Merge pull request #11 from kduma-forks/master

imper86 · web-flow · commit d1b1c0e712bf · 2023-10-02T20:52:33.000+02:00
Implement „Device flow” authentication
diff --git a/README.md b/README.md
@@ -109,5 +109,54 @@ If you use IDE with typehinting such as PHPStorm, you'll easily
 figure it out. If not, please 
 [take a look in Resource directory](src/Resource)
 
+## Device Flow
+
+```php
+use Imper86\PhpAllegroApi\AllegroApi;
+use Imper86\PhpAllegroApi\Model\Credentials;
+use Imper86\PhpAllegroApi\Oauth\FileTokenRepository;
+use Imper86\PhpAllegroApi\Plugin\AuthenticationPlugin;
+
+// first, create Credentials object
+$credentials = new Credentials(
+    'your-client-id',
+    'your-client-secret',
+    'your-redirect-uri',
+    true //is sandbox
+);
+
+// create api client
+$api = new AllegroApi($credentials);
+
+// Create authorization session
+$session = $api->oauth()->getDeviceCode();
+
+// Provide device code and/or url to user
+echo 'Please visit: ' . $session->getVerificationUriComplete();
+
+// Poll for authorization result
+$interval = $session->getInterval();
+$token = false;
+do {
+    sleep($interval);
+    $device_code = $session->getDeviceCode();
+    try{
+        $token = $api->oauth()->fetchTokenWithDeviceCode($device_code);
+    } catch (AuthorizationPendingException) {
+        continue;
+    } catch (SlowDownException) {
+        $interval++;
+        continue;
+    }
+} while ($token == false);
+
+// create TokenRepository object
+$tokenRepository = new FileTokenRepository(
+    $token->getUserId(), 
+    __DIR__ . '/tokens'
+);
+$tokenRepository->save($token);
+```
+
 ## Contributing
 Any help will be very appreciated :)
diff --git a/src/Enum/GrantType.php b/src/Enum/GrantType.php
@@ -9,5 +9,5 @@ final class GrantType
     public const AUTHORIZATION_CODE = 'authorization_code';
     public const REFRESH_TOKEN = 'refresh_token';
     public const CLIENT_CREDENTIALS = 'client_credentials';
-    public const DEVICE_CODE = 'device_code';
-}
+    public const DEVICE_CODE = 'urn:ietf:params:oauth:grant-type:device_code';
+}
diff --git a/src/Exceptions/AccessDeniedException.php b/src/Exceptions/AccessDeniedException.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Exceptions;
+
+class AccessDeniedException extends BaseDeviceFlowException
+{
+
+}
diff --git a/src/Exceptions/AuthorizationPendingException.php b/src/Exceptions/AuthorizationPendingException.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Exceptions;
+
+class AuthorizationPendingException extends BaseDeviceFlowException
+{
+
+}
diff --git a/src/Exceptions/BaseDeviceFlowException.php b/src/Exceptions/BaseDeviceFlowException.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Exceptions;
+
+abstract class BaseDeviceFlowException extends \Exception
+{
+
+}
diff --git a/src/Exceptions/SlowDownException.php b/src/Exceptions/SlowDownException.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Exceptions;
+
+class SlowDownException extends BaseDeviceFlowException
+{
+
+}
diff --git a/src/Model/DeviceFlowAuthSession.php b/src/Model/DeviceFlowAuthSession.php
@@ -0,0 +1,108 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Model;
+
+class DeviceFlowAuthSession implements DeviceFlowAuthSessionInterface
+{
+    /**
+     * @var string
+     */
+    private $deviceCode;
+
+    /**
+     * @var string
+     */
+    private $userCode;
+
+    /**
+     * @var string
+     */
+    private $verificationUri;
+
+    /**
+     * @var int
+     */
+    private $expiresIn;
+
+    /**
+     * @var int
+     */
+    private $interval;
+
+    /**
+     * @var string
+     */
+    private $verificationUriComplete;
+
+    /**
+     * @param string $deviceCode
+     * @param int $expiresIn
+     * @param string $userCode
+     * @param int $interval
+     * @param string $verificationUri
+     * @param string $verificationUriComplete
+     */
+    public function __construct(
+        string $deviceCode,
+        int    $expiresIn,
+        string $userCode,
+        int    $interval,
+        string $verificationUri,
+        string $verificationUriComplete)
+    {
+        $this->deviceCode = $deviceCode;
+        $this->userCode = $userCode;
+        $this->verificationUri = $verificationUri;
+        $this->expiresIn = $expiresIn;
+        $this->interval = $interval;
+        $this->verificationUriComplete = $verificationUriComplete;
+    }
+
+    /**
+     * @return string
+     */
+    public function getDeviceCode(): string
+    {
+        return $this->deviceCode;
+    }
+
+    /**
+     * @return string
+     */
+    public function getUserCode(): string
+    {
+        return $this->userCode;
+    }
+
+    /**
+     * @return string
+     */
+    public function getVerificationUri(): string
+    {
+        return $this->verificationUri;
+    }
+
+    /**
+     * @return int
+     */
+    public function getExpiresIn(): int
+    {
+        return $this->expiresIn;
+    }
+
+    /**
+     * @return int
+     */
+    public function getInterval(): int
+    {
+        return $this->interval;
+    }
+
+    /**
+     * @return string
+     */
+    public function getVerificationUriComplete(): string
+    {
+        return $this->verificationUriComplete;
+    }
+}
diff --git a/src/Model/DeviceFlowAuthSessionInterface.php b/src/Model/DeviceFlowAuthSessionInterface.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Imper86\PhpAllegroApi\Model;
+
+interface DeviceFlowAuthSessionInterface
+{
+    /**
+     * @return string
+     */
+    public function getVerificationUri(): string;
+
+    /**
+     * @return string
+     */
+    public function getUserCode(): string;
+
+    /**
+     * @return int
+     */
+    public function getInterval(): int;
+
+    /**
+     * @return int
+     */
+    public function getExpiresIn(): int;
+
+    /**
+     * @return string
+     */
+    public function getDeviceCode(): string;
+
+    /**
+     * @return string
+     */
+    public function getVerificationUriComplete(): string;
+}
diff --git a/src/Oauth/OauthClient.php b/src/Oauth/OauthClient.php
@@ -8,17 +8,23 @@
 
