Merge pull request #16 from upwork/v2.4.0

feat(grant): add support of Client Credentials Grant

Author: mnovozhylov

.docgen

@@ -1 +1 @@
-apigen generate -s src/ -d docs_html
+apigen src --output docs

.github/workflows/build.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ubuntu-latest]
-        php: [ '7.3', '7.4' ]
+        php: [ '7.3', '7.4', '8.1' ]
 
     name: PHP ${{ matrix.python }}
     steps:

CHANGES.md

@@ -1,5 +1,8 @@
 # Release History
 
+## 2.4.0
+* Add support of Client Credentials Grant
+
 ## 2.3.1
 * Bug fixes
 

composer.json

@@ -1,7 +1,7 @@
 {
     "name": "upwork/php-upwork-oauth2",
     "description": "PHP bindings for Upwork API (OAuth2)",
-    "version": "v2.3.1",
+    "version": "v2.4.0",
     "type": "library",
     "keywords": ["upwork", "php", "api", "oauth2"],
     "homepage": "http://www.upwork.com",
@@ -25,7 +25,7 @@
     "require": {
         "php": ">=5.6.0",
 	"ext-json": "*",
-	"league/oauth2-client": "^2.3"
+	"league/oauth2-client": "^2.7"
     },
     "require-dev": {
         "phpunit/phpunit": "^9",

example/example.php

@@ -22,9 +22,10 @@
     array(
         'clientId'          => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx', // SETUP YOUR CONSUMER KEY
         'clientSecret'      => 'xxxxxxxxxxxx', // SETUP KEY SECRET
-	'redirectUri'       => 'https://a.callback.url/',
+        //'grantType'         => 'client_credentials', // used in Client Credentials Grant
+	      'redirectUri'       => 'https://a.callback.url/', // used in Code Authorization Grant
         'accessToken'       => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx', // WARNING: keep this up-to-date!
-        'refreshToken'      => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx', // WARNING: keep this up-to-date!
+        'refreshToken'      => 'xxxxxxxxxxxxxxxxxxxxxxxxxxx', // WARNING: keep this up-to-date! // NOT needed for Client Credentials Grant
         'expiresIn'         => 'xxxxxxxxxx', // WARNING: keep this up-to-date!
         //'debug'             => true, // enables debug mode
         //'authType'          => 'MyOAuthPHPLib' // your own authentication type, see AuthTypes directory

src/Upwork/API/AuthTypes/AbstractOAuth.php

@@ -36,6 +36,10 @@ abstract class AbstractOAuth
      * @var Client Secret (a.k.a. Key Secret)
      */
     static protected $_clientSecret = null;
+    /**
+     * @var Grant Type
+     */
+    static protected $_grantType = null;
     /**
      * @var Redirect URI
      */
@@ -136,65 +140,86 @@ public function auth()
     {
         ApiDebug::p('running auth process in ' . __CLASS__);
 
