aboutsummaryrefslogtreecommitdiffstats
path: root/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php
diff options
context:
space:
mode:
Diffstat (limited to 'library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php')
-rw-r--r--library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php74
1 files changed, 74 insertions, 0 deletions
diff --git a/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php b/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php
new file mode 100644
index 000000000..c83aa72ea
--- /dev/null
+++ b/library/oauth2/src/OAuth2/Storage/JwtBearerInterface.php
@@ -0,0 +1,74 @@
+<?php
+
+namespace OAuth2\Storage;
+
+/**
+ * Implement this interface to specify where the OAuth2 Server
+ * should get the JWT key for clients
+ *
+ * @TODO consider extending ClientInterface, as this will almost always
+ * be the same storage as retrieving clientData
+ *
+ * @author F21
+ * @author Brent Shaffer <bshafs at gmail dot com>
+ */
+interface JwtBearerInterface
+{
+ /**
+ * Get the public key associated with a client_id
+ *
+ * @param $client_id
+ * Client identifier to be checked with.
+ *
+ * @return
+ * STRING Return the public key for the client_id if it exists, and MUST return FALSE if it doesn't.
+ */
+ public function getClientKey($client_id, $subject);
+
+ /**
+ * Get a jti (JSON token identifier) by matching against the client_id, subject, audience and expiration.
+ *
+ * @param $client_id
+ * Client identifier to match.
+ *
+ * @param $subject
+ * The subject to match.
+ *
+ * @param $audience
+ * The audience to match.
+ *
+ * @param $expiration
+ * The expiration of the jti.
+ *
+ * @param $jti
+ * The jti to match.
+ *
+ * @return
+ * An associative array as below, and return NULL if the jti does not exist.
+ * - issuer: Stored client identifier.
+ * - subject: Stored subject.
+ * - audience: Stored audience.
+ * - expires: Stored expiration in unix timestamp.
+ * - jti: The stored jti.
+ */
+ public function getJti($client_id, $subject, $audience, $expiration, $jti);
+
+ /**
+ * Store a used jti so that we can check against it to prevent replay attacks.
+ * @param $client_id
+ * Client identifier to insert.
+ *
+ * @param $subject
+ * The subject to insert.
+ *
+ * @param $audience
+ * The audience to insert.
+ *
+ * @param $expiration
+ * The expiration of the jti.
+ *
+ * @param $jti
+ * The jti to insert.
+ */
+ public function setJti($client_id, $subject, $audience, $expiration, $jti);
+}