Enumerations
enum	OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN
enum	OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE
enum	OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN
enum	OAUTH2_AUTH_RESPONSE_TYPE_REGEXP
Functions
	getRedirectUri ($client_id)
	getSupportedAuthResponseTypes ()
	getSupportedScopes ()
	checkRestrictedAuthResponseType ($client_id, $response_type)
	getAuthorizeParams ()
	finishClientAuthorization ($is_authorized, $params=array())
	doRedirectUriCallback ($redirect_uri, $params)
	buildUri ($uri, $params)
	createAuthCode ($client_id, $redirect_uri, $scope=NULL)
	genAuthCode ()

Detailed Description

When the client interacts with an end-user, the end-user MUST first grant the client authorization to access its protected resources. Once obtained, the end-user access grant is expressed as an authorization code which the client uses to obtain an access token. To obtain an end-user authorization, the client sends the end-user to the end-user authorization endpoint.

See also:: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3

Enumeration Type Documentation

enum OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN

Denotes "token" authorization response type.

Definition at line 91 of file OAuth2.inc.

enum OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE

Denotes "code" authorization response type.

Definition at line 96 of file OAuth2.inc.

enum OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN

Denotes "code-and-token" authorization response type.

Definition at line 101 of file OAuth2.inc.

enum OAUTH2_AUTH_RESPONSE_TYPE_REGEXP

Regex to filter out the authorization response type.

Definition at line 106 of file OAuth2.inc.

Function Documentation

buildUri	(	$	uri,
		$	params
	)			`[private, inherited]`

Build the absolute URI based on supplied URI and parameters.

Parameters:

	$uri	An absolute URI.
	$params	Parameters to be append as GET.

Returns:: An absolute URI with supplied parameters.

Definition at line 1285 of file OAuth2.inc.

Referenced by OAuth2::doRedirectUriCallback().

checkRestrictedAuthResponseType	(	$	client_id,
		$	response_type
	)			`[protected, inherited]`

Check restricted authorization response types of corresponding Client identifier.

If you want to restrict clients to certain authorization response types, override this function.

Parameters:

	$client_id	Client identifier to be check with.
	$response_type	Authorization response type to be check with, would be one of the values contained in OAUTH2_AUTH_RESPONSE_TYPE_REGEXP.

Returns:: TRUE if the authorization response type is supported by this client identifier, and FALSE if it isn't.

Definition at line 564 of file OAuth2.inc.

Referenced by OAuth2::getAuthorizeParams().

createAuthCode	(	$	client_id,
		$	redirect_uri,
		$	scope = `NULL`
	)			`[private, inherited]`

Handle the creation of auth code.

This belongs in a separate factory, but to keep it simple, I'm just keeping it here.

Parameters:

	$client_id	Client identifier related to the access token.
	$redirect_uri	An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed.
	$scope	(optional) Scopes to be stored in space-separated string.

Definition at line 1357 of file OAuth2.inc.

References OAuth2::genAuthCode(), OAuth2::getVariable(), and OAuth2::setAuthCode().

Referenced by OAuth2::finishClientAuthorization().

doRedirectUriCallback	(	$	redirect_uri,
		$	params
	)			`[private, inherited]`

Redirect the user agent.

Handle both redirect for success or error response.

Parameters:

	$redirect_uri	An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed.
	$params	Parameters to be pass though buildUri().

Definition at line 1266 of file OAuth2.inc.

References OAuth2::buildUri().

Referenced by OAuth2::errorDoRedirectUriCallback(), and OAuth2::finishClientAuthorization().

finishClientAuthorization	(	$	is_authorized,
		$	params = `array()`
	)			`[inherited]`

Redirect the user appropriately after approval.

After the user has approved or denied the access request the authorization server should call this function to redirect the user appropriately.

Parameters:

$is_authorized

TRUE or FALSE depending on whether the user authorized the access.

$params

An associative array as below:

response_type: The requested response: an access token, an authorization code, or both.
client_id: The client identifier as described in Section 2.
redirect_uri: An absolute URI to which the authorization server will redirect the user-agent to when the end-user authorization step is completed.
scope: (optional) The scope of the access request expressed as a list of space-delimited strings.
state: (optional) An opaque value used by the client to maintain state between the request and callback.

See also:: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3

Definition at line 1227 of file OAuth2.inc.

References OAuth2::createAccessToken(), OAuth2::createAuthCode(), and OAuth2::doRedirectUriCallback().

genAuthCode ( ) [protected, inherited]

Generate unique auth code.

Implementing classes may want to override these function to implement other access token or auth code generation schemes.

Returns:: An unique auth code.

Definition at line 1389 of file OAuth2.inc.

Referenced by OAuth2::createAuthCode().

getAuthorizeParams ( ) [inherited]

Pull the authorization request data out of the HTTP request.

Returns:: The authorization parameters so the authorization server can prompt the user for approval if valid.

See also:: http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-3

Definition at line 1140 of file OAuth2.inc.

References OAuth2::checkRestrictedAuthResponseType(), OAuth2::checkScope(), OAuth2::errorDoRedirectUriCallback(), OAuth2::errorJsonResponse(), OAuth2::getRedirectUri(), OAuth2::getSupportedAuthResponseTypes(), and OAuth2::getSupportedScopes().

getRedirectUri ( $ client_id ) [abstract, protected, inherited]

Get the registered redirect URI of corresponding client_id.

OAuth says we should store request URIs for each registered client. Implement this function to grab the stored URI for a given client id.

Parameters:

$client_id

Client identifier to be check with.

Returns:: Registered redirect URI of corresponding client identifier, and MUST return FALSE if the given client does not exist or is invalid.

Reimplemented in MongoOAuth2, and PDOOAuth2.

Referenced by OAuth2::getAuthorizeParams().

getSupportedAuthResponseTypes ( ) [protected, inherited]

Return supported authorization response types.

You should override this function with your supported response types.

Returns:

A list as below. If you support all authorization response types, then you'd do:

 return array(
   OAUTH2_AUTH_RESPONSE_TYPE_AUTH_CODE,
   OAUTH2_AUTH_RESPONSE_TYPE_ACCESS_TOKEN,
   OAUTH2_AUTH_RESPONSE_TYPE_CODE_AND_TOKEN,
 );

Definition at line 515 of file OAuth2.inc.

Referenced by OAuth2::getAuthorizeParams().

getSupportedScopes ( ) [protected, inherited]

Return supported scopes.

If you want to support scope use, then have this function return a list of all acceptable scopes (used to throw the invalid-scope error).

Returns:

A list as below, for example:

 return array(
   'my-friends',
   'photos',
   'whatever-else',
 );

Definition at line 541 of file OAuth2.inc.

Referenced by OAuth2::getAuthorizeParams().

��Ŵ��

Obtaining End-User Authorization

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

Function Documentation

���Ŵ�����

Obtaining End-User Authorization

Enumerations

Functions

Detailed Description

Enumeration Type Documentation

Function Documentation

��Ŵ��