Abstract Class yii\authclient\OAuth2

Inheritanceyii\authclient\OAuth2 » yii\authclient\BaseOAuth » yii\authclient\BaseClient » yii\base\Component
Implementsyii\authclient\ClientInterface
Subclassesyii\authclient\OpenIdConnect, yii\authclient\clients\Facebook, yii\authclient\clients\GitHub, yii\authclient\clients\Google, yii\authclient\clients\GoogleHybrid, yii\authclient\clients\LinkedIn, yii\authclient\clients\Live, yii\authclient\clients\Oauth2Client, yii\authclient\clients\TwitterOAuth2, yii\authclient\clients\VKontakte, yii\authclient\clients\Yandex
Available since extension's version2.0
Source Code https://github.com/yiisoft/yii2-authclient/blob/master/src/OAuth2.php

OAuth2 serves as a client for the OAuth 2 flow.

In oder to acquire access token perform following sequence:

use yii\authclient\OAuth2;

// assuming class MyAuthClient extends OAuth2
$oauthClient = new MyAuthClient();
$url = $oauthClient->buildAuthUrl(); // Build authorization URL
Yii::$app->getResponse()->redirect($url); // Redirect to authorization URL.
// After user returns at our site:
$code = Yii::$app->getRequest()->get('code');
$accessToken = $oauthClient->fetchAccessToken($code); // Get access token

See also:

Public Properties

Hide inherited properties

Property Type Description Defined By
$accessToken yii\authclient\OAuthToken Auth token instance. yii\authclient\BaseOAuth
$accessTokenLocation string The location of the access token when it is applied to the request. yii\authclient\OAuth2
$apiBaseUrl string API base URL. yii\authclient\BaseOAuth
$authUrl string Authorize URL. yii\authclient\BaseOAuth
$autoRefreshAccessToken boolean Whether to automatically perform 'refresh access token' request on expired access token. yii\authclient\BaseOAuth
$clientId string OAuth client ID. yii\authclient\OAuth2
$clientSecret string OAuth client secret. yii\authclient\OAuth2
$enablePkce boolean Whether to enable proof key for code exchange (PKCE) support and add a code_challenge and code_verifier to the auth request. yii\authclient\OAuth2
$httpClient \yii\httpclient\Client Internal HTTP client. yii\authclient\BaseClient
$id string Service id. yii\authclient\BaseClient
$name string Service name. yii\authclient\BaseClient
$normalizeUserAttributeMap array Normalize user attribute map. yii\authclient\BaseClient
$parametersToKeepInReturnUrl array List of the parameters to keep in default return url. yii\authclient\BaseOAuth
$requestOptions array HTTP request options. yii\authclient\BaseClient
$returnUrl string Return URL. yii\authclient\BaseOAuth
$scope string Auth request scope. yii\authclient\BaseOAuth
$signatureMethod yii\authclient\signature\BaseMethod Signature method instance. yii\authclient\BaseOAuth
$stateStorage yii\authclient\StateStorageInterface Stage storage. yii\authclient\BaseClient
$title string Service title. yii\authclient\BaseClient
$tokenUrl string Token request URL endpoint. yii\authclient\OAuth2
$userAttributes array List of user attributes. yii\authclient\BaseClient
$validateAuthState boolean Whether to use and validate auth 'state' parameter in authentication flow. yii\authclient\OAuth2
$version string Protocol version. yii\authclient\OAuth2
$viewOptions array View options in format: optionName => optionValue. yii\authclient\BaseClient

Public Methods

Hide inherited methods

Method Description Defined By
api() Performs request to the OAuth API returning response data. yii\authclient\BaseOAuth
applyAccessTokenToRequest() Applies access token to the HTTP request instance. yii\authclient\OAuth2
authenticateClient() Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type. yii\authclient\OAuth2
authenticateUser() Authenticates user directly by 'username/password' pair, using 'password' grant type. yii\authclient\OAuth2
authenticateUserJwt() Authenticates user directly using JSON Web Token (JWT). yii\authclient\OAuth2
beforeApiRequestSend() Handles Request::EVENT_BEFORE_SEND event. yii\authclient\BaseOAuth
buildAuthUrl() Composes user authorization URL. yii\authclient\OAuth2
createApiRequest() Creates an HTTP request for the API call. yii\authclient\BaseOAuth
createRequest() Creates HTTP request instance. yii\authclient\BaseClient
fetchAccessToken() Fetches access token from authorization code. yii\authclient\OAuth2
getAccessToken() yii\authclient\BaseOAuth
getHttpClient() Returns HTTP client. yii\authclient\BaseClient
getId() yii\authclient\BaseClient
getName() yii\authclient\BaseClient
getNormalizeUserAttributeMap() yii\authclient\BaseClient
getRequestOptions() yii\authclient\BaseClient
getReturnUrl() yii\authclient\BaseOAuth
getSignatureMethod() yii\authclient\BaseOAuth
getStateStorage() yii\authclient\BaseClient
getTitle() yii\authclient\BaseClient
getUserAttributes() yii\authclient\BaseClient
getViewOptions() yii\authclient\BaseClient
refreshAccessToken() Gets new auth token to replace expired one. yii\authclient\OAuth2
setAccessToken() Sets access token to be used. yii\authclient\BaseOAuth
setHttpClient() Sets HTTP client to be used. yii\authclient\BaseOAuth
setId() yii\authclient\BaseClient
setName() yii\authclient\BaseClient
setNormalizeUserAttributeMap() yii\authclient\BaseClient
setRequestOptions() yii\authclient\BaseClient
setReturnUrl() yii\authclient\BaseOAuth
setSignatureMethod() Set signature method to be used. yii\authclient\BaseOAuth
setStateStorage() yii\authclient\BaseClient
setTitle() yii\authclient\BaseClient
setUserAttributes() yii\authclient\BaseClient
setViewOptions() yii\authclient\BaseClient

Protected Methods

Hide inherited methods

Method Description Defined By
applyClientCredentialsToRequest() Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance. yii\authclient\OAuth2
composeUrl() Composes URL from base URL and GET params. yii\authclient\BaseOAuth
createHttpClient() Creates HTTP client instance from reference or configuration. yii\authclient\BaseOAuth
createSignatureMethod() Creates signature method instance from its configuration. yii\authclient\BaseOAuth
createToken() Creates token from its configuration. yii\authclient\OAuth2
defaultName() Generates service name. yii\authclient\BaseClient
defaultNormalizeUserAttributeMap() Returns the default $normalizeUserAttributeMap value. yii\authclient\BaseClient
defaultRequestOptions() Returns default HTTP request options. yii\authclient\BaseOAuth
defaultReturnUrl() Composes default $returnUrl value. yii\authclient\BaseOAuth
defaultTitle() Generates service title. yii\authclient\BaseClient
defaultViewOptions() Returns the default $viewOptions value. yii\authclient\BaseClient
generateAuthState() Generates the auth state value. yii\authclient\OAuth2
getState() Returns persistent state value. yii\authclient\BaseClient
getStateKeyPrefix() Returns session key prefix, which is used to store internal states. yii\authclient\BaseClient
initUserAttributes() Initializes authenticated user attributes. yii\authclient\BaseClient
normalizeUserAttributes() Normalize given user attributes according to $normalizeUserAttributeMap. yii\authclient\BaseClient
removeState() Removes persistent state value. yii\authclient\BaseClient
restoreAccessToken() Restores access token. yii\authclient\BaseOAuth
saveAccessToken() Saves token as persistent state. yii\authclient\BaseOAuth
sendRequest() Sends the given HTTP request, returning response data. yii\authclient\BaseOAuth
setState() Sets persistent state. yii\authclient\BaseClient

Constants

Hide inherited constants

Constant Value Description Defined By
ACCESS_TOKEN_LOCATION_BODY 'body' Apply the access token to the request body yii\authclient\OAuth2
ACCESS_TOKEN_LOCATION_HEADER 'header' Apply the access token to the request header yii\authclient\OAuth2

Property Details

Hide inherited properties

$accessTokenLocation public property (available since version 2.2.16)

The location of the access token when it is applied to the request. NOTE: According to the OAuth2 specification this should be header by default, however, for backwards compatibility the default value used here is body.

See also https://datatracker.ietf.org/doc/html/rfc6749#section-7.

public string $accessTokenLocation self::ACCESS_TOKEN_LOCATION_BODY
$clientId public property

OAuth client ID.

public string $clientId null
$clientSecret public property

OAuth client secret.

public string $clientSecret null
$enablePkce public property (available since version 2.2.10)

Whether to enable proof key for code exchange (PKCE) support and add a code_challenge and code_verifier to the auth request.

See also https://oauth.net/2/pkce/.

public boolean $enablePkce false
$tokenUrl public property

Token request URL endpoint.

public string $tokenUrl null
$validateAuthState public property (available since version 2.1)

Whether to use and validate auth 'state' parameter in authentication flow. If enabled - the opaque value will be generated and applied to auth URL to maintain state between the request and callback. The authorization server includes this value, when redirecting the user-agent back to the client. The option is used for preventing cross-site request forgery.

$version public property

Protocol version.

public string $version '2.0'

Method Details

Hide inherited methods

api() public method

Defined in: yii\authclient\BaseOAuth::api()

Performs request to the OAuth API returning response data.