-	if (self::$_accessToken === null && self::$_refreshToken === null && self::$_authzCode === null) {
-	    $authUrl = $this->getInstance()->getAuthorizationUrl();
-	    ApiDebug::p('Got authorization URL from OAuth2 instance', $authUrl);
-
-	    // save the state - useful for web-based apps to prevent CSRF attacks
-	    self::$_state = $this->getInstance()->getState();
-	    ApiDebug::p('Saving state', self::$_state);
-
-            if (self::$_mode === 'web') {
-                // authorize web application via browser
-                header('Location: ' . $authUrl);
-            } elseif (self::$_mode === 'nonweb') {
-                // authorize nonweb application
-                ApiDebug::p('found [nonweb] mode, need to authorize application manually');
-
-                $prompt = 'Visit ' . $authUrl . "\n " .
-                    'and provide received code (verifier) for further authorization' . "\n" .
-                    '$ ';
-                if (PHP_OS == 'WINNT') {
-                    echo $prompt;
-                    $authzCode = stream_get_line(STDIN, 1024, PHP_EOL);
-                } else {
-                    $authzCode = readline($prompt);
+	    if (self::$_accessToken === null && self::$_refreshToken === null && self::$_authzCode === null) {
+            if (self::$_grantType == 'authorization_code') { // Code authorization grant type
+                $authUrl = $this->getInstance()->getAuthorizationUrl();
+                ApiDebug::p('Got authorization URL from OAuth2 instance', $authUrl);
+
+                // save the state - useful for web-based apps to prevent CSRF attacks
+                self::$_state = $this->getInstance()->getState();
+                ApiDebug::p('Saving state', self::$_state);
+
+                if (self::$_mode === 'web') {
+                    // authorize web application via browser
+                    header('Location: ' . $authUrl);
+                } elseif (self::$_mode === 'nonweb') {
+                    // authorize nonweb application
+                    ApiDebug::p('found [nonweb] mode, need to authorize application manually');
+
+                    $prompt = 'Visit ' . $authUrl . "\n " .
+                        'and provide received code (verifier) for further authorization' . "\n" .
+                        '$ ';
+                    if (PHP_OS == 'WINNT') {
+                        echo $prompt;
+                        $authzCode = stream_get_line(STDIN, 1024, PHP_EOL);
+                    } else {
+                        $authzCode = readline($prompt);
+                    }
+
+                    // get access token
+                    $this->_setupTokens($authzCode, self::$_grantType);
+                }
+            } else if (self::$_grantType == 'client_credentials') {
+                if (self::$_mode === 'web') {
+                    // authorize web application via browser
+                    header('Location: ' . $authUrl);
+                } elseif (self::$_mode === 'nonweb') {
+                    ApiDebug::p('found [nonweb] mode for client credentials grant');
+                    // Client credentials grant type
+                    $this->_setupTokens(null, self::$_grantType);
                 }
-
-                // get access token
-                $this->_setupTokens($authzCode);
             }
-	} elseif (self::$_accessToken === null && self::$_authzCode !== null) {
+	    } elseif (self::$_accessToken === null && self::$_authzCode !== null) {
             // get access token, web-based callback
-	    $this->_setupTokens(self::$_authzCode);
+	        $this->_setupTokens(self::$_authzCode, 'authorization_code');
         } else {
             // access_token isset
-	    // check if expired and refresh if needed
-	    if (self::$_expiresIn <= time()) {
-		if (self::$_refreshToken === null) {
-	            throw new ApiException('Access token has expired but refresh token is not specified. Can not refresh.');
-		}
-		$this->_refreshTokens(self::$_refreshToken);
-	    }
+            // check if expired and refresh if needed
+            if (self::$_expiresIn <= time()) {
+                if (self::$_grantType === 'authorization_code') {
+                    if (self::$_refreshToken === null) {
+                        throw new ApiException('Access token has expired but refresh token is not specified. Can not refresh.');
+                    }
+                    $this->_refreshTokens(self::$_refreshToken);
+                } else if (self::$_grantType === 'client_credentials') {
+                    $this->_setupTokens(null, self::$_grantType);
+                }
+            }
         }
 
-	ApiDebug::p('Tokens info', array(self::$_accessToken, self::$_refreshToken, self::$_expiresIn));
-
-        return array(
-            'access_token'  => self::$_accessToken,
-	    'refresh_token' => self::$_refreshToken,
-	    'expires_in'    => self::$_expiresIn
-        );
+	    ApiDebug::p('Tokens info', array(self::$_accessToken, self::$_refreshToken, self::$_expiresIn));
+
+        return (self::$_grantType === 'authorization_code')
+            ? array(
+                'access_token'  => self::$_accessToken,
+                'refresh_token' => self::$_refreshToken,
+                'expires_in'    => self::$_expiresIn
+            )
+            : array(
+                'access_token' => self::$_accessToken,
+                'expires_in' => self::$_expiresIn
+            );
     }
 
     /**
      * Get access token
      *
      * @param	string $authzCode Authorization Code, got after authorization
+     * @param	string $grantType Grant Type
      * @access	private
      * @return	array
      */
-    abstract protected function _setupTokens($authzCode);
+    abstract protected function _setupTokens($authzCode, $grantType);
 
