Merge pull request googleapis#337 from ianbarber/master

Update comment in config & add new auth params

Author: ianbarber

src/Google/Auth/OAuth2.php

@@ -149,13 +149,14 @@ public function createAuthUrl($scope)
         'client_id' => $this->client->getClassConfig($this, 'client_id'),
         'scope' => $scope,
         'access_type' => $this->client->getClassConfig($this, 'access_type'),
-        'approval_prompt' => $this->client->getClassConfig($this, 'approval_prompt'),
     );
 
-    $login_hint = $this->client->getClassConfig($this, 'login_hint');
-    if ($login_hint != '') {
-      $params['login_hint'] = $login_hint;
-    }
+    $params = $this->maybeAddParam($params, 'approval_prompt');
+    $params = $this->maybeAddParam($params, 'login_hint');
+    $params = $this->maybeAddParam($params, 'hd');
+    $params = $this->maybeAddParam($params, 'openid.realm');
+    $params = $this->maybeAddParam($params, 'prompt');
+    $params = $this->maybeAddParam($params, 'include_granted_scopes');
 
     // If the list of scopes contains plus.login, add request_visible_actions
     // to auth URL.
@@ -604,4 +605,16 @@ public function verifySignedJwtWithCerts(
     // All good.
     return new Google_Auth_LoginTicket($envelope, $payload);
   }
+
+  /**
+   * Add a parameter to the auth params if not empty string.
+   */
+  private function maybeAddParam($params, $name)
+  {
+    $param = $this->client->getClassConfig($this, $name);
+    if ($param != '') {
+      $params[$name] = $param;
+    }
+    return $params;
+  }
 }

src/Google/Client.php

@@ -247,7 +247,7 @@ public function getAccessToken()
     // in the library.
     return (null == $token || 'null' == $token || '[]' == $token) ? null : $token;
   }
-  
+
   /**
    * Get the OAuth 2.0 refresh token.
    * @return string $refreshToken refresh token or null if not available
@@ -367,6 +367,50 @@ public function setDeveloperKey($developerKey)
     $this->config->setDeveloperKey($developerKey);
   }
 
+  /**
+   * Set the hd (hosted domain) parameter streamlines the login process for
+   * Google Apps hosted accounts. By including the domain of the user, you
+   * restrict sign-in to accounts at that domain.
+   * @param $hd string - the domain to use.
+   */
+  public function setHostedDomain($hd)
+  {
+    $this->config->setHostedDomain($hd);
+  }
+
+  /**
+   * Set the prompt hint. Valid values are none, consent and select_account.
+   * If no value is specified and the user has not previously authorized
+   * access, then the user is shown a consent screen.
+   * @param $prompt string
+   */
+  public function setPrompt($prompt)
+  {
+    $this->config->setPrompt($prompt);
+  }
+
+  /**
+   * openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
+   * 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
+   * an authentication request is valid.
+   * @param $realm string - the URL-space to use.
+   */
+  public function setOpenidRealm($realm)
+  {
+    $this->config->setOpenidRealm($realm);
+  }
+
+  /**
+   * If this is provided with the value true, and the authorization request is
+   * granted, the authorization will include any previous authorizations
+   * granted to this user/application combination for other scopes.
+   * @param $include boolean - the URL-space to use.
+   */
+  public function setIncludeGrantedScopes($include)
+  {
+    $this->config->setIncludeGrantedScopes($include);
+  }
+
   /**
    * Fetches a fresh OAuth 2.0 access token with the given refresh token.
    * @param string $refreshToken

src/Google/Config.php

@@ -30,7 +30,7 @@ class Google_Config
   /**
    * Create a new Google_Config. Can accept an ini file location with the
    * local configuration. For example:
-   *     application_name: "My App";
+   *     application_name="My App"
    *
    * @param [$ini_file_location] - optional - The location of the ini file to load
    */
@@ -78,10 +78,14 @@ public function __construct($ini_file_location = null)
           'developer_key' => '',
 
