oauth2-server/examples/public/api.php

<?php

use League\OAuth2\Server\ResourceServer;
use OAuth2ServerExamples\Repositories\AccessTokenRepository;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\App;

include __DIR__ . '/../vendor/autoload.php';

$app = new App([
    // Add the resource server to the DI container
    ResourceServer::class => function () {
        $server = new ResourceServer(
            new AccessTokenRepository(),            // instance of AccessTokenRepositoryInterface
            'file://' . __DIR__ . '/../public.key'  // the authorization server's public key
        );

        return $server;
    },
]);

// Add the resource server middleware which will intercept and validate requests
$app->add(
    new \League\OAuth2\Server\Middleware\ResourceServerMiddleware(
        $app->getContainer()->get(ResourceServer::class)
    )
);

// An example endpoint secured with OAuth 2.0
$app->get(
    '/users',
    function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {

        $users = [
            [
                'id'    => 123,
                'name'  => 'Alex',
                'email' => 'alex@thephpleague.com',
            ],
            [
                'id'    => 124,
                'name'  => 'Frank',
                'email' => 'frank@thephpleague.com',
            ],
            [
                'id'    => 125,
                'name'  => 'Phil',
                'email' => 'phil@thephpleague.com',
            ],
        ];

        // If the access token doesn't have the `basic` scope hide users' names
        if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) {
            for ($i = 0; $i < count($users); $i++) {
                unset($users[$i]['name']);
            }
        }

        // If the access token doesn't have the `email` scope hide users' email addresses
        if (in_array('email', $request->getAttribute('oauth_scopes')) === false) {
            for ($i = 0; $i < count($users); $i++) {
                unset($users[$i]['email']);
            }
        }

        $response->getBody()->write(json_encode($users));

        return $response->withStatus(200);
    }
);

$app->run();
Added API example 2016-03-24 20:57:55 +05:30			`<?php`

Use resource server instead 2016-04-17 17:11:28 +05:30			`use League\OAuth2\Server\ResourceServer;`
Added API example 2016-03-24 20:57:55 +05:30			`use OAuth2ServerExamples\Repositories\AccessTokenRepository;`
			`use Psr\Http\Message\ResponseInterface;`
			`use Psr\Http\Message\ServerRequestInterface;`
			`use Slim\App;`

			`include __DIR__ . '/../vendor/autoload.php';`

			`$app = new App([`
Improved examples 2016-04-18 16:53:21 +05:30			`// Add the resource server to the DI container`
Class rename fixes 2016-04-17 17:24:49 +05:30			`ResourceServer::class => function () {`
Use resource server instead 2016-04-17 17:11:28 +05:30			`$server = new ResourceServer(`
Improved examples 2016-04-18 16:53:21 +05:30			`new AccessTokenRepository(), // instance of AccessTokenRepositoryInterface`
			`'file://' . __DIR__ . '/../public.key' // the authorization server's public key`
Added API example 2016-03-24 20:57:55 +05:30			`);`

			`return $server;`
			`},`
			`]);`

Improved examples 2016-04-18 16:53:21 +05:30			`// Add the resource server middleware which will intercept and validate requests`
Added API example 2016-03-24 20:57:55 +05:30			`$app->add(`
			`new \League\OAuth2\Server\Middleware\ResourceServerMiddleware(`
Class rename fixes 2016-04-17 17:24:49 +05:30			`$app->getContainer()->get(ResourceServer::class)`
Added API example 2016-03-24 20:57:55 +05:30			`)`
			`);`

Improved examples 2016-04-18 16:53:21 +05:30			`// An example endpoint secured with OAuth 2.0`
			`$app->get(`
			`'/users',`
			`function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {`
Added API example 2016-03-24 20:57:55 +05:30
Improved examples 2016-04-18 16:53:21 +05:30			`$users = [`
			`[`
			`'id' => 123,`
			`'name' => 'Alex',`
			`'email' => 'alex@thephpleague.com',`
			`],`
			`[`
			`'id' => 124,`
			`'name' => 'Frank',`
			`'email' => 'frank@thephpleague.com',`
			`],`
			`[`
			`'id' => 125,`
			`'name' => 'Phil',`
			`'email' => 'phil@thephpleague.com',`
			`],`
			`];`
Added API example 2016-03-24 20:57:55 +05:30
Improved examples 2016-04-18 16:53:21 +05:30			// If the access token doesn't have the `basic` scope hide users' names
			`if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) {`
			`for ($i = 0; $i < count($users); $i++) {`
			`unset($users[$i]['name']);`
			`}`
Added API example 2016-03-24 20:57:55 +05:30			`}`

Improved examples 2016-04-18 16:53:21 +05:30			// If the access token doesn't have the `email` scope hide users' email addresses
			`if (in_array('email', $request->getAttribute('oauth_scopes')) === false) {`
			`for ($i = 0; $i < count($users); $i++) {`
			`unset($users[$i]['email']);`
			`}`
Added API example 2016-03-24 20:57:55 +05:30			`}`

Improved examples 2016-04-18 16:53:21 +05:30			`$response->getBody()->write(json_encode($users));`
Added API example 2016-03-24 20:57:55 +05:30
Improved examples 2016-04-18 16:53:21 +05:30			`return $response->withStatus(200);`
			`}`
			`);`
Added API example 2016-03-24 20:57:55 +05:30
Improved examples 2016-04-18 16:53:21 +05:30			`$app->run();`