add oauth2/oidc lib

1 files changed, 88 insertions, 0 deletions

diff --git a/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php b/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php
new file mode 100644
index 000000000..75b49d301
--- /dev/null
+++ b/library/oauth2/src/OAuth2/Storage/JwtAccessToken.php
@@ -0,0 +1,88 @@
+<?php
+
+namespace OAuth2\Storage;
+
+use OAuth2\Encryption\EncryptionInterface;
+use OAuth2\Encryption\Jwt;
+
+/**
+ *
+ * @author Brent Shaffer <bshafs at gmail dot com>
+ */
+class JwtAccessToken implements JwtAccessTokenInterface
+{
+    protected $publicKeyStorage;
+    protected $tokenStorage;
+    protected $encryptionUtil;
+
+    /**
+     * @param OAuth2\Encryption\PublicKeyInterface  $publicKeyStorage the public key encryption to use
+     * @param OAuth2\Storage\AccessTokenInterface   $tokenStorage     OPTIONAL persist the access token to another storage. This is useful if
+     *                                                                you want to retain access token grant information somewhere, but
+     *                                                                is not necessary when using this grant type.
+     * @param OAuth2\Encryption\EncryptionInterface $encryptionUtil   OPTIONAL class to use for "encode" and "decode" functions.
+     */
+    public function __construct(PublicKeyInterface $publicKeyStorage, AccessTokenInterface $tokenStorage = null, EncryptionInterface $encryptionUtil = null)
+    {
+        $this->publicKeyStorage = $publicKeyStorage;
+        $this->tokenStorage = $tokenStorage;
+        if (is_null($encryptionUtil)) {
+            $encryptionUtil = new Jwt;
+        }
+        $this->encryptionUtil = $encryptionUtil;
+    }
+
+    public function getAccessToken($oauth_token)
+    {
+        // just decode the token, don't verify
+        if (!$tokenData = $this->encryptionUtil->decode($oauth_token, null, false)) {
+            return false;
+        }
+
+        $client_id  = isset($tokenData['aud']) ? $tokenData['aud'] : null;
+        $public_key = $this->publicKeyStorage->getPublicKey($client_id);
+        $algorithm  = $this->publicKeyStorage->getEncryptionAlgorithm($client_id);
+
+        // now that we have the client_id, verify the token
+        if (false === $this->encryptionUtil->decode($oauth_token, $public_key, array($algorithm))) {
+            return false;
+        }
+
+        // normalize the JWT claims to the format expected by other components in this library
+        return $this->convertJwtToOAuth2($tokenData);
+    }
+
+    public function setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope = null)
+    {
+        if ($this->tokenStorage) {
+            return $this->tokenStorage->setAccessToken($oauth_token, $client_id, $user_id, $expires, $scope);
+        }
+    }
+
+    public function unsetAccessToken($access_token)
+    {
+        if ($this->tokenStorage) {
+            return $this->tokenStorage->unsetAccessToken($access_token);
+        }
+    }
+
+
+    // converts a JWT access token into an OAuth2-friendly format
+    protected function convertJwtToOAuth2($tokenData)
+    {
+        $keyMapping = array(
+            'aud' => 'client_id',
+            'exp' => 'expires',
+            'sub' => 'user_id'
+        );
+
+        foreach ($keyMapping as $jwtKey => $oauth2Key) {
+            if (isset($tokenData[$jwtKey])) {
+                $tokenData[$oauth2Key] = $tokenData[$jwtKey];
+                unset($tokenData[$jwtKey]);
+            }
+        }
+
+        return $tokenData;
+    }
+}