<?php namespace OAuth2; use OAuth2\Storage\Memory; use OAuth2\Storage\ScopeInterface as ScopeStorageInterface; /** * @see OAuth2\ScopeInterface */ class Scope implements ScopeInterface { protected $storage; /** * @param mixed @storage * Either an array of supported scopes, or an instance of OAuth2\Storage\ScopeInterface */ public function __construct($storage = null) { if (is_null($storage) || is_array($storage)) { $storage = new Memory((array) $storage); } if (!$storage instanceof ScopeStorageInterface) { throw new \InvalidArgumentException("Argument 1 to OAuth2\Scope must be null, an array, or instance of OAuth2\Storage\ScopeInterface"); } $this->storage = $storage; } /** * Check if everything in required scope is contained in available scope. * * @param $required_scope * A space-separated string of scopes. * * @return * TRUE if everything in required scope is contained in available scope, * and FALSE if it isn't. * * @see http://tools.ietf.org/html/rfc6749#section-7 * * @ingroup oauth2_section_7 */ public function checkScope($required_scope, $available_scope) { $required_scope = explode(' ', trim($required_scope)); $available_scope = explode(' ', trim($available_scope)); return (count(array_diff($required_scope, $available_scope)) == 0); } /** * Check if the provided scope exists in storage. * * @param $scope * A space-separated string of scopes. * * @return * TRUE if it exists, FALSE otherwise. */ public function scopeExists($scope) { // Check reserved scopes first. $scope = explode(' ', trim($scope)); $reservedScope = $this->getReservedScopes(); $nonReservedScopes = array_diff($scope, $reservedScope); if (count($nonReservedScopes) == 0) { return true; } else { // Check the storage for non-reserved scopes. $nonReservedScopes = implode(' ', $nonReservedScopes); return $this->storage->scopeExists($nonReservedScopes); } } public function getScopeFromRequest(RequestInterface $request) { // "scope" is valid if passed in either POST or QUERY return $request->request('scope', $request->query('scope')); } public function getDefaultScope($client_id = null) { return $this->storage->getDefaultScope($client_id); } /** * Get reserved scopes needed by the server. * * In case OpenID Connect is used, these scopes must include: * 'openid', offline_access'. * * @return * An array of reserved scopes. */ public function getReservedScopes() { return array('openid', 'offline_access'); } }