You may use createApiRequest() method instead, gaining more control over request execution.

See also createApiRequest().

public array api ( $apiSubUrl, $method 'GET', $data = [], $headers = [] )
$apiSubUrl string|array

API sub URL, which will be append to $apiBaseUrl, or absolute API URL.

$method string

Request method.

$data array|string

Request data or content.

$headers array

Additional request headers.

return array

API response data.

                public function api($apiSubUrl, $method = 'GET', $data = [], $headers = [])
{
    $request = $this->createApiRequest()
        ->setMethod($method)
        ->setUrl($apiSubUrl)
        ->addHeaders($headers);
    if (!empty($data)) {
        if (is_array($data)) {
            $request->setData($data);
        } else {
            $request->setContent($data);
        }
    }
    return $this->sendRequest($request);
}

            
applyAccessTokenToRequest() public method (available since version 2.1)

Applies access token to the HTTP request instance.

public void applyAccessTokenToRequest ( $request, $accessToken )
$request \yii\httpclient\Request

HTTP request instance.

$accessToken yii\authclient\OAuthToken

Access token instance.

throws \yii\base\InvalidConfigException

                public function applyAccessTokenToRequest($request, $accessToken)
{
    switch($this->accessTokenLocation) {
        case self::ACCESS_TOKEN_LOCATION_BODY:
            $data = $request->getData();
            $data['access_token'] = $accessToken->getToken();
            $request->setData($data);
            break;
        case self::ACCESS_TOKEN_LOCATION_HEADER:
            $request->getHeaders()->set('Authorization', 'Bearer ' . $accessToken->getToken());
            break;
        default:
            throw new InvalidConfigException('Unknown access token location: ' . $this->accessTokenLocation);
    }
}

            
applyClientCredentialsToRequest() protected method (available since version 2.1.3)

Applies client credentials (e.g. $clientId and $clientSecret) to the HTTP request instance.

This method should be invoked before sending any HTTP request, which requires client credentials.

protected void applyClientCredentialsToRequest ( $request )
$request \yii\httpclient\Request

HTTP request instance.

                protected function applyClientCredentialsToRequest($request)
{
    $request->addData([
        'client_id' => $this->clientId,
        'client_secret' => $this->clientSecret,
    ]);
}

            
authenticateClient() public method (available since version 2.1.0)

Authenticate OAuth client directly at the provider without third party (user) involved, using 'client_credentials' grant type.

See also https://tools.ietf.org/html/rfc6749#section-4.4.

public yii\authclient\OAuthToken authenticateClient ( $params = [] )
$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateClient($params = [])
{
    $defaultParams = [
        'grant_type' => 'client_credentials',
    ];
    if (!empty($this->scope)) {
        $defaultParams['scope'] = $this->scope;
    }
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge($defaultParams, $params));
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
authenticateUser() public method (available since version 2.1.0)

Authenticates user directly by 'username/password' pair, using 'password' grant type.

See also https://tools.ietf.org/html/rfc6749#section-4.3.

public yii\authclient\OAuthToken authenticateUser ( $username, $password, $params = [] )
$username string

User name.

$password string

User password.

$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateUser($username, $password, $params = [])
{
    $defaultParams = [
        'grant_type' => 'password',
        'username' => $username,
        'password' => $password,
    ];
    if (!empty($this->scope)) {
        $defaultParams['scope'] = $this->scope;
    }
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge($defaultParams, $params));
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
authenticateUserJwt() public method (available since version 2.1.3)

Authenticates user directly using JSON Web Token (JWT).

See also https://tools.ietf.org/html/rfc7515.

public yii\authclient\OAuthToken authenticateUserJwt ( $username, $signature null, $options = [], $params = [] )
$username string
$signature yii\authclient\signature\BaseMethod|array

Signature method or its array configuration. If empty - $signatureMethod will be used.

$options array

Additional options. Valid options are:

  • header: array, additional JWS header parameters.
  • payload: array, additional JWS payload (message or claim-set) parameters.
  • signatureKey: string, signature key to be used, if not set - $clientSecret will be used.
$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

