── Picture.php │ │ │ │ ├── Profile.php │ │ │ │ ├── Website.php │ │ │ │ ├── GivenName.php │ │ │ │ ├── Nickname.php │ │ │ │ ├── FamilyName.php │ │ │ │ ├── MiddleName.php │ │ │ │ ├── PhoneNumber.php │ │ │ │ └── PreferredUsername.php │ │ │ └── Pairwise │ │ │ │ └── PairwiseSubjectIdentifierAlgorithm.php │ │ └── IdTokenId.php │ ├── TokenEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ ├── phpunit.xml.dist │ │ ├── Extension │ │ │ └── TokenEndpointExtension.php │ │ └── GrantType.php │ ├── BearerTokenType │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── TokenFinder.php │ │ ├── QueryStringTokenFinder.php │ │ ├── README.md │ │ ├── RequestBodyTokenFinder.php │ │ ├── AuthorizationHeaderTokenFinder.php │ │ ├── phpunit.xml.dist │ │ └── composer.json │ ├── JwtBearerGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── MetadataEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ ├── phpunit.xml.dist │ │ └── Metadata.php │ ├── RefreshTokenGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ ├── RefreshTokenId.php │ │ ├── phpunit.xml.dist │ │ └── RefreshTokenRepository.php │ ├── WebFingerEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── IdentifierResolver │ │ │ ├── IdentifierResolver.php │ │ │ ├── Identifier.php │ │ │ ├── UriResolver.php │ │ │ └── IdentifierResolverManager.php │ │ ├── ResourceRepository.php │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── AuthorizationCodeGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── PKCEMethod │ │ │ ├── PKCEMethod.php │ │ │ ├── Plain.php │ │ │ ├── S256.php │ │ │ └── PKCEMethodManager.php │ │ ├── README.md │ │ ├── AuthorizationCodeId.php │ │ └── phpunit.xml.dist │ ├── AuthorizationEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── ResponseMode │ │ │ ├── FormPostResponseRenderer.php │ │ │ └── ResponseMode.php │ │ ├── User │ │ │ ├── UserAccountDiscovery.php │ │ │ ├── UserAuthenticationChecker.php │ │ │ ├── AuthenticationContextClassReferenceSupport.php │ │ │ ├── AuthenticationMethodReferenceSupport.php │ │ │ └── UserAuthenticationCheckerManager.php │ │ ├── ConsentHandler.php │ │ ├── LoginHandler.php │ │ ├── ParameterChecker │ │ │ ├── ParameterChecker.php │ │ │ └── StateParameterChecker.php │ │ ├── SelectAccountHandler.php │ │ ├── AuthorizationRequestHandler.php │ │ ├── Extension │ │ │ ├── Extension.php │ │ │ └── ExtensionManager.php │ │ ├── Hook │ │ │ └── AuthorizationEndpointHook.php │ │ ├── README.md │ │ ├── Consent │ │ │ └── ConsentRepository.php │ │ ├── AuthorizationRequestStorage.php │ │ ├── Exception │ │ │ └── OAuth2AuthorizationException.php │ │ └── phpunit.xml.dist │ ├── ClientCredentialsGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── TokenRevocationEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── TokenTypeHint.php │ │ ├── README.md │ │ ├── TokenTypeHintManager.php │ │ ├── TokenRevocationPostEndpoint.php │ │ └── phpunit.xml.dist │ ├── ClientConfigurationEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── ClientRegistrationEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── README.md │ │ ├── InitialAccessTokenId.php │ │ ├── InitialAccessToken.php │ │ ├── InitialAccessTokenRepository.php │ │ └── phpunit.xml.dist │ ├── TokenIntrospectionEndpoint │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── TokenTypeHint.php │ │ ├── README.md │ │ ├── TokenTypeHintManager.php │ │ └── phpunit.xml.dist │ ├── ResourceOwnerPasswordCredentialsGrant │ │ ├── .github │ │ │ └── PULL_REQUEST_TEMPLATE.md │ │ ├── ResourceOwnerWithPasswordCredential.php │ │ ├── ResourceOwnerPasswordCredentialManager.php │ │ ├── README.md │ │ └── phpunit.xml.dist │ ├── Scope │ │ ├── ScopeRepository.php │ │ ├── Scope.php │ │ ├── Policy │ │ │ ├── NoScopePolicy.php │ │ │ ├── ScopePolicy.php │ │ │ ├── ErrorScopePolicy.php │ │ │ └── DefaultScopePolicy.php │ │ ├── README.md │ │ ├── Checker.php │ │ └── phpunit.xml.dist │ ├── ClientRule │ │ ├── Rule.php │ │ ├── README.md │ │ ├── RuleHandler.php │ │ ├── ClientIdIssuedAtRule.php │ │ ├── phpunit.xml.dist │ │ └── composer.json │ ├── ClientAuthentication │ │ ├── README.md │ │ └── phpunit.xml.dist │ └── ResourceServerAuthentication │ │ ├── README.md │ │ └── phpunit.xml.dist ├── SecurityBundle │ ├── .github │ │ └── PULL_REQUEST_TEMPLATE.md │ ├── Annotation │ │ └── Checker │ │ │ ├── Checker.php │ │ │ ├── ClientIdChecker.php │ │ │ ├── ResourceOwnerIdChecker.php │ │ │ └── TokenTypeChecker.php │ ├── DependencyInjection │ │ ├── OAuth2FrameworkSecurityExtension.php │ │ └── Compiler │ │ │ └── TokenTypeCompilerPass.php │ └── Security │ │ └── Authentication │ │ ├── AccessTokenBadge.php │ │ └── ResourceOwner.php └── WebFingerBundle │ ├── .github │ └── PULL_REQUEST_TEMPLATE.md │ ├── Resources │ └── config │ │ └── routing │ │ └── routing.php │ ├── Middleware │ ├── TerminalRequestHandler.php │ ├── Consumer.php │ └── Pipe.php │ └── OAuth2FrameworkWebFingerBundle.php └── infection.json.dist /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | patreon: FlorentMorselli 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.cache 2 | composer.lock 3 | oidctest/ 4 | -------------------------------------------------------------------------------- /tests/config/http.yml: -------------------------------------------------------------------------------- 1 | services: 2 | _defaults: 3 | public: true 4 | 5 | Nyholm\Psr7\Factory\Psr17Factory: ~ 6 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/routing/routing.yml: -------------------------------------------------------------------------------- 1 | oauth2_server_routes: 2 | resource: '.' 3 | type: 'oauth2_server' 4 | -------------------------------------------------------------------------------- /tests/config/webfinger.yml: -------------------------------------------------------------------------------- 1 | webfinger: 2 | path: '/.well-known/webfinger' 3 | resource_repository: 'OAuth2Framework\Tests\TestBundle\Entity\ResourceRepository' 4 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/translations/validators.en.yml: -------------------------------------------------------------------------------- 1 | spomky_labs: 2 | oauth2_server: 3 | password: 4 | mismatch: 'The entered passwords do not match' 5 | -------------------------------------------------------------------------------- /src/ServerBundle/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/Core/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/oauth2-framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/SecurityBundle/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/translations/validators.fr.yml: -------------------------------------------------------------------------------- 1 | spomky_labs: 2 | oauth2_server: 3 | password: 4 | mismatch: 'Les deux mots de passe ne sont pas identiques' 5 | -------------------------------------------------------------------------------- /src/WebFingerBundle/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/ImplicitGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/NoneGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/TokenEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /tests/config/jose.yml: -------------------------------------------------------------------------------- 1 | jose: 2 | jku_factory: 3 | enabled: true 4 | client: 'Psr\Http\Client\ClientInterface' 5 | request_factory: 'Nyholm\Psr7\Factory\Psr17Factory' 6 | -------------------------------------------------------------------------------- /src/Component/BearerTokenType/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/JwtBearerGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/MetadataEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/RefreshTokenGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/WebFingerEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/oauth2-framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/ClientCredentialsGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/TokenRevocationEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: composer 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | time: "04:00" 8 | open-pull-requests-limit: 10 -------------------------------------------------------------------------------- /src/Component/ClientConfigurationEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/ClientRegistrationEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/TokenIntrospectionEndpoint/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /src/Component/ResourceOwnerPasswordCredentialsGrant/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Please do not send any PR here. 2 | PRs should be send to the main repository at https://github.com/OAuth2-Framework/oauth2-framework 3 | -------------------------------------------------------------------------------- /infection.json.dist: -------------------------------------------------------------------------------- 1 | { 2 | "timeout": 10, 3 | "source": { 4 | "directories": [ 5 | "src" 6 | ] 7 | }, 8 | "logs": { 9 | "text": "infection-log.txt" 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/core/client.php: -------------------------------------------------------------------------------- 1 | import('.', 'webfinger'); 9 | }; 10 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/views/form_post/response.html.twig: -------------------------------------------------------------------------------- 1 | {% spaceless %} 2 | 3 | 4 | {% include "@OAuth2FrameworkServerBundle/form_post/response_header.html.twig" %} 5 | {% include "@OAuth2FrameworkServerBundle/form_post/response_body.html.twig" %} 6 | 7 | {% endspaceless %} 8 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/views/form_post/response_header.html.twig: -------------------------------------------------------------------------------- 1 | {% spaceless %} 2 | 3 | Authorization Form 4 | 5 | 6 | 7 | {% endspaceless %} 8 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/ResponseMode/FormPostResponseRenderer.php: -------------------------------------------------------------------------------- 1 | 3 |
4 | {% for key,value in inputs %} 5 | 6 | {% endfor %} 7 |
8 | 9 | {% endspaceless %} 10 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/PKCEMethod/PKCEMethod.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ; 14 | 15 | $container->set(None::class); 16 | }; 17 | -------------------------------------------------------------------------------- /tests/TestBundle/TestBundle.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ; 13 | 14 | $container->set(RouteLoader::class) 15 | ->tag('routing.loader') 16 | ; 17 | }; 18 | -------------------------------------------------------------------------------- /src/Component/Core/ResourceServer/ResourceServerRepository.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ->autowire() 14 | ; 15 | 16 | $container->set(ScopePolicyRule::class); 17 | }; 18 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/grant/client_credentials.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ; 14 | 15 | $container->set(ClientCredentialsGrantType::class); 16 | }; 17 | -------------------------------------------------------------------------------- /src/Component/Core/ResourceOwner/ResourceOwnerId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public function getValue(): string 22 | { 23 | return $this->value; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/Component/Core/TrustedIssuer/TrustedIssuer.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ; 14 | 15 | $container->set(AuthenticationMethodManager::class); 16 | }; 17 | -------------------------------------------------------------------------------- /tests/config/routing.yml: -------------------------------------------------------------------------------- 1 | # API & Login Routes 2 | test: 3 | resource: '@TestBundle/Controller' 4 | type: 'annotation' 5 | # Jose Routes 6 | jwkset_endpoint: 7 | resource: "@JoseFrameworkBundle/Resources/config/routing/jwkset_controller.php" 8 | prefix: '/keys' 9 | 10 | # OAuth2FrameworkServerBundle Routes 11 | oauth2: 12 | resource: '@OAuth2FrameworkServerBundle/Resources/config/routing/routing.yml' 13 | 14 | # OAuth2FrameworkWebFingerBundle Routes 15 | webfinger: 16 | resource: '@OAuth2FrameworkWebFingerBundle/Resources/config/routing/routing.php' 17 | -------------------------------------------------------------------------------- /src/Component/Scope/Policy/NoScopePolicy.php: -------------------------------------------------------------------------------- 1 | createResponse(); 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /src/ServerBundle/Service/IgnoreAccountSelectionHandler.php: -------------------------------------------------------------------------------- 1 | getQueryParams(); 19 | 20 | return $params['access_token'] ?? null; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /tests/Component/FakeFormPostRenderer.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ; 14 | 15 | $container->set(ClientSecretPost::class) 16 | ->args(['%oauth2_server.client_authentication.client_secret_post.secret_lifetime%']) 17 | ; 18 | }; 19 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/README.md: -------------------------------------------------------------------------------- 1 | Authorization Endpoint for the OAuth2 Framework 2 | =============================================== 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/Component/ClientAuthentication/README.md: -------------------------------------------------------------------------------- 1 | Client Authentication for the OAuth2 Framework 2 | ============================================== 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/IdTokenId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/README.md: -------------------------------------------------------------------------------- 1 | Authorization Code Grant for the OAuth2 Framework 2 | ================================================= 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/Component/ResourceServerAuthentication/README.md: -------------------------------------------------------------------------------- 1 | Client Authentication for the OAuth2 Framework 2 | ============================================== 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/Component/Core/AccessToken/AccessTokenId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/Component/TokenRevocationEndpoint/README.md: -------------------------------------------------------------------------------- 1 | Token Revocation Endpoint for the OAuth2 Framework 2 | ================================================== 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/Component/RefreshTokenGrant/RefreshTokenId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/grant/none.php: -------------------------------------------------------------------------------- 1 | services() 11 | ->defaults() 12 | ->private() 13 | ->autoconfigure() 14 | ; 15 | 16 | $container->set(NoneResponseType::class) 17 | ->args([service('oauth2_server.grant.none.authorization_storage')]) 18 | ; 19 | }; 20 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/PKCEMethod/S256.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/doctrine-mapping/RefreshTokenGrant/AbstractAccessToken.orm.yml: -------------------------------------------------------------------------------- 1 | OAuth2Framework\Component\RefreshTokenGrant\AbstractRefreshToken: 2 | type: mappedSuperclass 3 | fields: 4 | accessTokenIds: 5 | type: array 6 | expiresAt: 7 | type: date_immutable 8 | resourceOwnerId: 9 | type: resource_owner_id 10 | clientId: 11 | type: client_id 12 | parameter: 13 | type: databag 14 | metadata: 15 | type: databag 16 | revoked: 17 | type: boolean 18 | resourceServerId: 19 | type: resource_server_id 20 | nullable: true 21 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/AuthorizationCodeId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/Component/ClientCredentialsGrant/README.md: -------------------------------------------------------------------------------- 1 | Resource Owner Password Credentials Grant for the OAuth2 Framework 2 | ================================================================== 3 | 4 | This repository is a sub repository of [OAuth2 and OpenId Connect Framework](https://github.com/oauth2-framework/oauth2-framework) project and is READ ONLY. 5 | 6 | **Please do not submit any Pull Request here.** 7 | You should go to [the main repository](https://github.com/oauth2-framework/oauth2-framework) instead. 