Class yii\authclient\OpenIdConnect
| Inheritance | yii\authclient\OpenIdConnect » yii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component » yii\base\BaseObject |
|---|---|
| Implements | yii\authclient\ClientInterface, yii\base\Configurable |
| Available since version | 2.1.3 |
| Source Code | https://github.com/yiisoft/yii2-authclient/blob/master/OpenIdConnect.php |
OpenIdConnect serves as a client for the OpenIdConnect flow.
Application configuration example:
'components' => [
'authClientCollection' => [
'class' => 'yii\authclient\Collection',
'clients' => [
'google' => [
'class' => 'yii\authclient\OpenIdConnect',
'issuerUrl' => 'https://accounts.google.com',
'clientId' => 'google_client_id',
'clientSecret' => 'google_client_secret',
'name' => 'google',
'title' => 'Google OpenID Connect',
],
],
]
// ...
]
This class requires web-token/jwt-checker,web-token/jwt-key-mgmt, web-token/jwt-signature, web-token/jwt-signature-algorithm-hmac,
web-token/jwt-signature-algorithm-ecdsa and web-token/jwt-signature-algorithm-rsa libraries to be installed for
JWS verification. This can be done via composer:
composer require --prefer-dist "web-token/jwt-checker:>=1.0 <3.0" "web-token/jwt-signature:>=1.0 <3.0"
"web-token/jwt-signature:>=1.0 <3.0" "web-token/jwt-signature-algorithm-hmac:>=1.0 <3.0"
"web-token/jwt-signature-algorithm-ecdsa:>=1.0 <3.0" "web-token/jwt-signature-algorithm-rsa:>=1.0 <3.0"
Note: if you are using well-trusted OpenIdConnect provider, you may disable $validateJws, making installation of
web-token library redundant, however it is not recommended as it violates the protocol specification.
See also:
Public Properties
Public Methods
Protected Methods
Property Details
JWS algorithms, which are allowed to be used.
These are used by web-token library for JWS validation/decryption.
Make sure to install web-token/jwt-signature-algorithm-hmac, web-token/jwt-signature-algorithm-ecdsa
and web-token/jwt-signature-algorithm-rsa packages that support the particular algorithm before adding it here.
'HS256',
'HS384',
'HS512',
'ES256',
'ES384',
'ES512',
'RS256',
'RS384',
'RS512',
'PS256',
'PS384',
'PS512',
]
The cache object, null - if not enabled. Note that the type of this property
differs in getter and setter. See getCache() and setCache() for details.
OpenID provider configuration parameters.
The prefix for the key used to store $configParams data in cache. Actual cache key will be formed addition $id value to it.
See also $cache.
Predefined OpenID Connect Claims
See also https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2.
'iss',
'sub',
'aud',
'exp',
'iat',
'auth_time',
'nonce',
'acr',
'amr',
'azp',
]
OpenID Issuer (provider) base URL, e.g. https://example.com.
Whether to use and validate auth 'nonce' parameter in authentication flow.
Whether to validate/decrypt JWS received with Auth token.
Note: this functionality requires web-token/jwt-checker, web-token/jwt-key-mgmt, web-token/jwt-signature
composer package to be installed. You can disable this option in case of usage of trusted OpenIDConnect provider,
however this violates the protocol rules, so you are doing it on your own risk.
Method Details
Defined in: yii\base\Component::__call()
Calls the named method which is not a class method.
This method will check if any attached behavior has the named method and will execute it if available.
Do not call this method directly as it is a PHP magic method that will be implicitly called when an unknown method is being invoked.
| public mixed __call ( $name, $params ) | ||
| $name | string |
The method name |
| $params | array |
Method parameters |
| return | mixed |
The method return value |
|---|---|---|
| throws | yii\base\UnknownMethodException |
when calling unknown method |
public function __call($name, $params)
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $object) {
if ($object->hasMethod($name)) {
return call_user_func_array([$object, $name], $params);
}
}
throw new UnknownMethodException('Calling unknown method: ' . get_class($this) . "::$name()");
}
Defined in: yii\base\Component::__clone()
This method is called after the object is created by cloning an existing one.
It removes all behaviors because they are attached to the old object.
| public void __clone ( ) |
public function __clone()
{
$this->_events = [];
$this->_eventWildcards = [];
$this->_behaviors = null;
}
Defined in: yii\base\BaseObject::__construct()
Constructor.
The default implementation does two things:
- Initializes the object with the given configuration
$config. - Call init().
If this method is overridden in a child class, it is recommended that
- the last parameter of the constructor is a configuration array, like
$confighere. - call the parent implementation at the end of the constructor.
| public void __construct ( $config = [] ) | ||
| $config | array |
Name-value pairs that will be used to initialize the object properties |
public function __construct($config = [])
{
if (!empty($config)) {
Yii::configure($this, $config);
}
$this->init();
}
Defined in: yii\base\Component::__get()
Returns the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a getter: return the getter result
- a property of a behavior: return the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $value = $component->property;.
See also __set().
| public mixed __get ( $name ) | ||
| $name | string |
The property name |
| return | mixed |
The property value or the value of a behavior's property |
|---|---|---|
| throws | yii\base\UnknownPropertyException |
if the property is not defined |
| throws | yii\base\InvalidCallException |
if the property is write-only. |
public function __get($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
// read property, e.g. getName()
return $this->$getter();
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name;
}
}
if (method_exists($this, 'set' . $name)) {
throw new InvalidCallException('Getting write-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Getting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__isset()
Checks if a property is set, i.e. defined and not null.
This method will check in the following order and act accordingly:
- a property defined by a setter: return whether the property is set
- a property of a behavior: return whether the property is set
- return
falsefor non existing properties
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing isset($component->property).
| public boolean __isset ( $name ) | ||
| $name | string |
The property name or the event name |
| return | boolean |
Whether the named property is set |
|---|---|---|
public function __isset($name)
{
$getter = 'get' . $name;
if (method_exists($this, $getter)) {
return $this->$getter() !== null;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name)) {
return $behavior->$name !== null;
}
}
return false;
}
Defined in: yii\base\Component::__set()
Sets the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value
- an event in the format of "on xyz": attach the handler to the event "xyz"
- a behavior in the format of "as xyz": attach the behavior named as "xyz"
- a property of a behavior: set the behavior property value
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing $component->property = $value;.
See also __get().
| public void __set ( $name, $value ) | ||
| $name | string |
The property name or the event name |
| $value | mixed |
The property value |
| throws | yii\base\UnknownPropertyException |
if the property is not defined |
|---|---|---|
| throws | yii\base\InvalidCallException |
if the property is read-only. |
public function __set($name, $value)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
// set property
$this->$setter($value);
return;
} elseif (strncmp($name, 'on ', 3) === 0) {
// on event: attach event handler
$this->on(trim(substr($name, 3)), $value);
return;
} elseif (strncmp($name, 'as ', 3) === 0) {
// as behavior: attach behavior
$name = trim(substr($name, 3));
$this->attachBehavior($name, $value instanceof Behavior ? $value : Yii::createObject($value));
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = $value;
return;
}
}
if (method_exists($this, 'get' . $name)) {
throw new InvalidCallException('Setting read-only property: ' . get_class($this) . '::' . $name);
}
throw new UnknownPropertyException('Setting unknown property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\base\Component::__unset()
Sets a component property to be null.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value to be null
- a property of a behavior: set the property value to be null
Do not call this method directly as it is a PHP magic method that
will be implicitly called when executing unset($component->property).
| public void __unset ( $name ) | ||
| $name | string |
The property name |
| throws | yii\base\InvalidCallException |
if the property is read only. |
|---|---|---|
public function __unset($name)
{
$setter = 'set' . $name;
if (method_exists($this, $setter)) {
$this->$setter(null);
return;
}
// behavior property
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name)) {
$behavior->$name = null;
return;
}
}
throw new InvalidCallException('Unsetting an unknown or read-only property: ' . get_class($this) . '::' . $name);
}
Defined in: yii\authclient\BaseOAuth::api()
Performs request to the OAuth API returning response data.
You may use createApiRequest() method instead, gaining more control over request execution.
See also createApiRequest().
| public array api ( $apiSubUrl, $method = 'GET', $data = [], $headers = [] ) | ||
| $apiSubUrl | string|array |
API sub URL, which will be append to $apiBaseUrl, or absolute API URL. |
| $method | string |
Request method. |
| $data | array|string |
Request data or content. |
| $headers | array |
Additional request headers. |
| return | array |
API response data. |
|---|---|---|
public function api($apiSubUrl, $method = 'GET', $data = [], $headers = [])
{
$request = $this->createApiRequest()
->setMethod($method)
->setUrl($apiSubUrl)
->addHeaders($headers);
if (!empty($data)) {
if (is_array($data)) {
$request->setData($data);
} else {
$request->setContent($data);
}
}
return $this->sendRequest($request);
}
Applies access token to the HTTP request instance.
| public void applyAccessTokenToRequest ( $request, $accessToken ) | ||
| $request | yii\httpclient\Request |
HTTP request instance. |
| $accessToken | yii\authclient\OAuthToken |
Access token instance. |
public function applyAccessTokenToRequest($request, $accessToken)
{
// OpenID Connect requires bearer token auth for the user info endpoint
$request->getHeaders()->set('Authorization', 'Bearer ' . $accessToken->getToken());
}
Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.
This method should be invoked before sending any HTTP request, which requires client credentials.
| protected void applyClientCredentialsToRequest ( $request ) | ||
| $request | yii\httpclient\Request |
HTTP request instance. |
protected function applyClientCredentialsToRequest($request)
{
$supportedAuthMethods = $this->getConfigParam('token_endpoint_auth_methods_supported', 'client_secret_basic');
if (in_array('client_secret_basic', $supportedAuthMethods)) {
$request->addHeaders([
'Authorization' => 'Basic ' . base64_encode($this->clientId . ':' . $this->clientSecret)
]);
} elseif (in_array('client_secret_post', $supportedAuthMethods)) {
$request->addData([
'client_id' => $this->clientId,
'client_secret' => $this->clientSecret,
]);
} elseif (in_array('client_secret_jwt', $supportedAuthMethods)) {
$header = [
'typ' => 'JWT',
'alg' => 'HS256',
];
$payload = [
'iss' => $this->clientId,
'sub' => $this->clientId,
'aud' => $this->tokenUrl,
'jti' => $this->generateAuthNonce(),
'iat' => time(),
'exp' => time() + 3600,
];
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureMethod = new HmacSha(['algorithm' => 'sha256']);
$signature = $signatureMethod->generateSignature($signatureBaseString, $this->clientSecret);
$assertion = $signatureBaseString . '.' . $signature;
$request->addData([
'assertion' => $assertion,
]);
} else {
throw new InvalidConfigException('Unable to authenticate request: none of following auth methods is suported: ' . implode(', ', $supportedAuthMethods));
}
}
Defined in: yii\base\Component::attachBehavior()
Attaches a behavior to this component.
This method will create the behavior object based on the given configuration. After that, the behavior object will be attached to this component by calling the yii\base\Behavior::attach() method.
See also detachBehavior().
| public yii\base\Behavior attachBehavior ( $name, $behavior ) | ||
| $name | string |
The name of the behavior. |
| $behavior | string|array|yii\base\Behavior |
The behavior configuration. This can be one of the following:
|
| return | yii\base\Behavior |
The behavior object |
|---|---|---|
public function attachBehavior($name, $behavior)
{
$this->ensureBehaviors();
return $this->attachBehaviorInternal($name, $behavior);
}
Defined in: yii\base\Component::attachBehaviors()
Attaches a list of behaviors to the component.
Each behavior is indexed by its name and should be a yii\base\Behavior object, a string specifying the behavior class, or an configuration array for creating the behavior.
See also attachBehavior().
| public void attachBehaviors ( $behaviors ) | ||
| $behaviors | array |
List of behaviors to be attached to the component |
public function attachBehaviors($behaviors)
{
$this->ensureBehaviors();
foreach ($behaviors as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
Defined in: yii\authclient\OAuth2::authenticateClient()
Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.
| public yii\authclient\OAuthToken authenticateClient ( $params = [] ) | ||
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateClient($params = [])
{
$defaultParams = [
'grant_type' => 'client_credentials',
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUser()
Authenticates user directly by 'username/password' pair, using 'password' grant type.
| public yii\authclient\OAuthToken authenticateUser ( $username, $password, $params = [] ) | ||
| $username | string |
User name. |
| $password | string |
User password. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUser($username, $password, $params = [])
{
$defaultParams = [
'grant_type' => 'password',
'username' => $username,
'password' => $password,
];
if (!empty($this->scope)) {
$defaultParams['scope'] = $this->scope;
}
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge($defaultParams, $params));
$this->applyClientCredentialsToRequest($request);
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\OAuth2::authenticateUserJwt()
Authenticates user directly using JSON Web Token (JWT).
See also https://tools.ietf.org/html/rfc7515.
| public yii\authclient\OAuthToken authenticateUserJwt ( $username, $signature = null, $options = [], $params = [] ) | ||
| $username | string | |
| $signature | yii\authclient\signature\BaseMethod|array |
Signature method or its array configuration. If empty - $signatureMethod will be used. |
| $options | array |
Additional options. Valid options are:
|
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
public function authenticateUserJwt($username, $signature = null, $options = [], $params = [])
{
if (empty($signature)) {
$signatureMethod = $this->getSignatureMethod();
} elseif (is_object($signature)) {
$signatureMethod = $signature;
} else {
$signatureMethod = $this->createSignatureMethod($signature);
}
$header = isset($options['header']) ? $options['header'] : [];
$payload = isset($options['payload']) ? $options['payload'] : [];
$header = array_merge([
'typ' => 'JWT'
], $header);
if (!isset($header['alg'])) {
$signatureName = $signatureMethod->getName();
if (preg_match('/^([a-z])[a-z]*\-([a-z])[a-z]*([0-9]+)$/is', $signatureName, $matches)) {
// convert 'RSA-SHA256' to 'RS256' :
$signatureName = $matches[1] . $matches[2] . $matches[3];
}
$header['alg'] = $signatureName;
}
$payload = array_merge([
'iss' => $username,
'scope' => $this->scope,
'aud' => $this->tokenUrl,
'iat' => time(),
], $payload);
if (!isset($payload['exp'])) {
$payload['exp'] = $payload['iat'] + 3600;
}
$signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
$signatureKey = isset($options['signatureKey']) ? $options['signatureKey'] : $this->clientSecret;
$signature = $signatureMethod->generateSignature($signatureBaseString, $signatureKey);
$assertion = $signatureBaseString . '.' . $signature;
$request = $this->createRequest()
->setMethod('POST')
->setUrl($this->tokenUrl)
->setData(array_merge([
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' => $assertion,
], $params));
$response = $this->sendRequest($request);
$token = $this->createToken(['params' => $response]);
$this->setAccessToken($token);
return $token;
}
Defined in: yii\authclient\BaseOAuth::beforeApiRequestSend()
Handles yii\httpclient\Request::EVENT_BEFORE_SEND event.
Applies $accessToken to the request.
| public void beforeApiRequestSend ( $event ) | ||
| $event | yii\httpclient\RequestEvent |
Event instance. |
| throws | yii\base\Exception |
on invalid access token. |
|---|---|---|
public function beforeApiRequestSend($event)
{
$accessToken = $this->getAccessToken();
if (!is_object($accessToken) || (!$accessToken->getIsValid() && !$this->autoRefreshAccessToken)) {
throw new Exception('Invalid access token.');
} elseif ($accessToken->getIsExpired() && $this->autoRefreshAccessToken) {
$accessToken = $this->refreshAccessToken($accessToken);
}
$this->applyAccessTokenToRequest($event->request, $accessToken);
}
Defined in: yii\base\Component::behaviors()
Returns a list of behaviors that this component should behave as.
Child classes may override this method to specify the behaviors they want to behave as.
The return value of this method should be an array of behavior objects or configurations indexed by behavior names. A behavior configuration can be either a string specifying the behavior class or an array of the following structure:
'behaviorName' => [
'class' => 'BehaviorClass',
'property1' => 'value1',
'property2' => 'value2',
]
Note that a behavior class must extend from yii\base\Behavior. Behaviors can be attached using a name or anonymously. When a name is used as the array key, using this name, the behavior can later be retrieved using getBehavior() or be detached using detachBehavior(). Anonymous behaviors can not be retrieved or detached.
Behaviors declared in this method will be attached to the component automatically (on demand).
| public array behaviors ( ) | ||
| return | array |
The behavior configurations. |
|---|---|---|
public function behaviors()
{
return [];
}
Composes user authorization URL.
| public string buildAuthUrl ( array $params = [] ) | ||
| $params | array |
Additional auth GET params. |
| return | string |
Authorization URL. |
|---|---|---|
public function buildAuthUrl(array $params = [])
{
if ($this->authUrl === null) {
$this->authUrl = $this->getConfigParam('authorization_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$params['nonce'] = $nonce;
}
return parent::buildAuthUrl($params);
}
Defined in: yii\base\Component::canGetProperty()
Returns a value indicating whether a property can be read.
A property can be read if:
- the class has a getter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a readable property of the given name (when
$checkBehaviorsis true).
See also canSetProperty().
| public boolean canGetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
| $name | string |
The property name |
| $checkVars | boolean |
Whether to treat member variables as properties |
| $checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
| return | boolean |
Whether the property can be read |
|---|---|---|
public function canGetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'get' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canGetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
Defined in: yii\base\Component::canSetProperty()
Returns a value indicating whether a property can be set.
A property can be written if:
- the class has a setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a writable property of the given name (when
$checkBehaviorsis true).
See also canGetProperty().
| public boolean canSetProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
| $name | string |
The property name |
| $checkVars | boolean |
Whether to treat member variables as properties |
| $checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
| return | boolean |
Whether the property can be written |
|---|---|---|
public function canSetProperty($name, $checkVars = true, $checkBehaviors = true)
{
if (method_exists($this, 'set' . $name) || $checkVars && property_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->canSetProperty($name, $checkVars)) {
return true;
}
}
}
return false;
}
::class instead.
Defined in: yii\base\BaseObject::className()
Returns the fully qualified name of this class.
| public static string className ( ) | ||
| return | string |
The fully qualified name of this class. |
|---|---|---|
public static function className()
{
return get_called_class();
}
Defined in: yii\authclient\BaseOAuth::composeUrl()
Composes URL from base URL and GET params.
| protected string composeUrl ( $url, array $params = [] ) | ||
| $url | string |
Base URL. |
| $params | array |
GET params. |
| return | string |
Composed URL. |
|---|---|---|
protected function composeUrl($url, array $params = [])
{
if (!empty($params)) {
if (strpos($url, '?') === false) {
$url .= '?';
} else {
$url .= '&';
}
$url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986);
}
return $url;
}
Defined in: yii\authclient\BaseOAuth::createApiRequest()
Creates an HTTP request for the API call.
The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.
See also createRequest().
| public yii\httpclient\Request createApiRequest ( ) | ||
| return | yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createApiRequest()
{
$request = $this->createRequest();
$request->on(Request::EVENT_BEFORE_SEND, [$this, 'beforeApiRequestSend']);
return $request;
}
Defined in: yii\authclient\BaseOAuth::createHttpClient()
Creates HTTP client instance from reference or configuration.
| protected yii\httpclient\Client createHttpClient ( $reference ) | ||
| $reference | string|array |
Component name or array configuration. |
| return | yii\httpclient\Client |
HTTP client instance. |
|---|---|---|
protected function createHttpClient($reference)
{
$httpClient = parent::createHttpClient($reference);
$httpClient->baseUrl = $this->apiBaseUrl;
return $httpClient;
}
Defined in: yii\authclient\BaseClient::createRequest()
Creates HTTP request instance.
| public yii\httpclient\Request createRequest ( ) | ||
| return | yii\httpclient\Request |
HTTP request instance. |
|---|---|---|
public function createRequest()
{
return $this->getHttpClient()
->createRequest()
->addOptions($this->defaultRequestOptions())
->addOptions($this->getRequestOptions());
}
Defined in: yii\authclient\BaseOAuth::createSignatureMethod()
Creates signature method instance from its configuration.
| protected yii\authclient\signature\BaseMethod createSignatureMethod ( array $signatureMethodConfig ) | ||
| $signatureMethodConfig | array |
Signature method configuration. |
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
protected function createSignatureMethod(array $signatureMethodConfig)
{
if (!array_key_exists('class', $signatureMethodConfig)) {
$signatureMethodConfig['class'] = signature\HmacSha1::className();
}
return Yii::createObject($signatureMethodConfig);
}
Creates token from its configuration.
| protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] ) | ||
| $tokenConfig | array |
Token configuration. |
| return | yii\authclient\OAuthToken |
Token instance. |
|---|---|---|
protected function createToken(array $tokenConfig = [])
{
if ($this->validateJws) {
$jwsData = $this->loadJws($tokenConfig['params']['id_token']);
$this->validateClaims($jwsData);
$tokenConfig['params'] = array_merge($tokenConfig['params'], $jwsData);
if ($this->getValidateAuthNonce()) {
$authNonce = $this->getState('authNonce');
if (
!isset($jwsData['nonce'])
|| empty($authNonce)
|| !Yii::$app->getSecurity()->compareString($jwsData['nonce'], $authNonce)
) {
throw new HttpException(400, 'Invalid auth nonce');
} else {
$this->removeState('authNonce');
}
}
}
return parent::createToken($tokenConfig);
}
Defined in: yii\authclient\BaseClient::defaultName()
Generates service name.
| protected string defaultName ( ) | ||
| return | string |
Service name. |
|---|---|---|
protected function defaultName()
{
return Inflector::camel2id(StringHelper::basename(get_class($this)));
}
Defined in: yii\authclient\BaseClient::defaultNormalizeUserAttributeMap()
Returns the default $normalizeUserAttributeMap value.
Particular client may override this method in order to provide specific default map.
| protected array defaultNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize attribute map. |
|---|---|---|
protected function defaultNormalizeUserAttributeMap()
{
return [];
}
Defined in: yii\authclient\BaseOAuth::defaultRequestOptions()
Returns default HTTP request options.
| protected array defaultRequestOptions ( ) | ||
| return | array |
HTTP request options. |
|---|---|---|
protected function defaultRequestOptions()
{
return [
'userAgent' => Inflector::slug(Yii::$app->name) . ' OAuth ' . $this->version . ' Client',
'timeout' => 30,
];
}
Defined in: yii\authclient\BaseOAuth::defaultReturnUrl()
Composes default $returnUrl value.
| protected string defaultReturnUrl ( ) | ||
| return | string |
Return URL. |
|---|---|---|
protected function defaultReturnUrl()
{
$params = Yii::$app->getRequest()->getQueryParams();
$params = array_intersect_key($params, array_flip($this->parametersToKeepInReturnUrl));
$params[0] = Yii::$app->controller->getRoute();
return Yii::$app->getUrlManager()->createAbsoluteUrl($params);
}
Defined in: yii\authclient\BaseClient::defaultTitle()
Generates service title.
| protected string defaultTitle ( ) | ||
| return | string |
Service title. |
|---|---|---|
protected function defaultTitle()
{
return StringHelper::basename(get_class($this));
}
Defined in: yii\authclient\BaseClient::defaultViewOptions()
Returns the default $viewOptions value.
Particular client may override this method in order to provide specific default view options.
| protected array defaultViewOptions ( ) | ||
| return | array |
List of default $viewOptions |
|---|---|---|
protected function defaultViewOptions()
{
return [];
}
Defined in: yii\base\Component::detachBehavior()
Detaches a behavior from the component.
The behavior's yii\base\Behavior::detach() method will be invoked.
| public yii\base\Behavior|null detachBehavior ( $name ) | ||
| $name | string |
The behavior's name. |
| return | yii\base\Behavior|null |
The detached behavior. Null if the behavior does not exist. |
|---|---|---|
public function detachBehavior($name)
{
$this->ensureBehaviors();
if (isset($this->_behaviors[$name])) {
$behavior = $this->_behaviors[$name];
unset($this->_behaviors[$name]);
$behavior->detach();
return $behavior;
}
return null;
}
Defined in: yii\base\Component::detachBehaviors()
Detaches all behaviors from the component.
| public void detachBehaviors ( ) |
public function detachBehaviors()
{
$this->ensureBehaviors();
foreach ($this->_behaviors as $name => $behavior) {
$this->detachBehavior($name);
}
}
Discovers OpenID Provider configuration parameters.
| protected array discoverConfig ( ) | ||
| return | array |
OpenID Provider configuration parameters. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on failure. |
protected function discoverConfig()
{
$request = $this->createRequest();
$configUrl = rtrim($this->issuerUrl, '/') . '/.well-known/openid-configuration';
$request->setMethod('GET')
->setUrl($configUrl);
$response = $this->sendRequest($request);
return $response;
}
Defined in: yii\base\Component::ensureBehaviors()
Makes sure that the behaviors declared in behaviors() are attached to this component.
| public void ensureBehaviors ( ) |
public function ensureBehaviors()
{
if ($this->_behaviors === null) {
$this->_behaviors = [];
foreach ($this->behaviors() as $name => $behavior) {
$this->attachBehaviorInternal($name, $behavior);
}
}
}
Fetches access token from authorization code.
| public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] ) | ||
| $authCode | string |
Authorization code, usually comes at GET parameter 'code'. |
| $params | array |
Additional request params. |
| return | yii\authclient\OAuthToken |
Access token. |
|---|---|---|
| throws | yii\web\HttpException |
on invalid auth state in case enableStateValidation is enabled. |
public function fetchAccessToken($authCode, array $params = [])
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
if (!isset($params['nonce']) && $this->getValidateAuthNonce()) {
$params['nonce'] = $this->getState('authNonce');
}
return parent::fetchAccessToken($authCode, $params);
}
Generates the auth nonce value.
| protected string generateAuthNonce ( ) | ||
| return | string |
Auth nonce value. |
|---|---|---|
protected function generateAuthNonce()
{
return Yii::$app->security->generateRandomString();
}
Defined in: yii\authclient\OAuth2::generateAuthState()
Generates the auth state value.
| protected string generateAuthState ( ) | ||
| return | string |
Auth state value. |
|---|---|---|
protected function generateAuthState()
{
$baseString = get_class($this) . '-' . time();
if (Yii::$app->has('session')) {
$baseString .= '-' . Yii::$app->session->getId();
}
return hash('sha256', uniqid($baseString, true));
}
Defined in: yii\authclient\BaseOAuth::getAccessToken()
| public yii\authclient\OAuthToken getAccessToken ( ) | ||
| return | yii\authclient\OAuthToken |
Auth token instance. |
|---|---|---|
public function getAccessToken()
{
if (!is_object($this->_accessToken)) {
$this->_accessToken = $this->restoreAccessToken();
}
return $this->_accessToken;
}
Defined in: yii\base\Component::getBehavior()
Returns the named behavior object.