                public function authenticateUserJwt($username, $signature = null, $options = [], $params = [])
{
    if (empty($signature)) {
        $signatureMethod = $this->getSignatureMethod();
    } elseif (is_object($signature)) {
        $signatureMethod = $signature;
    } else {
        $signatureMethod = $this->createSignatureMethod($signature);
    }
    $header = isset($options['header']) ? $options['header'] : [];
    $payload = isset($options['payload']) ? $options['payload'] : [];
    $header = array_merge([
        'typ' => 'JWT'
    ], $header);
    if (!isset($header['alg'])) {
        $signatureName = $signatureMethod->getName();
        if (preg_match('/^([a-z])[a-z]*\-([a-z])[a-z]*([0-9]+)$/is', $signatureName, $matches)) {
            // convert 'RSA-SHA256' to 'RS256' :
            $signatureName = $matches[1] . $matches[2] . $matches[3];
        }
        $header['alg'] = $signatureName;
    }
    $payload = array_merge([
        'iss' => $username,
        'scope' => $this->scope,
        'aud' => $this->tokenUrl,
        'iat' => time(),
    ], $payload);
    if (!isset($payload['exp'])) {
        $payload['exp'] = $payload['iat'] + 3600;
    }
    $signatureBaseString = base64_encode(Json::encode($header)) . '.' . base64_encode(Json::encode($payload));
    $signatureKey = isset($options['signatureKey']) ? $options['signatureKey'] : $this->clientSecret;
    $signature = $signatureMethod->generateSignature($signatureBaseString, $signatureKey);
    $assertion = $signatureBaseString . '.' . $signature;
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge([
            'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
            'assertion' => $assertion,
        ], $params));
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
beforeApiRequestSend() public method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::beforeApiRequestSend()

Handles Request::EVENT_BEFORE_SEND event.

Applies $accessToken to the request.

public void beforeApiRequestSend ( $event )
$event \yii\httpclient\RequestEvent

Event instance.

throws \yii\base\Exception

on invalid access token.

                public function beforeApiRequestSend($event)
{
    $accessToken = $this->getAccessToken();
    if (!is_object($accessToken) || (!$accessToken->getIsValid() && !$this->autoRefreshAccessToken)) {
        throw new Exception('Invalid access token.');
    } elseif ($accessToken->getIsExpired() && $this->autoRefreshAccessToken) {
        $accessToken = $this->refreshAccessToken($accessToken);
    }
    $this->applyAccessTokenToRequest($event->request, $accessToken);
}

            
buildAuthUrl() public method

Composes user authorization URL.

public string buildAuthUrl ( array $params = [] )
$params array

Additional auth GET params.

return string

Authorization URL.

                public function buildAuthUrl(array $params = [])
{
    $defaultParams = [
        'client_id' => $this->clientId,
        'response_type' => 'code',
        'redirect_uri' => $this->getReturnUrl(),
        'xoauth_displayname' => Yii::$app->name,
    ];
    if (!empty($this->scope)) {
        $defaultParams['scope'] = $this->scope;
    }
    if ($this->validateAuthState) {
        $authState = $this->generateAuthState();
        $this->setState('authState', $authState);
        $defaultParams['state'] = $authState;
    }
    if ($this->enablePkce) {
        $codeVerifier = bin2hex(Yii::$app->security->generateRandomKey(64));
        $this->setState('authCodeVerifier', $codeVerifier);
        $defaultParams['code_challenge'] = trim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
        $defaultParams['code_challenge_method'] = 'S256';
    }
    return $this->composeUrl($this->authUrl, array_merge($defaultParams, $params));
}

            
composeUrl() protected method

Defined in: yii\authclient\BaseOAuth::composeUrl()

Composes URL from base URL and GET params.

protected string composeUrl ( $url, array $params = [] )
$url string

Base URL.

$params array

GET params.

return string

Composed URL.

                protected function composeUrl($url, array $params = [])
{
    if (!empty($params)) {
        if (strpos($url, '?') === false) {
            $url .= '?';
        } else {
            $url .= '&';
        }
        $url .= http_build_query($params, '', '&', PHP_QUERY_RFC3986);
    }
    return $url;
}

            
createApiRequest() public method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::createApiRequest()

Creates an HTTP request for the API call.

The created request will be automatically processed adding access token parameters and signature before sending. You may use createRequest() to gain full control over request composition and execution.

See also createRequest().

public \yii\httpclient\Request createApiRequest ( )
return \yii\httpclient\Request

HTTP request instance.

                public function createApiRequest()
{
    $request = $this->createRequest();
    $request->on(Request::EVENT_BEFORE_SEND, [$this, 'beforeApiRequestSend']);
    return $request;
}

            
createHttpClient() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::createHttpClient()

Creates HTTP client instance from reference or configuration.

protected \yii\httpclient\Client createHttpClient ( $reference )
$reference string|array

Component name or array configuration.

return \yii\httpclient\Client

HTTP client instance.

                protected function createHttpClient($reference)
{
    $httpClient = parent::createHttpClient($reference);
    $httpClient->baseUrl = $this->apiBaseUrl;
    return $httpClient;
}

            
createRequest() public method (available since version 2.1)

Defined in: yii\authclient\BaseClient::createRequest()

Creates HTTP request instance.

public \yii\httpclient\Request createRequest ( )
return \yii\httpclient\Request

HTTP request instance.