     /**
      * Get OAuth instance

src/Upwork/API/AuthTypes/OAuth2ClientLib.php

@@ -41,9 +41,9 @@ final class OAuth2ClientLib extends AbstractOAuth implements ApiClient
      */
     public function getInstance()
     {
-	return (self::$_provider instanceof \League\OAuth2\Client\Provider\GenericProvider)
-            ? self::$_provider
-	    : $this->_getOAuthInstance();
+        return (self::$_provider instanceof \League\OAuth2\Client\Provider\GenericProvider)
+                ? self::$_provider
+            : $this->_getOAuthInstance();
     }
 
     /**
@@ -59,46 +59,46 @@ public function getInstance()
      */
     public function request($type, $url, $params = array(), string $tenantId = null)
     {
-	ApiDebug::p('running request from ' . __CLASS__);
-
-	switch ($type) {
-	    case \League\OAuth2\Client\Provider\AbstractProvider::METHOD_POST:
-                if (self::$_epoint == UPWORK_GRAPHQL_EP_NAME) {
-	            $options = array('headers' => array('content-type' => 'application/json'));
-                    is_null($tenantId) || $options['headers']['X-Upwork-API-TenantId'] = $tenantId;
-		    $options['body'] = $params;
-                } else {
-	            $options = array('headers' => array('content-type' => 'application/x-www-form-urlencoded'));
-		    $options['body'] = http_build_query($params, null, '&', \PHP_QUERY_RFC3986);
-                }
-
-		$url = ApiUtils::getFullUrl($url, self::$_epoint);
-		break;
-	    case \League\OAuth2\Client\Provider\AbstractProvider::METHOD_GET:
-		$options = array();
-	        $url = ApiUtils::getFullUrl($url, self::$_epoint, (($type == 'GET' ? $params : null)));
-		break;
-	    default:
-		throw new ApiException('Unsupported HTTP method.');
-	}
-
-	$options['headers']['user-agent'] = ApiConfig::UPWORK_LIBRARY_USER_AGENT;
-	$request = $this->getInstance()->getAuthenticatedRequest($type, $url, self::$_accessToken, $options);
-	
-	ApiDebug::p('prepared request', $request);
-
-	try {
-	    // do not use getParsedResponse, it returns an array
-	    // but we need a raw json that will be decoded and returned as StdClass object
-	    $response = $this->getInstance()->getResponse($request);
+        ApiDebug::p('running request from ' . __CLASS__);
+
+        switch ($type) {
+            case \League\OAuth2\Client\Provider\AbstractProvider::METHOD_POST:
+                    if (self::$_epoint == UPWORK_GRAPHQL_EP_NAME) {
+                    $options = array('headers' => array('content-type' => 'application/json'));
+                        is_null($tenantId) || $options['headers']['X-Upwork-API-TenantId'] = $tenantId;
+                $options['body'] = $params;
+                    } else {
+                    $options = array('headers' => array('content-type' => 'application/x-www-form-urlencoded'));
+                $options['body'] = http_build_query($params, null, '&', \PHP_QUERY_RFC3986);
+                    }
+
+            $url = ApiUtils::getFullUrl($url, self::$_epoint);
+            break;
+            case \League\OAuth2\Client\Provider\AbstractProvider::METHOD_GET:
+            $options = array();
+                $url = ApiUtils::getFullUrl($url, self::$_epoint, (($type == 'GET' ? $params : null)));
+            break;
+            default:
+            throw new ApiException('Unsupported HTTP method.');
+        }
+
+        $options['headers']['user-agent'] = ApiConfig::UPWORK_LIBRARY_USER_AGENT;
+        $request = $this->getInstance()->getAuthenticatedRequest($type, $url, self::$_accessToken, $options);
+
+        ApiDebug::p('prepared request', $request);
+
+        try {
+            // do not use getParsedResponse, it returns an array
+            // but we need a raw json that will be decoded and returned as StdClass object
+            $response = $this->getInstance()->getResponse($request);
         } catch (\GuzzleHttp\Exception\ClientException $e) {
             $eResponse = $e->getResponse();
             $response = $eResponse->getBody()->getContents();
-	} catch (\Exception $e) {
-	    $response = $e->getResponseBody();
-	}
-        
-	ApiDebug::p('got response from server', $response);
+        } catch (\Exception $e) {
+            $response = $e->getResponseBody();
+        }
+
+        ApiDebug::p('got response from server', $response);
 
