✨ Implements OAuth2 Access token and user data fetching

Author: gturpin-dev

packages/auth/src/OAuth/DataObjects/AccessToken.php

@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\DataObjects;
+
+use Tempest\Mapper\MapFrom;
+use function Tempest\map;
+
+final readonly class AccessToken
+{
+    public function __construct(
+        #[MapFrom('access_token')]
+        public string $accessToken,
+
+        #[MapFrom('token_type')]
+        public string $tokenType,
+
+        public string $scope,
+    ) {}
+
+    public static function from(array $data): self
+    {
+        return map($data)->to(self::class);
+    }
+}

packages/auth/src/OAuth/DataObjects/OAuthUserData.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\DataObjects;
+
+use Tempest\Mapper\MapFrom;
+use function Tempest\map;
+
+final readonly class OAuthUserData
+{
+    public function __construct(
+        public int|string $id,
+        public string $nickname,
+        public string $name,
+        public string $email,
+        public string $avatar,
+    ) {}
+
+    public static function from(array $data): self
+    {
+        return map($data)->to(self::class);
+    }
+}

packages/auth/src/OAuth/GithubOAuthProvider.php

@@ -0,0 +1,75 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth;
+
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+
+final class GithubOAuthProvider implements OAuth2ProviderContract
+{
+    use IsOAuth2Provider;
+
+    public private(set) array $scopes = ['user:email'];
+
+    public private(set) string $authorizationUrl = 'https://github.com/login/oauth/authorize';
+
+    public private(set) string $accessTokenUrl = 'https://github.com/login/oauth/access_token';
+
+    public private(set) string $userDataUrl = 'https://api.github.com/user';
+
+    // TODO : goto trait
+    public function __construct(
+        public readonly string $clientId,
+        public readonly string $clientSecret,
+    ) {}
+
+    /**
+     * TODO : goto trait
+     * Return headers used in access token endpoint
+     *
+     * @param string $code The code verifier from OAuth redirection
+     *
+     * @return array<string, mixed>
+     */
+    public function getAccessTokenHeaders(string $code): array
+    {
+        return [
+            'Accept' => 'application/json',
+            'Content-Type' => 'application/json'
+        ];
+    }
+
+    /**
+     * TODO : goto trait
+     * Return body fields used in access token endpoint
+     *
+     * @param string $code The code verifier from OAuth redirection
+     *
+     * @return array<string, mixed>
+     */
+    public function getAccessTokenFields(string $code): array
+    {
+        return [
+            'grant_type' => 'authorization_code',
+            'client_id' => $this->clientId,
+            'client_secret' => $this->clientSecret,
+            'code' => $code,
+            'redirect_uri' => 'http://127.0.0.1:8000/auth/github/callback'
+        ];
+    }
+
+    /**
+     * TODO : goto trait, maybe as abstract method
+     */
+    public function getUserDataFromResponse(array $body): OAuthUserData
+    {
+        return new OAuthUserData(
+            id: $body['id'],
+            nickname: $body['login'],
+            name: $body['name'],
+            email: $body['email'],
+            avatar: $body['avatar_url'] ?? '',
+        );
+    }
+}

packages/auth/src/OAuth/GithubSSOProvider.php

@@ -4,7 +4,9 @@
 
 namespace Tempest\Auth\OAuth;
 
-interface OAuth2ProviderContract extends OAuthProviderContract
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+
+interface OAuth2ProviderContract
 {
     /**
      * @var array<string> The default scopes for the OAuth2 provider.
@@ -26,5 +28,28 @@ interface OAuth2ProviderContract extends OAuthProviderContract
      */
     public string $userDataUrl {get;}
 
