stable

Clone or download

Read-only

Refresh token can be used to get a fresh access token

Once a refresh token is used, a new one is emitted to replace it. For now, it is not possible to get less scopes than the ones initially requested. The 'scope' parameter is not taken into account. To test (if app force the usage of PKCE you need to add the required parameters to the following instructions): 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_id>&scope=offline_access&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token 5. The response should contain a refresh token. 6. Refresh the access token with the obtained refresh token: shell> curl -X POST -k -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<cleant_secret>' \ --data 'grant_type=refresh_token&refresh_token=<refresh_token>' \ https://tuleap-web.tuleap-aio-dev.docker/oauth2/token Part of story #14542: have OAuth2 flow Change-Id: I1d09d8fd21c3f14dae26fbff74f021eb9711fe41

Modified Files

Name
M plugins/oauth2_server/include/Grant/AccessTokenGrantController.php +11 −0 Go to diff View file
R plugins/oauth2_server/include/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilder.php Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2GrantAccessTokenFromAuthorizationCode.php +5 −4 Go to diff View file
R plugins/oauth2_server/include/Grant/AuthorizationCode/CannotSetANegativeExpirationDelayOnAccessTokenException.php Go to diff View file
R plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AccessTokenSuccessfulRequestRepresentation.php Go to diff View file
A plugins/oauth2_server/include/Grant/RefreshToken/OAuth2GrantAccessTokenFromRefreshToken.php +113 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshToken.php +78 −0 Go to diff View file
M plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenCreator.php +23 −7 Go to diff View file
M plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenDAO.php +24 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenDoesNotCorrespondToExpectedAppException.php +42 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenExpiredException.php +34 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenNoValidScopeFound.php +34 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenReusedException.php +50 −0 Go to diff View file
A plugins/oauth2_server/include/RefreshToken/OAuth2RefreshTokenVerifier.php +137 −0 Go to diff View file
M plugins/oauth2_server/include/RefreshToken/Scope/OAuth2RefreshTokenScopeDAO.php +12 −3 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +39 −21 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AccessTokenGrantControllerTest.php +25 −1 Go to diff View file
R plugins/oauth2_server/phpunit/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilderTest.php Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2GrantAccessTokenFromAuthorizationCodeTest.php +12 −10 Go to diff View file
R plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2AccessTokenSuccessfulRequestRepresentationTest.php Go to diff View file
A plugins/oauth2_server/phpunit/Grant/RefreshToken/OAuth2GrantAccessTokenFromRefreshTokenTest.php +161 −0 Go to diff View file
M plugins/oauth2_server/phpunit/RefreshToken/OAuth2RefreshTokenCreatorTest.php +24 −6 Go to diff View file
A plugins/oauth2_server/phpunit/RefreshToken/OAuth2RefreshTokenTest.php +41 −0 Go to diff View file
A plugins/oauth2_server/phpunit/RefreshToken/OAuth2RefreshTokenVerifierTest.php +229 −0 Go to diff View file
M plugins/oauth2_server/tests/integration/Grant/AuthorizationCode/OAuth2AuthorizationCodeDAOTest.php +12 −0 Go to diff View file