OAuthAS Class


Description

Class with the OAuth Authorization Server logic.

Class Constants

  • SAML2: urn:oasis:names:tc:SAML:2.0:assertion
  • PAPI: urn:mace:rediris.es:papi

Class Variables

  • String error: Error code-name
  • Boolean debug_active: If TRUE, the debug is active, inactive otherwise.
  • ClientList clients: ClientList object
  • String assertion: The assertion of the request.
  • String assertion_type: Type of the assertion of the request.
  • ServerKeys servers: ServerKeys object
  • String access_token: The access token generated.
  • ErrorList errors: ErrorList object
  • String scope: Scope of the Request.
  • String client_id: Client Identification
  • IAssertionChecking assertion_checking: IAssertionChecking element.
  • Integer lifetime: the default lifetime of the access tokens.

Methods

PUBLIC oauthAS __construct([$dir=""])

oauthAS class Constructor

Return an OAuthAS Object

  • String dir: Directory where the OAuth Authorization Server configuration is located.

    • PRIVATE error($string): void

    Function that shows the errors in the error_log if $debug_active is TRUE.

    • String string: String showed in the error_log.

    PUBLIC getError(): string

    Returns the error description.

    PRIVATE generateAccessToken(): void

    Function that generates an access token from the parameters of the request.

    PRIVATE setLogMsg(): void

    Function that generates the log file (oauth_access.log)that register the requests that are made to the OAuth AS.

    PRIVATE isValidAssertion(): boolean

    Function that ckecks the assertion depending of the assertion type (SAML2, PAPI).

    TRUE if is a valid one, FALSE otherwise.

    PRIVATE isValidClient(): boolean

    Function that ckecks if the OAuth Client making the request is registered.

    TRUE if is a valid one, FALSE otherwise.

    PRIVATE isValidFormatRequest(): boolean

    Function that ckecks if the format request of the OAuth Client is valid.

    TRUE if is a valid one, FALSE otherwise.

    PRIVATE isValidScope(): boolean

    Function that ckecks if the Scope of the request is authorized for the user.

    TRUE if is a valid one, FALSE otherwise.

    PRIVATE manageASErrorResponse(): string

    Responds an error If the token request is invalid or unauthorized by adding the following parameter to the entity body of the HTTP response using the "application/json" media type with the following format:

    • error REQUIRED. A single error code
    • error_description OPTIONAL. A human-readable text providing additional information, used to assist in the understanding and resolution of the error occurred.
    • error_uri OPTIONAL. A URI identifying a human-readable web page with information about the error, used to provide the end-user with additional information about the error.

    PRIVATE manageASResponse(): string

    Function that returns the resource, making use of the Resource Class deployed in the server.

    PUBLIC manageRequest(): string

    Function that manages the request of the app client and return an appropiate response.