aboutsummaryrefslogtreecommitdiffstats
path: root/library/oauth2/src/OAuth2/OpenID/Storage
diff options
context:
space:
mode:
Diffstat (limited to 'library/oauth2/src/OAuth2/OpenID/Storage')
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php37
-rw-r--r--library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php38
2 files changed, 75 insertions, 0 deletions
diff --git a/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php b/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
new file mode 100644
index 000000000..51dd867ec
--- /dev/null
+++ b/library/oauth2/src/OAuth2/OpenID/Storage/AuthorizationCodeInterface.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace OAuth2\OpenID\Storage;
+
+use OAuth2\Storage\AuthorizationCodeInterface as BaseAuthorizationCodeInterface;
+/**
+ * Implement this interface to specify where the OAuth2 Server
+ * should get/save authorization codes for the "Authorization Code"
+ * grant type
+ *
+ * @author Brent Shaffer <bshafs at gmail dot com>
+ */
+interface AuthorizationCodeInterface extends BaseAuthorizationCodeInterface
+{
+ /**
+ * Take the provided authorization code values and store them somewhere.
+ *
+ * This function should be the storage counterpart to getAuthCode().
+ *
+ * If storage fails for some reason, we're not currently checking for
+ * any sort of success/failure, so you should bail out of the script
+ * and provide a descriptive fail message.
+ *
+ * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+ *
+ * @param $code authorization code to be stored.
+ * @param $client_id client identifier to be stored.
+ * @param $user_id user identifier to be stored.
+ * @param string $redirect_uri redirect URI(s) to be stored in a space-separated string.
+ * @param int $expires expiration to be stored as a Unix timestamp.
+ * @param string $scope OPTIONAL scopes to be stored in space-separated string.
+ * @param string $id_token OPTIONAL the OpenID Connect id_token.
+ *
+ * @ingroup oauth2_section_4
+ */
+ public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null, $id_token = null);
+}
diff --git a/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php b/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
new file mode 100644
index 000000000..f230bef9e
--- /dev/null
+++ b/library/oauth2/src/OAuth2/OpenID/Storage/UserClaimsInterface.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace OAuth2\OpenID\Storage;
+
+/**
+ * Implement this interface to specify where the OAuth2 Server
+ * should retrieve user claims for the OpenID Connect id_token.
+ */
+interface UserClaimsInterface
+{
+ // valid scope values to pass into the user claims API call
+ const VALID_CLAIMS = 'profile email address phone';
+
+ // fields returned for the claims above
+ const PROFILE_CLAIM_VALUES = 'name family_name given_name middle_name nickname preferred_username profile picture website gender birthdate zoneinfo locale updated_at';
+ const EMAIL_CLAIM_VALUES = 'email email_verified';
+ const ADDRESS_CLAIM_VALUES = 'formatted street_address locality region postal_code country';
+ const PHONE_CLAIM_VALUES = 'phone_number phone_number_verified';
+
+ /**
+ * Return claims about the provided user id.
+ *
+ * Groups of claims are returned based on the requested scopes. No group
+ * is required, and no claim is required.
+ *
+ * @param $user_id
+ * The id of the user for which claims should be returned.
+ * @param $scope
+ * The requested scope.
+ * Scopes with matching claims: profile, email, address, phone.
+ *
+ * @return
+ * An array in the claim => value format.
+ *
+ * @see http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
+ */
+ public function getUserClaims($user_id, $scope);
+}