8 | 9 | # Documentation 10 | 11 | The official documentation is available as https://oauth2-framework.spomky-labs.com/ 12 | 13 | # Licence 14 | 15 | This software is release under [MIT licence](LICENSE). 16 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/token_type/bearer_token.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ->autowire() 14 | ; 15 | 16 | $container->set(BearerToken::class) 17 | ->args(['Unused', false, false, false]) 18 | ->tag('oauth2_server_token_type', [ 19 | 'scheme' => 'Bearer', 20 | ]) 21 | ; 22 | }; 23 | -------------------------------------------------------------------------------- /src/Component/ClientRegistrationEndpoint/InitialAccessTokenId.php: -------------------------------------------------------------------------------- 1 | getValue(); 19 | } 20 | 21 | public static function create(string $value): static 22 | { 23 | return new self($value); 24 | } 25 | 26 | public function getValue(): string 27 | { 28 | return $this->value; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Component.php: -------------------------------------------------------------------------------- 1 | services() 11 | ->defaults() 12 | ->private() 13 | ->autoconfigure() 14 | ; 15 | 16 | $container->set(SectorIdentifierUriRule::class) 17 | ->args([service('oauth2_server.http_client')]) 18 | ; 19 | }; 20 | -------------------------------------------------------------------------------- /tests/TestBundle/DependencyInjection/TestExtension.php: -------------------------------------------------------------------------------- 1 | load('services.php'); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/Component/ClientRegistrationEndpoint/InitialAccessToken.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ->autowire() 14 | ; 15 | 16 | $container->set(ErrorScopePolicy::class) 17 | ->args(['%oauth2_server.scope.policy.default.scope%']) 18 | ->tag('oauth2_server_scope_policy', [ 19 | 'policy_name' => 'error', 20 | ]) 21 | ; 22 | }; 23 | -------------------------------------------------------------------------------- /src/SecurityBundle/Annotation/Checker/ClientIdChecker.php: -------------------------------------------------------------------------------- 1 | getClientId() === null) { 16 | return; 17 | } 18 | 19 | if ($configuration->getClientId() !== $token->getClientId()) { 20 | throw new Exception('Client not authorized.'); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/Component/ClientConfigurationEndpoint/ClientConfigurationRouteRule.php: -------------------------------------------------------------------------------- 1 | getValue()); 15 | } 16 | 17 | protected function generateRegistrationAccessToken(): string 18 | { 19 | return base64_encode(random_bytes(16)); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/Consent/ConsentRepository.php: -------------------------------------------------------------------------------- 1 | callback = $callback; 21 | } 22 | 23 | public function handle(ClientId $clientId, DataBag $commandParameters, DataBag $validatedParameters): DataBag 24 | { 25 | return call_user_func($this->callback, $clientId, $commandParameters, $validatedParameters); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/client_authentication/client_secret_basic.php: -------------------------------------------------------------------------------- 1 | services() 10 | ->defaults() 11 | ->private() 12 | ->autoconfigure() 13 | ; 14 | 15 | $container->set(ClientSecretBasic::class) 16 | ->args([ 17 | '%oauth2_server.client_authentication.client_secret_basic.realm%', 18 | '%oauth2_server.client_authentication.client_secret_basic.secret_lifetime%', 19 | ]) 20 | ; 21 | }; 22 | -------------------------------------------------------------------------------- /tests/Component/Core/DataBag/DataBagTest.php: -------------------------------------------------------------------------------- 1 | 'bar', 22 | ]); 23 | $data->set('foo', 'BAR'); 24 | 25 | static::assertInstanceOf(DataBag::class, $data); 26 | static::assertTrue($data->has('foo')); 27 | static::assertFalse($data->has('---')); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /src/SecurityBundle/Annotation/Checker/ResourceOwnerIdChecker.php: -------------------------------------------------------------------------------- 1 | getResourceOwnerId() === null) { 16 | return; 17 | } 18 | 19 | if ($configuration->getResourceOwnerId() !== $token->getResourceOwnerId()) { 20 | throw new Exception('Resource owner not authorized.'); 21 | } 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /src/Component/BearerTokenType/RequestBodyTokenFinder.php: -------------------------------------------------------------------------------- 1 | get('access_token'); 22 | } catch (Throwable) { 23 | return null; 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Locale.php: -------------------------------------------------------------------------------- 1 | has(self::CLAIM_NAME); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get(self::CLAIM_NAME); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/grant/grant.php: -------------------------------------------------------------------------------- 1 | services() 12 | ->defaults() 13 | ->private() 14 | ->autoconfigure() 15 | ->autowire() 16 | ; 17 | 18 | $container->set(GrantTypeManager::class); 19 | $container->set(ResponseTypeManager::class); 20 | $container->set(GrantTypesRule::class); 21 | }; 22 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Birthdate.php: -------------------------------------------------------------------------------- 1 | has(self::CLAIM_NAME); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get(self::CLAIM_NAME); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Zoneinfo.php: -------------------------------------------------------------------------------- 1 | has(self::CLAIM_NAME); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get(self::CLAIM_NAME); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/TokenRevocationEndpoint/TokenTypeHintManager.php: -------------------------------------------------------------------------------- 1 | tokenTypeHints; 25 | } 26 | 27 | public function add(TokenTypeHint $tokenTypeHint): static 28 | { 29 | $this->tokenTypeHints[$tokenTypeHint->hint()] = $tokenTypeHint; 30 | 31 | return $this; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/UpdatedAt.php: -------------------------------------------------------------------------------- 1 | getLastUpdateAt() !== null; 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->getLastUpdateAt(); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/TokenIntrospectionEndpoint/TokenTypeHintManager.php: -------------------------------------------------------------------------------- 1 | tokenTypeHints; 25 | } 26 | 27 | public function add(TokenTypeHint $tokenTypeHint): static 28 | { 29 | $this->tokenTypeHints[$tokenTypeHint->hint()] = $tokenTypeHint; 30 | 31 | return $this; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/EmailVerified.php: -------------------------------------------------------------------------------- 1 | has(self::CLAIM_NAME); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get(self::CLAIM_NAME); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/AuthorizationRequestStorage.php: -------------------------------------------------------------------------------- 1 | getLastLoginAt() !== null; 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->getLastLoginAt(); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/Scope/Checker.php: -------------------------------------------------------------------------------- 1 | 1) { 16 | throw new InvalidArgumentException(sprintf('Scope "%s" appears more than once.', $scope)); 17 | } 18 | } 19 | 20 | public static function checkCharset(string $scope): void 21 | { 22 | if (preg_match('/^[\x20\x23-\x5B\x5D-\x7E]+$/', $scope) !