diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php index 48d0f39..7fb9b07 100644 --- a/src/FusionAuth/FusionAuthClient.php +++ b/src/FusionAuth/FusionAuthClient.php @@ -144,6 +144,29 @@ public function approveDevice($client_id, $client_secret, $token, $user_code) ->go(); } + /** + * Approve a device grant. + * + * @param array $request The request object containing the device approval information and optional tenantId. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function approveDeviceWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ,'token' => $request->token + ,'user_code' => $request->user_code + ); + return $this->start()->uri("/oauth2/device/approve") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Cancels the user action. * @@ -443,6 +466,29 @@ public function clientCredentialsGrant($client_id, $client_secret, $scope = NULL ->go(); } + /** + * Make a Client Credentials grant request to obtain an access token. + * + * @param array $request The client credentials grant request containing client authentication, scope and optional tenantId. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function clientCredentialsGrantWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'grant_type' => $request->grant_type + ,'scope' => $request->scope + ,'tenantId' => $request->tenantId + ); + return $this->startAnonymous()->uri("/oauth2/token") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Adds a comment to the user's account. * @@ -1788,6 +1834,51 @@ public function deleteWebhook($webhookId) ->go(); } + /** + * Start the Device Authorization flow using form-encoded parameters + * + * @param string $client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate. + * @param string $client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header. + * @param string $scope (Optional) A space-delimited string of the requested scopes. Defaults to all scopes configured in the Application's OAuth configuration. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function deviceAuthorize($client_id, $client_secret, $scope = NULL) + { + $post_data = array( + 'client_id' => $client_id, + 'client_secret' => $client_secret, + 'scope' => $scope + ); + return $this->startAnonymous()->uri("/oauth2/device_authorize") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + + /** + * Start the Device Authorization flow using a request body + * + * @param array $request The device authorization request containing client authentication, scope, and optional device metadata. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function deviceAuthorizeWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'scope' => $request->scope + ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ); + return $this->startAnonymous()->uri("/oauth2/device_authorize") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Disable two-factor authentication for a user. * @@ -1902,6 +1993,57 @@ public function exchangeOAuthCodeForAccessTokenUsingPKCE($code, $client_id, $cli ->go(); } + /** + * Exchanges an OAuth authorization code and code_verifier for an access token. + * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token. + * + * @param array $request The PKCE OAuth code access token exchange request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function exchangeOAuthCodeForAccessTokenUsingPKCEWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'code' => $request->code + ,'code_verifier' => $request->code_verifier + ,'grant_type' => $request->grant_type + ,'redirect_uri' => $request->redirect_uri + ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ); + return $this->startAnonymous()->uri("/oauth2/token") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + + /** + * Exchanges an OAuth authorization code for an access token. + * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token. + * + * @param array $request The OAuth code access token exchange request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function exchangeOAuthCodeForAccessTokenWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'code' => $request->code + ,'grant_type' => $request->grant_type + ,'redirect_uri' => $request->redirect_uri + ,'tenantId' => $request->tenantId + ); + return $this->startAnonymous()->uri("/oauth2/token") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Exchange a Refresh Token for an Access Token. * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token. @@ -1932,6 +2074,32 @@ public function exchangeRefreshTokenForAccessToken($refresh_token, $client_id, $ ->go(); } + /** + * Exchange a Refresh Token for an Access Token. + * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token. + * + * @param array $request The refresh token access token exchange request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function exchangeRefreshTokenForAccessTokenWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'grant_type' => $request->grant_type + ,'refresh_token' => $request->refresh_token + ,'scope' => $request->scope + ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ,'user_code' => $request->user_code + ); + return $this->startAnonymous()->uri("/oauth2/token") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Exchange a refresh token for a new JWT. * @@ -1980,6 +2148,33 @@ public function exchangeUserCredentialsForAccessToken($username, $password, $cli ->go(); } + /** + * Exchange User Credentials for a Token. + * If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token. + * + * @param array $request The user credentials access token exchange request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function exchangeUserCredentialsForAccessTokenWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'grant_type' => $request->grant_type + ,'password' => $request->password + ,'scope' => $request->scope + ,'tenantId' => $request->tenantId + ,'user_code' => $request->user_code + ,'username' => $request->username + ); + return $this->startAnonymous()->uri("/oauth2/token") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password. * @@ -2221,6 +2416,27 @@ public function introspectAccessToken($client_id, $token) ->go(); } + /** + * Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials Grant or the Refresh Grant. + * + * @param array $request The access token introspection request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function introspectAccessTokenWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'tenantId' => $request->tenantId + ,'token' => $request->token + ); + return $this->startAnonymous()->uri("/oauth2/introspect") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Inspect an access token issued as the result of the Client Credentials Grant. * @@ -2240,6 +2456,26 @@ public function introspectClientCredentialsAccessToken($token) ->go(); } + /** + * Inspect an access token issued as the result of the Client Credentials Grant. + * + * @param array $request The client credentials access token. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function introspectClientCredentialsAccessTokenWithRequest($request) + { + $post_data = array( + 'tenantId' => $request->tenantId + ,'token' => $request->token + ); + return $this->startAnonymous()->uri("/oauth2/introspect") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Issue a new access token (JWT) for the requested Application after ensuring the provided JWT is valid. A valid * access token is properly signed and not expired. @@ -4682,6 +4918,54 @@ public function retrieveUserCodeUsingAPIKey($user_code) ->go(); } + /** + * Retrieve a user_code that is part of an in-progress Device Authorization Grant. + * + * This API is useful if you want to build your own login workflow to complete a device grant. + * + * This request will require an API key. + * + * @param array $request The user code retrieval request including optional tenantId. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function retrieveUserCodeUsingAPIKeyWithRequest($request) + { + $post_data = array( + 'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ,'user_code' => $request->user_code + ); + return $this->startAnonymous()->uri("/oauth2/device/user-code") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + + /** + * Retrieve a user_code that is part of an in-progress Device Authorization Grant. + * + * This API is useful if you want to build your own login workflow to complete a device grant. + * + * @param array $request The user code retrieval request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function retrieveUserCodeWithRequest($request) + { + $post_data = array( + 'client_id' => $request->client_id + ,'client_secret' => $request->client_secret + ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null) + ,'user_code' => $request->user_code + ); + return $this->startAnonymous()->uri("/oauth2/device/user-code") + ->bodyHandler(new FormDataBodyHandler($post_data)) + ->post() + ->go(); + } + /** * Retrieves all the comments for the user with the given Id. * @@ -6415,6 +6699,25 @@ public function validateDevice($user_code, $client_id) ->go(); } + /** + * Validates the end-user provided user_code from the user-interaction of the Device Authorization Grant. + * If you build your own activation form you should validate the user provided code prior to beginning the Authorization grant. + * + * @param array $request The device validation request. + * + * @return ClientResponse The ClientResponse. + * @throws \Exception + */ + public function validateDeviceWithRequest($request) + { + return $this->startAnonymous()->uri("/oauth2/device/validate") + ->urlParameter("client_id", $request->client_id) + ->urlParameter("tenantId", $request->tenantId !== null ? (string)$request->tenantId : null) + ->urlParameter("user_code", $request->user_code) + ->get() + ->go(); + } + /** * Validates the provided JWT (encoded JWT string) to ensure the token is valid. A valid access token is properly * signed and not expired.