ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
AccessToken.php
Go to the documentation of this file.
1 <?php
2 
19 namespace ILIAS\LTI\ToolProvider;
20 
21 use ILIAS\LTI\ToolProvider\Tool;
22 use ILIAS\LTI\ToolProvider\Http\HTTPMessage;
23 
32 class AccessToken
33 {
39  public ?string $token = null;
40 
46  public ?int $expires = null;
47 
53  public ?array $scopes = array();
54 
60  private ?Platform $platform = null;
61 
67  public ?int $created = null;
68 
74  public ?int $updated = null;
75 
83  public function __construct(Platform $platform, array $scopes = null, string $token = null, int $expires = null)
84  {
85  $this->platform = $platform;
86  $this->scopes = $scopes;
87  if (!empty($token)) {
88  $this->token = $token;
89  }
90  if (!empty($expires)) {
91  $this->expires = time() + $expires;
92  }
93  $this->created = null;
94  $this->updated = null;
95  if (empty($scopes)) {
96  $this->load();
97  }
98  }
99 
105  public function getPlatform(): ?Platform
106  {
107  return $this->platform;
108  }
109 
115  public function load(): bool
116  {
117  return $this->platform->getDataConnector()->loadAccessToken($this);
118  }
119 
125  public function save(): bool
126  {
127  sort($this->scopes);
128  return $this->platform->getDataConnector()->saveAccessToken($this);
129  }
130 
136  public function hasScope(string $scope = ''): bool
137  {
138  if (substr($scope, -9) === '.readonly') {
139  $scope2 = substr($scope, 0, -9);
140  } else {
141  $scope2 = $scope;
142  }
143  return !empty($this->token) && (empty($this->expires) || ($this->expires > time())) &&
144  (empty($scope) || empty($this->scopes) || (in_array($scope, $this->scopes) || in_array($scope2, $this->scopes)));
145  }
146 
153  public function get(string $scope = '', bool $scopeOnly = false): AccessToken
154  {
155  $url = $this->platform->accessTokenUrl;
156  if (!empty($url) && !empty(Tool::$defaultTool) && !empty(Tool::$defaultTool->rsaKey)) {
157  if ($scopeOnly) {
158  $scopesRequested = array($scope);
159  } else {
160  $scopesRequested = Tool::$defaultTool->requiredScopes;
161  if (substr($scope, -9) === '.readonly') {
162  $scope2 = substr($scope, 0, -9);
163  } else {
164  $scope2 = $scope;
165  }
166  if (!empty($scope) && !in_array($scope, $scopesRequested) && !in_array($scope2, $scopesRequested)) {
167  $scopesRequested[] = $scope;
168  }
169  }
170  if (!empty($scopesRequested)) {
171  $retry = false;
172  do {
173  $method = 'POST';
174  $type = 'application/x-www-form-urlencoded';
175  $body = array(
176  'grant_type' => 'client_credentials',
177  'client_assertion_type' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
178  'scope' => implode(' ', $scopesRequested)
179  );
180  if (!empty(Tool::$defaultTool)) {
181  Tool::$defaultTool->platform = $this->platform;
182  $body = Tool::$defaultTool->signServiceRequest($url, $method, $type, $body);
183  } else {
184  $body = $this->platform->signServiceRequest($url, $method, $type, $body);
185  }
186  $http = new HttpMessage($url, $method, $body);
187  if ($http->send() && !empty($http->response)) {
188  $http->responseJson = json_decode($http->response);
189  if (!is_null($http->responseJson) && !empty($http->responseJson->access_token) && !empty($http->responseJson->expires_in)) {
190  if (isset($http->responseJson->scope)) {
191  $scopesAccepted = explode(' ', $http->responseJson->scope);
192  } else {
193  $scopesAccepted = $scopesRequested;
194  }
195  $this->scopes = $scopesAccepted;
196  $this->token = $http->responseJson->access_token;
197  $this->expires = time() + $http->responseJson->expires_in;
198  if (!$scopeOnly) {
199  $this->save();
200  }
201  }
202  $retry = false;
203  } elseif ($retry) {
204  $retry = false;
205  } elseif (!empty($scope) && (count($scopesRequested) > 1)) { // Just ask for the single scope requested
206  $retry = true;
207  $scopesRequested = array($scope);
208  }
209  } while ($retry);
210  }
211  } else {
212  $this->scopes = null;
213  $this->token = null;
214  $this->expires = null;
215  $this->created = null;
216  $this->updated = null;
217  }
218 
219  return $this;
220  }
221 }
ILIAS\LTI\ToolProvider\Platform
Class to represent a platform.
Definition: Platform.php:35
ILIAS\LTI\ToolProvider\AccessToken\$platform
Platform $platform
Platform for this context.
Definition: AccessToken.php:60
ILIAS\LTI\ToolProvider\AccessToken\__construct
__construct(Platform $platform, array $scopes=null, string $token=null, int $expires=null)
Class constructor.
Definition: AccessToken.php:83
$scope
$scope
Definition: ltiregstart.php:53
ILIAS\LTI\ToolProvider\AccessToken
Class to represent an HTTP message.
Definition: AccessToken.php:32
ILIAS\LTI\ToolProvider\AccessToken\$token
string $token
Access token string.
Definition: AccessToken.php:39
ILIAS\LTI\ToolProvider\AccessToken\$expires
int $expires
Timestamp at which the token string expires.
Definition: AccessToken.php:46
ILIAS\LTI\ToolProvider\AccessToken\$updated
int $updated
Timestamp for when the object was last updated.
Definition: AccessToken.php:74
ILIAS\LTI\ToolProvider\AccessToken\load
load()
Load a nonce value from the database.
Definition: AccessToken.php:115
ILIAS\LTI\ToolProvider\Tool\$defaultTool
static Tool $defaultTool
Default tool for use with service requests.
Definition: Tool.php:299
ILIAS\LTI\ToolProvider
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: AccessToken.php:19
ILIAS\LTI\ToolProvider\AccessToken\hasScope
hasScope(string $scope='')
Check if a valid access token exists for a specific scope (or any scope if none specified).
Definition: AccessToken.php:136
$url
$url
Definition: ltiregstart.php:35
ILIAS\LTI\ToolProvider\AccessToken\save
save()
Save a nonce value in the database.
Definition: AccessToken.php:125
$http
$http
Definition: raiseError.php:7
ILIAS\LTI\ToolProvider\AccessToken\$created
int $created
Timestamp for when the object was created.
Definition: AccessToken.php:67
ILIAS\LTI\ToolProvider\AccessToken\$scopes
array $scopes
Scope(s) for which the access token is valid.
Definition: AccessToken.php:53