                public function createRequest()
{
    return $this->getHttpClient()
        ->createRequest()
        ->addOptions($this->defaultRequestOptions())
        ->addOptions($this->getRequestOptions());
}

            
createSignatureMethod() protected method

Defined in: yii\authclient\BaseOAuth::createSignatureMethod()

Creates signature method instance from its configuration.

protected yii\authclient\signature\BaseMethod createSignatureMethod ( array $signatureMethodConfig )
$signatureMethodConfig array

Signature method configuration.

return yii\authclient\signature\BaseMethod

Signature method instance.

                protected function createSignatureMethod(array $signatureMethodConfig)
{
    if (!array_key_exists('class', $signatureMethodConfig)) {
        $signatureMethodConfig['class'] = signature\HmacSha1::className();
    }
    return Yii::createObject($signatureMethodConfig);
}

            
createToken() protected method

Creates token from its configuration.

protected yii\authclient\OAuthToken createToken ( array $tokenConfig = [] )
$tokenConfig array

Token configuration.

return yii\authclient\OAuthToken

Token instance.

                protected function createToken(array $tokenConfig = [])
{
    $defaultTokenConfig = ['tokenParamKey' => 'access_token'];
    $tokenConfig = array_merge($defaultTokenConfig, $tokenConfig);
    return parent::createToken($tokenConfig);
}

            
defaultName() protected method

Defined in: yii\authclient\BaseClient::defaultName()

Generates service name.

protected string defaultName ( )
return string

Service name.

                protected function defaultName()
{
    return Inflector::camel2id(StringHelper::basename(get_class($this)));
}

            
defaultNormalizeUserAttributeMap() protected method

Defined in: yii\authclient\BaseClient::defaultNormalizeUserAttributeMap()

Returns the default $normalizeUserAttributeMap value.

Particular client may override this method in order to provide specific default map.

protected array defaultNormalizeUserAttributeMap ( )
return array

Normalize attribute map.

                protected function defaultNormalizeUserAttributeMap()
{
    return [];
}

            
defaultRequestOptions() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::defaultRequestOptions()

Returns default HTTP request options.

protected array defaultRequestOptions ( )
return array

HTTP request options.

                protected function defaultRequestOptions()
{
    return [
        'userAgent' => Inflector::slug(Yii::$app->name) . ' OAuth ' . $this->version . ' Client',
        'timeout' => 30,
    ];
}

            
defaultReturnUrl() protected method

Defined in: yii\authclient\BaseOAuth::defaultReturnUrl()

Composes default $returnUrl value.

protected string defaultReturnUrl ( )
return string

Return URL.

                protected function defaultReturnUrl()
{
    $params = Yii::$app->getRequest()->getQueryParams();
    $params = array_intersect_key($params, array_flip($this->parametersToKeepInReturnUrl));
    $params[0] = Yii::$app->controller->getRoute();
    return Yii::$app->getUrlManager()->createAbsoluteUrl($params);
}

            
defaultTitle() protected method

Defined in: yii\authclient\BaseClient::defaultTitle()

Generates service title.

protected string defaultTitle ( )
return string

Service title.

                protected function defaultTitle()
{
    return StringHelper::basename(get_class($this));
}

            
defaultViewOptions() protected method

Defined in: yii\authclient\BaseClient::defaultViewOptions()

Returns the default $viewOptions value.

Particular client may override this method in order to provide specific default view options.

protected array defaultViewOptions ( )
return array

List of default $viewOptions

                protected function defaultViewOptions()
{
    return [];
}

            
fetchAccessToken() public method

Fetches access token from authorization code.

public yii\authclient\OAuthToken fetchAccessToken ( $authCode, array $params = [] )
$authCode string

Authorization code, usually comes at GET parameter 'code'.

$params array

Additional request params.

return yii\authclient\OAuthToken

Access token.

throws \yii\web\HttpException

on invalid auth state in case enableStateValidation is enabled.

                public function fetchAccessToken($authCode, array $params = [])
{
    if ($this->validateAuthState) {
        $authState = $this->getState('authState');
        $incomingRequest = Yii::$app->getRequest();
        $incomingState = $incomingRequest->get('state', $incomingRequest->post('state'));
        if (
            !isset($incomingState)
            || empty($authState)
            || !Yii::$app->getSecurity()->compareString($incomingState, $authState)
        ) {
            throw new HttpException(400, 'Invalid auth state parameter.');
        }
        $this->removeState('authState');
    }
    $defaultParams = [
        'code' => $authCode,
        'grant_type' => 'authorization_code',
        'redirect_uri' => $this->getReturnUrl(),
    ];
    if ($this->enablePkce) {
        $authCodeVerifier = $this->getState('authCodeVerifier');
        if (empty($authCodeVerifier)) {
            // Prevent PKCE Downgrade Attack
            // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-pkce-downgrade-attack
            throw new HttpException(409, 'Invalid auth code verifier.');
        }
        $defaultParams['code_verifier'] = $authCodeVerifier;
        $this->removeState('authCodeVerifier');
    }
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData(array_merge($defaultParams, $params));
     // Azure AD will complain if there is no `Origin` header.
    if ($this->enablePkce) {
        $request->addHeaders(['Origin' => Url::to('/')]);
    }
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
generateAuthState() protected method (available since version 2.1)

