Revert the following commits that tried to implement getToken using OAuthTokenManager

mkne · mkne · commit 60dc240d68ea · 2025-12-18T17:43:20.000+01:00
Revert "add use OAuthTokenManager and create instance in constructor"This reverts commit 2a1e7c9.Revert "Add missing ) to retrieveROPCToken"This reverts commit 8df5cfc. Revert "Implement retrieveROPCToken as proposed in #1151 (comment)" This reverts commit 66cc732.
diff --git a/src/Services/InfoProviderSystem/Providers/BuerklinProvider.php b/src/Services/InfoProviderSystem/Providers/BuerklinProvider.php
@@ -30,7 +30,6 @@
 use App\Services\InfoProviderSystem\DTOs\PriceDTO;
 use App\Services\InfoProviderSystem\DTOs\PurchaseInfoDTO;
 use App\Services\InfoProviderSystem\DTOs\SearchResultDTO;
-use App\Services\OAuth\OAuthTokenManager;
 use App\Settings\InfoProviderSystem\BuerklinSettings;
 use Psr\Cache\CacheItemPoolInterface;
 use Symfony\Contracts\HttpClient\HttpClientInterface;
@@ -51,10 +50,9 @@ class BuerklinProvider implements BatchInfoProviderInterface
 
     public function __construct(
         private readonly HttpClientInterface $client,
-        private readonly OAuthTokenManager $authTokenManager,
         private readonly CacheItemPoolInterface $partInfoCache,
         private readonly BuerklinSettings $settings,
-      ) {
+    ) {
 
     }
 
@@ -64,16 +62,52 @@ public function __construct(
      */
     private function getToken(): string
     {
-        //Check if we already have a token saved for this app, otherwise we have to retrieve one via OAuth
-        if (!$this->authTokenManager->hasToken(self::OAUTH_APP_NAME)) {
-            $this->authTokenManager->retrieveROPCToken(self::OAUTH_APP_NAME, $this->settings->username, $this->settings->password);
+        // Cache token to avoid hammering the auth server on every request
+        $cacheKey = 'buerklin.oauth.token';
+        $item = $this->partInfoCache->getItem($cacheKey);
+
+        if ($item->isHit()) {
+            $token = $item->get();
+            if (is_string($token) && $token !== '') {
+                return $token;
+            }
+        }
+
+        // Buerklin OAuth2 password grant (ROPC)
+        $resp = $this->client->request('POST', 'https://www.buerklin.com/authorizationserver/oauth/token/', [
+            'headers' => [
+                'Accept' => 'application/json',
+                'Content-Type' => 'application/x-www-form-urlencoded',
+            ],
+            'body' => [
+                'grant_type' => 'password',
+                'client_id' => $this->settings->clientId,
+                'client_secret' => $this->settings->secret,
+                'username' => $this->settings->username,
+                'password' => $this->settings->password,
+            ],
+        ]);
+
+        $data = $resp->toArray(false);
+
+        if (!isset($data['access_token'])) {
+            throw new \RuntimeException(
+                'Invalid token response from Buerklin: HTTP ' . $resp->getStatusCode() . ' body=' . $resp->getContent(false)
+            );
         }
 
-        $token = $this->authTokenManager->getAlwaysValidTokenString(self::OAUTH_APP_NAME);
-        if ($token === null) {
-            throw new \RuntimeException('Could not retrieve OAuth token for Buerklin API.');
+        $token = (string) $data['access_token'];
+
+        // Cache for (expires_in - 30s) if available
+        $ttl = 300;
+        if (isset($data['expires_in']) && is_numeric($data['expires_in'])) {
+            $ttl = max(60, (int) $data['expires_in'] - 30);
         }
 
+        $item->set($token);
+        $item->expiresAfter($ttl);
+        $this->partInfoCache->save($item);
+
         return $token;
     }
 
diff --git a/src/Services/OAuth/OAuthTokenManager.php b/src/Services/OAuth/OAuthTokenManager.php
@@ -159,21 +159,4 @@ public function retrieveClientCredentialsToken(string $app_name): OAuthToken
 
         return $this->saveToken($app_name, $access_token);
     }
-
-    /**
-     * Retrieves an access token for the given app name using the client ROPC grant (so no user flow is needed)
-     * The app_name must be registered in the knpu_oauth2_client.yaml
-     * The token is saved to the database, and afterwards can be used as usual
-     * @param  string  $app_name
-     * @return OAuthToken
-     */
-    public function retrieveROPCToken(string $app_name, string $user, string $password): OAuthToken
-    {
-        $client = $this->clientRegistry->getClient($app_name);
-        $access_token = $client->getOAuth2Provider()->getAccessToken('password', [
-            'username' => $user,
-            'password' => $password
-        ]);
-        return $this->saveToken($app_name, $access_token);
-    }
 }
