Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Associate the delivered access tokens with their authorized grant

Download Browse

This will allow to revoke access tokens associated with a compromised authorization code for example. For now, the association is only written in the DB and nothing is done with it. In order to test you need to: 1. In the project admin create an OAuth2 app (note the ID and the given secret) 2. Access the authorize page at the URL https://tuleap.example.com/oauth2/authorize?client_id=<client_d>&scope=demo&response_type=code&redirect_uri=<redirect_uri> 3. Quickly retrieve (it is valid only 1 minute) the authorization code from the URL 4. Exchange the authorization code for an access token: shell> curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ --user '<client_id>:<client_secret>' \ --data 'grant_type=authorization_code&redirect_uri=<redirect_uri>&code=<authorization_code>' \ https://tuleap.example.com/oauth2/token This is part of story #14542: have OAuth2 flow Change-Id: I932e163be1d48f2ea4f80e24b7771401abd3c1c5

+178 −25
Thomas Gerbet (tgerbet) 2020-03-12 10:25
Thomas Gerbet (tgerbet) 2020-03-12 10:25
594c16764cdf66b03830600d6164f8451e733f63
0f1c9ee82f281082d1d15c1599b25e3f88ba963e
git #tuleap/stable/594c16764cdf66b03830600d6164f8451e733f63

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/db/install.sql +7 −0 Go to diff View file
A plugins/oauth2_server/db/mysql/2020/202003120945_create_authorization_code_access_token.php +47 −0 Go to diff View file
M plugins/oauth2_server/db/uninstall.sql +1 −0 Go to diff View file
A plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenAuthorizationGrantAssociationDAO.php +41 −0 Go to diff View file
M plugins/oauth2_server/include/AccessToken/OAuth2AccessTokenCreator.php +18 −8 Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilder.php +1 −0 Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCode.php +16 −4 Go to diff View file
M plugins/oauth2_server/include/Grant/AuthorizationCode/OAuth2AuthorizationCodeVerifier.php +1 −1 Go to diff View file
M plugins/oauth2_server/include/oauth2_serverPlugin.php +2 −0 Go to diff View file
M plugins/oauth2_server/phpunit/AccessToken/OAuth2AccessTokenCreatorTest.php +18 −6 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AccessTokenGrantControllerTest.php +13 −4 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AuthorizationCode/AuthorizationCodeGrantResponseBuilderTest.php +6 −1 Go to diff View file
M plugins/oauth2_server/phpunit/Grant/AuthorizationCode/OAuth2AuthorizationCodeTest.php +7 −1 Go to diff View file