erikverreycken
diff --git a/‎lib/IOAuth2GrantClient.php‎
Lines changed: 36 additions & 0 deletions b/‎lib/IOAuth2GrantClient.php‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎lib/IOAuth2GrantCode.php‎
Lines changed: 71 additions & 0 deletions b/‎lib/IOAuth2GrantCode.php‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎lib/IOAuth2GrantExtension.php‎
Lines changed: 34 additions & 0 deletions b/‎lib/IOAuth2GrantExtension.php‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎lib/IOAuth2GrantImplicit.php‎
Lines changed: 19 additions & 0 deletions b/‎lib/IOAuth2GrantImplicit.php‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎lib/IOAuth2GrantUser.php‎
Lines changed: 45 additions & 0 deletions b/‎lib/IOAuth2GrantUser.php‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎lib/IOAuth2RefreshTokens.php‎
Lines changed: 76 additions & 0 deletions b/‎lib/IOAuth2RefreshTokens.php‎
Lines changed: 76 additions & 0 deletions
@@ -0,0 +1,36 @@
+<?php
+/**
+ * Storage engines that support the "Client Credentials"
+ * grant type should implement this interface
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.4
+ */
+interface IOAuth2GrantClient extends IOAuth2Storage {
+  
+  /**
+	 * Required for OAuth2::GRANT_TYPE_CLIENT_CREDENTIALS.
+	 *
+	 * @param $client_id
+	 * Client identifier to be check with.
+	 * @param $client_secret
+	 * (optional) If a secret is required, check that they've given the right one.
+	 *
+	 * @return
+	 * TRUE if the client credentials are valid, and MUST return FALSE if it isn't.
+	 * When using "client credentials" grant mechanism and you want to
+	 * verify the scope of a user's access, return an associative array
+	 * with the scope values as below. We'll check the scope you provide
+	 * against the requested scope before providing an access token:
+	 * @code
+	 * return array(
+	 * 'scope' => <stored scope values (space-separated string)>,
+	 * );
+	 * @endcode
+	 *
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.4.2
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function checkClientCredentialsGrant($client_id, $client_secret);
+}
@@ -0,0 +1,71 @@
+<?php
+/**
+ * Storage engines that support the "Authorization Code"
+ * grant type should implement this interface
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1
+ */
+interface IOAuth2GrantCode extends IOAuth2Storage {
+  
+  /**
+   * The Authorization Code grant type supports a response type of "code". 
+   * 
+   * @var string
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-1.4.1
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.2
+   */
+  const RESPONSE_TYPE_CODE = OAuth2::RESPONSE_TYPE_AUTH_CODE;
+  
+  /**
+	 * Fetch authorization code data (probably the most common grant type).
+	 *
+	 * Retrieve the stored data for the given authorization code.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+	 *
+	 * @param $code
+	 * Authorization code to be check with.
+	 *
+	 * @return
+	 * An associative array as below, and NULL if the code is invalid:
+	 * - client_id: Stored client identifier.
+	 * - redirect_uri: Stored redirect URI.
+	 * - expires: Stored expiration in unix timestamp.
+	 * - scope: (optional) Stored scope values in space-separated string.
+	 *
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.1
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function getAuthCode($code);
+
+	/**
+	 * Take the provided authorization code values and store them somewhere.
+	 *
+	 * This function should be the storage counterpart to getAuthCode().
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_AUTH_CODE.
+	 *
+	 * @param $code
+	 * Authorization code to be stored.
+	 * @param $client_id
+	 * Client identifier to be stored.
+	 * @param $user_id
+	 * User identifier to be stored.
+	 * @param $redirect_uri
+	 * Redirect URI to be stored.
+	 * @param $expires
+	 * Expiration to be stored.
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function setAuthCode($code, $client_id, $user_id, $redirect_uri, $expires, $scope = NULL);
+	
+}
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Storage engines that support the "Extensible"
+ * grant types should implement this interface
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.5
+ */
+interface IOAuth2GrantExtension extends IOAuth2Storage {
+  
+  /**
+	 * Check any extended grant types.