== 1) { 23 | throw new InvalidArgumentException('Scope contains illegal characters.'); 24 | } 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/doctrine-mapping/AuthorizationCodeGrant/AbstractAuthorizationCode.orm.yml: -------------------------------------------------------------------------------- 1 | OAuth2Framework\Component\AuthorizationCodeGrant\AbstractAuthorizationCode: 2 | type: mappedSuperclass 3 | fields: 4 | queryParameters: 5 | type: array 6 | redirectUri: 7 | type: string 8 | used: 9 | type: boolean 10 | expiresAt: 11 | type: date_immutable 12 | userAccountId: 13 | type: user_account_id 14 | clientId: 15 | type: client_id 16 | parameter: 17 | type: databag 18 | metadata: 19 | type: databag 20 | revoked: 21 | type: boolean 22 | resourceServerId: 23 | type: resource_server_id 24 | nullable: true 25 | -------------------------------------------------------------------------------- /src/Component/Core/Middleware/TerminalRequestHandler.php: -------------------------------------------------------------------------------- 1 | responseFactory = new Psr17Factory(); 20 | } 21 | 22 | public function handle(ServerRequestInterface $request): ResponseInterface 23 | { 24 | return $this->responseFactory->createResponse(); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /tests/TestBundle/Repository/ConsentRepository.php: -------------------------------------------------------------------------------- 1 | getClient() 15 | ->getClientId() 16 | ->getValue() === 'CLIENT_ID_2' && $authorizationRequest->getUserAccount() 17 | ->getPublicId() 18 | ->getValue() === 'john.1' 19 | ; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/PhoneNumberVerified.php: -------------------------------------------------------------------------------- 1 | has(self::CLAIM_NAME); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get(self::CLAIM_NAME); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Endpoint/Authorization/Compiler/TemplatePathCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition('twig.loader.filesystem')) { 15 | return; 16 | } 17 | 18 | $loader = $container->getDefinition('twig.loader.filesystem'); 19 | $loader->addMethodCall('addPath', [__DIR__ . '/../../../../Resources/views', 'OAuth2FrameworkServerBundle']); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/Component/TokenRevocationEndpoint/TokenRevocationPostEndpoint.php: -------------------------------------------------------------------------------- 1 | $parameters->get('token'), 18 | 'token_type_hint' => $parameters->get('token_type_hint'), 19 | ], static function (null|string $item): bool { 20 | return $item !== null; 21 | }); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /tests/Component/FakeLoginHandler.php: -------------------------------------------------------------------------------- 1 | createResponse(303); 22 | 23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/login'); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /tests/Component/FakeConsentHandler.php: -------------------------------------------------------------------------------- 1 | createResponse(303); 22 | 23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/consent'); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/ParameterChecker/StateParameterChecker.php: -------------------------------------------------------------------------------- 1 | hasQueryParam('state')) { 22 | return; 23 | } 24 | 25 | $authorization->setResponseParameter('state', $authorization->getQueryParam('state')); 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/ClientRegistrationEndpoint/InitialAccessTokenRepository.php: -------------------------------------------------------------------------------- 1 | templateEngine->render( 21 | $this->template, 22 | [ 23 | 'redirect_uri' => $redirectUri, 24 | 'inputs' => $data, 25 | ] 26 | ); 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Source.php: -------------------------------------------------------------------------------- 1 | availableClaims = $availableClaims; 22 | $this->source = $source; 23 | } 24 | 25 | /** 26 | * @return string[] 27 | */ 28 | public function getAvailableClaims(): array 29 | { 30 | return $this->availableClaims; 31 | } 32 | 33 | public function getSource(): array 34 | { 35 | return $this->source; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/Component/WebFingerEndpoint/IdentifierResolver/Identifier.php: -------------------------------------------------------------------------------- 1 | id; 24 | } 25 | 26 | public function getDomain(): string 27 | { 28 | return $this->domain; 29 | } 30 | 31 | public function getPort(): ?int 32 | { 33 | return $this->port; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/ScopeSupport/ProfileScopeSupport.php: -------------------------------------------------------------------------------- 1 | getHeader('AUTHORIZATION'); 19 | 20 | foreach ($authorizationHeaders as $header) { 21 | if (preg_match('/' . preg_quote('Bearer', '/') . '\s([a-zA-Z0-9\-_\+~\/\.]+)/', $header, $matches) === 1) { 22 | return $matches[1]; 23 | } 24 | } 25 | 26 | return null; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /tests/Component/FakeSelectAccountHandler.php: -------------------------------------------------------------------------------- 1 | createResponse(303); 22 | 23 | return $response->withHeader('location', 'https://foo.bar/authorization/___ID___/select_account'); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /tests/TestBundle/Repository/ResourceServerRepository.php: -------------------------------------------------------------------------------- 1 | getValue() === 'http://foo.com') { 17 | return new ResourceServer($resourceServerId); 18 | } 19 | 20 | return null; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/openid_connect/id_token_hint.php: -------------------------------------------------------------------------------- 1 | services() 11 | ->defaults() 12 | ->private() 13 | ->autoconfigure() 14 | ; 15 | 16 | $container->set(IdTokenLoader::class) 17 | ->args([ 18 | service('jose.jws_loader.oauth2_server.openid_connect.id_token.signature'), 19 | service('jose.key_set.oauth2_server.openid_connect.id_token'), 20 | '%oauth2_server.openid_connect.id_token.signature_algorithms%', 21 | ]) 22 | ; 23 | }; 24 | -------------------------------------------------------------------------------- /.github/workflows/rector_checkstyle.yaml: -------------------------------------------------------------------------------- 1 | name: Rector Checkstyle 2 | 3 | on: [push] 4 | 5 | jobs: 6 | tests: 7 | runs-on: ${{ matrix.operating-system }} 8 | strategy: 9 | matrix: 10 | operating-system: [ ubuntu-latest ] 11 | php-versions: ['8.0'] 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v2 15 | with: 16 | ref: ${{ github.head_ref }} 17 | 18 | - name: Setup PHP, with composer and extensions 19 | uses: shivammathur/setup-php@v2 20 | with: 21 | php-version: ${{ matrix.php-versions }} 22 | extensions: json, mbstring, openssl, sqlite3, curl, uuid 23 | coverage: none 24 | 25 | - name: Install Composer dependencies 26 | run: composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader 27 | 28 | - name: Rector 29 | run: make rector 30 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/openid_connect/response_type/id_token_token.php: -------------------------------------------------------------------------------- 1 | services() 13 | ->defaults() 14 | ->private() 15 | ->autoconfigure() 16 | ; 17 | 18 | $container->set(IdTokenTokenResponseType::class) 19 | ->args([service(IdTokenResponseType::class), service(TokenResponseType::class)]) 20 | ; 21 | }; 22 | -------------------------------------------------------------------------------- /src/SecurityBundle/Annotation/Checker/TokenTypeChecker.php: -------------------------------------------------------------------------------- 1 | getTokenType() === null) { 16 | return; 17 | } 18 | 19 | if ($configuration->getTokenType() !