Generates the auth state value.

protected string generateAuthState ( )
return string

Auth state value.

                protected function generateAuthState()
{
    $baseString = get_class($this) . '-' . time();
    if (Yii::$app->has('session')) {
        $baseString .= '-' . Yii::$app->session->getId();
    }
    return hash('sha256', uniqid($baseString, true));
}

            
getAccessToken() public method
public yii\authclient\OAuthToken getAccessToken ( )
return yii\authclient\OAuthToken

Auth token instance.

                public function getAccessToken()
{
    if (!is_object($this->_accessToken)) {
        $this->_accessToken = $this->restoreAccessToken();
    }
    return $this->_accessToken;
}

            
getHttpClient() public method (available since version 2.1)

Defined in: yii\authclient\BaseClient::getHttpClient()

Returns HTTP client.

public \yii\httpclient\Client getHttpClient ( )
return \yii\httpclient\Client

Internal HTTP client.

                public function getHttpClient()
{
    if (!is_object($this->_httpClient)) {
        $this->_httpClient = $this->createHttpClient($this->_httpClient);
    }
    return $this->_httpClient;
}

            
getId() public method
public string getId ( )
return string

Service id

                public function getId()
{
    if (empty($this->_id)) {
        $this->_id = $this->getName();
    }
    return $this->_id;
}

            
getName() public method
public string getName ( )
return string

Service name.

                public function getName()
{
    if ($this->_name === null) {
        $this->_name = $this->defaultName();
    }
    return $this->_name;
}

            
getNormalizeUserAttributeMap() public method
public array getNormalizeUserAttributeMap ( )
return array

Normalize user attribute map.

                public function getNormalizeUserAttributeMap()
{
    if ($this->_normalizeUserAttributeMap === null) {
        $this->_normalizeUserAttributeMap = $this->defaultNormalizeUserAttributeMap();
    }
    return $this->_normalizeUserAttributeMap;
}

            
getRequestOptions() public method (available since version 2.1)
public array getRequestOptions ( )
return array

HTTP request options.

                public function getRequestOptions()
{
    return $this->_requestOptions;
}

            
getReturnUrl() public method
public string getReturnUrl ( )
return string

Return URL.

                public function getReturnUrl()
{
    if ($this->_returnUrl === null) {
        $this->_returnUrl = $this->defaultReturnUrl();
    }
    return $this->_returnUrl;
}

            
getSignatureMethod() public method
public yii\authclient\signature\BaseMethod getSignatureMethod ( )
return yii\authclient\signature\BaseMethod

Signature method instance.

                public function getSignatureMethod()
{
    if (!is_object($this->_signatureMethod)) {
        $this->_signatureMethod = $this->createSignatureMethod($this->_signatureMethod);
    }
    return $this->_signatureMethod;
}

            
getState() protected method

Defined in: yii\authclient\BaseClient::getState()

Returns persistent state value.

protected mixed getState ( $key )
$key string

State key.

return mixed

State value.

                protected function getState($key)
{
    return $this->getStateStorage()->get($this->getStateKeyPrefix() . $key);
}

            
getStateKeyPrefix() protected method

Defined in: yii\authclient\BaseClient::getStateKeyPrefix()

Returns session key prefix, which is used to store internal states.

protected string getStateKeyPrefix ( )
return string

Session key prefix.

                protected function getStateKeyPrefix()
{
    return get_class($this) . '_' . $this->getId() . '_';
}

            
getStateStorage() public method
public yii\authclient\StateStorageInterface getStateStorage ( )
return yii\authclient\StateStorageInterface

Stage storage.

                public function getStateStorage()
{
    if (!is_object($this->_stateStorage)) {
        $this->_stateStorage = Yii::createObject($this->_stateStorage);
    }
    return $this->_stateStorage;
}

            
getTitle() public method
public string getTitle ( )
return string

Service title.

                public function getTitle()
{
    if ($this->_title === null) {
        $this->_title = $this->defaultTitle();
    }
    return $this->_title;
}

            
getUserAttributes() public method
public array getUserAttributes ( )
return array

