fix: #225: GrantConfigurator should accept League\OAuth2\Server\Grant\GrantTypeInterface

Author: TLG-Gildas

docs/implementing-custom-grant-type.md

@@ -1,5 +1,75 @@
 # Implementing custom grant type
 
+1. Create a class that implements the `League\OAuth2\Server\Grant\GrantTypeInterface` interface.
+
+   Example:
+
+    ```php
+    <?php
+
+    declare(strict_types=1);
+
+    namespace App\Grant;
+
+    use DateInterval;
+    use League\OAuth2\Server\Grant\AbstractGrant;
+    use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
+    use Nyholm\Psr7\Response;
+    use Psr\Http\Message\ServerRequestInterface;
+    use League\OAuth2\Server\Grant\GrantTypeInterface;
+
+    final class FakeGrant extends AbstractGrant implements GrantTypeInterface
+    {
+        /**
+         * @var SomeDependency
+         */
+        private $foo;
+
+        public function __construct(SomeDependency $foo)
+        {
+            $this->foo = $foo;
+        }
+
+        public function getIdentifier()
+        {
+            return 'fake_grant';
+        }
+
+        public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, DateInterval $accessTokenTTL)
+        {
+            return new Response();
+        }
+    }
+    ```
+
+1. In order to enable the new grant type in the authorization server you must register the service in the container.
+And the service must be tagged with the `league.oauth2_server.authorization_server.grant` tag:
+
+    ```yaml
+    services:
+
+      App\Grant\FakeGrant:
+        tags:
+          - {name: league.oauth2_server.authorization_server.grant}
+    ```
+
+    You could define a custom access token TTL for your grant using `accessTokenTTL` tag attribute :
+
+    ```yaml
+    services:
+
+      App\Grant\FakeGrant:
+        tags:
+          - {name: league.oauth2_server.authorization_server.grant, accessTokenTTL: PT5H}
+    ```
+
+    If `accessTokenTTL` tag attribute is not defined, then bundle config is used `league_oauth2_server.authorization_server.access_token_ttl` (same as `league.oauth2_server.access_token_ttl.default` service container parameter). \
+    `null` is considered as defined, to allow to unset ttl. \
+   `league_oauth2_server.authorization_server.refresh_token_ttl` is also accessible for your implementation using `league.oauth2_server.refresh_token_ttl.default` service container parameter.
+
+
+# Implementing custom grant type (deprecated method)
+
 1. Create a class that implements the `\League\Bundle\OAuth2ServerBundle\League\AuthorizationServer\GrantTypeInterface` interface.
 
     Example:

src/AuthorizationServer/GrantConfigurator.php

@@ -6,6 +6,9 @@
 
 use League\OAuth2\Server\AuthorizationServer;
 
+/**
+ * @deprecated
+ */
 final class GrantConfigurator
 {
     /**
@@ -24,7 +27,9 @@ public function __construct(iterable $grants)
     public function __invoke(AuthorizationServer $authorizationServer): void
     {
         foreach ($this->grants as $grant) {
-            $authorizationServer->enableGrantType($grant, $grant->getAccessTokenTTL());
+            if ($grant instanceof GrantTypeInterface) {
+                $authorizationServer->enableGrantType($grant, $grant->getAccessTokenTTL());
+            }
         }
     }
 }

src/AuthorizationServer/GrantTypeInterface.php

@@ -6,6 +6,9 @@
 
 use League\OAuth2\Server\Grant\GrantTypeInterface as LeagueGrantTypeInterface;
 
+/**
+ * @deprecated use League\OAuth2\Server\Grant\GrantTypeInterface with accessTokenTTL tag attribute instead
+ */
 interface GrantTypeInterface extends LeagueGrantTypeInterface
 {
     public function getAccessTokenTTL(): ?\DateInterval;