-//    public function getUserData(array $headers = []): OAuth2UserData;
+    /**
+     * Return headers used in access token endpoint
+     *
+     * @param string $code The code verifier from OAuth redirection
+     *
+     * @return array<string, mixed>
+     */
+    public function getAccessTokenHeaders(string $code): array;
+
+    /**
+     * Return body fields used in access token endpoint
+     *
+     * @param string $code The code verifier from OAuth redirection
+     *
+     * @return array<string, mixed>
+     */
+    public function getAccessTokenFields(string $code): array;
+
+    /**
+     * Transform the response body into valid user data object
+     *
+     * @param array $body Json decoded response body from the user data endpoint
+     */
+    public function getUserDataFromResponse(array $body): OAuthUserData;
 }

packages/auth/src/OAuth/OAuth2ProviderContract.php

@@ -4,18 +4,24 @@
 
 namespace Tempest\Auth\OAuth;
 
-use Tempest\Container\Inject;
+use Tempest\Auth\OAuth\DataObjects\AccessToken;
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+use Tempest\Http\Session\Session;
 use Tempest\HttpClient\HttpClient;
+use function dd;
+use function json_encode;
+use function Tempest\get;
 use function Tempest\Support\str;
 
 final class OAuthManager
 {
-    #[Inject]
-    private HttpClient $httpClient;
+    private readonly HttpClient $httpClient;
 
     public function __construct(
         private readonly OAuth2ProviderContract $driver,
-    ) {}
+    ) {
+        $this->httpClient = get(HttpClient::class);
+    }
 
     public function generateAuthorizationUrl(
         ?array $scopes = null,
@@ -29,13 +35,74 @@ public function generateAuthorizationUrl(
 
         if ( ! $isStateless ) {
             $queryData['state'] = $this->generateState();
+            // TODO : Store the state in the session for later validation
         }
 
         $queryString = http_build_query(array_filter($queryData), arg_separator: '&');
 
         return $this->driver->authorizationUrl . '?' . $queryString;
     }
 
+    public function generateAccessToken(
+        string $code,
+        ?string $state = null
+    ): AccessToken {
+        $response = $this->httpClient->post(
+            uri: $this->driver->accessTokenUrl,
+            headers: $this->driver->getAccessTokenHeaders($code),
+            body: json_encode($this->driver->getAccessTokenFields($code))
+        );
+
+        try {
+            $body = json_decode($response->body, associative: true);
+            $accessToken = AccessToken::from($body);
+        } catch ( \Error $e ) {
+            $errorMessage = 'Failed to decode access token response.';
+
+            if ( isset($body['error'], $body['error_description']) ) {
+                $errorMessage .= sprintf(
+                    ' Error: "%s". Description: "%s"',
+                    $body['error'],
+                    $body['error_description']
+                );
+            }
+
+            throw new \RuntimeException( $errorMessage );
+        }
+
+        return $accessToken;
+    }
+
+    public function fetchUserDataFromToken(AccessToken $accessToken): OAuthUserData
+    {
+        $response = $this->httpClient->get(
+            uri: $this->driver->userDataUrl,
+            headers: [
+                'Authorization' => $accessToken->tokenType . ' ' . $accessToken->accessToken,
+                'Accept' => 'application/json',
+            ]
+        );
+
+        try {
+            $body = json_decode($response->body, associative: true);
+            $userData = $this->driver->getUserDataFromResponse($body);
+        } catch ( \Error $e ) {
+            $errorMessage = 'Failed to get user data.';
+
+            if ( isset($body['error'], $body['error_description']) ) {
+                $errorMessage .= sprintf(
+                    ' Error: "%s". Description: "%s"',
+                    $body['error'],
+                    $body['error_description']
+                );
+            }
+
+            throw new \RuntimeException( $errorMessage );
+        }
+
+        return $userData;
+    }
+
     private function formatScopes(array $scopes, string $scopeSeparator): string
     {
         return implode($scopeSeparator, $scopes);

packages/auth/src/OAuth/OAuthManager.php

@@ -4,7 +4,7 @@
 
 namespace Tests\Tempest\Integration\Auth;
 
-use Tempest\Auth\OAuth\GithubSSOProvider;
+use Tempest\Auth\OAuth\GithubOAuthProvider;
 use Tempest\Auth\OAuth\OAuthManager;
 use Tempest\Support\Namespace\Psr4Namespace;
 use Tests\Tempest\Integration\FrameworkIntegrationTestCase;