Add access_token endpoint

Author: rmccue

inc/endpoints/class-token.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace WP\OAuth2\Endpoints;
+
+use WP_Error;
+use WP_Http;
+use WP\OAuth2\Client;
+use WP_REST_Request;
+
+/**
+ * Token endpoint handler.
+ */
+class Token {
+	public function register_routes() {
+		register_rest_route( 'oauth2', '/access_token', array(
+			'methods' => 'POST',
+			'callback' => array( $this, 'exchange_token' ),
+			'args' => array(
+				'grant_type' => array(
+					'required' => true,
+					'type' => 'string',
+					'validate_callback' => array( $this, 'validate_grant_type' ),
+				),
+				'client_id' => array(
+					'required' => true,
+					'type' => 'string',
+					'validate_callback' => 'rest_validate_request_arg',
+				),
+				'code' => array(
+					'required' => true,
+					'type' => 'string',
+					'validate_callback' => 'rest_validate_request_arg',
+				),
+			),
+		));
+	}
+
+	public function validate_grant_type( $type ) {
+		return $type === 'authorization_code';
+	}
+
+	public function exchange_token( WP_REST_Request $request ) {
+		$client = Client::get_by_id( $request['client_id'] );
+		if ( empty( $client ) ) {
+			return new WP_Error(
+				'oauth2.endpoints.token.exchange_token.invalid_client',
+				sprintf( __( 'Client ID %s is invalid.', 'oauth2' ), $request['client_id'] ),
+				array(
+					'status' => WP_Http::BAD_REQUEST,
+					'client_id' => $request['client_id'],
+				)
+			);
+		}
+
+		$auth_code = $client->get_authorization_code( $request['code'] );
+		if ( is_wp_error( $auth_code ) ) {
+			return $auth_code;
+		}
+
+		$is_valid = $auth_code->validate();
+		if ( is_wp_error( $is_valid ) ) {
+			// Invalid request, but code itself exists, so we should delete
+			// (and silently ignore errors).
+			$auth_code->delete();
+
+			return $is_valid;
+		}
+
+		// Looks valid, delete the code and issue a token.
+		$user = $auth_code->get_user();
+		if ( is_wp_error( $user ) ) {
+			return $user;
+		}
+
+		$did_delete = $auth_code->delete();
+		if ( is_wp_error( $did_delete ) ) {
+			return $did_delete;
+		}
+
+		$token = $client->issue_token( $user );
+		if ( is_wp_error( $token ) ) {
+			return $token;
+		}
+
+		$data = array(
+			'access_token' => $token->get_key(),
+			'token_type'   => 'bearer',
+		);
+		return $data;
+	}
+}

plugin.php

@@ -18,8 +18,11 @@ function bootstrap() {
 
 	// Core authentication hooks.
 	add_filter( 'determine_current_user', __NAMESPACE__ . '\\Authentication\\attempt_authentication', 11 );
+
+	// REST API integration.
 	add_filter( 'rest_authentication_errors', __NAMESPACE__ . '\\Authentication\\maybe_report_errors' );
 	add_filter( 'rest_index', __NAMESPACE__ . '\\register_in_index' );
+	add_action( 'rest_api_init', __NAMESPACE__ . '\\register_routes' );
 
 	// Internal default hooks.
 	add_filter( 'oauth2.grant_types', __NAMESPACE__ . '\\register_grant_types', 0 );
@@ -34,9 +37,11 @@ function load() {
 	require __DIR__ . '/inc/class-scopes.php';
 	require __DIR__ . '/inc/authentication/namespace.php';
 	require __DIR__ . '/inc/endpoints/class-authorization.php';
+	require __DIR__ . '/inc/endpoints/class-token.php';
 	require __DIR__ . '/inc/tokens/namespace.php';
 	require __DIR__ . '/inc/tokens/class-token.php';
 	require __DIR__ . '/inc/tokens/class-access-token.php';
+	require __DIR__ . '/inc/tokens/class-authorization-code.php';
 	require __DIR__ . '/inc/types/class-type.php';
 	require __DIR__ . '/inc/types/class-base.php';
 	require __DIR__ . '/inc/types/class-authorization-code.php';
@@ -109,6 +114,11 @@ function register_in_index( WP_REST_Response $response ) {
 	return $response;
 }
 
+function register_routes() {
+	$token_endpoint = new Endpoints\Token();
+	$token_endpoint->register_routes();
+}
+
 /**
  * Get the authorization endpoint URL.
  *
@@ -132,7 +142,7 @@ function get_authorization_url() {
  * @return string URL for the OAuth 2 token endpoint.
  */
 function get_token_url() {
-	$url = rest_url( 'oauth2/token' );
+	$url = rest_url( 'oauth2/access_token' );
 
 	/**
 	 * Filter the token URL.