tp-library-php/docs/OAuthServer_8php_source.html

 <?php

 namespace IMSGlobal\LTI\OAuth;

 class OAuthServer {

     protected $timestamp_threshold = 300; // in seconds, five minutes
     protected $version = '1.0';             // hi blaine
     protected $signature_methods = array();

     protected $data_store;

     function __construct($data_store) {
         $this->data_store = $data_store;
     }

     public function add_signature_method($signature_method) {
         $this->signature_methods[$signature_method->get_name()] = $signature_method;
     }

     // high level functions

     public function fetch_request_token(&$request) {

         $this->get_version($request);

         $consumer = $this->get_consumer($request);

         // no token required for the initial token request
         $token = NULL;

         $this->check_signature($request, $consumer, $token);

         // Rev A change
         $callback = $request->get_parameter('oauth_callback');
         $new_token = $this->data_store->new_request_token($consumer, $callback);

         return $new_token;

     }

     public function fetch_access_token(&$request) {

         $this->get_version($request);

         $consumer = $this->get_consumer($request);

         // requires authorized request token
         $token = $this->get_token($request, $consumer, "request");

         $this->check_signature($request, $consumer, $token);

         // Rev A change
         $verifier = $request->get_parameter('oauth_verifier');
         $new_token = $this->data_store->new_access_token($token, $consumer, $verifier);

         return $new_token;

     }

     public function verify_request(&$request) {

         $this->get_version($request);
         $consumer = $this->get_consumer($request);
         $token = $this->get_token($request, $consumer, "access");
         $this->check_signature($request, $consumer, $token);

         return array($consumer, $token);

     }

     // Internals from here
     private function get_version(&$request) {

         $version = $request->get_parameter("oauth_version");
         if (!$version) {
             // Service Providers MUST assume the protocol version to be 1.0 if this parameter is not present.
             // Chapter 7.0 ("Accessing Protected Ressources")
             $version = '1.0';
         }
         if ($version !== $this->version) {
             throw new OAuthException("OAuth version '$version' not supported");
         }

         return $version;

     }

     private function get_signature_method($request) {

         $signature_method = $request instanceof OAuthRequest
             ? $request->get_parameter('oauth_signature_method') : NULL;

         if (!$signature_method) {
             // According to chapter 7 ("Accessing Protected Ressources") the signature-method
             // parameter is required, and we can't just fallback to PLAINTEXT
             throw new OAuthException('No signature method parameter. This parameter is required');
         }

         if (!in_array($signature_method,
                       array_keys($this->signature_methods))) {
             throw new OAuthException(
               "Signature method '$signature_method' not supported " .
               'try one of the following: ' .
               implode(', ', array_keys($this->signature_methods))
             );
         }

         return $this->signature_methods[$signature_method];

     }

     private function get_consumer($request) {

         $consumer_key = $request instanceof OAuthRequest
             ? $request->get_parameter('oauth_consumer_key') : NULL;

         if (!$consumer_key) {
             throw new OAuthException('Invalid consumer key');
         }

         $consumer = $this->data_store->lookup_consumer($consumer_key);
         if (!$consumer) {
             throw new OAuthException('Invalid consumer');
         }

         return $consumer;

     }

     private function get_token($request, $consumer, $token_type="access") {

         $token_field = $request instanceof OAuthRequest
              ? $request->get_parameter('oauth_token') : NULL;

         $token = $this->data_store->lookup_token($consumer, $token_type, $token_field);
         if (!$token) {
             throw new OAuthException("Invalid $token_type token: $token_field");
         }

         return $token;

     }

     private function check_signature($request, $consumer, $token) {

         // this should probably be in a different method
         $timestamp = $request instanceof OAuthRequest
             ? $request->get_parameter('oauth_timestamp')
             : NULL;
         $nonce = $request instanceof OAuthRequest
             ? $request->get_parameter('oauth_nonce')
             : NULL;

         $this->check_timestamp($timestamp);
         $this->check_nonce($consumer, $token, $nonce, $timestamp);

         $signature_method = $this->get_signature_method($request);

         $signature = $request->get_parameter('oauth_signature');
         $valid_sig = $signature_method->check_signature($request, $consumer, $token, $signature);

         if (!$valid_sig) {
             throw new OAuthException('Invalid signature');
         }
     }

     private function check_timestamp($timestamp) {
         if(!$timestamp)
             throw new OAuthException('Missing timestamp parameter. The parameter is required');

         // verify that timestamp is recentish
         $now = time();
         if (abs($now - $timestamp) > $this->timestamp_threshold) {
             throw new OAuthException("Expired timestamp, yours $timestamp, ours $now");
         }

     }

     private function check_nonce($consumer, $token, $nonce, $timestamp) {

         if(!$nonce)
           throw new OAuthException('Missing nonce parameter. The parameter is required');

         // verify that the nonce is uniqueish
         $found = $this->data_store->lookup_nonce($consumer, $token, $nonce, $timestamp);
         if ($found) {
             throw new OAuthException("Nonce already used: $nonce");
         }

     }

 }
IMSGlobal\LTI\OAuth\OAuthServer\add_signature_method
add_signature_method($signature_method)
Definition: OAuthServer.php:24

IMSGlobal\LTI\OAuth\OAuthException
Class to represent an OAuth Exception.
Definition: OAuthException.php:12

IMSGlobal\LTI\OAuth
Definition: OAuthConsumer.php:3

IMSGlobal\LTI\OAuth\OAuthServer\fetch_request_token
fetch_request_token(&$request)
process a request_token request returns the request token on success
Definition: OAuthServer.php:34

IMSGlobal\LTI\OAuth\OAuthServer\verify_request
verify_request(&$request)
verify an api call, checks all the parameters
Definition: OAuthServer.php:79

IMSGlobal\LTI\OAuth\OAuthServer\$signature_methods
$signature_methods
Definition: OAuthServer.php:16

IMSGlobal\LTI\OAuth\OAuthServer\$data_store
$data_store
Definition: OAuthServer.php:18

IMSGlobal\LTI\OAuth\OAuthServer\fetch_access_token
fetch_access_token(&$request)
process an access_token request returns the access token on success
Definition: OAuthServer.php:57

IMSGlobal\LTI\OAuth\OAuthRequest
Class to represent an OAuth Request.
Definition: OAuthRequest.php:12

IMSGlobal\LTI\OAuth\OAuthRequest\get_parameter
get_parameter($name)
Definition: OAuthRequest.php:119

IMSGlobal\LTI\OAuth\OAuthServer\__construct
__construct($data_store)
Definition: OAuthServer.php:20

IMSGlobal\LTI\OAuth\OAuthServer\$timestamp_threshold
$timestamp_threshold
Definition: OAuthServer.php:14

IMSGlobal\LTI\OAuth\OAuthServer
Class to represent an OAuth Server.
Definition: OAuthServer.php:12

IMSGlobal\LTI\OAuth\OAuthServer\$version
$version
Definition: OAuthServer.php:15