+	 * 
+	 * @param string $uri
+	 * URI of the grant type definition
+	 * @param array $inputData
+	 * Unfiltered input data. The source is *not* guaranteed to be POST (but
+	 * is likely to be).
+	 * @param array $authHeaders
+	 * Authorization headers
+	 * @return
+	 * FALSE if the authorization is rejected or not support.
+	 * TRUE or an associative array if you wantto verify the scope:
+	 * @code
+	 * return array(
+	 * 'scope' => <stored scope values (space-separated string)>,
+	 * );
+	 * @endcode
+	 * 
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-1.4.5
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.2
+	 */
+	public function checkGrantExtension($uri, array $inputData, array $authHeaders);
+}
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Storage engines that support the "Implicit"
+ * grant type should implement this interface
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.2
+ */
+interface IOAuth2GrantImplicit extends IOAuth2Storage {
+
+  /**
+   * The Implicit grant type supports a response type of "token". 
+   * 
+   * @var string
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-1.4.2
+   * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.2
+   */
+  const RESPONSE_TYPE_TOKEN = OAuth2::RESPONSE_TYPE_ACCESS_TOKEN;
+}
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Storage engines that support the "Resource Owner Password Credentials"
+ * grant type should implement this interface
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3
+ */
+interface IOAuth2GrantUser extends IOAuth2Storage {
+
+ 	/**
+	 * Grant access tokens for basic user credentials.
+	 *
+	 * Check the supplied username and password for validity.
+	 *
+	 * You can also use the $client_id param to do any checks required based
+	 * on a client, if you need that.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
+	 *
+	 * @param $client_id
+	 * Client identifier to be check with.
+	 * @param $username
+	 * Username to be check with.
+	 * @param $password
+	 * Password to be check with.
+	 *
+	 * @return
+	 * TRUE if the username and password are valid, and FALSE if it isn't.
+	 * Moreover, if the username and password are valid, and you want to
+	 * verify the scope of a user's access, return an associative array
+	 * with the scope values as below. We'll check the scope you provide
+	 * against the requested scope before providing an access token:
+	 * @code
+	 * return array(
+	 * 'scope' => <stored scope values (space-separated string)>,
+	 * );
+	 * @endcode
+	 *
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3
+	 *
+	 * @ingroup oauth2_section_4
+	 */
+	public function checkUserCredentials($client_id, $username, $password);
+}
@@ -0,0 +1,76 @@
+<?php
+/**
+ * Storage engines that want to support refresh tokens should
+ * implement this interface.
+ * 
+ * @author Dave Rochwerger <[email protected]>
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-6
+ * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-1.5
+ */
+interface IOAuth2RefreshTokens extends IOAuth2Storage {
+  
+  /**
+	 * Grant refresh access tokens.
+	 *
+	 * Retrieve the stored data for the given refresh token.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be check with.
+	 *
+	 * @return
+	 * An associative array as below, and NULL if the refresh_token is
+	 * invalid:
+	 * - client_id: Stored client identifier.
+	 * - expires: Stored expiration unix timestamp.
+	 * - scope: (optional) Stored scope values in space-separated string.
+	 *
+	 * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-6
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function getRefreshToken($refresh_token);
+
+	/**
+	 * Take the provided refresh token values and store them somewhere.
+	 *
+	 * This function should be the storage counterpart to getRefreshToken().
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be stored.
+	 * @param $client_id
+	 * Client identifier to be stored.
+	 * @param $expires
+	 * expires to be stored.
+	 * @param $scope
+	 * (optional) Scopes to be stored in space-separated string.
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = NULL);
+
+	/**
+	 * Expire a used refresh token.
+	 *
+	 * This is not explicitly required in the spec, but is almost implied.
+	 * After granting a new refresh token, the old one is no longer useful and
+	 * so should be forcibly expired in the data store so it can't be used again.
+	 *
+	 * If storage fails for some reason, we're not currently checking for
+	 * any sort of success/failure, so you should bail out of the script
+	 * and provide a descriptive fail message.
+	 *
+	 * @param $refresh_token
+	 * Refresh token to be expirse.
+	 *
+	 * @ingroup oauth2_section_6
+	 */
+	public function unsetRefreshToken($refresh_token);
+}