vendor/trikoder/oauth2-bundle/DependencyInjection/Configuration.php line 88

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Trikoder\Bundle\OAuth2Bundle\DependencyInjection;
  7. use Defuse\Crypto\Key;
  8. use Symfony\Component\Config\Definition\Builder\NodeDefinition;
  9. use Symfony\Component\Config\Definition\Builder\TreeBuilder;
  10. use Symfony\Component\Config\Definition\ConfigurationInterface;
  11. use Trikoder\Bundle\OAuth2Bundle\OAuth2Grants;
  13. final class Configuration implements ConfigurationInterface
  14. {
  15.     /**
  16.      * {@inheritdoc}
  17.      */
  18.     public function getConfigTreeBuilder(): TreeBuilder
  19.     {
  20.         $treeBuilder = new TreeBuilder('trikoder_oauth2');
  21.         $rootNode $treeBuilder->getRootNode();
  23.         $rootNode->append($this->createAuthorizationServerNode());
  24.         $rootNode->append($this->createResourceServerNode());
  25.         $rootNode->append($this->createScopesNode());
  26.         $rootNode->append($this->createPersistenceNode());
  28.         $rootNode
  29.             ->children()
  30.                 ->scalarNode('exception_event_listener_priority')
  31.                     ->info('The priority of the event listener that converts an Exception to a Response.')
  32.                     ->defaultValue(10)
  33.                 ->end()
  34.                 ->scalarNode('role_prefix')
  35.                     ->info('Set a custom prefix that replaces the default "ROLE_OAUTH2_" role prefix.')
  36.                     ->defaultValue('ROLE_OAUTH2_')
  37.                     ->cannotBeEmpty()
  38.                 ->end()
  39.             ->end();
  41.         return $treeBuilder;
  42.     }
  44.     private function createAuthorizationServerNode(): NodeDefinition
  45.     {
  46.         $treeBuilder = new TreeBuilder('authorization_server');
  47.         $node $treeBuilder->getRootNode();
  49.         $node
  50.             ->isRequired()
  51.             ->children()
  52.                 ->scalarNode('private_key')
  53.                     ->info("Full path to the private key file.\nHow to generate a private key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys")
  54.                     ->example('/var/oauth/private.key')
  55.                     ->isRequired()
  56.                     ->cannotBeEmpty()
  57.                 ->end()
  58.                 ->scalarNode('private_key_passphrase')
  59.                     ->info('Passphrase of the private key, if any.')
  60.                     ->defaultValue(null)
  61.                 ->end()
  62.                 ->scalarNode('encryption_key')
  63.                     ->info(sprintf("The plain string or the ascii safe string used to create a %s to be used as an encryption key.\nHow to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password"Key::class))
  64.                     ->isRequired()
  65.                     ->cannotBeEmpty()
  66.                 ->end()
  67.                 ->enumNode('encryption_key_type')
  68.                     ->info('The type of value of "encryption_key".')
  69.                     ->values(['plain''defuse'])
  70.                     ->defaultValue('plain')
  71.                 ->end()
  72.                 ->scalarNode('access_token_ttl')
  73.                     ->info("How long the issued access token should be valid for, used as a default if there is no grant type specific value set.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  74.                     ->cannotBeEmpty()
  75.                     ->defaultValue('PT1H')
  76.                 ->end()
  77.                 ->scalarNode('refresh_token_ttl')
  78.                     ->info("How long the issued refresh token should be valid for, used as a default if there is no grant type specific value set.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  79.                     ->cannotBeEmpty()
  80.                     ->defaultValue('P1M')
  81.                 ->end()
  83.         // @TODO Remove in v4 start
  85.                 ->scalarNode('auth_code_ttl')
  86.                     ->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  87.                     ->cannotBeEmpty()
  88.                     ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.auth_code_ttl" instead.')
  89.                     ->beforeNormalization()
  90.                         ->ifNull()
  91.                         ->thenUnset()
  92.                     ->end()
  93.                 ->end()
  94.                 ->booleanNode('require_code_challenge_for_public_clients')
  95.                     ->info('Whether to require code challenge for public clients for the authorization code grant.')
