Moodle PHP Documentation 4.3
Moodle 4.3.5 (Build: 20240610) (7dcfaa79f78)
Google_Auth_OAuth2 Class Reference
Inheritance diagram for Google_Auth_OAuth2:
Google_Auth_Abstract

Public Member Functions

 __construct (Google_Client $client)
 Instantiates the class, but does not initiate the login flow, leaving it to the discretion of the caller.
 
 authenticate ($code, $crossClient=false)
 
 authenticatedRequest (Google_Http_Request $request)
 Perform an authenticated / signed apiHttpRequest.
 
 createAuthUrl ($scope)
 Create a URL to obtain user authorization.
 
 getAccessToken ()
 
 getRefreshToken ()
 
 isAccessTokenExpired ()
 Returns if the access_token is expired.
 
 refreshToken ($refreshToken)
 Fetches a fresh access token with the given refresh token.
 
 refreshTokenWithAssertion ($assertionCredentials=null)
 Fetches a fresh access token with a given assertion token.
 
 retrieveCertsFromLocation ($url)
 Retrieve and cache a certificates file.
 
 revokeToken ($token=null)
 Revoke an OAuth2 access token or refresh token.
 
 setAccessToken ($token)
 
 setAssertionCredentials (Google_Auth_AssertionCredentials $creds)
 
 setState ($state)
 
 sign (Google_Http_Request $request)
 Include an accessToken in a given apiHttpRequest.
 
 verifyIdToken ($id_token=null, $audience=null)
 Verifies an id token and returns the authenticated apiLoginTicket.
 
 verifySignedJwtWithCerts ( $jwt, $certs, $required_audience, $issuer=null, $max_expiry=null)
 Verifies the id token, returns the verified token contents.
 

Public Attributes

const AUTH_TOKEN_LIFETIME_SECS = 300
 
const CLOCK_SKEW_SECS = 300
 
const MAX_TOKEN_LIFETIME_SECS = 86400
 
const OAUTH2_AUTH_URL = 'https://accounts.google.com/o/oauth2/auth'
 
const OAUTH2_ISSUER = 'accounts.google.com'
 
const OAUTH2_ISSUER_HTTPS = 'https://accounts.google.com'
 
const OAUTH2_REVOKE_URI = 'https://accounts.google.com/o/oauth2/revoke'
 
const OAUTH2_TOKEN_URI = 'https://accounts.google.com/o/oauth2/token'
 

Member Function Documentation

◆ authenticate()

Google_Auth_OAuth2::authenticate ( $code,
$crossClient = false )
Parameters
string$code
boolean$crossClient
Exceptions
Google_Auth_Exception
Return values
string

◆ authenticatedRequest()

Google_Auth_OAuth2::authenticatedRequest ( Google_Http_Request $request)

Perform an authenticated / signed apiHttpRequest.

This function takes the apiHttpRequest, calls apiAuth->sign on it (which can modify the request in what ever way fits the auth mechanism) and then calls apiCurlIO\makeRequest on the signed request

Parameters
Google_Http_Request$request
Return values
Google_Http_RequestThe resulting HTTP response including the responseHttpCode, responseHeaders and responseBody.

Reimplemented from Google_Auth_Abstract.

◆ createAuthUrl()

Google_Auth_OAuth2::createAuthUrl ( $scope)

Create a URL to obtain user authorization.

The authorization endpoint allows the user to first authenticate, and then grant/deny the access request.

Parameters
string$scopeThe scope is expressed as a list of space-delimited strings.
Return values
string

◆ isAccessTokenExpired()

Google_Auth_OAuth2::isAccessTokenExpired ( )

Returns if the access_token is expired.

Return values
boolReturns True if the access_token is expired.

◆ refreshToken()

Google_Auth_OAuth2::refreshToken ( $refreshToken)

Fetches a fresh access token with the given refresh token.

Parameters
string$refreshToken
Return values
void

◆ refreshTokenWithAssertion()

Google_Auth_OAuth2::refreshTokenWithAssertion ( $assertionCredentials = null)

Fetches a fresh access token with a given assertion token.

Parameters
Google_Auth_AssertionCredentials$assertionCredentialsoptional.
Return values
void

◆ retrieveCertsFromLocation()

Google_Auth_OAuth2::retrieveCertsFromLocation ( $url)

Retrieve and cache a certificates file.

Parameters
$urlstring location
Exceptions
Google_Auth_Exception
Return values
arraycertificates

◆ revokeToken()

Google_Auth_OAuth2::revokeToken ( $token = null)

Revoke an OAuth2 access token or refresh token.

This method will revoke the current access token, if a token isn't provided.

Exceptions
Google_Auth_Exception
Parameters
string | null$tokenThe token (access token or a refresh token) that should be revoked.
Return values
booleanReturns True if the revocation was successful, otherwise False.

◆ setAccessToken()

Google_Auth_OAuth2::setAccessToken ( $token)
Parameters
string$token
Exceptions
Google_Auth_Exception

◆ sign()

Google_Auth_OAuth2::sign ( Google_Http_Request $request)

Include an accessToken in a given apiHttpRequest.

Parameters
Google_Http_Request$request
Return values
Google_Http_Request
Exceptions
Google_Auth_Exception

Reimplemented from Google_Auth_Abstract.

◆ verifyIdToken()

Google_Auth_OAuth2::verifyIdToken ( $id_token = null,
$audience = null )

Verifies an id token and returns the authenticated apiLoginTicket.

Throws an exception if the id token is not valid. The audience parameter can be used to control which id tokens are accepted. By default, the id token must have been issued to this OAuth2 client.

Parameters
$id_token
$audience
Return values
Google_Auth_LoginTicket

◆ verifySignedJwtWithCerts()

Google_Auth_OAuth2::verifySignedJwtWithCerts ( $jwt,
$certs,
$required_audience,
$issuer = null,
$max_expiry = null )

Verifies the id token, returns the verified token contents.

Parameters
$jwtstring the token
$certsarray of certificates
$required_audiencestring the expected consumer of the token
[$issuer]the expected issues, defaults to Google
[$max_expiry]the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS
Exceptions
Google_Auth_Exception
Return values
mixedtoken information if valid, false if not

The documentation for this class was generated from the following file: