storage = $oauth2_storage; } /** * {@inheritdoc} */ public static function create(ContainerInterface $container) { return new static( $container->get('oauth2_server.storage') ); } /** * Authorize. */ public function authorize(RouteMatchInterface $route_match, Request $request) { $this->moduleHandler()->invokeAll('oauth2_server_pre_authorize'); $bridgeRequest = BridgeRequest::createFromRequest($request); if ($this->currentUser()->isAnonymous()) { $_SESSION['oauth2_server_authorize'] = $bridgeRequest; $url = new Url('user.login', [], ['query' => ['destination' => 'oauth2/authorize']]); $url->setAbsolute(TRUE); return new RedirectResponse($url->toString()); } // A login happened. Create the request with parameters from the session. if (!empty($_SESSION['oauth2_server_authorize'])) { $bridgeRequest = $_SESSION['oauth2_server_authorize']; } $client = FALSE; if ($bridgeRequest->get('client_id')) { $clients = $this->entityManager()->getStorage('oauth2_server_client')->loadByProperties(['client_id' => $bridgeRequest->get('client_id')]); if ($clients) { /** @var \Drupal\oauth2_server\ClientInterface $client */ $client = reset($clients); } } if (!$client) { return new JsonResponse(['error' => 'Client could not be found.'], JsonResponse::HTTP_NOT_FOUND); } // Initialize the server. $oauth2_server = Utility::startServer($client->getServer(), $this->storage); // Automatic authorization is enabled for this client. Finish authorization. // handleAuthorizeRequest() will call validateAuthorizeRequest(). $response = new BridgeResponse(); if ($client && $client->automatic_authorization) { unset($_SESSION['oauth2_server_authorize']); $oauth2_server->handleAuthorizeRequest($bridgeRequest, $response, TRUE, $this->currentUser()->id()); return $response; } else { // Validate the request. if (!$oauth2_server->validateAuthorizeRequest($bridgeRequest, $response)) { // Clear the parameters saved in the session to avoid reusing them when // doing an other request while logged in. unset($_SESSION['oauth2_server_authorize']); return $response; } // Determine the scope for this request. $scope_util = new ScopeUtility($client->getServer()); if (!$scope = $scope_util->getScopeFromRequest($bridgeRequest)) { $scope = $scope_util->getDefaultScope(); } // Convert the scope string to a set of entities. $scope_names = explode(' ', $scope); $scopes = $this->entityManager()->getStorage('oauth2_server_scope')->loadByProperties([ 'server_id' => $client->getServer()->id(), 'scope_id' => $scope_names, ]); // Show the authorize form. return $this->formBuilder()->getForm('Drupal\oauth2_server\Form\AuthorizeForm', ['client' => $client, 'scopes' => $scopes]); } } /** * Token. */ public function token(RouteMatchInterface $route_match, Request $request) { $bridgeRequest = BridgeRequest::createFromRequest($request); $client_credentials = Utility::getClientCredentials($bridgeRequest); // Get the client and use it to load the server and initialize the server. $client = FALSE; if ($client_credentials) { $clients = $this->entityManager()->getStorage('oauth2_server_client')->loadByProperties(['client_id' => $client_credentials['client_id']]); if ($clients) { $client = reset($clients); } } if (!$client) { return new JsonResponse(['error' => 'Client could not be found.'], JsonResponse::HTTP_NOT_FOUND); } $response = new BridgeResponse(); $oauth2_server = Utility::startServer($client->getServer(), $this->storage); $oauth2_server->handleTokenRequest($bridgeRequest, $response); return $response; } /** * Tokens. */ public function tokens(RouteMatchInterface $route_match, Request $request) { $token = $route_match->getRawParameter('oauth2_server_token'); $token = $this->storage->getAccessToken($token); // No token found. Stop here. if (!$token || $token['expires'] <= time()) { return new BridgeResponse([], 404); } // Return the token, without the server and client_id keys. unset($token['server']); return new JsonResponse($token); } /** * User info. */ public function userInfo(RouteMatchInterface $route_match, Request $request) { $bridgeRequest = BridgeRequest::createFromRequest($request); $client_credentials = Utility::getClientCredentials($bridgeRequest); // Get the client and use it to load the server and initialize the server. $client = FALSE; if ($client_credentials) { $clients = $this->entityManager()->getStorage('oauth2_server_client')->loadByProperties(['client_id' => $client_credentials['client_id']]); if ($clients) { $client = reset($clients); } } $server = NULL; if ($client) { $server = $client->getServer(); } $response = new BridgeResponse(); $oauth2_server = Utility::startServer($server, $this->storage); $oauth2_server->handleUserInfoRequest($bridgeRequest, $response); return $response; } /** * Certificates. */ public function certificates(RouteMatchInterface $route_match, Request $request) { $keys = Utility::getKeys(); $certificates = []; $certificates[] = $keys['public_key']; return new JsonResponse($certificates); } /** * Access needs Keys. */ public function accessNeedsKeys() { $this->openIdConfiguration(); } /** * To get jwk uri * Added by CSF * @06-Mar-2018 */ private function openIdConfiguration() { if (!empty($_GET)) { $foundJwkUri = $foundOpenidConfiguration = false; array_walk($_GET, function ($val, $var) use (&$foundJwkUri, &$foundOpenidConfiguration) { if (strtolower($var) == 'jwkuri') { $foundJwkUri = true; } if (strtolower($var) == 'openid-configuration') { $foundOpenidConfiguration = true; } }); } $response = []; if ($foundOpenidConfiguration === true) { global $base_url; $issuer = 'https://' . $_SERVER['HTTP_HOST']; $response = [ 'issuer' => $issuer, 'authorization_endpoint' => $base_url . '/oauth2/authorize', 'token_endpoint' => $base_url . '/oauth2/token', 'userinfo_endpoint' => $base_url . '/oauth2/userInfo', 'jwks_uri' => $base_url . '/oauth2/certificates?jwkUri', 'response_types_supported' => ['code', 'id_token', 'token id_token', 'code id_token'], 'subject_types_supported' => ['public'], 'id_token_signing_alg_values_supported' => ['RS256'], ]; } if ($foundJwkUri === true) { $keys = Utility::getKeys(); if (!empty($keys['public_key'])) { $public_key = openssl_pkey_get_public($keys['public_key']); $public_key = openssl_pkey_get_details( $public_key ); $response = [ 'keys' => [ [ 'kty' => 'RSA', 'alg' => 'RS256', 'use' => 'sig', 'n' => base64_encode( $public_key['rsa']['n'] ), 'e' => base64_encode( $public_key['rsa']['e'] ), ], ], ]; } } if ($foundOpenidConfiguration === true || $foundJwkUri === true) { echo json_encode($response, 1);die; } } }