  96.                     ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.')
  97.                     ->beforeNormalization()
  98.                         ->ifNull()
  99.                         ->thenUnset()
  100.                     ->end()
  101.                 ->end()
  102.             ->end()
  103.         ;
  105.         foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) {
  106.             $oldGrantType 'authorization_code' === $grantType 'auth_code' $grantType;
  108.             $node
  109.                 ->children()
  110.                     ->booleanNode(sprintf('enable_%s_grant'$oldGrantType))
  111.                         ->info(sprintf('Whether to enable the %s grant.'$grantTypeName))
  112.                         ->setDeprecated(sprintf('"%%path%%.%%node%%" is deprecated, use "%%path%%.grant_types.%s.enable" instead.'$grantType))
  113.                         ->beforeNormalization()
  114.                             ->ifNull()
  115.                             ->thenUnset()
  116.                         ->end()
  117.                     ->end()
  118.                 ->end()
  119.             ;
  120.         }
  122.         // @TODO Remove in v4 end
  124.         $node->append($this->createAuthorizationServerGrantTypesNode());
  126.         $node
  127.             ->validate()
  128.                 ->always(static function ($v): array {
  129.                     $grantTypesWithRefreshToken array_flip(OAuth2Grants::WITH_REFRESH_TOKEN);
  131.                     foreach ($v['grant_types'] as $grantType => &$grantTypeConfig) {
  132.                         $grantTypeConfig['access_token_ttl'] = $grantTypeConfig['access_token_ttl'] ?? $v['access_token_ttl'];
  134.                         if (isset($grantTypesWithRefreshToken[$grantType])) {
  135.                             $grantTypeConfig['refresh_token_ttl'] = $grantTypeConfig['refresh_token_ttl'] ?? $v['refresh_token_ttl'];
  136.                         }
  138.                         // @TODO Remove in v4 start
  139.                         $oldGrantType 'authorization_code' === $grantType 'auth_code' $grantType;
  141.                         $grantTypeConfig['enable'] = $v[sprintf('enable_%s_grant'$oldGrantType)] ?? $grantTypeConfig['enable'];
  143.                         if ('authorization_code' === $grantType) {
  144.                             $grantTypeConfig['auth_code_ttl'] = $v['auth_code_ttl'] ?? $grantTypeConfig['auth_code_ttl'];
  145.                             $grantTypeConfig['require_code_challenge_for_public_clients'] = $v['require_code_challenge_for_public_clients']
  146.                                 ?? $grantTypeConfig['require_code_challenge_for_public_clients'];
  147.                         }
  148.                         // @TODO Remove in v4 end
  149.                     }
  151.                     unset(
  152.                         $v['access_token_ttl'],
  153.                         $v['refresh_token_ttl'],
  154.                         // @TODO Remove in v4 start
  155.                         $v['enable_auth_code_grant'],
  156.                         $v['enable_client_credentials_grant'],
  157.                         $v['enable_implicit_grant'],
  158.                         $v['enable_password_grant'],
  159.                         $v['enable_refresh_token_grant'],
  160.                         $v['auth_code_ttl'],
  161.                         $v['require_code_challenge_for_public_clients']
  162.                         // @TODO Remove in v4 end
  163.                     );
  165.                     return $v;
  166.                 })
  167.             ->end()
  168.         ;
  170.         return $node;
  171.     }
  173.     private function createAuthorizationServerGrantTypesNode(): NodeDefinition
  174.     {
  175.         $treeBuilder = new TreeBuilder('grant_types');
  176.         $node $treeBuilder->getRootNode();
  178.         $node
  179.             ->info('Enable and configure grant types.')