List of user attributes

                public function getUserAttributes()
{
    if ($this->_userAttributes === null) {
        $this->_userAttributes = $this->normalizeUserAttributes($this->initUserAttributes());
    }
    return $this->_userAttributes;
}

            
getViewOptions() public method
public array getViewOptions ( )
return array

View options in format: optionName => optionValue

                public function getViewOptions()
{
    if ($this->_viewOptions === null) {
        $this->_viewOptions = $this->defaultViewOptions();
    }
    return $this->_viewOptions;
}

            
initUserAttributes() protected abstract method

Defined in: yii\authclient\BaseClient::initUserAttributes()

Initializes authenticated user attributes.

protected abstract array initUserAttributes ( )
return array

Auth user attributes.

                abstract protected function initUserAttributes();

            
normalizeUserAttributes() protected method

Defined in: yii\authclient\BaseClient::normalizeUserAttributes()

Normalize given user attributes according to $normalizeUserAttributeMap.

protected array normalizeUserAttributes ( $attributes )
$attributes array

Raw attributes.

return array

Normalized attributes.

throws \yii\base\InvalidConfigException

on incorrect normalize attribute map.

                protected function normalizeUserAttributes($attributes)
{
    foreach ($this->getNormalizeUserAttributeMap() as $normalizedName => $actualName) {
        if (is_scalar($actualName)) {
            if (array_key_exists($actualName, $attributes)) {
                $attributes[$normalizedName] = $attributes[$actualName];
            }
        } else {
            if (is_callable($actualName)) {
                $attributes[$normalizedName] = call_user_func($actualName, $attributes);
            } elseif (is_array($actualName)) {
                $haystack = $attributes;
                $searchKeys = $actualName;
                $isFound = true;
                while (($key = array_shift($searchKeys)) !== null) {
                    if (is_array($haystack) && array_key_exists($key, $haystack)) {
                        $haystack = $haystack[$key];
                    } else {
                        $isFound = false;
                        break;
                    }
                }
                if ($isFound) {
                    $attributes[$normalizedName] = $haystack;
                }
            } else {
                throw new InvalidConfigException('Invalid actual name "' . gettype($actualName) . '" specified at "' . get_class($this) . '::normalizeUserAttributeMap"');
            }
        }
    }
    return $attributes;
}

            
refreshAccessToken() public method

Gets new auth token to replace expired one.

public yii\authclient\OAuthToken refreshAccessToken ( yii\authclient\OAuthToken $token )
$token yii\authclient\OAuthToken

Expired auth token.

return yii\authclient\OAuthToken

New auth token.

                public function refreshAccessToken(OAuthToken $token)
{
    $params = [
        'grant_type' => 'refresh_token'
    ];
    $params = array_merge($token->getParams(), $params);
    $request = $this->createRequest()
        ->setMethod('POST')
        ->setUrl($this->tokenUrl)
        ->setData($params);
    $this->applyClientCredentialsToRequest($request);
    $response = $this->sendRequest($request);
    $token = $this->createToken(['params' => $response]);
    $this->setAccessToken($token);
    return $token;
}

            
removeState() protected method

Defined in: yii\authclient\BaseClient::removeState()

Removes persistent state value.

protected boolean removeState ( $key )
$key string

State key.

return boolean

Success.

                protected function removeState($key)
{
    return $this->getStateStorage()->remove($this->getStateKeyPrefix() . $key);
}

            
restoreAccessToken() protected method

Defined in: yii\authclient\BaseOAuth::restoreAccessToken()

Restores access token.

protected yii\authclient\OAuthToken restoreAccessToken ( )
return yii\authclient\OAuthToken

Auth token.

                protected function restoreAccessToken()
{
    $token = $this->getState('token');
    if (is_object($token)) {
        /* @var $token OAuthToken */
        if ($token->getIsExpired() && $this->autoRefreshAccessToken) {
            $token = $this->refreshAccessToken($token);
        }
    }
    return $token;
}

            
saveAccessToken() protected method

Defined in: yii\authclient\BaseOAuth::saveAccessToken()

Saves token as persistent state.

protected $this saveAccessToken ( $token )
$token yii\authclient\OAuthToken|null

Auth token to be saved.

return $this

The object itself.

                protected function saveAccessToken($token)
{
    return $this->setState('token', $token);
}

            
sendRequest() protected method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::sendRequest()

Sends the given HTTP request, returning response data.

protected array|string|null sendRequest ( $request )
$request \yii\httpclient\Request

HTTP request to be sent.

return array|string|null

Response data.

throws yii\authclient\ClientErrorResponseException

on client error response codes.

throws yii\authclient\InvalidResponseException

on non-successful (other than client error) response codes.