| public yii\base\Behavior|null getBehavior ( $name ) | ||
| $name | string |
The behavior name |
| return | yii\base\Behavior|null |
The behavior object, or null if the behavior does not exist |
|---|---|---|
public function getBehavior($name)
{
$this->ensureBehaviors();
return isset($this->_behaviors[$name]) ? $this->_behaviors[$name] : null;
}
Defined in: yii\base\Component::getBehaviors()
Returns all behaviors attached to this component.
| public yii\base\Behavior[] getBehaviors ( ) | ||
| return | yii\base\Behavior[] |
List of behaviors attached to this component |
|---|---|---|
public function getBehaviors()
{
$this->ensureBehaviors();
return $this->_behaviors;
}
| public yii\caching\Cache|null getCache ( ) | ||
| return | yii\caching\Cache|null |
The cache object, |
|---|---|---|
public function getCache()
{
if ($this->_cache !== null && !is_object($this->_cache)) {
$this->_cache = Instance::ensure($this->_cache, Cache::className());
}
return $this->_cache;
}
Returns particular configuration parameter value.
| public mixed getConfigParam ( $name, $default = null ) | ||
| $name | string |
Configuration parameter name. |
| $default | mixed |
Value to be returned if the configuration parameter isn't set. |
| return | mixed |
Configuration parameter value. |
|---|---|---|
public function getConfigParam($name, $default = null)
{
$params = $this->getConfigParams();
return array_key_exists($name, $params) ? $params[$name] : $default;
}
| public array getConfigParams ( ) | ||
| return | array |
OpenID provider configuration parameters. |
|---|---|---|
public function getConfigParams()
{
if ($this->_configParams === null) {
$cache = $this->getCache();
$cacheKey = $this->configParamsCacheKeyPrefix . $this->getId();
if ($cache === null || ($configParams = $cache->get($cacheKey)) === false) {
$configParams = $this->discoverConfig();
}
$this->_configParams = $configParams;
if ($cache !== null) {
$cache->set($cacheKey, $configParams);
}
}
return $this->_configParams;
}
Defined in: yii\authclient\BaseClient::getHttpClient()
Returns HTTP client.
| public yii\httpclient\Client getHttpClient ( ) | ||
| return | yii\httpclient\Client |
Internal HTTP client. |
|---|---|---|
public function getHttpClient()
{
if (!is_object($this->_httpClient)) {
$this->_httpClient = $this->createHttpClient($this->_httpClient);
}
return $this->_httpClient;
}
Defined in: yii\authclient\BaseClient::getId()
| public string getId ( ) | ||
| return | string |
Service id |
|---|---|---|
public function getId()
{
if (empty($this->_id)) {
$this->_id = $this->getName();
}
return $this->_id;
}
Return JwkSet, returning related data.
| protected \yii\authclient\JWKSet getJwkSet ( ) | ||
| return | \yii\authclient\JWKSet |
Object represents a key set. |
|---|---|---|
| throws | yii\authclient\InvalidResponseException |
on failure. |
protected function getJwkSet()
{
if ($this->_jwkSet === null) {
$cache = $this->getCache();
$cacheKey = $this->configParamsCacheKeyPrefix . '_jwkSet';
if ($cache === null || ($jwkSet = $cache->get($cacheKey)) === false) {
$request = $this->createRequest()
->setMethod('GET')
->setUrl($this->getConfigParam('jwks_uri'));
$response = $this->sendRequest($request);
$jwkSet = JWKFactory::createFromValues($response);
}
$this->_jwkSet = $jwkSet;
if ($cache !== null) {
$cache->set($cacheKey, $jwkSet);
}
}
return $this->_jwkSet;
}
Return JWSLoader that validate the JWS token.
| protected \Jose\Component\Signature\JWSLoader getJwsLoader ( ) | ||
| return | \Jose\Component\Signature\JWSLoader |
To do token validation. |
|---|---|---|
| throws | yii\base\InvalidConfigException |
on invalid algorithm provide in configuration. |
protected function getJwsLoader()
{
if ($this->_jwsLoader === null) {
$algorithms = [];
foreach ($this->allowedJwsAlgorithms as $algorithm)
{
$class = '\Jose\Component\Signature\Algorithm\\' . $algorithm;
if (!class_exists($class))
{
throw new InvalidConfigException("Alogrithm class $class doesn't exist");
}
$algorithms[] = new $class();
}
$this->_jwsLoader = new JWSLoader(
new JWSSerializerManager([ new CompactSerializer() ]),
new JWSVerifier(new AlgorithmManager($algorithms)),
new HeaderCheckerManager(
[ new AlgorithmChecker($this->allowedJwsAlgorithms) ],
[ new JWSTokenSupport() ]
)
);
}
return $this->_jwsLoader;
}
Defined in: yii\authclient\BaseClient::getName()
| public string getName ( ) | ||
| return | string |
Service name. |
|---|---|---|
public function getName()
{
if ($this->_name === null) {
$this->_name = $this->defaultName();
}
return $this->_name;
}
| public array getNormalizeUserAttributeMap ( ) | ||
| return | array |
Normalize user attribute map. |
|---|---|---|
public function getNormalizeUserAttributeMap()
{
if ($this->_normalizeUserAttributeMap === null) {
$this->_normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
}
return $this->_normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::getRequestOptions()
| public array getRequestOptions ( ) | ||
| return | array |
HTTP request options. |
|---|---|---|
public function getRequestOptions()
{
return $this->_requestOptions;
}
Defined in: yii\authclient\BaseOAuth::getReturnUrl()
| public string getReturnUrl ( ) | ||
| return | string |
Return URL. |
|---|---|---|
public function getReturnUrl()
{
if ($this->_returnUrl === null) {
$this->_returnUrl = $this->defaultReturnUrl();
}
return $this->_returnUrl;
}
Defined in: yii\authclient\BaseOAuth::getSignatureMethod()
| public yii\authclient\signature\BaseMethod getSignatureMethod ( ) | ||
| return | yii\authclient\signature\BaseMethod |
Signature method instance. |
|---|---|---|
public function getSignatureMethod()
{
if (!is_object($this->_signatureMethod)) {
$this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod);
}
return $this->_signatureMethod;
}
Defined in: yii\authclient\BaseClient::getState()
Returns persistent state value.
| protected mixed getState ( $key ) | ||
| $key | string |
State key. |
| return | mixed |
State value. |
|---|---|---|
protected function getState($key)
{
return $this->getStateStorage()->get($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseClient::getStateKeyPrefix()
Returns session key prefix, which is used to store internal states.
