aboutsummaryrefslogtreecommitdiffstats
path: root/library/oauth2/src/OAuth2/Scope.php
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2016-10-07 14:11:24 -0700
committerzotlabs <mike@macgirvin.com>2016-10-07 14:11:24 -0700
commit10863a5949cc59771424cb809af5c9f279f78a58 (patch)
tree7a86223b830c1ae784bd4557bbefee9f60169542 /library/oauth2/src/OAuth2/Scope.php
parentbf02e0428347350126abdd1726aa3e58c9ed63bb (diff)
downloadvolse-hubzilla-10863a5949cc59771424cb809af5c9f279f78a58.tar.gz
volse-hubzilla-10863a5949cc59771424cb809af5c9f279f78a58.tar.bz2
volse-hubzilla-10863a5949cc59771424cb809af5c9f279f78a58.zip
add oauth2/oidc lib
Diffstat (limited to 'library/oauth2/src/OAuth2/Scope.php')
-rw-r--r--library/oauth2/src/OAuth2/Scope.php103
1 files changed, 103 insertions, 0 deletions
diff --git a/library/oauth2/src/OAuth2/Scope.php b/library/oauth2/src/OAuth2/Scope.php
new file mode 100644
index 000000000..c44350bfd
--- /dev/null
+++ b/library/oauth2/src/OAuth2/Scope.php
@@ -0,0 +1,103 @@
+<?php
+
+namespace OAuth2;
+
+use OAuth2\Storage\Memory;
+use OAuth2\Storage\ScopeInterface as ScopeStorageInterface;
+
+/**
+* @see OAuth2\ScopeInterface
+*/
+class Scope implements ScopeInterface
+{
+ protected $storage;
+
+ /**
+ * @param mixed @storage
+ * Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface
+ */
+ public function __construct($storage = null)
+ {
+ if (is_null($storage) || is_array($storage)) {
+ $storage = new Memory((array) $storage);
+ }
+
+ if (!$storage instanceof ScopeStorageInterface) {
+ throw new \InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface");
+ }
+
+ $this->storage = $storage;
+ }
+
+ /**
+ * Check if everything in required scope is contained in available scope.
+ *
+ * @param $required_scope
+ * A space-separated string of scopes.
+ *
+ * @return
+ * TRUE if everything in required scope is contained in available scope,
+ * and FALSE if it isn't.
+ *
+ * @see http://tools.ietf.org/html/rfc6749#section-7
+ *
+ * @ingroup oauth2_section_7
+ */
+ public function checkScope($required_scope, $available_scope)
+ {
+ $required_scope = explode(' ', trim($required_scope));
+ $available_scope = explode(' ', trim($available_scope));
+
+ return (count(array_diff($required_scope, $available_scope)) == 0);
+ }
+
+ /**
+ * Check if the provided scope exists in storage.
+ *
+ * @param $scope
+ * A space-separated string of scopes.
+ *
+ * @return
+ * TRUE if it exists, FALSE otherwise.
+ */
+ public function scopeExists($scope)
+ {
+ // Check reserved scopes first.
+ $scope = explode(' ', trim($scope));
+ $reservedScope = $this->getReservedScopes();
+ $nonReservedScopes = array_diff($scope, $reservedScope);
+ if (count($nonReservedScopes) == 0) {
+ return true;
+ } else {
+ // Check the storage for non-reserved scopes.
+ $nonReservedScopes = implode(' ', $nonReservedScopes);
+
+ return $this->storage->scopeExists($nonReservedScopes);
+ }
+ }
+
+ public function getScopeFromRequest(RequestInterface $request)
+ {
+ // "scope" is valid if passed in either POST or QUERY
+ return $request->request('scope', $request->query('scope'));
+ }
+
+ public function getDefaultScope($client_id = null)
+ {
+ return $this->storage->getDefaultScope($client_id);
+ }
+
+ /**
+ * Get reserved scopes needed by the server.
+ *
+ * In case OpenID Connect is used, these scopes must include:
+ * 'openid', offline_access'.
+ *
+ * @return
+ * An array of reserved scopes.
+ */
+ public function getReservedScopes()
+ {
+ return array('openid', 'offline_access');
+ }
+}