Page MenuHomePhabricator
Diviner Phabricator Tech Docs PhabricatorOAuthServer

final class PhabricatorOAuthServer
Phabricator Technical Documentation (OAuth Server)

Implements core OAuth 2.0 Server logic.

This class should be used behind business logic that parses input to determine pertinent PhabricatorUser $user, PhabricatorOAuthServerClient $client(s), PhabricatorOAuthServerAuthorizationCode $code(s), and. PhabricatorOAuthServerAccessToken $token(s).

For an OAuth 2.0 server, there are two main steps:

  1. Authorization - the user authorizes a given client to access the data

the OAuth 2.0 server protects. Once this is achieved / if it has been achived already, the OAuth server sends the client an authorization code.

  1. Access Token - the client should send the authorization code received in

step 1 along with its id and secret to the OAuth server to receive an access token. This access token can later be used to access Phabricator data on behalf of the user.

Tasks

Authorizing @{class:PhabricatorOAuthServerClient}s and generating @{class:PhabricatorOAuthServerAuthorizationCode}s

Validating @{class:PhabricatorOAuthServerAuthorizationCode}s and generating @{class:PhabricatorOAuthServerAccessToken}s

Internals

No methods for this task.

Other Methods

  • private function getUser()
  • public function setUser($user)
  • private function getClient()
  • public function setClient($client)
  • public function validateRedirectURI($uri)
  • public function assertValidRedirectURI($raw_uri) โ€” See http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 for details on what makes a given redirect URI "valid".
  • public function validateSecondaryRedirectURI($secondary_uri, $primary_uri) โ€” If there's a URI specified in an OAuth request, it must be validated in its own right. Further, it must have the same domain, the same path, the same port, and (at least) the same query parameters as the primary URI.

Methods

private function getUser()

This method is not documented.
Return
wild

public function setUser($user)

This method is not documented.
Parameters
PhabricatorUser$user
Return
wild

private function getClient()

This method is not documented.
Return
wild

public function setClient($client)

This method is not documented.
Parameters
PhabricatorOAuthServerClient$client
Return
wild

public function userHasAuthorizedClient($scope)

This method is not documented.
Parameters
array$scope
Return
tuple<bool hasAuthorized, ClientAuthorization or null>

public function authorizeClient($scope)

This method is not documented.
Parameters
array$scope
Return
wild

public function generateAuthorizationCode($redirect_uri)

This method is not documented.
Parameters
PhutilURI$redirect_uri
Return
wild

public function generateAccessToken()

This method is not documented.
Return
wild

public function validateAuthorizationCode($test_code, $valid_code)

This method is not documented.
Parameters
PhabricatorOAuthServerAuthorizationCode$test_code
PhabricatorOAuthServerAuthorizationCode$valid_code
Return
wild

public function authorizeToken($token)

This method is not documented.
Parameters
PhabricatorOAuthServerAccessToken$token
Return
wild

public function validateRedirectURI($uri)

This method is not documented.
Parameters
$uri
Return
wild

public function assertValidRedirectURI($raw_uri)

See http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-3.1.2 for details on what makes a given redirect URI "valid".

Parameters
$raw_uri
Return
wild

public function validateSecondaryRedirectURI($secondary_uri, $primary_uri)

If there's a URI specified in an OAuth request, it must be validated in its own right. Further, it must have the same domain, the same path, the same port, and (at least) the same query parameters as the primary URI.

Parameters
PhutilURI$secondary_uri
PhutilURI$primary_uri
Return
wild