 namespace Imper86\PhpAllegroApi\Oauth;
 
+use Http\Client\Common\Exception\ClientErrorException;
 use Http\Client\Common\Plugin;
 use Http\Client\Common\Plugin\ErrorPlugin;
 use Imper86\HttpClientBuilder\Builder;
 use Imper86\HttpClientBuilder\BuilderInterface;
 use Imper86\PhpAllegroApi\Enum\ContentType;
 use Imper86\PhpAllegroApi\Enum\EndpointHost;
 use Imper86\PhpAllegroApi\Enum\GrantType;
+use Imper86\PhpAllegroApi\Exceptions\AccessDeniedException;
+use Imper86\PhpAllegroApi\Exceptions\AuthorizationPendingException;
+use Imper86\PhpAllegroApi\Exceptions\SlowDownException;
 use Imper86\PhpAllegroApi\Model\CredentialsInterface;
+use Imper86\PhpAllegroApi\Model\DeviceFlowAuthSession;
 use Imper86\PhpAllegroApi\Model\TokenInterface;
 use Imper86\PhpAllegroApi\Plugin\OauthUriPlugin;
 use Imper86\PhpAllegroApi\Plugin\SandboxUriPlugin;
+use Psr\Http\Client\ClientExceptionInterface;
 use Psr\Http\Message\RequestInterface;
 use Psr\Http\Message\UriInterface;
 