| protected string getStateKeyPrefix ( ) | ||
| return | string |
Session key prefix. |
|---|---|---|
protected function getStateKeyPrefix()
{
return get_class($this) . '_' . $this->getId() . '_';
}
Defined in: yii\authclient\BaseClient::getStateStorage()
| public yii\authclient\StateStorageInterface getStateStorage ( ) | ||
| return | yii\authclient\StateStorageInterface |
Stage storage. |
|---|---|---|
public function getStateStorage()
{
if (!is_object($this->_stateStorage)) {
$this->_stateStorage = Yii::createObject($this->_stateStorage);
}
return $this->_stateStorage;
}
Defined in: yii\authclient\BaseClient::getTitle()
| public string getTitle ( ) | ||
| return | string |
Service title. |
|---|---|---|
public function getTitle()
{
if ($this->_title === null) {
$this->_title = $this->defaultTitle();
}
return $this->_title;
}
Defined in: yii\authclient\BaseClient::getUserAttributes()
| public array getUserAttributes ( ) | ||
| return | array |
List of user attributes |
|---|---|---|
public function getUserAttributes()
{
if ($this->_userAttributes === null) {
$this->_userAttributes = $this->normalizeUserAttributes($this->initUserAttributes());
}
return $this->_userAttributes;
}
| public boolean getValidateAuthNonce ( ) | ||
| return | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
|---|---|---|
public function getValidateAuthNonce()
{
if ($this->_validateAuthNonce === null) {
$this->_validateAuthNonce = $this->validateJws && in_array('nonce', $this->getConfigParam('claims_supported'));
}
return $this->_validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::getViewOptions()
| public array getViewOptions ( ) | ||
| return | array |
View options in format: optionName => optionValue |
|---|---|---|
public function getViewOptions()
{
if ($this->_viewOptions === null) {
$this->_viewOptions = $this->defaultViewOptions();
}
return $this->_viewOptions;
}
Defined in: yii\base\Component::hasEventHandlers()
Returns a value indicating whether there is any handler attached to the named event.
| public boolean hasEventHandlers ( $name ) | ||
| $name | string |
The event name |
| return | boolean |
Whether there is any handler attached to the event. |
|---|---|---|
public function hasEventHandlers($name)
{
$this->ensureBehaviors();
if (!empty($this->_events[$name])) {
return true;
}
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (!empty($handlers) && StringHelper::matchWildcard($wildcard, $name)) {
return true;
}
}
return Event::hasHandlers($this, $name);
}
Defined in: yii\base\Component::hasMethod()
Returns a value indicating whether a method is defined.
A method is defined if:
- the class has a method with the specified name
- an attached behavior has a method with the given name (when
$checkBehaviorsis true).
| public boolean hasMethod ( $name, $checkBehaviors = true ) | ||
| $name | string |
The property name |
| $checkBehaviors | boolean |
Whether to treat behaviors' methods as methods of this component |
| return | boolean |
Whether the method is defined |
|---|---|---|
public function hasMethod($name, $checkBehaviors = true)
{
if (method_exists($this, $name)) {
return true;
} elseif ($checkBehaviors) {
$this->ensureBehaviors();
foreach ($this->_behaviors as $behavior) {
if ($behavior->hasMethod($name)) {
return true;
}
}
}
return false;
}
Defined in: yii\base\Component::hasProperty()
Returns a value indicating whether a property is defined for this component.
A property is defined if:
- the class has a getter or setter method associated with the specified name (in this case, property name is case-insensitive);
- the class has a member variable with the specified name (when
$checkVarsis true); - an attached behavior has a property of the given name (when
$checkBehaviorsis true).
See also:
| public boolean hasProperty ( $name, $checkVars = true, $checkBehaviors = true ) | ||
| $name | string |
The property name |
| $checkVars | boolean |
Whether to treat member variables as properties |
| $checkBehaviors | boolean |
Whether to treat behaviors' properties as properties of this component |
| return | boolean |
Whether the property is defined |
|---|---|---|
public function hasProperty($name, $checkVars = true, $checkBehaviors = true)
{
return $this->canGetProperty($name, $checkVars, $checkBehaviors) || $this->canSetProperty($name, false, $checkBehaviors);
}
Defined in: yii\base\BaseObject::init()
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
| public void init ( ) |
public function init()
{
}
Initializes authenticated user attributes.
| protected array initUserAttributes ( ) | ||
| return | array |
Auth user attributes. |
|---|---|---|
protected function initUserAttributes()
{
// Use 'userinfo_endpoint' config if available,
// try to extract user claims from access token's 'id_token' claim otherwise.
$userinfoEndpoint = $this->getConfigParam('userinfo_endpoint');
if (!empty($userinfoEndpoint)) {
$userInfo = $this->api($userinfoEndpoint, 'GET');
// The userinfo endpoint can return a JSON object (which will be converted to an array) or a JWT.
if (is_array($userInfo)) {
return $userInfo;
} else {
// Use the userInfo endpoint as id_token and parse it as JWT below
$idToken = $userInfo;
}
} else {
$accessToken = $this->accessToken;
$idToken = $accessToken->getParam('id_token');
}
$idTokenData = [];
if (!empty($idToken)) {
if ($this->validateJws) {
$idTokenClaims = $this->loadJws($idToken);
} else {
$idTokenClaims = Json::decode(StringHelper::base64UrlDecode(explode('.', $idToken)[1]));
}
$metaDataFields = array_flip($this->defaultIdTokenClaims);
unset($metaDataFields['sub']); // "Subject Identifier" is not meta data
$idTokenData = array_diff_key($idTokenClaims, $metaDataFields);
}
return $idTokenData;
}
Decrypts/validates JWS, returning related data.
| protected array loadJws ( $jws ) | ||
| $jws | string |
Raw JWS input. |
| return | array |
JWS underlying data. |
|---|---|---|
| throws | yii\web\HttpException |
on invalid JWS signature. |
protected function loadJws($jws)
{
try {
$jwsLoader = $this->getJwsLoader();
$signature = null;
$jwsVerified = $jwsLoader->loadAndVerifyWithKeySet($jws, $this->getJwkSet(), $signature);
return Json::decode($jwsVerified->getPayload());
} catch (\Exception $e) {
$message = YII_DEBUG ? 'Unable to verify JWS: ' . $e->getMessage() : 'Invalid JWS';
throw new HttpException(400, $message, $e->getCode(), $e);
}
}
Defined in: yii\authclient\BaseClient::normalizeUserAttributes()
Normalize given user attributes according to $normalizeUserAttributeMap.
| protected array normalizeUserAttributes ( $attributes ) | ||
| $attributes | array |
Raw attributes. |
| return | array |
Normalized attributes. |
|---|---|---|
| throws | yii\base\InvalidConfigException |
on incorrect normalize attribute map. |
protected function normalizeUserAttributes($attributes)
{
foreach ($this->getNormalizeUserAttributeMap() as $normalizedName => $actualName) {
if (is_scalar($actualName)) {
if (array_key_exists($actualName, $attributes)) {
$attributes[$normalizedName] = $attributes[$actualName];
}
} else {
if (is_callable($actualName)) {
$attributes[$normalizedName] = call_user_func($actualName, $attributes);
} elseif (is_array($actualName)) {
$haystack = $attributes;
$searchKeys = $actualName;
$isFound = true;
while (($key = array_shift($searchKeys)) !== null) {
if (is_array($haystack) && array_key_exists($key, $haystack)) {
$haystack = $haystack[$key];
} else {
$isFound = false;
break;
}
}
if ($isFound) {
$attributes[$normalizedName] = $haystack;
}
} else {
throw new InvalidConfigException('Invalid actual name "' . gettype($actualName) . '" specified at "' . get_class($this) . '::normalizeUserAttributeMap"');
}
}
}
return $attributes;
}
Defined in: yii\base\Component::off()
Detaches an existing event handler from this component.
