-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDeviceCodeController.php
103 lines (88 loc) · 3.37 KB
/
DeviceCodeController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
namespace NPR\One\Controllers;
use GuzzleHttp\Client;
use NPR\One\DI\DI;
use NPR\One\Exceptions\ApiException;
use NPR\One\Models\{AccessTokenModel, DeviceCodeModel};
/**
* Use this controller to power your OAuth2 proxy if you are using the `device_code` grant.
* The consumer of this codebase is responsible for setting up a router which forwards on the relevant requests
* to the {@see DeviceCodeController::startDeviceCodeGrant()} and {@see DeviceCodeController::pollDeviceCodeGrant()}
* public methods in this class.
*
* @package NPR\One\Controllers
*/
class DeviceCodeController extends AbstractOAuth2Controller
{
/**
* Kicks off a new device code flow
*
* @api
* @param string[] $scopes
* @return DeviceCodeModel
* @throws \InvalidArgumentException
* @throws \Exception
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function startDeviceCodeGrant(array $scopes): DeviceCodeModel
{
$this->ensureExternalProvidersExist();
$this->validateScopes($scopes);
$deviceCode = $this->createDeviceCode($scopes);
$this->getSecureStorageProvider()->set('device_code', $deviceCode->getDeviceCode(), $deviceCode->getExpiresIn());
return $deviceCode;
}
/**
* Polls the `POST /token` endpoint as part of the device code flow. It will throw an exception if the user
* has not yet logged in, and return an access token once the user has successfully logged in.
*
* @api
* @return AccessTokenModel
* @throws \Exception
* @throws \GuzzleHttp\Exception\GuzzleException
*/
public function pollDeviceCodeGrant(): AccessTokenModel
{
$this->ensureExternalProvidersExist();
$deviceCode = $this->getSecureStorageProvider()->get('device_code');
if (empty($deviceCode))
{
throw new \Exception('Could not locate a device code');
}
$accessToken = $this->createAccessToken('device_code', [
'code' => $deviceCode
]);
$this->storeRefreshToken($accessToken);
return $accessToken;
}
/**
* Creates a new device code by POSTing to the `/device` endpoint. Any error-level output will result in an
* exception being thrown; this function will only return successfully if an access token was actually created.
*
* @internal
* @param string[] $scopes
* @return DeviceCodeModel
* @throws ApiException
* @throws \Exception
* @throws \GuzzleHttp\Exception\GuzzleException
*/
private function createDeviceCode(array $scopes): DeviceCodeModel
{
/** @var Client $client */
$client = DI::container()->get(Client::class);
$response = $client->request('POST', $this->getConfigProvider()->getNprAuthorizationServiceHost() . '/v2/device', [
'headers' => $this->getHeaders(),
'form_params' => [
'client_id' => $this->getConfigProvider()->getClientId(),
'client_secret' => $this->getConfigProvider()->getClientSecret(),
'scope' => join(' ', $scopes)
]
]);
if ($response->getStatusCode() >= 400)
{
throw new ApiException('Error during startDeviceCodeGrant', $response); // @codeCoverageIgnore
}
$body = $response->getBody();
return new DeviceCodeModel($body);
}
}