An OAuth access or refresh token.
Tokens generated by this class are hybrid tokens. That is, the encoded token string
(which is returned to the client) contains encrypted basic data on the authorisation
and scope associated with the token. Additional data may also be stored on the server side.
Therefore a resource server, with the appropriate keys, can decrypt the encoded token without
making further calls to the SimpleID server.
This class cannot be instantiated directly. It can only be created by its subclasses.
| Methods |
protected
|
__construct()
|
#
|
protected
|
init(
Authorization $authorization,
array<string>|string $scope = [],
int $expires_in = self::TTL_PERPETUAL,
TokenGrantType $grant = null,
array<string, mixed> $additional = [],
): void
Parameters
| $authorization |
the underlying authorisation
|
| $scope |
the scope of the token
|
| $expires_in |
the validity of the token, in seconds, or
TTL_PERPETUAL
|
| $grant |
the token grant
|
| $additional |
additional data to be stored on the
server
|
|
#
|
public
|
isValid(): bool
Returns whether the token is valid.
Returns whether the token is valid.
A token is valid if it is successfully created or parsed, and
is not expired (if the token has an expiry date).
Note that a valid token be still not provide sufficient authority
to access protected resources. You will also need to check
the token's scope using the hasScope() method.
Returns
true if the token is valid
|
#
|
public
|
getID(): string
Returns the unique ID for this token.
Returns the unique ID for this token.
Returns
|
#
|
abstract
public
|
getType(): string
Returns the type of the token (e.g. access_token, refresh_token).
Subclasses must implement this method
Returns the type of the token (e.g. access_token, refresh_token).
Subclasses must implement this method
Returns
Implemented by
|
#
|
public
|
getAuthorization(): Authorization
Returns the authorisation that created this token.
Returns the authorisation that created this token.
Returns
|
#
|
public
|
getScope(): array<string>
Returns the scope covered by the token
Returns the scope covered by the token
Returns
|
#
|
public
|
hasScope(string|array<string> $scope): bool
Checks whether the token covers a specified scope.
Checks whether the token covers a specified scope.
This method will return true if the token covers all of the
scope specified by $scope.
Parameters
Returns
true if the token covers all of the specified
scope
|
#
|
public
|
getAdditionalData(): array<string, mixed>
Returns additional data stored on the server for this token
Returns additional data stored on the server for this token
Returns
|
#
|
public
|
hasExpired(): bool
Checks whether the token has expired. If the token has no expiry date,
this function will always return false.
Checks whether the token has expired. If the token has no expiry date,
this function will always return false.
Returns
true if the token has expired
|
#
|
public
|
getExpiry(): int|null
Returns the expiry time for this token, if any.
Returns the expiry time for this token, if any.
Returns
the expiry time, or null if the token does not
expire
|
#
|
public
|
getEncoded(): string
Returns the encoded token as a string.
Returns the encoded token as a string.
Returns
|
#
|
public
|
revoke(): void
|
#
|
public
static
|
revokeAll(Authorization $authorization, TokenGrantType|string $grant = null): void
Revokes all tokens issued from a specifed authorisation and,
optionally, a grant.
Revokes all tokens issued from a specifed authorisation and,
optionally, a grant.
Parameters
| $authorization |
the authorisation for which
tokens are to be revoked
|
| $grant |
if specified, only delete tokens issued
from this grant
|
|
#
|
protected
|
getCacheKey(): string
Returns the key used to store data for this token in the FatFree cache
Returns the key used to store data for this token in the FatFree cache
Returns
|
#
|
protected
|
parse(): void
|
#
|
protected
|
encode(array<string, mixed> $server_data = [], array<string, mixed> $token_data = []): void
Parameters
| $server_data |
data to be stored on the server side
|
| $token_data |
data to be encoded in the token
|
|
#
|
protected
|
getScopeRef(array<string> $scope): string
Compresses a scope string.
Compresses a scope string.
Each SimpleID installation compiles a mapping of all the known scopes.
This function compresses a scope string by replacing the individual
scope items with a reference to this map.
Parameters
| $scope |
the scope to compress
|
Returns
the compressed scope reference
|
#
|
protected
|
resolveScope(string $ref): array<string>
Resolves a compressed scope reference.
Resolves a compressed scope reference.
This function is the reverse of getScopeRef() .
Parameters
| $ref |
the compressed scope reference
|
Returns
|
#
|
public
static
|
getScopeRefMap(): array<string>
|
#
|
| Properties |
protected
|
Branca
|
$branca
the branca token generator
the branca token generator
|
#
|
protected
|
string
|
$id
the unique ID of this token
the unique ID of this token
|
#
|
protected
|
Authorization
|
$authorization
|
#
|
protected
|
array<string>
|
$scope
|
#
|
protected
|
int|null
|
$expire = null
|
#
|
protected
|
string|null
|
$grant_ref = null
the grant reference (a reference to the authorization code or refresh token)
the grant reference (a reference to the authorization code or refresh token)
|
#
|
protected
|
array<string, mixed>
|
$additional = []
additional data to be stored on the server in relation to the token
additional data to be stored on the server in relation to the token
|
#
|
protected
|
string|null
|
$encoded = null
|
#
|
protected
|
bool
|
$is_parsed = false
whether the token has been parsed properly
whether the token has been parsed properly
|
#
|