src/DependencyInjection/CompilerPass/GrantTypePass.php

@@ -0,0 +1,55 @@
+<?php declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\DependencyInjection\CompilerPass;
+
+use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
+use League\OAuth2\Server\AuthorizationServer;
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Reference;
+
+class GrantTypePass implements CompilerPassInterface
+{
+    /**
+     * @inheritDoc
+     */
+    public function process(ContainerBuilder $container): void
+    {
+        // check if AuthorizationServer service is defined
+        if (!$container->has(AuthorizationServer::class)) {
+            return;
+        }
+
+        $definition = $container->findDefinition(AuthorizationServer::class);
+
+        // find all service IDs with the league.oauth2_server.authorization_server.grant tag
+        $taggedServices = $container->findTaggedServiceIds('league.oauth2_server.authorization_server.grant');
+
+        // enable grant type for each
+        foreach ($taggedServices as $id => $tags) {
+            // skip of custom grant using \League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface
+            // since there are handled by \League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantConfigurator
+            // TODO remove code bloc when bundle interface and configurator will be deleted
+            try {
+                $grantDefinition = $container->findDefinition($id);
+                $refGrantClass = new \ReflectionClass($grantDefinition->getClass());
+                if ($refGrantClass->implementsInterface(GrantTypeInterface::class)) {
+                    continue;
+                }
+            } catch (\ReflectionException) {
+                // handling of this service as native one
+            }
+
+            foreach ($tags as $attributes) {
+                $definition->addMethodCall('enableGrantType', [
+                    new Reference($id),
+                    // use accessTokenTTL tag attribute if exists, otherwise use global bundle config
+                    new Definition(\DateInterval::class, [array_key_exists('accessTokenTTL', $attributes)
+                        ? $attributes['accessTokenTTL']
+                        : $container->getParameter('league.oauth2_server.access_token_ttl.default')]),
+                ]);
+            }
+        }
+    }
+}

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -69,6 +69,7 @@ public function load(array $configs, ContainerBuilder $container)
         $container->findDefinition(OAuth2Authenticator::class)
             ->setArgument(3, $config['role_prefix']);
 
+        // TODO remove code bloc when bundle interface and configurator will be deleted
         $container->registerForAutoconfiguration(GrantTypeInterface::class)
             ->addTag('league.oauth2_server.authorization_server.grant');
 
@@ -139,6 +140,7 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
     {
         $container->setParameter('league.oauth2_server.encryption_key', $config['encryption_key']);
         $container->setParameter('league.oauth2_server.encryption_key.type', $config['encryption_key_type']);
+        $container->setParameter('league.oauth2_server.access_token_ttl.default', $config['access_token_ttl']);
 
         $authorizationServer = $container
             ->findDefinition(AuthorizationServer::class)
@@ -195,6 +197,8 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
      */
     private function configureGrants(ContainerBuilder $container, array $config): void
     {
+        $container->setParameter('league.oauth2_server.refresh_token_ttl.default', $config['refresh_token_ttl']);
+
         $container
             ->findDefinition(PasswordGrant::class)
             ->addMethodCall('setRefreshTokenTTL', [

src/LeagueOAuth2ServerBundle.php

@@ -6,6 +6,7 @@
 
 use Doctrine\Bundle\DoctrineBundle\DependencyInjection\Compiler\DoctrineOrmMappingsPass;
 use League\Bundle\OAuth2ServerBundle\DependencyInjection\CompilerPass\EncryptionKeyPass;
+use League\Bundle\OAuth2ServerBundle\DependencyInjection\CompilerPass\GrantTypePass;
 use League\Bundle\OAuth2ServerBundle\DependencyInjection\LeagueOAuth2ServerExtension;
 use League\Bundle\OAuth2ServerBundle\DependencyInjection\Security\OAuth2Factory;
 use League\Bundle\OAuth2ServerBundle\Persistence\Mapping\Driver;
@@ -26,6 +27,8 @@ public function build(ContainerBuilder $container)
 
         $this->configureDoctrineExtension($container);
         $this->configureSecurityExtension($container);
+        $container->addCompilerPass(new GrantTypePass());
+
     }
 
     public function getContainerExtension(): ExtensionInterface

src/Resources/config/services.php

@@ -133,6 +133,7 @@
         ->set('league.oauth2_server.emitter', EventEmitter::class)
         ->call('subscribeListenersFrom', [service('league.oauth2_server.symfony_league_listener_provider')])
 
+        // TODO remove code bloc when bundle interface and configurator will be deleted
         ->set('league.oauth2_server.authorization_server.grant_configurator', GrantConfigurator::class)
             ->args([
                 tagged_iterator('league.oauth2_server.authorization_server.grant'),
@@ -150,6 +151,7 @@
                 null,
             ])
             ->call('setEmitter', [service('league.oauth2_server.emitter')])
+            // TODO remove next line when bundle interface and configurator will be deleted
             ->configurator(service(GrantConfigurator::class))
         ->alias(AuthorizationServer::class, 'league.oauth2_server.authorization_server')
 

tests/Fixtures/FakeGrant.php

@@ -4,8 +4,8 @@
 
 namespace League\Bundle\OAuth2ServerBundle\Tests\Fixtures;
 
