Merge pull request #51 from bshaffer/hkdobrev-refresh-token

bshaffer · bshaffer · commit f0602afdb4f9 · 2015-02-06T12:29:51.000-07:00
Add example usage of refresh token
diff --git a/src/OAuth2Demo/Client/Controllers/RequestToken.php b/src/OAuth2Demo/Client/Controllers/RequestToken.php
@@ -10,6 +10,7 @@ public static function addRoutes($routing)
     {
         $routing->get('/client/request_token/authorization_code', array(new self(), 'requestTokenWithAuthCode'))->bind('request_token_with_authcode');
         $routing->get('/client/request_token/user_credentials', array(new self(), 'requestTokenWithUserCredentials'))->bind('request_token_with_usercredentials');
+        $routing->get('/client/request_token/refresh_token', array(new self(), 'requestTokenWithRefreshToken'))->bind('request_token_with_refresh_token');
 
     }
 
@@ -24,13 +25,17 @@ public function requestTokenWithAuthCode(Application $app)
 
         $code = $app['request']->get('code');
 
+        $redirect_uri_params = array_filter(array(
+            'show_refresh_token' => $app['request']->get('show_refresh_token'),
+        ));
+
         // exchange authorization code for access token
         $query = array(
             'grant_type'    => 'authorization_code',
             'code'          => $code,
             'client_id'     => $config['client_id'],
             'client_secret' => $config['client_secret'],
-            'redirect_uri'  => $urlgen->generate('authorize_redirect', array(), true),
+            'redirect_uri'  => $urlgen->generate('authorize_redirect', $redirect_uri_params, true),
         );
 
         // determine the token endpoint to call based on our config (do this somewhere else?)
@@ -43,7 +48,11 @@ public function requestTokenWithAuthCode(Application $app)
 
         // if it is succesful, display the token in our app
         if (isset($json['access_token'])) {
-            return $twig->render('client/show_access_token.twig', array('token' => $json['access_token']));
+            if ($app['request']->get('show_refresh_token')) {
+                return $twig->render('client/show_refresh_token.twig', array('response' => $json));
+            }
+
+            return $twig->render('client/show_access_token.twig', array('response' => $json));
         }
 
         return $twig->render('client/failed_token_request.twig', array('response' => $json ? $json : $response));
@@ -80,7 +89,40 @@ public function requestTokenWithUserCredentials(Application $app)
 
         // if it is succesful, display the token in our app
         if (isset($json['access_token'])) {
-            return $twig->render('client/show_access_token.twig', array('token' => $json['access_token']));
+            return $twig->render('client/show_access_token.twig', array('response' => $json));
+        }
+
+        return $twig->render('client/failed_token_request.twig', array('response' => $json ? $json : $response));
+    }
+
+    public function requestTokenWithRefreshToken(Application $app)
+    {
+        $twig   = $app['twig'];          // used to render twig templates
+        $config = $app['parameters'];    // the configuration for the current oauth implementation
+        $urlgen = $app['url_generator']; // generates URLs based on our routing
+        $http   = $app['http_client'];   // simple class used to make http requests
+
+        $refreshToken = $app['request']->get('refresh_token');
+
+        // exchange user credentials for access token
+        $query = array(
+            'grant_type'    => 'refresh_token',
+            'client_id'     => $config['client_id'],
+            'client_secret' => $config['client_secret'],
+            'refresh_token' => $refreshToken,
+        );
+
+        // determine the token endpoint to call based on our config (do this somewhere else?)
+        $grantRoute = $config['token_route'];
+        $endpoint = 0 === strpos($grantRoute, 'http') ? $grantRoute : $urlgen->generate($grantRoute, array(), true);
+
+        // make the token request via http and decode the json response
+        $response = $http->post($endpoint, null, $query, $config['http_options'])->send();
+        $json = json_decode((string) $response->getBody(), true);
+
+        // if it is succesful, display the token in our app
+        if (isset($json['access_token'])) {
+            return $twig->render('client/show_access_token.twig', array('response' => $json));
         }
 
         return $twig->render('client/failed_token_request.twig', array('response' => $json ? $json : $response));
diff --git a/src/OAuth2Demo/Server/Server.php b/src/OAuth2Demo/Server/Server.php
@@ -9,6 +9,7 @@
 use OAuth2\Storage\Pdo;
 use OAuth2\GrantType\AuthorizationCode;
 use OAuth2\GrantType\UserCredentials;
+use OAuth2\GrantType\RefreshToken;
 
 class Server implements ControllerProviderInterface
 {
@@ -29,6 +30,9 @@ public function setup(Application $app)
         $grantTypes = array(
             'authorization_code' => new AuthorizationCode($storage),
             'user_credentials'   => new UserCredentials($storage),
+            'refresh_token'      => new RefreshToken($storage, array(
+                'always_issue_new_refresh_token' => true,
+            )),
         );
 