           // Other parameters.
-          'access_type' => 'online',
-          'approval_prompt' => 'auto',
+          'hd' => '',
+          'prompt' => '',
+          'openid.realm' => '',
+          'include_granted_scopes' => '',
           'login_hint' => '',
           'request_visible_actions' => '',
+          'access_type' => 'online',
+          'approval_prompt' => 'auto',
           'federated_signon_certs_url' =>
               'https://www.googleapis.com/oauth2/v1/certs',
         ),
@@ -297,6 +301,53 @@ public function setDeveloperKey($key)
     $this->setAuthConfig('developer_key', $key);
   }
 
+  /**
+   * Set the hd (hosted domain) parameter streamlines the login process for
+   * Google Apps hosted accounts. By including the domain of the user, you
+   * restrict sign-in to accounts at that domain.
+   * @param $hd string - the domain to use.
+   */
+  public function setHostedDomain($hd)
+  {
+    $this->setAuthConfig('hd', $hd);
+  }
+
+  /**
+   * Set the prompt hint. Valid values are none, consent and select_account.
+   * If no value is specified and the user has not previously authorized
+   * access, then the user is shown a consent screen.
+   * @param $prompt string
+   */
+  public function setPrompt($prompt)
+  {
+    $this->setAuthConfig('prompt', $prompt);
+  }
+
+  /**
+   * openid.realm is a parameter from the OpenID 2.0 protocol, not from OAuth
+   * 2.0. It is used in OpenID 2.0 requests to signify the URL-space for which
+   * an authentication request is valid.
+   * @param $realm string - the URL-space to use.
+   */
+  public function setOpenidRealm($realm)
+  {
+    $this->setAuthConfig('openid.realm', $realm);
+  }
+
+  /**
+   * If this is provided with the value true, and the authorization request is
+   * granted, the authorization will include any previous authorizations
+   * granted to this user/application combination for other scopes.
+   * @param $include boolean - the URL-space to use.
+   */
+  public function setIncludeGrantedScopes($include)
+  {
+    $this->setAuthConfig(
+        'include_granted_scopes',
+        $include ? "true" : "false"
+    );
+  }
+
   /**
    * @return string the base URL to use for API calls
    */

src/Google/Http/MediaFileUpload.php

@@ -288,13 +288,13 @@ private function getResumeUri()
       return $location;
     }
     $message = $code;
-    $body = @json_decode( $response->getResponseBody() );
-    if ( ! empty( $body->error->errors ) ) {
+    $body = @json_decode($response->getResponseBody());
+    if (!empty( $body->error->errors ) ) {
       $message .= ': ';
-      foreach( $body->error->errors as $error ) {
+      foreach ($body->error->errors as $error) {
         $message .= "{$error->domain}, {$error->message};";
       }
-      $message = rtrim( $message, ';' );
+      $message = rtrim($message, ';');
     }
     throw new Google_Exception("Failed to start the resumable upload (HTTP {$message})");
   }

tests/general/ApiOAuth2Test.php

@@ -130,14 +130,22 @@ public function testCreateAuthUrl()
 
     // Again with a blank login hint (should remove all traces from authUrl)
     $client->setLoginHint("");
+    $client->setHostedDomain("example.com");
+    $client->setOpenidRealm("example.com");
+    $client->setPrompt("select_account");
+    $client->setIncludeGrantedScopes(true);
     $authUrl = $oauth->createAuthUrl("http://googleapis.com/scope/foo");
     $expected = "https://accounts.google.com/o/oauth2/auth"
         . "?response_type=code"
         . "&redirect_uri=http%3A%2F%2Flocalhost"
         . "&client_id=clientId1"
         . "&scope=http%3A%2F%2Fgoogleapis.com%2Fscope%2Ffoo"
         . "&access_type=offline"
-        . "&approval_prompt=force";
+        . "&approval_prompt=force"
+        . "&hd=example.com"
+        . "&openid.realm=example.com"
+        . "&prompt=select_account"
+        . "&include_granted_scopes=true";
     $this->assertEquals($expected, $authUrl);
   }