You are here

function oauth2_server_start in OAuth2 Server 7

Initializes and returns an OAuth2 server.

Parameters

\OAuth2Server|NULL $server: The server entity to use for supplying settings to the server, and initializing the scope. NULL only when we expect the validation to fail due to an incomplete or invalid request.

Return value

OAuth2\Server An instance of OAuth2\Server.

4 calls to oauth2_server_start()
oauth2_server_authorize_form_submit in ./oauth2_server.pages.inc
Submit callback for oauth2_server_authorize_form.
oauth2_server_authorize_page in ./oauth2_server.pages.inc
Page callback: Authenticates the user and redirect back to the client with an authorization code.
oauth2_server_check_access in ./oauth2_server.module
Check access for the passed server and scope.
oauth2_server_from_request in ./oauth2_server.module
Loads an OAuth2 server using the request details.

File

./oauth2_server.module, line 906
Provides OAuth2 server functionality.

Code

function oauth2_server_start($server = NULL) {
  $storage = new Drupal\oauth2_server\Storage();
  $grant_types = oauth2_server_grant_types();
  if ($server) {
    $settings = $server->settings + array(
      'issuer' => url(NULL, array(
        'absolute' => TRUE,
        'https' => TRUE,
      )),
    );

    // The setting 'use_crypto_tokens' was changed to 'use_jwt_access_tokens' in
    // v1.6 of the library. So this provides both.
    $settings['use_jwt_access_tokens'] = !empty($settings['use_crypto_tokens']) ?: FALSE;

    // Ensure lifetime settings are passed as integers (not strings).
    foreach ([
      'access_lifetime',
      'id_lifetime',
      'refresh_token_lifetime',
    ] as $key) {
      if (isset($settings[$key])) {
        $settings[$key] = (int) $settings[$key];
      }
    }

    // For JWT access tokens, this setting ensures that only the ID will be
    // stored, not the entire token.
    if ($settings['use_jwt_access_tokens']) {
      $settings['store_encrypted_token_string'] = FALSE;
    }

    // Initialize the server and add the scope util.
    $oauth2_server = new OAuth2\Server($storage, $settings);
    $scope_util = new Drupal\oauth2_server\Scope($server);
    $oauth2_server
      ->setScopeUtil($scope_util);

    // Determine the available grant types based on server settings.
    $enabled_grant_types = array_filter($settings['grant_types']);
  }
  else {
    $oauth2_server = new OAuth2\Server($storage);

    // Enable all grant types. One of them will handle the validation failure.
    $enabled_grant_types = array_keys($grant_types);
    $settings = array();
  }

  // Initialize the enabled grant types.
  foreach ($enabled_grant_types as $grant_type_name) {
    if (!isset($grant_types[$grant_type_name])) {
      watchdog('oauth2_server', 'Invalid grant type: @name', array(
        '@name' => $grant_type_name,
      ), WATCHDOG_ERROR);
      continue;
    }
    if ($grant_type_name == 'urn:ietf:params:oauth:grant-type:jwt-bearer') {
      $audience = url('oauth2/token', array(
        'absolute' => TRUE,
      ));
      $grant_type = new $grant_types[$grant_type_name]['class']($storage, $audience);
    }
    else {
      $grant_type = new $grant_types[$grant_type_name]['class']($storage, $settings);
    }
    $oauth2_server
      ->addGrantType($grant_type);
  }

  // Implicit flow requires its own instance of OAuth2_GrantType_AuthorizationCode.
  if (!empty($settings['allow_implicit'])) {
    $grant_type = new OAuth2\OpenID\GrantType\AuthorizationCode($storage, $settings);
    $oauth2_server
      ->addGrantType($grant_type, 'implicit');
  }
  return $oauth2_server;
}