stable
Clone or download
Now, when an authorization code is exchanged for an access token, the response might contains a refresh token [0]. The refresh token is only set when the authorization request was made with the offline_access scope per the OpenID Connect Core specification [1]. To test (if app force the usage of PKCE you need to add the required parameters to the following instructions): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=offline_access&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. The response should contain a refresh token. The refresh token should also be saved in the DB. This is part of story #14542: have OAuth2 flow [0] https://tools.ietf.org/html/rfc6749#section-6 [1] https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess Change-Id: I7ff4d66375aad1d29b628f938e00924248170452
Modified Files
| Name | ||||
|---|---|---|---|---|
| M | plugins/oauth2_server/db/install.sql | +16 | −0 | Go to diff View file |
| A | plugins/oauth2_server/db/mysql/2020/202003201630_create_refresh_token_tables.php | +58 | −0 | Go to diff View file |
| M | plugins/oauth2_server/db/uninstall.sql | +2 | −0 | Go to diff View file |
| M | plugins/oauth2_server/include/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilder.php | +14 | −3 | Go to diff View file |
| M | plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AccessTokenSuccessfulRequestRepresentation.php | +29 | −10 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/OAuth2OfflineAccessScope.php | +102 | −0 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenCreator.php | +127 | −0 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenDAO.php | +41 | −0 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/PrefixOAuth2RefreshToken.php | +36 | −0 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/Scope/OAuth2RefreshTokenScopeDAO.php | +39 | −0 | Go to diff View file |
| A | plugins/oauth2_server/include/RefreshToken/Scope/OAuth2RefreshTokenScopeSaver.php | +53 | −0 | Go to diff View file |
| M | plugins/oauth2_server/include/oauth2_serverPlugin.php | +17 | −1 | Go to diff View file |
| M | plugins/oauth2_server/phpunit/Grant/AccessTokenGrantControllerTest.php | +2 | −1 | Go to diff View file |
| M | plugins/oauth2_server/phpunit/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilderTest.php | +6 | −3 | Go to diff View file |
| M | plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2AccessTokenSuccessfulRequestRepresentationTest.php | +20 | −3 | Go to diff View file |
| A | plugins/oauth2_server/phpunit/RefreshToken/OAuth2OfflineAccessScopeTest.php | +33 | −0 | Go to diff View file |
| A | plugins/oauth2_server/phpunit/RefreshToken/OAuth2RefreshTokenCreatorTest.php | +137 | −0 | Go to diff View file |
| A | plugins/oauth2_server/phpunit/RefreshToken/PrefixOAuth2RefreshTokenTest.php | +35 | −0 | Go to diff View file |
| A | plugins/oauth2_server/phpunit/RefreshToken/Scope/OAuth2RefreshTokenScopeSaverTest.php | +65 | −0 | Go to diff View file |
| M | plugins/oauth2_server/site-content/fr_FR/LC_MESSAGES/tuleap-oauth2_server.po | +10 | −0 | Go to diff View file |
| M | src/common/User/OAuth2/Scope/OAuth2ScopeIdentifier.php | +1 | −1 | Go to diff View file |
| M | tests/phpunit/common/User/OAuth2/Scope/OAuth2ScopeIdentifierTest.php | +13 | −2 | Go to diff View file |