Merge pull request #1 from cbdr/flow-strategies

Added flows to the plugin

Author: KaiTillman

README.md

@@ -9,20 +9,22 @@ This is a PHP Guzzle3 plugin for dealing with CB OAuth2.
 use CareerBuilder\OAuth2\OAuth2Plugin;
 use CareerBuilder\OAuth2\TokenFactory;
 use CareerBuilder\OAuth2\NullTokenStorage;
+use CareerBuilder\OAuth2\Flows\ClientCredentials;
 
 // create Guzzle client as you normally do
 
 $client = new Client('https://api.careerbuilder.com');
 
 // register the OAuth2Plugin
 
-$config = array(
-    'base_url' => 'https://www.careerbuilder.com',
-    'client_id' => '',
-    'client_secret' => '',
-    'shared_secret' => ''
-)
-$client->addSubscriber(new OAuth2Plugin(new TokenFactory($config), new NullTokenStorage()));
+$configs = array(
+    'client_id' => '9c8e37f7',
+    'client_secret' => 'shhh',
+    'shared_secret' => 'wBXuP4ohmPTlI5/x088ZlStg/Q1O/9Nmz3IAPYtUlTPUW0sHj0e4cYNrvccIdBghVgSxkWus1F5X6YykBC48cg==',
+    'base_url' => 'https://wwwtest.careerbuilder.com'
+);
+
+$client->addSubscriber(new OAuth2Plugin(new ClientCredentials($configs), new NullTokenStorage()));
 
