vendor/trikoder/oauth2-bundle/DependencyInjection/Configuration.php line 88

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Trikoder\Bundle\OAuth2Bundle\DependencyInjection;
  7. use Defuse\Crypto\Key;
  8. use Symfony\Component\Config\Definition\Builder\NodeDefinition;
  9. use Symfony\Component\Config\Definition\Builder\TreeBuilder;
  10. use Symfony\Component\Config\Definition\ConfigurationInterface;
  11. use Trikoder\Bundle\OAuth2Bundle\OAuth2Grants;
  13. final class Configuration implements ConfigurationInterface
  14. {
  15. /**
  16. * {@inheritdoc}
  17. */
  18. public function getConfigTreeBuilder(): TreeBuilder
  19. {
  20. $treeBuilder = new TreeBuilder('trikoder_oauth2');
  21. $rootNode = $treeBuilder->getRootNode();
  23. $rootNode->append($this->createAuthorizationServerNode());
  24. $rootNode->append($this->createResourceServerNode());
  25. $rootNode->append($this->createScopesNode());
  26. $rootNode->append($this->createPersistenceNode());
  28. $rootNode
  29. ->children()
  30. ->scalarNode('exception_event_listener_priority')
  31. ->info('The priority of the event listener that converts an Exception to a Response.')
  32. ->defaultValue(10)
  33. ->end()
  34. ->scalarNode('role_prefix')
  35. ->info('Set a custom prefix that replaces the default "ROLE_OAUTH2_" role prefix.')
  36. ->defaultValue('ROLE_OAUTH2_')
  37. ->cannotBeEmpty()
  38. ->end()
  39. ->end();
  41. return $treeBuilder;
  42. }
  44. private function createAuthorizationServerNode(): NodeDefinition
  45. {
  46. $treeBuilder = new TreeBuilder('authorization_server');
  47. $node = $treeBuilder->getRootNode();
  49. $node
  50. ->isRequired()
  51. ->children()
  52. ->scalarNode('private_key')
  53. ->info("Full path to the private key file.\nHow to generate a private key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys")
  54. ->example('/var/oauth/private.key')
  55. ->isRequired()
  56. ->cannotBeEmpty()
  57. ->end()
  58. ->scalarNode('private_key_passphrase')
  59. ->info('Passphrase of the private key, if any.')
  60. ->defaultValue(null)
  61. ->end()
  62. ->scalarNode('encryption_key')
  63. ->info(sprintf("The plain string or the ascii safe string used to create a %s to be used as an encryption key.\nHow to generate an encryption key: https://oauth2.thephpleague.com/installation/#string-password", Key::class))
  64. ->isRequired()
  65. ->cannotBeEmpty()
  66. ->end()
  67. ->enumNode('encryption_key_type')
  68. ->info('The type of value of "encryption_key".')
  69. ->values(['plain', 'defuse'])
  70. ->defaultValue('plain')
  71. ->end()
  72. ->scalarNode('access_token_ttl')
  73. ->info("How long the issued access token should be valid for, used as a default if there is no grant type specific value set.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  74. ->cannotBeEmpty()
  75. ->defaultValue('PT1H')
  76. ->end()
  77. ->scalarNode('refresh_token_ttl')
  78. ->info("How long the issued refresh token should be valid for, used as a default if there is no grant type specific value set.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  79. ->cannotBeEmpty()
  80. ->defaultValue('P1M')
  81. ->end()
  83. // @TODO Remove in v4 start
  85. ->scalarNode('auth_code_ttl')
  86. ->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  87. ->cannotBeEmpty()
  88. ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.auth_code_ttl" instead.')
  89. ->beforeNormalization()
  90. ->ifNull()
  91. ->thenUnset()
  92. ->end()
  93. ->end()
  94. ->booleanNode('require_code_challenge_for_public_clients')
  95. ->info('Whether to require code challenge for public clients for the authorization code grant.')
  96. ->setDeprecated('"%path%.%node%" is deprecated, use "%path%.grant_types.authorization_code.require_code_challenge_for_public_clients" instead.')
  97. ->beforeNormalization()
  98. ->ifNull()
  99. ->thenUnset()
  100. ->end()
  101. ->end()
  102. ->end()
  103. ;
  105. foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) {
  106. $oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType;
  108. $node
  109. ->children()
  110. ->booleanNode(sprintf('enable_%s_grant', $oldGrantType))
  111. ->info(sprintf('Whether to enable the %s grant.', $grantTypeName))
  112. ->setDeprecated(sprintf('"%%path%%.%%node%%" is deprecated, use "%%path%%.grant_types.%s.enable" instead.', $grantType))
  113. ->beforeNormalization()
  114. ->ifNull()
  115. ->thenUnset()
  116. ->end()
  117. ->end()
  118. ->end()
  119. ;
  120. }
  122. // @TODO Remove in v4 end
  124. $node->append($this->createAuthorizationServerGrantTypesNode());
  126. $node
  127. ->validate()
  128. ->always(static function ($v): array {
  129. $grantTypesWithRefreshToken = array_flip(OAuth2Grants::WITH_REFRESH_TOKEN);
  131. foreach ($v['grant_types'] as $grantType => &$grantTypeConfig) {
  132. $grantTypeConfig['access_token_ttl'] = $grantTypeConfig['access_token_ttl'] ?? $v['access_token_ttl'];
  134. if (isset($grantTypesWithRefreshToken[$grantType])) {
  135. $grantTypeConfig['refresh_token_ttl'] = $grantTypeConfig['refresh_token_ttl'] ?? $v['refresh_token_ttl'];
  136. }
  138. // @TODO Remove in v4 start
  139. $oldGrantType = 'authorization_code' === $grantType ? 'auth_code' : $grantType;
  141. $grantTypeConfig['enable'] = $v[sprintf('enable_%s_grant', $oldGrantType)] ?? $grantTypeConfig['enable'];
  143. if ('authorization_code' === $grantType) {
  144. $grantTypeConfig['auth_code_ttl'] = $v['auth_code_ttl'] ?? $grantTypeConfig['auth_code_ttl'];
  145. $grantTypeConfig['require_code_challenge_for_public_clients'] = $v['require_code_challenge_for_public_clients']
  146. ?? $grantTypeConfig['require_code_challenge_for_public_clients'];
  147. }
  148. // @TODO Remove in v4 end
  149. }
  151. unset(
  152. $v['access_token_ttl'],
  153. $v['refresh_token_ttl'],
  154. // @TODO Remove in v4 start
  155. $v['enable_auth_code_grant'],
  156. $v['enable_client_credentials_grant'],
  157. $v['enable_implicit_grant'],
  158. $v['enable_password_grant'],
  159. $v['enable_refresh_token_grant'],
  160. $v['auth_code_ttl'],
  161. $v['require_code_challenge_for_public_clients']
  162. // @TODO Remove in v4 end
  163. );
  165. return $v;
  166. })
  167. ->end()
  168. ;
  170. return $node;
  171. }
  173. private function createAuthorizationServerGrantTypesNode(): NodeDefinition
  174. {
  175. $treeBuilder = new TreeBuilder('grant_types');
  176. $node = $treeBuilder->getRootNode();
  178. $node
  179. ->info('Enable and configure grant types.')