  180.             ->addDefaultsIfNotSet()
  181.         ;
  183.         foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) {
  184.             $node
  185.                 ->children()
  186.                     ->arrayNode($grantType)
  187.                         ->addDefaultsIfNotSet()
  188.                         ->children()
  189.                             ->booleanNode('enable')
  190.                                 ->info(sprintf('Whether to enable the %s grant.'$grantTypeName))
  191.                                 ->defaultTrue()
  192.                             ->end()
  193.                             ->scalarNode('access_token_ttl')
  194.                                 ->info(sprintf('How long the issued access token should be valid for the %s grant.'$grantTypeName))
  195.                                 ->cannotBeEmpty()
  196.                                 ->beforeNormalization()
  197.                                     ->ifNull()
  198.                                     ->thenUnset()
  199.                                 ->end()
  200.                             ->end()
  201.                         ->end()
  202.                     ->end()
  203.                 ->end()
  204.             ;
  205.         }
  207.         foreach (OAuth2Grants::WITH_REFRESH_TOKEN as $grantType) {
  208.             $node
  209.                 ->find($grantType)
  210.                     ->children()
  211.                         ->scalarNode('refresh_token_ttl')
  212.                             ->info(sprintf('How long the issued refresh token should be valid for the %s grant.'OAuth2Grants::ALL[$grantType]))
  213.                             ->cannotBeEmpty()
  214.                             ->beforeNormalization()
  215.                                 ->ifNull()
  216.                                 ->thenUnset()
  217.                             ->end()
  218.                         ->end()
  219.                     ->end()
  220.                 ->end()
  221.             ;
  222.         }
  224.         $node
  225.             ->find('authorization_code')
  226.                 ->children()
  227.                     ->scalarNode('auth_code_ttl')
  228.                         ->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  229.                         ->cannotBeEmpty()
  230.                         ->defaultValue('PT10M')
  231.                     ->end()
  232.                     ->booleanNode('require_code_challenge_for_public_clients')
  233.                         ->info('Whether to require code challenge for public clients for the authorization code grant.')
  234.                         ->defaultTrue()
  235.                     ->end()
  236.                 ->end()
  237.             ->end()
  238.         ;
  240.         return $node;
  241.     }
  243.     private function createResourceServerNode(): NodeDefinition
  244.     {
  245.         $treeBuilder = new TreeBuilder('resource_server');
  246.         $node $treeBuilder->getRootNode();
  248.         $node
  249.             ->isRequired()
  250.             ->children()
  251.                 ->scalarNode('public_key')
  252.                     ->info("Full path to the public key file.\nHow to generate a public key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys")
  253.                     ->example('/var/oauth/public.key')
  254.                     ->isRequired()
  255.                     ->cannotBeEmpty()
  256.                 ->end()
  257.             ->end()
  258.         ;
  260.         return $node;
  261.     }
  263.     private function createScopesNode(): NodeDefinition
  264.     {
  265.         $treeBuilder = new TreeBuilder('scopes');
  266.         $node $treeBuilder->getRootNode();
  268.         $node
  269.             ->info("Scopes that you wish to utilize in your application.\nThis should be a simple array of strings.")
  270.             ->scalarPrototype()
  271.             ->treatNullLike([])
  272.         ;
  274.         return $node;
  275.     }
  277.     private function createPersistenceNode(): NodeDefinition
  278.     {
  279.         $treeBuilder = new TreeBuilder('persistence');
  280.         $node $treeBuilder->getRootNode();
  282.         $node
  283.             ->info("Configures different persistence methods that can be used by the bundle for saving client and token data.\nOnly one persistence method can be configured at a time.")
  284.             ->isRequired()
  285.             ->performNoDeepMerging()
  286.             ->children()
  287.                 // Doctrine persistence
  288.                 ->arrayNode('doctrine')
  289.                     ->children()
  290.                         ->scalarNode('entity_manager')
  291.                             ->info('Name of the entity manager that you wish to use for managing clients and tokens.')
  292.                             ->cannotBeEmpty()
  293.                             ->defaultValue('default')
  294.                         ->end()
  295.                     ->end()
  296.                 ->end()
  297.                 // In-memory persistence
  298.                 ->scalarNode('in_memory')
  299.                 ->end()
  300.             ->end()
  301.         ;
  303.         return $node;
  304.     }
  305. }