Skip to content

ClientInterface

Raxos\OAuth2\Server\Client\ClientInterface

Represents an OAuth2 client application. The host application implements it against its own client storage. The server never reads client fields directly; it asks the client to validate its own redirect uri and secret.

Signature

php
interface ClientInterface
{
    public function getClientId(): string;
    public function isRedirectUriAllowed(string $redirectUri): bool;
    public function isSecretValid(string $clientSecret): bool;
}

Methods

getClientId(): string

Returns the client id.

isRedirectUriAllowed(string $redirectUri): bool

Returns true when the redirect uri is allowed for this client. Used by the authorize endpoint to reject a mismatching redirect_uri.

isSecretValid(string $clientSecret): bool

Returns true when the given secret matches the client. Used to authenticate the client on the token and revoke endpoints.

ClientFactoryInterface

Raxos\OAuth2\Server\Client\ClientFactoryInterface

Resolves a ClientInterface instance by client id.

php
interface ClientFactoryInterface
{
    public function getClient(string $clientId): ?ClientInterface;
}

getClient(string $clientId): ?ClientInterface

Returns the client with the given id, or null when it does not exist.

Example

php
<?php
declare(strict_types=1);

namespace App\OAuth2;

use Raxos\OAuth2\Server\Client\{ClientFactoryInterface, ClientInterface};
use function hash_equals;
use function in_array;

final readonly class OAuthClient implements ClientInterface
{
    /**
     * @param string[] $redirectUris
     */
    public function __construct(
        private string $clientId,
        private string $clientSecret,
        private array $redirectUris
    ) {}

    public function getClientId(): string
    {
        return $this->clientId;
    }

    public function isRedirectUriAllowed(string $redirectUri): bool
    {
        return in_array($redirectUri, $this->redirectUris, true);
    }

    public function isSecretValid(string $clientSecret): bool
    {
        return hash_equals($this->clientSecret, $clientSecret);
    }
}

final readonly class ClientFactory implements ClientFactoryInterface
{
    public function getClient(string $clientId): ?ClientInterface
    {
        return OAuthClient::find($clientId);
    }
}