== $token->getTokenType()) { 20 | throw new Exception(sprintf( 21 | 'Token type "%s" not allowed. Please use "%s"', 22 | $token->getTokenType(), 23 | $configuration->getTokenType() 24 | )); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/openid_connect/response_type/code_token.php: -------------------------------------------------------------------------------- 1 | services() 13 | ->defaults() 14 | ->private() 15 | ->autoconfigure() 16 | ; 17 | 18 | $container->set(CodeTokenResponseType::class) 19 | ->args([service(AuthorizationCodeResponseType::class), service(TokenResponseType::class)]) 20 | ; 21 | }; 22 | -------------------------------------------------------------------------------- /src/Component/ClientRule/ClientIdIssuedAtRule.php: -------------------------------------------------------------------------------- 1 | has('client_id_issued_at')) { 19 | $validatedParameters->set('client_id_issued_at', $commandParameters->get('client_id_issued_at')); 20 | } else { 21 | $validatedParameters->set('client_id_issued_at', time()); 22 | } 23 | 24 | return $next->handle($clientId, $commandParameters, $validatedParameters); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /tests/TestBundle/Entity/ResourceServer.php: -------------------------------------------------------------------------------- 1 | resourceServerId; 25 | } 26 | 27 | public function getAuthenticationMethod(): string 28 | { 29 | return 'none'; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/scope/policy_default.php: -------------------------------------------------------------------------------- 1 | services() 11 | ->defaults() 12 | ->private() 13 | ->autoconfigure() 14 | ->autowire() 15 | ; 16 | 17 | $container->set(DefaultScopePolicy::class) 18 | ->args(['%oauth2_server.scope.policy.default.scope%']) 19 | ->tag('oauth2_server_scope_policy', [ 20 | 'policy_name' => 'default', 21 | ]) 22 | ; 23 | 24 | $container->set(ScopePolicyDefaultRule::class) 25 | ->tag('oauth2_server_client_rule') 26 | ; 27 | }; 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Endpoint/Metadata/Compiler/CommonMetadataCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(MetadataBuilder::class)) { 16 | return; 17 | } 18 | 19 | $metadata = $container->getDefinition(MetadataBuilder::class); 20 | $issuer = $container->getParameter('oauth2_server.server_uri'); 21 | $metadata->addMethodCall('addKeyValuePair', ['issuer', $issuer]); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/openid_connect/response_type/code_id_token.php: -------------------------------------------------------------------------------- 1 | services() 13 | ->defaults() 14 | ->private() 15 | ->autoconfigure() 16 | ; 17 | 18 | $container->set(CodeIdTokenResponseType::class) 19 | ->args([service(AuthorizationCodeResponseType::class), service(IdTokenResponseType::class)]) 20 | ; 21 | }; 22 | -------------------------------------------------------------------------------- /src/WebFingerBundle/OAuth2FrameworkWebFingerBundle.php: -------------------------------------------------------------------------------- 1 | addCompilerPass(new IdentifierResolverCompilerPass()); 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /src/Component/Core/Client/ClientRepository.php: -------------------------------------------------------------------------------- 1 | services() 13 | ->defaults() 14 | ->private() 15 | ->autoconfigure() 16 | ; 17 | 18 | $container->set(AuthenticationMiddleware::class) 19 | ->args([service(ResourceServerRepository::class), service(AuthenticationMethodManager::class)]) 20 | ; 21 | }; 22 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/Exception/OAuth2AuthorizationException.php: -------------------------------------------------------------------------------- 1 | authorization; 25 | } 26 | 27 | public function getErrorDescription(): ?string 28 | { 29 | return $this->errorDescription; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/SecurityBundle/DependencyInjection/OAuth2FrameworkSecurityExtension.php: -------------------------------------------------------------------------------- 1 | registerForAutoconfiguration(Checker::class)->addTag('oauth2_security_annotation_checker'); 18 | 19 | $loader = new PhpFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config/')); 20 | $loader->load('security.php'); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /src/SecurityBundle/Security/Authentication/AccessTokenBadge.php: -------------------------------------------------------------------------------- 1 | accessToken->isRevoked() && ! $this->accessToken->hasExpired(); 25 | } 26 | 27 | public function getAccessToken(): AccessToken 28 | { 29 | return $this->accessToken; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/Component/Core/Middleware/Consumer.php: -------------------------------------------------------------------------------- 1 | generator->valid()) { 26 | return $this->delegate->handle($request); 27 | } 28 | 29 | $current = $this->generator->current(); 30 | $this->generator->next(); 31 | 32 | return $current->process($request, $this); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/Component/Scope/Policy/DefaultScopePolicy.php: -------------------------------------------------------------------------------- 1 | has('default_scope') ? $client->get('default_scope') : $this->getDefaultScopes(); 29 | } 30 | 31 | private function getDefaultScopes(): string 32 | { 33 | return $this->defaultScopes; 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /tests/Component/Core/TokenType/TokenTypeMiddlewareTest.php: -------------------------------------------------------------------------------- 1 | expectException(InvalidArgumentException::class); 22 | $this->expectExceptionMessage('Unsupported token type "bar".'); 23 | $request = $this->buildRequest('GET', [ 24 | 'token_type' => 'bar', 25 | ]); 26 | 27 | $this->getTokenTypeMiddleware() 28 | ->process($request, new TerminalRequestHandler()) 29 | ; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/TestBundle/Entity/Client.php: -------------------------------------------------------------------------------- 1 | clientId; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | 5 | --- 6 | 7 | **Describe the bug** 8 | A clear and concise description of what the bug is. 9 | 10 | **To Reproduce** 11 | Steps to reproduce the behavior: 12 | 1. Go to '...' 13 | 2. Click on '....' 14 | 3. Scroll down to '....' 15 | 4. See error 16 | 17 | **Expected behavior** 18 | A clear and concise description of what you expected to happen. 19 | 20 | **Screenshots** 21 | If applicable, add screenshots to help explain your problem. 22 | 23 | **Desktop (please complete the following information):** 24 | - OS: [e.g. iOS] 25 | - Browser [e.g. chrome, safari] 26 | - Version [e.g. 22] 27 | 28 | **Smartphone (please complete the following information):** 29 | - Device: [e.g. iPhone6] 30 | - OS: [e.g. iOS8.1] 31 | - Browser [e.g. stock browser, safari] 32 | - Version [e.g. 22] 33 | 34 | **Additional context** 35 | Add any other context about the problem here. 36 | -------------------------------------------------------------------------------- /src/Component/Core/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/WebFingerBundle/Middleware/Consumer.php: -------------------------------------------------------------------------------- 1 | generator->valid()) { 26 | return $this->delegate->handle($request); 27 | } 28 | 29 | $current = $this->generator->current(); 30 | $this->generator->next(); 31 | 32 | return $current->process($request, $this); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/Component/NoneGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/Scope/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/SecurityBundle/Security/Authentication/ResourceOwner.php: -------------------------------------------------------------------------------- 1 | id; 38 | } 39 | 40 | public function getUsername(): string 41 | { 42 | return $this->id; 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /src/Component/ClientRule/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/ImplicitGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/JwtBearerGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/TokenEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/openid_connect/userinfo_scope_support.php: -------------------------------------------------------------------------------- 1 | services() 13 | ->defaults() 14 | ->private() 15 | ->autoconfigure() 16 | ; 17 | 18 | $container->set(AddressScopeSupport::class); 19 | $container->set(EmailScopeSupport::class); 20 | $container->set(PhoneScopeSupport::class); 21 | $container->set(ProfileScopeSupport::class); 22 | }; 23 | -------------------------------------------------------------------------------- /tests/Component/AuthorizationEndpoint/ResponseTypeManagerTest.php: -------------------------------------------------------------------------------- 1 | expectException(InvalidArgumentException::class); 21 | $this->expectExceptionMessage('The response type "bar" is not supported.'); 22 | $manager = $this->getResponseTypeManager(); 23 | 24 | static::assertTrue($manager->has('code')); 25 | static::assertFalse($manager->has('bar')); 26 | static::assertSame(['token', 'none', 'code'], $manager->list()); 27 | static::assertCount(3, $manager->all()); 28 | 29 | $manager->get('bar'); 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /tests/TestBundle/Repository/TrustedIssuerRepository.php: -------------------------------------------------------------------------------- 1 | 15 | */ 16 | private array $trustedIssuers = []; 17 | 18 | public function save(TrustedIssuerInterface $trustedIssuer): void 19 | { 20 | $this->trustedIssuers[$trustedIssuer->name()] = $trustedIssuer; 21 | } 22 | 23 | public function find(string $trustedIssuer): ?TrustedIssuerInterface 24 | { 25 | return $this->trustedIssuers[$trustedIssuer] ?? null; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /.github/workflows/twig-lint.yml: -------------------------------------------------------------------------------- 1 | name: Twig Lint 2 | 3 | on: [push] 4 | 5 | jobs: 6 | tests: 7 | runs-on: ${{ matrix.operating-system }} 8 | strategy: 9 | matrix: 10 | operating-system: [ ubuntu-latest ] 11 | php-versions: ['8.0'] 12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} 13 | 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | ref: ${{ github.head_ref }} 19 | 20 | - name: Setup PHP, with composer and extensions 21 | uses: shivammathur/setup-php@v2 22 | with: 23 | php-version: ${{ matrix.php-versions }} 24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid 25 | coverage: xdebug 26 | 27 | - name: Install Composer dependencies 28 | run: | 29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader 30 | 31 | - name: Run tests 32 | run: make te 33 | -------------------------------------------------------------------------------- /src/Component/BearerTokenType/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/MetadataEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/RefreshTokenGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/WebFingerEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /.github/workflows/static-analyze.yml: -------------------------------------------------------------------------------- 1 | name: Static Analyze 2 | 3 | on: [push] 4 | 5 | jobs: 6 | tests: 7 | runs-on: ${{ matrix.operating-system }} 8 | strategy: 9 | matrix: 10 | operating-system: [ubuntu-latest] 11 | php-versions: ['8.0'] 12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} 13 | 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | ref: ${{ github.head_ref }} 19 | 20 | - name: Setup PHP, with composer and extensions 21 | uses: shivammathur/setup-php@v2 22 | with: 23 | php-version: ${{ matrix.php-versions }} 24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid 25 | coverage: xdebug 26 | 27 | - name: Install Composer dependencies 28 | run: | 29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader 30 | 31 | - name: PHPStan 32 | run: make st 33 | -------------------------------------------------------------------------------- /src/Component/AuthorizationCodeGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/ClientAuthentication/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/ClientCredentialsGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/TokenRevocationEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/ServerBundle/DependencyInjection/Compiler/HttpClientCompilerPass.php: -------------------------------------------------------------------------------- 1 | has(ClientInterface::class)) { 18 | return; 19 | } 20 | if (! $container->has(Psr18Client::class)) { 21 | $container->setDefinition(Psr18Client::class, new Definition(Psr18Client::class)); 22 | } 23 | 24 | $container->setAlias(ClientInterface::class, Psr18Client::class); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/endpoint/authorization/form_post_response_mode.php: -------------------------------------------------------------------------------- 1 | services() 12 | ->defaults() 13 | ->private() 14 | ->autoconfigure() 15 | ; 16 | 17 | $container->set(TwigFormPostResponseRenderer::class) 18 | ->args([service('twig'), '%oauth2_server.endpoint.authorization.response_mode.form_post.template%']) 19 | ; 20 | 21 | $container->set(FormPostResponseMode::class) 22 | ->args([service(TwigFormPostResponseRenderer::class)]) 23 | ; 24 | }; 25 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/Extension/ExtensionManager.php: -------------------------------------------------------------------------------- 1 | extensions[] = $extension; 25 | 26 | return $this; 27 | } 28 | 29 | public function process(ServerRequestInterface $request, AuthorizationRequest $authorization): void 30 | { 31 | foreach ($this->extensions as $extension) { 32 | $extension->process($request, $authorization); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /src/Component/ClientConfigurationEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/ClientRegistrationEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/ResourceServerAuthentication/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/Component/TokenIntrospectionEndpoint/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /src/WebFingerBundle/Middleware/Pipe.php: -------------------------------------------------------------------------------- 1 | middlewares[] = $value; 23 | } 24 | 25 | public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface 26 | { 27 | return (new Consumer($this->getGenerator(), $handler))->handle($request); 28 | } 29 | 30 | private function getGenerator(): Generator 31 | { 32 | yield from $this->middlewares; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /tests/TestBundle/Repository/AuthorizationRepository.php: -------------------------------------------------------------------------------- 1 | authorizations[] = $authorization; 25 | } 26 | 27 | /** 28 | * @return AuthorizationRequest[] 29 | */ 30 | public function getAuthorizations(): array 31 | { 32 | return $this->authorizations; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /.github/workflows/tests.yml: -------------------------------------------------------------------------------- 1 | name: Unit and Functional Tests 2 | 3 | on: [push] 4 | 5 | jobs: 6 | tests: 7 | runs-on: ${{ matrix.operating-system }} 8 | strategy: 9 | matrix: 10 | operating-system: [ ubuntu-latest ] 11 | php-versions: ['8.0'] 12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} 13 | 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | ref: ${{ github.head_ref }} 19 | 20 | - name: Setup PHP, with composer and extensions 21 | uses: shivammathur/setup-php@v2 22 | with: 23 | php-version: ${{ matrix.php-versions }} 24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid 25 | coverage: xdebug 26 | 27 | - name: Install Composer dependencies 28 | run: | 29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader 30 | 31 | - name: Run tests 32 | run: make ci-cc 33 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Scope/Compiler/ScopeMetadataCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(MetadataBuilder::class) || ! $container->hasAlias(ScopeRepository::class)) { 18 | return; 19 | } 20 | $metadata = $container->getDefinition(MetadataBuilder::class); 21 | $metadata->addMethodCall('setScopeRepository', [new Reference(ScopeRepository::class)]); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /.github/workflows/coding-standards.yml: -------------------------------------------------------------------------------- 1 | name: Coding Standards 2 | 3 | on: [push] 4 | 5 | jobs: 6 | tests: 7 | runs-on: ${{ matrix.operating-system }} 8 | strategy: 9 | matrix: 10 | operating-system: [ubuntu-latest] 11 | php-versions: ['8.0'] 12 | name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }} 13 | 14 | steps: 15 | - name: Checkout 16 | uses: actions/checkout@v2 17 | with: 18 | ref: ${{ github.head_ref }} 19 | 20 | - name: Setup PHP, with composer and extensions 21 | uses: shivammathur/setup-php@v2 22 | with: 23 | php-version: ${{ matrix.php-versions }} 24 | extensions: json, mbstring, openssl, sqlite3, curl, uuid 25 | coverage: xdebug 26 | 27 | - name: Install Composer dependencies 28 | run: | 29 | composer update --no-progress --no-suggest --prefer-dist --optimize-autoloader 30 | 31 | - name: PHP-CS-FIXER 32 | run: make ci-cs 33 | -------------------------------------------------------------------------------- /src/Component/MetadataEndpoint/Metadata.php: -------------------------------------------------------------------------------- 1 | values); 17 | } 18 | 19 | /** 20 | * @return mixed|null 21 | */ 22 | public function get(string $key) 23 | { 24 | if (! $this->has($key)) { 25 | throw new InvalidArgumentException(sprintf('The value with key "%s" does not exist.', $key)); 26 | } 27 | 28 | return $this->values[$key]; 29 | } 30 | 31 | public function set(string $key, mixed $value): static 32 | { 33 | $this->values[$key] = $value; 34 | 35 | return $this; 36 | } 37 | 38 | public function all(): array 39 | { 40 | return $this->values; 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /src/Component/ResourceOwnerPasswordCredentialsGrant/phpunit.xml.dist: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 14 | ./Tests/ 15 | 16 | 17 | 18 | 19 | 20 | ./ 21 | 22 | ./vendor 23 | ./Tests 24 | ./src 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /tests/Component/MetadataEndpoint/MetadataTest.php: -------------------------------------------------------------------------------- 1 | has('foo')); 23 | $metadata->set('foo', 'bar'); 24 | static::assertTrue($metadata->has('foo')); 25 | static::assertSame('bar', $metadata->get('foo')); 26 | 27 | try { 28 | $metadata->get('bar'); 29 | } catch (InvalidArgumentException $e) { 30 | static::assertSame('The value with key "bar" does not exist.', $e->getMessage()); 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/Component/TokenEndpoint/Extension/TokenEndpointExtension.php: -------------------------------------------------------------------------------- 1 | hasDefinition('oauth2_security.token_type_manager')) { 16 | return; 17 | } 18 | 19 | $definition = $container->getDefinition('oauth2_security.token_type_manager'); 20 | $taggedServices = $container->findTaggedServiceIds('oauth2_security_token_type'); 21 | foreach ($taggedServices as $id => $tags) { 22 | $definition->addMethodCall('add', [new Reference($id)]); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Endpoint/JwksUri/JwksUriEndpointRouteCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(MetadataBuilder::class) || ! $container->has( 16 | 'jose.key_set.oauth2_server.endpoint.jwks_uri' 17 | )) { 18 | return; 19 | } 20 | 21 | $routeName = 'jwkset_jose.controller.oauth2_server.endpoint.jwks_uri'; 22 | $definition = $container->getDefinition(MetadataBuilder::class); 23 | $definition->addMethodCall('addRoute', ['jwks_uri', $routeName]); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/Component/ClientRule/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "oauth2-framework/client-rule", 3 | "type": "library", 4 | "description": "Client Rule for the OAuth2 Framework", 5 | "license": "MIT", 6 | "keywords": ["RFC6749", "RFC6750", "oauth2", "framework", "client", "rule", "library"], 7 | "homepage": "https://oauth2-framework.spomky-labs.com/", 8 | "authors": [ 9 | { 10 | "name": "Florent Morselli", 11 | "homepage": "https://github.com/Spomky" 12 | }, 13 | { 14 | "name": "All contributors", 15 | "homepage": "https://github.com/OAuth2-Framework/oauth2-framework/contributors" 16 | } 17 | ], 18 | "require": { 19 | "php": "^8.1", 20 | "league/uri": "^5.3", 21 | "oauth2-framework/core": "^2.0" 22 | }, 23 | "autoload": { 24 | "psr-4": { 25 | "OAuth2Framework\\Component\\ClientRule\\": "" 26 | } 27 | }, 28 | "config": { 29 | "sort-packages": true 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/Component/WebFingerEndpoint/IdentifierResolver/UriResolver.php: -------------------------------------------------------------------------------- 1 | getScheme() === 'https' && $uri->getHost() !== null && $userInfo->getUser() !== null; 23 | } 24 | 25 | public function resolve(string $resource): Identifier 26 | { 27 | $uri = Uri::createFromString($resource); 28 | $userInfo = UserInfo::createFromUri($uri); 29 | 30 | return Identifier::create($userInfo->getUser(), $uri->getHost(), $uri->getPort()); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Endpoint/Metadata/Compiler/CustomValuesCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(MetadataBuilder::class)) { 16 | return; 17 | } 18 | 19 | $definition = $container->getDefinition(MetadataBuilder::class); 20 | $customValues = $container->getParameter('oauth2_server.endpoint.metadata.custom_values'); 21 | foreach ($customValues as $key => $parameters) { 22 | $definition->addMethodCall('addKeyValuePair', [$key, $parameters]); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/ServerBundle/DependencyInjection/Configuration.php: -------------------------------------------------------------------------------- 1 | alias); 25 | $rootNode = $treeBuilder->getRootNode(); 26 | 27 | foreach ($this->components as $component) { 28 | $component->getNodeDefinition($rootNode, $rootNode); 29 | } 30 | 31 | return $treeBuilder; 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/ClientRule/ClientRuleCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(RuleManager::class)) { 17 | return; 18 | } 19 | 20 | $client_manager = $container->getDefinition(RuleManager::class); 21 | 22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_client_rule'); 23 | foreach ($taggedServices as $id => $attributes) { 24 | $client_manager->addMethodCall('add', [new Reference($id)]); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/OpenIdConnect/Compiler/UserInfoPairwiseSubjectCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasAlias('oauth2_server.openid_connect.pairwise.service')) { 17 | return; 18 | } 19 | 20 | $definition = $container->getDefinition(UserInfo::class); 21 | $definition->addMethodCall( 22 | 'enablePairwiseSubject', 23 | [new Reference('oauth2_server.openid_connect.pairwise.service')] 24 | ); 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/Component/NoneGrant/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "oauth2-framework/none-grant", 3 | "type": "library", 4 | "description": "None Grant for the OAuth2 Framework", 5 | "license": "MIT", 6 | "keywords": ["RFC6749", "oauth2", "framework", "none", "grant", "library"], 7 | "homepage": "https://oauth2-framework.spomky-labs.com/", 8 | "authors": [ 9 | { 10 | "name": "Florent Morselli", 11 | "homepage": "https://github.com/Spomky" 12 | }, 13 | { 14 | "name": "All contributors", 15 | "homepage": "https://github.com/OAuth2-Framework/oauth2-framework/contributors" 16 | } 17 | ], 18 | "require": { 19 | "php": "^8.1", 20 | "oauth2-framework/core": "^2.0", 21 | "oauth2-framework/authorization-endpoint": "^2.0" 22 | }, 23 | "autoload": { 24 | "psr-4": { 25 | "OAuth2Framework\\Component\\NoneGrant\\": "" 26 | } 27 | }, 28 | "config": { 29 | "sort-packages": true 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/Component/WebFingerEndpoint/IdentifierResolver/IdentifierResolverManager.php: -------------------------------------------------------------------------------- 1 | resolvers[] = $resolver; 24 | 25 | return $this; 26 | } 27 | 28 | public function resolve(string $resource): Identifier 29 | { 30 | foreach ($this->resolvers as $resolver) { 31 | if ($resolver->supports($resource)) { 32 | return $resolver->resolve($resource); 33 | } 34 | } 35 | 36 | throw new InvalidArgumentException('Resource not supported.'); 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/client_authentication/client_assertion_jwt.php: -------------------------------------------------------------------------------- 1 | services() 11 | ->defaults() 12 | ->private() 13 | ->autoconfigure() 14 | ; 15 | 16 | $container->set(ClientAssertionJwt::class) 17 | ->args([ 18 | service('jose.jws_verifier.client_authentication.client_assertion_jwt'), 19 | service('jose.header_checker.client_authentication.client_assertion_jwt'), 20 | service('jose.claim_checker.client_authentication.client_assertion_jwt'), 21 | '%oauth2_server.client_authentication.client_assertion_jwt.secret_lifetime%', 22 | ]) 23 | ; 24 | }; 25 | -------------------------------------------------------------------------------- /src/Component/Core/Middleware/OAuth2MessageMiddleware.php: -------------------------------------------------------------------------------- 1 | handle($request); 25 | } catch (OAuth2Error $e) { 26 | return $this->auth2messageFactoryManager->getResponse($e); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /src/Component/TokenEndpoint/GrantType.