-use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
 use League\OAuth2\Server\Grant\AbstractGrant;
+use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Nyholm\Psr7\Response;
 use Psr\Http\Message\ServerRequestInterface;
@@ -21,9 +21,4 @@ public function respondToAccessTokenRequest(ServerRequestInterface $request, Res
     {
         return new Response();
     }
-
-    public function getAccessTokenTTL(): ?\DateInterval
-    {
-        return new \DateInterval('PT5H');
-    }
 }

tests/Fixtures/FakeLegacyGrant.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Tests\Fixtures;
+
+use League\Bundle\OAuth2ServerBundle\AuthorizationServer\GrantTypeInterface;
+use League\OAuth2\Server\Grant\AbstractGrant;
+use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
+use Nyholm\Psr7\Response;
+use Psr\Http\Message\ServerRequestInterface;
+
+// TODO remove code bloc when bundle interface and configurator will be deleted
+/**
+ * @deprecated
+ */
+final class FakeLegacyGrant extends AbstractGrant implements GrantTypeInterface
+{
+    public function getIdentifier(): string
+    {
+        return 'fake_legacy_grant';
+    }
+
+    public function respondToAccessTokenRequest(ServerRequestInterface $request, ResponseTypeInterface $responseType, \DateInterval $accessTokenTTL): ResponseTypeInterface
+    {
+        return new Response();
+    }
+
+    public function getAccessTokenTTL(): ?\DateInterval
+    {
+        return new \DateInterval('PT5H');
+    }
+}

tests/Integration/AuthorizationServerCustomGrantTest.php

@@ -5,6 +5,7 @@
 namespace League\Bundle\OAuth2ServerBundle\Tests\Integration;
 
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeGrant;
+use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeLegacyGrant;
 use League\OAuth2\Server\AuthorizationServer;
 use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
 
@@ -21,10 +22,20 @@ public function testAuthorizationServerHasOurCustomGrantEnabled(): void
         $reflectionProperty = $reflectionClass->getProperty('enabledGrantTypes');
         $reflectionProperty->setAccessible(true);
 
+        $reflectionTTLProperty = $reflectionClass->getProperty('grantTypeAccessTokenTTL');
+        $reflectionTTLProperty->setAccessible(true);
+
         $enabledGrantTypes = $reflectionProperty->getValue($authorizationServer);
+        $grantTypeAccessTokenTTL = $reflectionTTLProperty->getValue($authorizationServer);
 
         $this->assertArrayHasKey('fake_grant', $enabledGrantTypes);
         $this->assertInstanceOf(FakeGrant::class, $enabledGrantTypes['fake_grant']);
-        $this->assertEquals(new \DateInterval('PT5H'), $enabledGrantTypes['fake_grant']->getAccessTokenTTL());
+        $this->assertArrayHasKey('fake_grant', $grantTypeAccessTokenTTL);
+        $this->assertEquals(new \DateInterval('PT5H'), $grantTypeAccessTokenTTL['fake_grant']);
+
+        // TODO remove code bloc when bundle interface and configurator will be deleted
+        $this->assertArrayHasKey('fake_legacy_grant', $enabledGrantTypes);
+        $this->assertInstanceOf(FakeLegacyGrant::class, $enabledGrantTypes['fake_legacy_grant']);
+        $this->assertEquals(new \DateInterval('PT5H'), $enabledGrantTypes['fake_legacy_grant']->getAccessTokenTTL());
     }
 }

tests/TestKernel.php

@@ -16,6 +16,7 @@
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeClientManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeCredentialsRevoker;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeGrant;
+use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeLegacyGrant;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FakeRefreshTokenManager;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\FixtureFactory;
 use League\Bundle\OAuth2ServerBundle\Tests\Fixtures\SecurityTestController;
@@ -246,7 +247,10 @@ private function configureCustomPersistenceServices(ContainerBuilder $container)
 
     private function registerFakeGrant(ContainerBuilder $container): void
     {
-        $container->register(FakeGrant::class)->setAutoconfigured(true);
+        $container->register(FakeGrant::class)
+            ->addTag('league.oauth2_server.authorization_server.grant', ['accessTokenTTL' => 'PT5H']);
+        // TODO remove line when bundle interface and configurator will be deleted
+        $container->register(FakeLegacyGrant::class)->setAutoconfigured(true);
     }
 
     private function initializeEnvironmentVariables(): void