  180. ->addDefaultsIfNotSet()
  181. ;
  183. foreach (OAuth2Grants::ALL as $grantType => $grantTypeName) {
  184. $node
  185. ->children()
  186. ->arrayNode($grantType)
  187. ->addDefaultsIfNotSet()
  188. ->children()
  189. ->booleanNode('enable')
  190. ->info(sprintf('Whether to enable the %s grant.', $grantTypeName))
  191. ->defaultTrue()
  192. ->end()
  193. ->scalarNode('access_token_ttl')
  194. ->info(sprintf('How long the issued access token should be valid for the %s grant.', $grantTypeName))
  195. ->cannotBeEmpty()
  196. ->beforeNormalization()
  197. ->ifNull()
  198. ->thenUnset()
  199. ->end()
  200. ->end()
  201. ->end()
  202. ->end()
  203. ->end()
  204. ;
  205. }
  207. foreach (OAuth2Grants::WITH_REFRESH_TOKEN as $grantType) {
  208. $node
  209. ->find($grantType)
  210. ->children()
  211. ->scalarNode('refresh_token_ttl')
  212. ->info(sprintf('How long the issued refresh token should be valid for the %s grant.', OAuth2Grants::ALL[$grantType]))
  213. ->cannotBeEmpty()
  214. ->beforeNormalization()
  215. ->ifNull()
  216. ->thenUnset()
  217. ->end()
  218. ->end()
  219. ->end()
  220. ->end()
  221. ;
  222. }
  224. $node
  225. ->find('authorization_code')
  226. ->children()
  227. ->scalarNode('auth_code_ttl')
  228. ->info("How long the issued authorization code should be valid for.\nThe value should be a valid interval: http://php.net/manual/en/dateinterval.construct.php#refsect1-dateinterval.construct-parameters")
  229. ->cannotBeEmpty()
  230. ->defaultValue('PT10M')
  231. ->end()
  232. ->booleanNode('require_code_challenge_for_public_clients')
  233. ->info('Whether to require code challenge for public clients for the authorization code grant.')
  234. ->defaultTrue()
  235. ->end()
  236. ->end()
  237. ->end()
  238. ;
  240. return $node;
  241. }
  243. private function createResourceServerNode(): NodeDefinition
  244. {
  245. $treeBuilder = new TreeBuilder('resource_server');
  246. $node = $treeBuilder->getRootNode();
  248. $node
  249. ->isRequired()
  250. ->children()
  251. ->scalarNode('public_key')
  252. ->info("Full path to the public key file.\nHow to generate a public key: https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys")
  253. ->example('/var/oauth/public.key')
  254. ->isRequired()
  255. ->cannotBeEmpty()
  256. ->end()
  257. ->end()
  258. ;
  260. return $node;
  261. }
  263. private function createScopesNode(): NodeDefinition
  264. {
  265. $treeBuilder = new TreeBuilder('scopes');
  266. $node = $treeBuilder->getRootNode();
  268. $node
  269. ->info("Scopes that you wish to utilize in your application.\nThis should be a simple array of strings.")
  270. ->scalarPrototype()
  271. ->treatNullLike([])
  272. ;
  274. return $node;
  275. }
  277. private function createPersistenceNode(): NodeDefinition
  278. {
  279. $treeBuilder = new TreeBuilder('persistence');
  280. $node = $treeBuilder->getRootNode();
  282. $node
  283. ->info("Configures different persistence methods that can be used by the bundle for saving client and token data.\nOnly one persistence method can be configured at a time.")
  284. ->isRequired()
  285. ->performNoDeepMerging()
  286. ->children()
  287. // Doctrine persistence
  288. ->arrayNode('doctrine')
  289. ->children()
  290. ->scalarNode('entity_manager')
  291. ->info('Name of the entity manager that you wish to use for managing clients and tokens.')
  292. ->cannotBeEmpty()
  293. ->defaultValue('default')
  294. ->end()
  295. ->end()
  296. ->end()
  297. // In-memory persistence
  298. ->scalarNode('in_memory')
  299. ->end()
  300. ->end()
  301. ;
  303. return $node;
  304. }
  305. }