 // do whatever you normally do with Guzzle
 
@@ -31,4 +33,4 @@ $request->getQuery()->set('query', 'Atlanta');
 $response = $request->send();
 ```
 
-See more in [usage.php](https://github.com/cbdr/php-oauth/blob/master/usage.php).
+See more in [usage.php](usage.php).

src/CareerBuilder/OAuth2/Flows/ClientCredentials.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace CareerBuilder\OAuth2\Flows;
+
+use Guzzle\Http\ClientInterface;
+use Psr\Log\LoggerInterface;
+
+/**
+ * Builds the body for the Client Credentials flow using JWT-Bearer
+ * assertions for client authentication.
+ *
+ * @package CareerBuilder\OAuth2\Flows
+ */
+class ClientCredentials extends Flow
+{
+    /**
+     * @param array $configs
+     * @param ClientInterface $client
+     * @param LoggerInterface $logger
+     */
+    public function __construct(array $configs, ClientInterface $client = null, LoggerInterface $logger = null)
+    {
+        parent::__construct($configs, $client, $logger);
+    }
+
+    /**
+     * Build the body for the token request
+     */
+    public function buildBody()
+    {
+        $this->body['grant_type'] = 'client_credentials';
+        $this->body['client_assertion_type'] = 'urn:params:oauth:client-assertion-type:jwt-bearer';
+        $this->body['client_assertion'] = $this->getJWT($this->getClientCredentialsClaims());
+    }
+
+    /**
+     * Get the array of JWT claims for the flow
+     */
+    private function getClientCredentialsClaims()
+    {
+        return array(
+            'iss' => $this->clientId,
+            'sub' => $this->clientId,
+            'aud' => 'http://www.careerbuilder.com/share/oauth2/token.aspx',
+            'exp' => time() + 30
+        );
+    }
+}

src/CareerBuilder/OAuth2/Flows/Flow.php

@@ -0,0 +1,121 @@
+<?php
+
+namespace CareerBuilder\OAuth2\Flows;
+
+use CareerBuilder\OAuth2\AccessToken;
+use Guzzle\Http\ClientInterface;
+use Guzzle\Http\Client;
+use Guzzle\Plugin\Log\LogPlugin;
+use Guzzle\Log\PsrLogAdapter;
+use JWT;
+use Psr\Log\LoggerInterface;
+use Psr\Log\NullLogger;
+
+/**
+ * Base class for all oAuth 2 flows.
+ *
+ * @package CareerBuilder\OAuth2\Flows
+ */
+abstract class Flow
+{
+    /** @var ClientInterface */
+    protected $client;
+    /** @var LoggerInterface */
+    protected $logger;
+    /** @var string */
+    protected $clientId;
+    /** @var string */
+    protected $clientSecret;
+    /** @var string */
+    protected $sharedSecret;
+    /** @var array */
+    protected $headers;
+    /** @var array */
+    protected $body;
+
+    /**
+     * @param array $configs
+     * @param ClientInterface $client
+     * @param LoggerInterface $logger
+     */
+    protected function __construct(array $configs, ClientInterface $client = null, LoggerInterface $logger = null)
+    {
+        $this->setCredentials($configs);
+        $this->setDefaults();
+        
+
+        if (isset($configs['auth_in_header']) && $configs['auth_in_header']) {
+            $this->headers['Authorization'] = $this->getAuthHeader();
+        }
+
+        $this->logger = $logger ?: new NullLogger();
+        $this->client = $client ?: new Client();
+        $this->client->setBaseUrl($configs['base_url']);
+        $this->client->addSubscriber(new LogPlugin(new PsrLogAdapter($this->logger)));
+    }
+
+    /**
+     * @param array $configs
+     */
+    private function setCredentials(array $configs)
+    {
+        $this->clientId = $configs['client_id'];
+        $this->clientSecret = $configs['client_secret'];
+        $this->sharedSecret = $configs['shared_secret'];
+    }
+
+    /**
+     * Set default headers and body
+     */
+    private function setDefaults()
+    {
+        $this->headers = array('Content-Type' => 'application/x-www-form-urlencoded');
+        $this->body = array(
+            'client_id' => $this->clientId,
+            'client_secret' => $this->clientSecret
+        );
+    }
+
+    /**
+     * Build the authorization header for client information in header
+     */
+    private function getAuthHeader()
+    {
+        $unencodedParams = "{$this->clientId}:{$this->clientSecret}";
+        $encodedParams = base64_encode($unencodedParams);
+
+        return "Basic {$encodedParams}";
+    }
+
+    /**
+     * @param AccessToken $token
+     * @return AcccessToken
+     */
+    public function getToken(AccessToken $token = null)
+    {
+        if ($token && $token->getRefreshToken()) {
+            $this->body['grant_type'] = 'refresh_token';
+            $this->body['refresh_token'] = $token->getRefreshToken();
+        } else {
+            $this->buildBody();
+        }
+
+        $request = $this->client->post('/share/oauth2/token.aspx', $this->headers, $this->body);
+        $response = $request->send();
+        $data = $response->json();
+
+        $refreshToken = isset($data['refresh_token']) ?: '';
+
+        return new AccessToken($data['access_token'], $refreshToken, $data['expires_in']);
+    }
+
+    protected abstract function buildBody();
+
+    /**
+     * Encode the claims into a JWT and sign using the HS512 algorithm
+     */
+    protected function getJWT($claims)
+    {
+        return JWT::encode($claims, $this->sharedSecret, 'HS512');
+    }
+}

src/CareerBuilder/OAuth2/Flows/JWTBearerAssertion.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace CareerBuilder\OAuth2\Flows;
+
+use Guzzle\Http\ClientInterface;
+use Psr\Log\LoggerInterface;
+
+/**
+ * JWT-Bearer Assertion Flow
+ *
+ * @package CareerBuilder\OAuth2\Flows
+ */
+class JWTBearerAssertion extends Flow
+{
+    /** @var string */
+    private $email;
+    /** @var string */
+    private $accountId;
+
+    /**
+     * @param array $configs
+     * @param ClientInterface $client
+     * @param LoggerInterface $logger
+     */
+    public function __construct(array $configs, ClientInterface $client = null, LoggerInterface $logger = null)
+    {
+        parent::__construct($configs, $client, $logger);
+        $this->email = $configs['email'];
+        $this->accountId = $configs['account_id'];
+    }
+
+    /**
+     * Build token request body for the flow
+     */
+    protected function buildBody()
+    {
+        $this->body['grant_type'] = 'urn:ietf:params:oauth:grant-type:jwt-bearer';
+        $this->body['assertion'] = $this->getJWT($this->getJWTBearerClaims());
+    }
+
+    /**
+     * Get the clains for the flow
+     */
+    private function getJWTBearerClaims()
+    {
+        return array(
+            'iss' => $this->clientId,
+            'sub' => "{$this->email}:{$this->accountId}",
+            'aud' => 'www.careerbuilder.com/share/oauth2'
+            'exp' => time() + 30
+        );
+    }
+}

src/CareerBuilder/OAuth2/OAuth2Plugin.php

@@ -2,6 +2,7 @@
 
 namespace CareerBuilder\OAuth2;
 
+use CareerBuilder\OAuth2\Flows\Flow;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Guzzle\Common\Event;
 use Psr\Log\LoggerInterface;
@@ -14,21 +15,21 @@ class OAuth2Plugin implements EventSubscriberInterface
     private $token;
 
     /**
-     * @var TokenFactory
+     * @var Flow
      */
-    private $tokenFactory;
+    private $flow;
 
     /**
      * @var TokenStorageInterface
      */
     private $tokenStorage;
 
     /**
-     * @param TokenFactory $tokenFactory
+     * @param Flow $flow
      */
-    public function __construct(TokenFactory $tokenFactory, TokenStorageInterface $tokenStorage)
+    public function __construct(Flow $flow, TokenStorageInterface $tokenStorage)
     {
-        $this->tokenFactory = $tokenFactory;
+        $this->flow = $flow;
         $this->tokenStorage = $tokenStorage;
     }
 
@@ -46,7 +47,7 @@ public function onBeforeSend(Event $event)
             $this->token = $this->tokenStorage->fetch();
         }
         if (!$this->token || $this->token->isExpired()) {
-            $this->token = $this->tokenFactory->getToken();
+            $this->token = $this->flow->getToken();
             $this->tokenStorage->store($this->token);
         }
         $request = $event['request'];