         return (string) $response->getBody();
     }
@@ -107,14 +107,15 @@ public function request($type, $url, $params = array(), string $tenantId = null)
      * Get access token
      *
      * @param	string $authzCode	Authorization code (a received verifier)
+     * @param	string $grantType   Grant Type
      * @access	protected
      * @return	array
      */
-    protected function _setupTokens($authzCode)
+    protected function _setupTokens($authzCode, $grantType)
     {
         ApiDebug::p('requesting access token');
 
-	return $this->_requestTokens('authorization_code', array('code' => $authzCode));
+	    return $this->_requestTokens($grantType, array('code' => $authzCode));
     }
 
     /**
@@ -126,9 +127,9 @@ protected function _setupTokens($authzCode)
      */
     protected function _refreshTokens($refreshToken)
     {
-	ApiDebug::p('refreshing the existing access token');
+        ApiDebug::p('refreshing the existing access token');
 
-	return $this->_requestTokens('refresh_token', array('refresh_token' => $refreshToken));
+        return $this->_requestTokens('refresh_token', array('refresh_token' => $refreshToken));
     }
 
     /**
@@ -147,11 +148,11 @@ protected function _getOAuthInstance($authType = null)
             'clientSecret' => self::$_clientSecret,
             'redirectUri' => self::$_redirectUri,
             'urlAuthorize' => ApiUtils::getFullUrl(self::URL_AUTH, ''),
-	    'urlAccessToken' => ApiUtils::getFullUrl(self::URL_ATOKEN, 'api'),
-	    'urlResourceOwnerDetails' => ''
+            'urlAccessToken' => ApiUtils::getFullUrl(self::URL_ATOKEN, 'api'),
+            'urlResourceOwnerDetails' => ''
         );
 
-	self::$_provider = new \League\OAuth2\Client\Provider\GenericProvider($options);
+	    self::$_provider = new \League\OAuth2\Client\Provider\GenericProvider($options);
 
         return self::$_provider;
     }
@@ -170,21 +171,24 @@ private function _requestTokens(string $type, array $options)
 
         $accessTokenInfo = array();
 
-	$accessToken = $this->getInstance()->getHttpClient()->getConfig()['handler']->push(
+	    $accessToken = $this->getInstance()->getHttpClient()->getConfig()['handler']->push(
             Middleware::mapRequest(function (RequestInterface $request) {
                 return $request->withHeader('User-Agent', ApiConfig::UPWORK_LIBRARY_USER_AGENT);
             }));
         $accessToken = $this->getInstance()->getAccessToken($type, $options);
 
         $accessTokenInfo['access_token']  = $accessToken->getToken();
-	$accessTokenInfo['refresh_token'] = $accessToken->getRefreshToken();
-	$accessTokenInfo['expires_in']    = $accessToken->getExpires();
-
-        ApiDebug::p('got access token info', $accessTokenInfo);
+        $accessTokenInfo['expires_in']    = $accessToken->getExpires();
 
         self::$_accessToken  = $accessTokenInfo['access_token'];
-	self::$_refreshToken = $accessTokenInfo['refresh_token'];
-	self::$_expiresIn    = $accessTokenInfo['expires_in'];
+        self::$_expiresIn    = $accessTokenInfo['expires_in'];
+
+        if ($type === 'authorization_code') {
+            $accessTokenInfo['refresh_token'] = $accessToken->getRefreshToken();
+            self::$_refreshToken = $accessTokenInfo['refresh_token'];
+        }
+
+        ApiDebug::p('got access token info', $accessTokenInfo);
 
         return $accessTokenInfo;
     }