This method is the opposite of on().
Note: in case wildcard pattern is passed for event name, only the handlers registered with this wildcard will be removed, while handlers registered with plain names matching this wildcard will remain.
See also on().
| public boolean off ( $name, $handler = null ) | ||
| $name | string |
Event name |
| $handler | callable|null |
The event handler to be removed. If it is null, all handlers attached to the named event will be removed. |
| return | boolean |
If a handler is found and detached |
|---|---|---|
public function off($name, $handler = null)
{
$this->ensureBehaviors();
if (empty($this->_events[$name]) && empty($this->_eventWildcards[$name])) {
return false;
}
if ($handler === null) {
unset($this->_events[$name], $this->_eventWildcards[$name]);
return true;
}
$removed = false;
// plain event names
if (isset($this->_events[$name])) {
foreach ($this->_events[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_events[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_events[$name] = array_values($this->_events[$name]);
return true;
}
}
// wildcard event names
if (isset($this->_eventWildcards[$name])) {
foreach ($this->_eventWildcards[$name] as $i => $event) {
if ($event[0] === $handler) {
unset($this->_eventWildcards[$name][$i]);
$removed = true;
}
}
if ($removed) {
$this->_eventWildcards[$name] = array_values($this->_eventWildcards[$name]);
// remove empty wildcards to save future redundant regex checks:
if (empty($this->_eventWildcards[$name])) {
unset($this->_eventWildcards[$name]);
}
}
}
return $removed;
}
Defined in: yii\base\Component::on()
Attaches an event handler to an event.
The event handler must be a valid PHP callback. The following are some examples:
function ($event) { ... } // anonymous function
[$object, 'handleClick'] // $object->handleClick()
['Page', 'handleClick'] // Page::handleClick()
'handleClick' // global function handleClick()
The event handler must be defined with the following signature,
function ($event)
where $event is an yii\base\Event object which includes parameters associated with the event.
Since 2.0.14 you can specify event name as a wildcard pattern:
$component->on('event.group.*', function ($event) {
Yii::trace($event->name . ' is triggered.');
});
See also off().
| public void on ( $name, $handler, $data = null, $append = true ) | ||
| $name | string |
The event name |
| $handler | callable |
The event handler |
| $data | mixed |
The data to be passed to the event handler when the event is triggered. When the event handler is invoked, this data can be accessed via yii\base\Event::$data. |
| $append | boolean |
Whether to append new event handler to the end of the existing handler list. If false, the new handler will be inserted at the beginning of the existing handler list. |
public function on($name, $handler, $data = null, $append = true)
{
$this->ensureBehaviors();
if (strpos($name, '*') !== false) {
if ($append || empty($this->_eventWildcards[$name])) {
$this->_eventWildcards[$name][] = [$handler, $data];
} else {
array_unshift($this->_eventWildcards[$name], [$handler, $data]);
}
return;
}
if ($append || empty($this->_events[$name])) {
$this->_events[$name][] = [$handler, $data];
} else {
array_unshift($this->_events[$name], [$handler, $data]);
}
}
Gets new auth token to replace expired one.
| public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token ) | ||
| $token | yii\authclient\OAuthToken |
Expired auth token. |
| return | yii\authclient\OAuthToken |
New auth token. |
|---|---|---|
public function refreshAccessToken(OAuthToken $token)
{
if ($this->tokenUrl === null) {
$this->tokenUrl = $this->getConfigParam('token_endpoint');
}
if ($this->getValidateAuthNonce()) {
$nonce = $this->generateAuthNonce();
$this->setState('authNonce', $nonce);
$token->setParam('nonce', $nonce);
}
return parent::refreshAccessToken($token);
}
Defined in: yii\authclient\BaseClient::removeState()
Removes persistent state value.
| protected boolean removeState ( $key ) | ||
| $key | string |
State key. |
| return | boolean |
Success. |
|---|---|---|
protected function removeState($key)
{
return $this->getStateStorage()->remove($this->getStateKeyPrefix() . $key);
}
Defined in: yii\authclient\BaseOAuth::restoreAccessToken()
Restores access token.
| protected yii\authclient\OAuthToken restoreAccessToken ( ) | ||
| return | yii\authclient\OAuthToken |
Auth token. |
|---|---|---|
protected function restoreAccessToken()
{
$token = $this->getState('token');
if (is_object($token)) {
/* @var $token OAuthToken */
if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
$token = $this->refreshAccessToken($token);
}
}
return $token;
}
Defined in: yii\authclient\BaseOAuth::saveAccessToken()
Saves token as persistent state.
| protected $this saveAccessToken ( $token ) | ||
| $token | yii\authclient\OAuthToken|null |
Auth token to be saved. |
| return | $this |
The object itself. |
|---|---|---|
protected function saveAccessToken($token)
{
return $this->setState('token', $token);
}
Defined in: yii\authclient\BaseOAuth::sendRequest()
Sends the given HTTP request, returning response data.
| protected array|string|null sendRequest ( $request ) | ||
| $request | yii\httpclient\Request |
HTTP request to be sent. |
| return | array|string|null |
Response data. |
|---|---|---|
| throws | yii\authclient\ClientErrorResponseException |
on client error response codes. |
| throws | yii\authclient\InvalidResponseException |
on non-successful (other than client error) response codes. |
| throws | yii\httpclient\Exception | |
protected function sendRequest($request)
{
$response = $request->send();
if (!$response->getIsOk()) {
$statusCode = (int)$response->getStatusCode();
if ($statusCode >= 400 && $statusCode < 500) {
$exceptionClass = 'yii\\authclient\\ClientErrorResponseException';
} else {
$exceptionClass = 'yii\\authclient\\InvalidResponseException';
}
throw new $exceptionClass(
$response,
'Request failed with code: ' . $statusCode . ', message: ' . $response->getContent(),
$statusCode
);
}
if (stripos($response->headers->get('content-type', ''), 'application/jwt') !== false) {
return $response->getContent();
} else {
return $response->getData();
}
}
Defined in: yii\authclient\BaseOAuth::setAccessToken()
Sets access token to be used.
| public void setAccessToken ( $token ) | ||
| $token | array|yii\authclient\OAuthToken|null |
Access token or its configuration. Set to null to restore token from token store. |
public function setAccessToken($token)
{
if (!is_object($token) && $token !== null) {
$token = $this->createToken($token);
}
$this->_accessToken = $token;
$this->saveAccessToken($token);
}
Sets up a component to be used for caching.