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Email.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Gender.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/OpenIdConnect/Compiler/ClaimCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(ClaimManager::class)) { 17 | return; 18 | } 19 | 20 | $definition = $container->getDefinition(ClaimManager::class); 21 | 22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_claim'); 23 | foreach ($taggedServices as $id => $attributes) { 24 | $definition->addMethodCall('add', [new Reference($id)]); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /src/Component/BearerTokenType/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "oauth2-framework/bearer-token-type", 3 | "type": "library", 4 | "description": "Bearer Token Type for the OAuth2 Framework", 5 | "license": "MIT", 6 | "keywords": ["RFC6749", "RFC6750", "oauth2", "framework", "bearer", "token", "library"], 7 | "homepage": "https://oauth2-framework.spomky-labs.com/", 8 | "authors": [ 9 | { 10 | "name": "Florent Morselli", 11 | "homepage": "https://github.com/Spomky" 12 | }, 13 | { 14 | "name": "All contributors", 15 | "homepage": "https://github.com/OAuth2-Framework/oauth2-framework/contributors" 16 | } 17 | ], 18 | "require": { 19 | "php": "^8.1", 20 | "oauth2-framework/core": "^2.0", 21 | "psr/http-message": "^1.0" 22 | }, 23 | "autoload": { 24 | "psr-4": { 25 | "OAuth2Framework\\Component\\BearerTokenType\\": "" 26 | } 27 | }, 28 | "config": { 29 | "sort-packages": true 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /src/Component/Core/composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "oauth2-framework/core", 3 | "type": "library", 4 | "description": "Core Component for the OAuth2 Framework", 5 | "license": "MIT", 6 | "keywords": ["RFC6749", "oauth2", "framework", "authorization", "library"], 7 | "homepage": "https://oauth2-framework.spomky-labs.com/", 8 | "authors": [ 9 | { 10 | "name": "Florent Morselli", 11 | "homepage": "https://github.com/Spomky" 12 | }, 13 | { 14 | "name": "All contributors", 15 | "homepage": "https://github.com/OAuth2-Framework/oauth2-framework/contributors" 16 | } 17 | ], 18 | "require": { 19 | "php": "^8.1", 20 | "ext-json": "*", 21 | "ext-openssl": "*", 22 | "beberlei/assert": "^3.2", 23 | "nyholm/psr7": "^1.0" 24 | }, 25 | "autoload": { 26 | "psr-4": { 27 | "OAuth2Framework\\Component\\Core\\": "" 28 | } 29 | }, 30 | "config": { 31 | "sort-packages": true 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Address.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Picture.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Profile.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Website.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/GivenName.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/Nickname.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/FamilyName.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/MiddleName.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/Endpoint/Metadata/Compiler/CustomRoutesCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(MetadataBuilder::class)) { 16 | return; 17 | } 18 | 19 | $definition = $container->getDefinition(MetadataBuilder::class); 20 | $customRoutes = $container->getParameter('oauth2_server.endpoint.metadata.custom_routes'); 21 | foreach ($customRoutes as $key => $parameters) { 22 | $definition->addMethodCall('addRoute', [$key, $parameters['route_name'], $parameters['route_parameters']]); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/ServerBundle/Resources/config/grant/implicit.php: -------------------------------------------------------------------------------- 1 | services() 14 | ->defaults() 15 | ->private() 16 | ->autoconfigure() 17 | ; 18 | 19 | $container->set(ImplicitGrantType::class); 20 | 21 | $container->set(TokenResponseType::class) 22 | ->args([ 23 | service(AccessTokenRepository::class), 24 | '%oauth2_server.access_token_lifetime%', 25 | service(TokenTypeGuesser::class), 26 | ]) 27 | ; 28 | }; 29 | -------------------------------------------------------------------------------- /tests/Component/ResourceServerAuthentication/AuthenticationMethodManagerTest.php: -------------------------------------------------------------------------------- 1 | getAuthenticationMethodManager() 26 | ->list()); 27 | static::assertCount(4, $this->getAuthenticationMethodManager()->all()); 28 | static::assertSame( 29 | ['Basic realm="My Service",charset="UTF-8"'], 30 | $this->getAuthenticationMethodManager() 31 | ->getSchemesParameters() 32 | ); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /src/Component/AuthorizationEndpoint/User/UserAuthenticationCheckerManager.php: -------------------------------------------------------------------------------- 1 | checkers[] = $checker; 24 | 25 | return $this; 26 | } 27 | 28 | public function isAuthenticationNeeded(AuthorizationRequest $authorization): bool 29 | { 30 | foreach ($this->checkers as $checker) { 31 | if ($checker->isAuthenticationNeeded($authorization)) { 32 | return true; 33 | } 34 | } 35 | 36 | return false; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/Component/Core/TokenType/TokenTypeGuesser.php: -------------------------------------------------------------------------------- 1 | tokenTypeParameterAllowed || ! $authorization->hasQueryParam('token_type')) { 25 | return $this->tokenTypeManager->getDefault(); 26 | } 27 | 28 | return $this->tokenTypeManager->get($authorization->getQueryParam('token_type')); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/PhoneNumber.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/Component/RefreshTokenGrant/RefreshTokenRepository.php: -------------------------------------------------------------------------------- 1 | pkceMethods[$method->name()] = $method; 24 | 25 | return $this; 26 | } 27 | 28 | public function has(string $method): bool 29 | { 30 | return array_key_exists($method, $this->pkceMethods); 31 | } 32 | 33 | public function get(string $method): PKCEMethod 34 | { 35 | return $this->pkceMethods[$method]; 36 | } 37 | 38 | /** 39 | * @return string[] 40 | */ 41 | public function names(): array 42 | { 43 | return array_keys($this->pkceMethods); 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /src/Component/OpenIdConnect/UserInfo/Claim/PreferredUsername.php: -------------------------------------------------------------------------------- 1 | has($this->getComputedClaimName($claimLocale)); 21 | } 22 | 23 | public function getForUserAccount(UserAccount $userAccount, ?string $claimLocale) 24 | { 25 | return $userAccount->get($this->getComputedClaimName($claimLocale)); 26 | } 27 | 28 | private function getComputedClaimName(?string $claimLocale): string 29 | { 30 | return $claimLocale !== null ? sprintf('%s#%s', self::CLAIM_NAME, $claimLocale) : static::CLAIM_NAME; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/ServerBundle/Component/OpenIdConnect/Compiler/ClaimSourceCompilerPass.php: -------------------------------------------------------------------------------- 1 | hasDefinition(ClaimSourceManager::class)) { 17 | return; 18 | } 19 | 20 | $definition = $container->getDefinition(ClaimSourceManager::class); 21 | 22 | $taggedServices = $container->findTaggedServiceIds('oauth2_server_claim_source'); 23 | foreach ($taggedServices as $id => $attributes) { 24 | $definition->addMethodCall('add', [new Reference($id)]); 25 | } 26 | } 27 | } 28 | --------------------------------------------------------------------------------