@@ -84,6 +90,50 @@ public function getAuthorizationUri(
         return $uri;
     }
 
+    public function getDeviceCode(
+        ?array $scope = null
+    ): DeviceFlowAuthSession {
+        $query = [
+            'client_id' => $this->credentials->getClientId(),
+        ];
+
+        if ($scope) {
+            $query['scope'] = implode(' ', $scope);
+        }
+
+        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query, '/auth/oauth/device'));
+        $body = json_decode($response->getBody()->__toString(), true);
+
+        return new DeviceFlowAuthSession($body['device_code'], $body['expires_in'], $body['user_code'], $body['interval'], $body['verification_uri'], $body['verification_uri_complete']);
+    }
+
+    public function fetchTokenWithDeviceCode(string $code): TokenInterface
+    {
+        $query = [
+            'grant_type' => GrantType::DEVICE_CODE,
+            'device_code' => $code,
+        ];
+
+        try {
+            $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query, '/auth/oauth/token'));
+        } catch (ClientErrorException $clientErrorException) {
+            $response = $clientErrorException->getResponse();
+            $body = json_decode($response->getBody()->__toString(), true);
+
+            if ($body['error'] == 'slow_down') {
+                throw new SlowDownException($body['error_description'], 0, $clientErrorException);
+            } elseif ($body['error'] == 'authorization_pending') {
+                throw new AuthorizationPendingException($body['error_description'], 0, $clientErrorException);
+            } elseif ($body['error'] == 'access_denied') {
+                throw new AccessDeniedException($body['error_description'], 0, $clientErrorException);
+            } else {
+                throw $clientErrorException;
+            }
+        }
+
+        return $this->tokenFactory->createFromResponse($response, GrantType::DEVICE_CODE);
+    }
+
     public function fetchTokenWithCode(string $code): TokenInterface
     {
         $query = [
@@ -92,7 +142,7 @@ public function fetchTokenWithCode(string $code): TokenInterface
             'redirect_uri' => $this->credentials->getRedirectUri(),
         ];
 
-        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query));
+        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query, '/auth/oauth/token'));
 
         return $this->tokenFactory->createFromResponse($response, GrantType::AUTHORIZATION_CODE);
     }
@@ -105,15 +155,15 @@ public function fetchTokenWithRefreshToken(string $refreshToken): TokenInterface
             'redirect_uri' => $this->credentials->getRedirectUri(),
         ];
 
-        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query));
+        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query, '/auth/oauth/token'));
 
         return $this->tokenFactory->createFromResponse($response, GrantType::REFRESH_TOKEN);
     }
 
     public function fetchTokenWithClientCredentials(): TokenInterface
     {
         $query = ['grant_type' => GrantType::CLIENT_CREDENTIALS];
-        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query));
+        $response = $this->builder->getHttpClient()->sendRequest($this->generateRequest($query, '/auth/oauth/token'));
 
         return $this->tokenFactory->createFromResponse($response, GrantType::CLIENT_CREDENTIALS);
     }
@@ -130,13 +180,14 @@ public function removePlugin(string $fqcn): void
 
     /**
      * @param string[] $query
+     * @param string $path
      * @return RequestInterface
      */
-    private function generateRequest(array $query): RequestInterface
+    private function generateRequest(array $query, string $path): RequestInterface
     {
         $uri = $this->builder
             ->getUriFactory()
-            ->createUri('/auth/oauth/token')
+            ->createUri($path)
             ->withQuery(http_build_query($query));
         $auth = base64_encode(
             sprintf(
diff --git a/src/Oauth/OauthClientInterface.php b/src/Oauth/OauthClientInterface.php

-Original file line number
+Diff line change
@@ @@ -0,0 +1,8 @@ @@
 +<?php
++
 +namespace Imper86\PhpAllegroApi\Exceptions;
++
 +class AccessDeniedException extends BaseDeviceFlowException
 +{
++
 +}