eZPublishCommunityProject(LegacyStack)  2013.5
ezpOauthUtility Class Reference
+ Inheritance diagram for ezpOauthUtility:
+ Collaboration diagram for ezpOauthUtility:

Static Public Member Functions

static doRefreshToken ($clientId, $clientSecret, $refreshToken)
 Handles a refresh_token request. More...
 
static doRefreshTokenWithAuthorizationCode ($clientId, $clientSecret, $authCode, $redirectUri)
 Generates a new token against an authorization_code Auth code is checked against clientId, clientSecret and redirectUri as registered for client in admin Auth code is for one-use only and will be removed once the access token generated. More...
 
static getToken (ezcMvcRequest $request)
 Retrieving token as per section 5 of draft-ietf-oauth-v2-10. More...
 

Public Attributes

const AUTH_CGI_HEADER_NAME = 'HTTP_AUTHORIZATION'
 
const AUTH_HEADER_NAME = 'Authorization'
 

Static Protected Member Functions

static getTokenFromAuthorizationHeader ()
 Extracts the OAuth token from the HTTP header, Authorization. More...
 
static getTokenFromHttpBody (ezpRestRequest $request)
 Extracts OAuth token fro HTTP Post body. More...
 
static getTokenFromQueryComponent (ezpRestRequest $request)
 Extracts OAuth token query component aka GET parameter. More...
 

Member Function Documentation

static ezpOauthUtility::doRefreshToken (   $clientId,
  $clientSecret,
  $refreshToken 
)
static

Handles a refresh_token request.

Returns the new token object as ezpRestToken

Parameters
string$clientIdClient identifier
string$clientSecretClient secret key
string$refreshTokenRefresh token
Returns
ezpRestToken
Exceptions
ezpOauthInvalidRequestException

Referenced by ezpRestOauthTokenController\doHandleRequest().

static ezpOauthUtility::doRefreshTokenWithAuthorizationCode (   $clientId,
  $clientSecret,
  $authCode,
  $redirectUri 
)
static

Generates a new token against an authorization_code Auth code is checked against clientId, clientSecret and redirectUri as registered for client in admin Auth code is for one-use only and will be removed once the access token generated.

Parameters
string$clientIdClient identifier
string$clientSecretClient secret key
string$authCodeAuthorization code provided by the client
string$redirectUriRedirect URI. Must be the same as registered in admin
Returns
ezpRestToken
Exceptions
ezpOauthInvalidRequestException
ezpOauthInvalidTokenException
ezpOauthExpiredTokenException

Referenced by ezpRestOauthTokenController\doHandleRequest().

static ezpOauthUtility::getToken ( ezcMvcRequest  $request)
static

Retrieving token as per section 5 of draft-ietf-oauth-v2-10.

Token can be present inside the Authorize header, inside a URI query parameter, or in the HTTP body.

According to section 5.1 the header is the preferred way, and the query component and HTTP body are only looked at if no such header can be found.

A configuration mechanism should alternatively let us select which method to use: 1. header, 2. query component, 3. http body, in other words to override the default behaviour according to spec.

Parameters
string$ezcMvcRequest
Returns
void

Referenced by ezpRestOauthAuthenticationStyle\setup().

static ezpOauthUtility::getTokenFromAuthorizationHeader ( )
staticprotected

Extracts the OAuth token from the HTTP header, Authorization.

The token is transmitted via the OAuth Authentication scheme ref. Section 5.1.1.

PHP does not expose the Authorization header unless it uses the 'Basic' or 'Digest' schemes, and it is therefore extracted from the raw Apache headers.

On systems running CGI or Fast-CGI PHP makes this header available via the HTTP_AUTHORIZATION header. ezpOauthInvalidRequestException string The access token string.

static ezpOauthUtility::getTokenFromHttpBody ( ezpRestRequest  $request)
staticprotected

Extracts OAuth token fro HTTP Post body.

For more information see section 5.1.3 oauth2.0 v10

Parameters
ezpRestRequest$request
Returns
string The access token string
static ezpOauthUtility::getTokenFromQueryComponent ( ezpRestRequest  $request)
staticprotected

Extracts OAuth token query component aka GET parameter.

For more information See section 5.1.2 of oauth2.0 v10

Exceptions
ezpOauthInvalidRequestException
Parameters
ezcMvcRequest$request
Returns
string The access token string

Member Data Documentation

const ezpOauthUtility::AUTH_CGI_HEADER_NAME = 'HTTP_AUTHORIZATION'
const ezpOauthUtility::AUTH_HEADER_NAME = 'Authorization'

The documentation for this class was generated from the following file: