归档

includes/OAuth2/Storage/AuthorizationCodeInterface.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace OAuth2\Storage;
+
+/**
+ * Implement this interface to specify where the OAuth2 Server
+ * should get/save authorization codes for the "Authorization Code"
+ * grant type
+ *
+ * @author Brent Shaffer <bshafs at gmail dot com>
+ */
+interface AuthorizationCodeInterface
+{
+    /**
+     * The Authorization Code grant type supports a response type of "code".
+     *
+     * @var string
+     * @see http://tools.ietf.org/html/rfc6749#section-1.4.1
+     * @see http://tools.ietf.org/html/rfc6749#section-4.2
+     */
+    const RESPONSE_TYPE_CODE = "code";
+
+    /**
+     * Fetch authorization code data (probably the most common grant type).
+     *
+     * Retrieve the stored data for the given authorization code.
+     *
+     * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+     *
+     * @param $code
+     * Authorization code to be check with.
+     *
+     * @return
+     * An associative array as below, and NULL if the code is invalid
+     * @code
+     * return array(
+     *     "client_id"    => CLIENT_ID,      // REQUIRED Stored client identifier
+     *     "user_id"      => USER_ID,        // REQUIRED Stored user identifier
+     *     "expires"      => EXPIRES,        // REQUIRED Stored expiration in unix timestamp
+     *     "redirect_uri" => REDIRECT_URI,   // REQUIRED Stored redirect URI
+     *     "scope"        => SCOPE,          // OPTIONAL Stored scope values in space-separated string
+     * );
+     * @endcode
+     *
+     * @see http://tools.ietf.org/html/rfc6749#section-4.1
+     *
+     * @ingroup oauth2_section_4
+     */
+    public function getAuthorizationCode($code);
+
+    /**
+     * Take the provided authorization code values and store them somewhere.
+     *
+     * This function should be the storage counterpart to getAuthCode().
+     *
+     * If storage fails for some reason, we're not currently checking for
+     * any sort of success/failure, so you should bail out of the script
+     * and provide a descriptive fail message.
+     *
+     * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+     *
+     * @param string $code         - Authorization code to be stored.
+     * @param mixed  $client_id    - Client identifier to be stored.
+     * @param mixed  $user_id      - User identifier to be stored.
+     * @param string $redirect_uri - Redirect URI(s) to be stored in a space-separated string.
+     * @param int    $expires      - Expiration to be stored as a Unix timestamp.
+     * @param string $scope        - OPTIONAL Scopes to be stored in space-separated string.
+     *
+     * @ingroup oauth2_section_4
+     */
+    public function setAuthorizationCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = null);
+
+    /**
+     * once an Authorization Code is used, it must be expired
+     *
+     * @see http://tools.ietf.org/html/rfc6749#section-4.1.2
+     *
+     *    The client MUST NOT use the authorization code
+     *    more than once.  If an authorization code is used more than
+     *    once, the authorization server MUST deny the request and SHOULD
+     *    revoke (when possible) all tokens previously issued based on
+     *    that authorization code
+     *
+     */
+    public function expireAuthorizationCode($code);
+}