throws \yii\httpclient\Exception

                protected function sendRequest($request)
{
    $response = $request->send();
    if (!$response->getIsOk()) {
        $statusCode = (int)$response->getStatusCode();
        if ($statusCode >= 400 && $statusCode < 500) {
            $exceptionClass = 'yii\\authclient\\ClientErrorResponseException';
        } else {
            $exceptionClass = 'yii\\authclient\\InvalidResponseException';
        }
        throw new $exceptionClass(
            $response,
            'Request failed with code: ' . $statusCode . ', message: ' . $response->getContent(),
            $statusCode
        );
    }
    if (stripos($response->headers->get('content-type', ''), 'application/jwt') !== false) {
        return $response->getContent();
    } else {
        return $response->getData();
    }
}

            
setAccessToken() public method

Defined in: yii\authclient\BaseOAuth::setAccessToken()

Sets access token to be used.

public void setAccessToken ( $token )
$token array|yii\authclient\OAuthToken|null

Access token or its configuration. Set to null to restore token from token store.

                public function setAccessToken($token)
{
    if (!is_object($token) && $token !== null) {
        $token = $this->createToken($token);
    }
    $this->_accessToken = $token;
    $this->saveAccessToken($token);
}

            
setHttpClient() public method (available since version 2.1)

Defined in: yii\authclient\BaseOAuth::setHttpClient()

Sets HTTP client to be used.

public void setHttpClient ( $httpClient )
$httpClient array|\yii\httpclient\Client

Internal HTTP client.

                public function setHttpClient($httpClient)
{
    if (is_object($httpClient)) {
        $httpClient = clone $httpClient;
        $httpClient->baseUrl = $this->apiBaseUrl;
    }
    parent::setHttpClient($httpClient);
}

            
setId() public method
public void setId ( $id )
$id string

Service id.

                public function setId($id)
{
    $this->_id = $id;
}

            
setName() public method
public void setName ( $name )
$name string

Service name.

                public function setName($name)
{
    $this->_name = $name;
}

            
setNormalizeUserAttributeMap() public method
public void setNormalizeUserAttributeMap ( $normalizeUserAttributeMap )
$normalizeUserAttributeMap array

Normalize user attribute map.

                public function setNormalizeUserAttributeMap($normalizeUserAttributeMap)
{
    $this->_normalizeUserAttributeMap = $normalizeUserAttributeMap;
}

            
setRequestOptions() public method (available since version 2.1)
public void setRequestOptions ( array $options )
$options array

HTTP request options.

                public function setRequestOptions(array $options)
{
    $this->_requestOptions = $options;
}

            
setReturnUrl() public method
public void setReturnUrl ( $returnUrl )
$returnUrl string

Return URL

                public function setReturnUrl($returnUrl)
{
    $this->_returnUrl = $returnUrl;
}

            
setSignatureMethod() public method

Defined in: yii\authclient\BaseOAuth::setSignatureMethod()

Set signature method to be used.

public void setSignatureMethod ( $signatureMethod )
$signatureMethod array|yii\authclient\signature\BaseMethod

Signature method instance or its array configuration.

throws \yii\base\InvalidArgumentException

on wrong argument.

                public function setSignatureMethod($signatureMethod)
{
    if (!is_object($signatureMethod) && !is_array($signatureMethod)) {
        throw new InvalidArgumentException('"' . get_class($this) . '::signatureMethod" should be instance of "\yii\autclient\signature\BaseMethod" or its array configuration. "' . gettype($signatureMethod) . '" has been given.');
    }
    $this->_signatureMethod = $signatureMethod;
}

            
setState() protected method

Defined in: yii\authclient\BaseClient::setState()

Sets persistent state.

protected $this setState ( $key, $value )
$key string

State key.

$value mixed

State value

return $this

The object itself

                protected function setState($key, $value)
{
    $this->getStateStorage()->set($this->getStateKeyPrefix() . $key, $value);
    return $this;
}

            
setStateStorage() public method
public void setStateStorage ( $stateStorage )
$stateStorage yii\authclient\StateStorageInterface|array|string

Stage storage to be used.

                public function setStateStorage($stateStorage)
{
    $this->_stateStorage = $stateStorage;
}

            
setTitle() public method
public void setTitle ( $title )
$title string

Service title.

                public function setTitle($title)
{
    $this->_title = $title;
}

            
setUserAttributes() public method
public void setUserAttributes ( $userAttributes )
$userAttributes array

List of user attributes

                public function setUserAttributes($userAttributes)
{
    $this->_userAttributes = $this->normalizeUserAttributes($userAttributes);
}

            
setViewOptions() public method
public void setViewOptions ( $viewOptions )
$viewOptions array

View options in format: optionName => optionValue

                public function setViewOptions($viewOptions)
{
    $this->_viewOptions = $viewOptions;
}