Adds private claims to the grant types

Author: skroczek

src/AuthorizationServer.php

@@ -16,6 +16,7 @@
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use League\OAuth2\Server\Repositories\ClaimRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
@@ -69,6 +70,11 @@ class AuthorizationServer implements EmitterAwareInterface
      */
     private $scopeRepository;
 
+    /**
+     * @var ClaimRepositoryInterface
+     */
+    private $claimRepository;
+
     /**
      * @var string|Key
      */
@@ -93,13 +99,15 @@ public function __construct(
         ClientRepositoryInterface $clientRepository,
         AccessTokenRepositoryInterface $accessTokenRepository,
         ScopeRepositoryInterface $scopeRepository,
+        ClaimRepositoryInterface $claimRepository,
         $privateKey,
         $encryptionKey,
         ResponseTypeInterface $responseType = null
     ) {
         $this->clientRepository = $clientRepository;
         $this->accessTokenRepository = $accessTokenRepository;
         $this->scopeRepository = $scopeRepository;
+        $this->claimRepository = $claimRepository;
 
         if ($privateKey instanceof CryptKey === false) {
             $privateKey = new CryptKey($privateKey);
@@ -132,6 +140,7 @@ public function enableGrantType(GrantTypeInterface $grantType, DateInterval $acc
         $grantType->setAccessTokenRepository($this->accessTokenRepository);
         $grantType->setClientRepository($this->clientRepository);
         $grantType->setScopeRepository($this->scopeRepository);
+        $grantType->setClaimRepository($this->claimRepository);
         $grantType->setDefaultScope($this->defaultScope);
         $grantType->setPrivateKey($this->privateKey);
         $grantType->setEmitter($this->getEmitter());

src/Grant/AuthCodeGrant.php

@@ -161,7 +161,12 @@ public function respondToAccessTokenRequest(
         }
         $privateClaims = [];
         if($this->claimRepository){
-            $privateClaims = $this->claimRepository->getClaims();
+            $privateClaims = $this->claimRepository->getClaims(
+                $privateClaims,
+                $this->getIdentifier(),
+                $client,
+                $authCodePayload->user_id
+            );
         }
 
         // Issue and persist new access token

src/Grant/ClientCredentialsGrant.php

@@ -50,7 +50,7 @@ public function respondToAccessTokenRequest(
 
         $privateClaims = [];
         if($this->claimRepository){
-            $privateClaims = $this->claimRepository->getClaims();
+            $privateClaims = $this->claimRepository->getClaims($privateClaims, $this->getIdentifier(), $client);
         }
 
         // Issue and persist access token

src/Grant/ImplicitGrant.php

@@ -188,7 +188,12 @@ public function completeAuthorizationRequest(AuthorizationRequest $authorization
 
             $privateClaims = [];
             if($this->claimRepository){
-                $privateClaims = $this->claimRepository->getClaims();
+                $privateClaims = $this->claimRepository->getClaims(
+                    $privateClaims,
+                    $this->getIdentifier(),
+                    $authorizationRequest->getClient(),
+                    $authorizationRequest->getUser()->getIdentifier()
+                );
             }
 
             $accessToken = $this->issueAccessToken(

src/Grant/PasswordGrant.php

@@ -58,7 +58,7 @@ public function respondToAccessTokenRequest(
 
         $privateClaims = [];
         if($this->claimRepository){
-            $privateClaims = $this->claimRepository->getClaims();
+            $privateClaims = $this->claimRepository->getClaims($privateClaims, $this->getIdentifier(), $client, $user->getIdentifier());
         }
 
         // Issue and persist new access token

src/Grant/RefreshTokenGrant.php

@@ -63,9 +63,14 @@ public function respondToAccessTokenRequest(
         $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
         $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
 
-        $privateClaim = [];
+        $privateClaims = [];
         if($this->claimRepository){
-            $privateClaim = $this->claimRepository->getClaims();
+            $privateClaims = $this->claimRepository->getClaims(
+                $privateClaims,
+                $this->getIdentifier(),
+                $client,
+                $oldRefreshToken['user_id']
+            );
         }
 
         // Issue and persist new access token
@@ -74,7 +79,7 @@ public function respondToAccessTokenRequest(
             $client,
             $oldRefreshToken['user_id'],
             $scopes,
-            $privateClaim
+            $privateClaims
         );
         $this->getEmitter()->emit(new RequestEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request));
         $responseType->setAccessToken($accessToken);

src/Repositories/ClaimRepositoryInterface.php

@@ -10,6 +10,7 @@
 namespace League\OAuth2\Server\Repositories;
 
 use League\OAuth2\Server\Entities\ClaimEntityInterface;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
 
 /**
  * Claim repository interface.
@@ -22,5 +23,9 @@ interface ClaimRepositoryInterface extends RepositoryInterface
      *
      * @return ClaimEntityInterface[]
      */
-    public function getClaims();
+    public function getClaims(
+        array $claims,
+        $grantType,
+        ClientEntityInterface $clientEntity,
+        $userIdentifier = null);
 }