This can be one of the following:
- an application component ID (e.g.
cache) - a configuration array
- a yii\caching\Cache object
When null is passed, it means caching is not enabled.
| public void setCache ( $cache ) | ||
| $cache | yii\caching\Cache|array|string|null |
The cache object or the ID of the cache application component. |
public function setCache($cache)
{
$this->_cache = $cache;
}
Set the OpenID provider configuration manually, this will bypass the automatic discovery via the /.well-known/openid-configuration endpoint.
| public void setConfigParams ( $configParams ) | ||
| $configParams | array |
OpenID provider configuration parameters. |
public function setConfigParams($configParams)
{
$this->_configParams = $configParams;
}
Defined in: yii\authclient\BaseOAuth::setHttpClient()
Sets HTTP client to be used.
| public void setHttpClient ( $httpClient ) | ||
| $httpClient | array|yii\httpclient\Client |
Internal HTTP client. |
public function setHttpClient($httpClient)
{
if (is_object($httpClient)) {
$httpClient = clone $httpClient;
$httpClient->baseUrl = $this->apiBaseUrl;
}
parent::setHttpClient($httpClient);
}
Defined in: yii\authclient\BaseClient::setId()
| public void setId ( $id ) | ||
| $id | string |
Service id. |
public function setId($id)
{
$this->_id = $id;
}
Defined in: yii\authclient\BaseClient::setName()
| public void setName ( $name ) | ||
| $name | string |
Service name. |
public function setName($name)
{
$this->_name = $name;
}
| public void setNormalizeUserAttributeMap ( $normalizeUserAttributeMap ) | ||
| $normalizeUserAttributeMap | array |
Normalize user attribute map. |
public function setNormalizeUserAttributeMap($normalizeUserAttributeMap)
{
$this->_normalizeUserAttributeMap = $normalizeUserAttributeMap;
}
Defined in: yii\authclient\BaseClient::setRequestOptions()
| public void setRequestOptions ( array $options ) | ||
| $options | array |
HTTP request options. |
public function setRequestOptions(array $options)
{
$this->_requestOptions = $options;
}
Defined in: yii\authclient\BaseOAuth::setReturnUrl()
| public void setReturnUrl ( $returnUrl ) | ||
| $returnUrl | string |
Return URL |
public function setReturnUrl($returnUrl)
{
$this->_returnUrl = $returnUrl;
}
Defined in: yii\authclient\BaseOAuth::setSignatureMethod()
Set signature method to be used.
| public void setSignatureMethod ( $signatureMethod ) | ||
| $signatureMethod | array|yii\authclient\signature\BaseMethod |
Signature method instance or its array configuration. |
| throws | yii\base\InvalidArgumentException |
on wrong argument. |
|---|---|---|
public function setSignatureMethod($signatureMethod)
{
if (!is_object($signatureMethod) && !is_array($signatureMethod)) {
throw new InvalidArgumentException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.');
}
$this->_signatureMethod = $signatureMethod;
}
Defined in: yii\authclient\BaseClient::setState()
Sets persistent state.
| protected $this setState ( $key, $value ) | ||
| $key | string |
State key. |
| $value | mixed |
State value |
| return | $this |
The object itself |
|---|---|---|
protected function setState($key, $value)
{
$this->getStateStorage()->set($this->getStateKeyPrefix() . $key, $value);
return $this;
}
Defined in: yii\authclient\BaseClient::setStateStorage()
| public void setStateStorage ( $stateStorage ) | ||
| $stateStorage | yii\authclient\StateStorageInterface|array|string |
Stage storage to be used. |
public function setStateStorage($stateStorage)
{
$this->_stateStorage = $stateStorage;
}
Defined in: yii\authclient\BaseClient::setTitle()
| public void setTitle ( $title ) | ||
| $title | string |
Service title. |
public function setTitle($title)
{
$this->_title = $title;
}
Defined in: yii\authclient\BaseClient::setUserAttributes()
| public void setUserAttributes ( $userAttributes ) | ||
| $userAttributes | array |
List of user attributes |
public function setUserAttributes($userAttributes)
{
$this->_userAttributes = $this->normalizeUserAttributes($userAttributes);
}
| public void setValidateAuthNonce ( $validateAuthNonce ) | ||
| $validateAuthNonce | boolean |
Whether to use and validate auth 'nonce' parameter in authentication flow. |
public function setValidateAuthNonce($validateAuthNonce)
{
$this->_validateAuthNonce = $validateAuthNonce;
}
Defined in: yii\authclient\BaseClient::setViewOptions()
| public void setViewOptions ( $viewOptions ) | ||
| $viewOptions | array |
View options in format: optionName => optionValue |
public function setViewOptions($viewOptions)
{
$this->_viewOptions = $viewOptions;
}
Defined in: yii\base\Component::trigger()
Triggers an event.
This method represents the happening of an event. It invokes all attached handlers for the event including class-level handlers.
| public void trigger ( $name, yii\base\Event $event = null ) | ||
| $name | string |
The event name |
| $event | yii\base\Event|null |
The event instance. If not set, a default yii\base\Event object will be created. |
public function trigger($name, Event $event = null)
{
$this->ensureBehaviors();
$eventHandlers = [];
foreach ($this->_eventWildcards as $wildcard => $handlers) {
if (StringHelper::matchWildcard($wildcard, $name)) {
$eventHandlers[] = $handlers;
}
}
if (!empty($this->_events[$name])) {
$eventHandlers[] = $this->_events[$name];
}
if (!empty($eventHandlers)) {
$eventHandlers = call_user_func_array('array_merge', $eventHandlers);
if ($event === null) {
$event = new Event();
}
if ($event->sender === null) {
$event->sender = $this;
}
$event->handled = false;
$event->name = $name;
foreach ($eventHandlers as $handler) {
$event->data = $handler[1];
call_user_func($handler[0], $event);
// stop further handling if the event is handled
if ($event->handled) {
return;
}
}
}
// invoke class-level attached handlers
Event::trigger($this, $name, $event);
}
Validates the claims data received from OpenID provider.
| protected void validateClaims ( array $claims ) | ||
| $claims | array |
Claims data. |
| throws | yii\web\HttpException |
on invalid claims. |
|---|---|---|
protected function validateClaims(array $claims)
{
$expectedIssuer = $this->getConfigParam('issuer', $this->issuerUrl);
if (!isset($claims['iss']) || (strcmp(rtrim($claims['iss'], '/'), rtrim($expectedIssuer, '/')) !== 0)) {
throw new HttpException(400, 'Invalid "iss"');
}
if (!isset($claims['aud'])
|| (!is_string($claims['aud']) && !is_array($claims['aud']))
|| (is_string($claims['aud']) && strcmp($claims['aud'], $this->clientId) !== 0)
|| (is_array($claims['aud']) && !in_array($this->clientId, $claims['aud']))
) {
throw new HttpException(400, 'Invalid "aud"');
}
}