         // instantiate the oauth server
@@ -67,4 +71,4 @@ private function generateSqliteDb()
     {
         include_once(__DIR__.'/../../../data/rebuild_db.php');
     }
-}
+}
diff --git a/views/client/grant_types/_refresh_token.twig b/views/client/grant_types/_refresh_token.twig
@@ -0,0 +1,4 @@
+<p>
+    The <code>Refresh Token</code> grant type is typically used in tandem with the <code>Authorization Code</code> grant type. Click the "Authorize" button to receive an authorization code:
+</p>
+<a class="button" href="{{ app.parameters.authorize_route|slice(0, 4) == 'http' ? app.parameters.authorize_route : url(app.parameters.authorize_route) }}?response_type=code&client_id={{app.parameters.client_id}}&redirect_uri={{ url('authorize_redirect', {show_refresh_token:1})|url_encode() }}&state={{session_id}}">Authorize</a>
diff --git a/views/client/index.twig b/views/client/index.twig
@@ -11,9 +11,11 @@
             <li><a href="#authcode">Authorization Code</a></li>
             <li><a href="#implicit">Implicit</a></li>
             <li><a href="#usercred">User Credentials</a></li>
+            <li><a href="#refresh">Refresh Token</a></li>
         </ul>
         <div class="simpleTabsContent">{% include 'client/grant_types/_authorization_code.twig' %}</div>
         <div class="simpleTabsContent">{% include 'client/grant_types/_implicit.twig' %}</div>
         <div class="simpleTabsContent">{% include 'client/grant_types/_user_credentials.twig' %}</div>
+        <div class="simpleTabsContent">{% include 'client/grant_types/_refresh_token.twig' %}</div>
     </div>
 {% endblock %}
diff --git a/views/client/show_access_token.twig b/views/client/show_access_token.twig
@@ -2,13 +2,17 @@
 
 {% block content %}
     <h3>Token Retrieved!</h3>
-    <pre><code>  Access Token: {{ token }}  </code></pre>
+    <pre><code>  Access Token: {{ response.access_token }}  </code></pre>
+
+    {% if response.expires_in %}
+    <div class="help"><em>Expires in {{ response.expires_in }} seconds</em></div>
+    {% endif %}
 
     <p>
         Now use this token to make a request to the OAuth2.0 Server's APIs:
     </p>
 
-    <a class="button" href="{{ path('request_resource', { 'token': token }) }}">make a resource request</a>
+    <a class="button" href="{{ path('request_resource', { 'token': response.access_token }) }}">make a resource request</a>
 
     <div class="help"><em>This token can now be used multiple times to make API requests for this user.</em></div>
 
diff --git a/views/client/show_authorization_code.twig b/views/client/show_authorization_code.twig
@@ -9,7 +9,7 @@
         Now exchange the Authorization Code for an <strong>Access Token</strong>:
     <p>
 
-    <a class="button" href="{{ path('request_token_with_authcode', { 'code': code }) }}">make a token request</a>
+    <a class="button" href="{{ path('request_token_with_authcode', { 'code': code, show_refresh_token: app.request.get('show_refresh_token') }) }}">make a token request</a>
 
     <div class="help"><em>usually this is done behind the scenes, but we're going step-by-step so you don't miss anything!</em></div>
 
diff --git a/views/client/show_refresh_token.twig b/views/client/show_refresh_token.twig
@@ -0,0 +1,17 @@
+{% extends "client/base.twig" %}
+
+{% block content %}
+    <h3>Token Retrieved!</h3>
+
+    <p>
+        But let's pretend this access token has expired. Luckily, it came with a refresh token!
+    </p>
+
+    <pre><code>  Refresh Token: {{ response.refresh_token }}  </code></pre>
+
+    <a class="button" href="{{ path('request_token_with_refresh_token', { 'refresh_token': response.refresh_token }) }}">renew your access token</a>
+
+    <div class="help"><em>The refresh token can be used to get a new access token after the access token has expired.</em></div>
+
+    <a href="{{ path('homepage') }}">back</a>
+{% endblock %}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +<p>
 +    The <code>Refresh Token</code> grant type is typically used in tandem with the <code>Authorization Code</code> grant type. Click the "Authorize" button to receive an authorization code:
 +</p>
 +<a class="button" href="{{ app.parameters.authorize_route|slice(0, 4) == 'http' ? app.parameters.authorize_route : url(app.parameters.authorize_route) }}?response_type=code&client_id={{app.parameters.client_id}}&redirect_uri={{ url('authorize_redirect', {show_refresh_token:1})|url_encode() }}&state={{session_id}}">Authorize</a>