Change BasicAuth to OAuth (oidc)

Author: Lennart Van Vaerenbergh

.gitignore

@@ -1,6 +1,6 @@
 # PHPUnit build artifacts.
 /build
-.phpunit.cache/
+.phpunit.cache
 .phpunit.result.cache
 
 # Never commit vendors!

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All Notable changes to `digipolisgent/api-client` package.
 
+## [4.0.0]
+
+_Use version 4 of this module to switch over to OAuth authentication.
+Key/secret authentication is dropped from the client.
+The client and configuration objects have changed parameters._
+
+### Added
+
+* ZALENZOEK-689: Add OAuth2 API authentication.
+
 ## [3.0.1]
 
 ### Fixed
@@ -82,6 +92,7 @@ This includes:
 * Interfaces to create services in client packages.
 
 [Unreleased]: https://github.com/digipolisgent/php_package_dg-api-client/compare/master...develop
+[4.0.0]: https://github.com/digipolisgent/php_package_dg-api-client/compare/3.0.1...4.0.0
 [3.0.1]: https://github.com/digipolisgent/php_package_dg-api-client/compare/3.0.0...3.0.1
 [3.0.0]: https://github.com/digipolisgent/php_package_dg-api-client/compare/2.1.0...3.0.0
 [2.1.0]: https://github.com/digipolisgent/php_package_dg-api-client/compare/2.0.0...2.1.0

README.md

@@ -1,4 +1,4 @@
-# DigipolsigGent API Client
+# District09 API Client
 
 This package provides interfaces and abstract implementations to create an API client.
 

composer.json

@@ -17,13 +17,18 @@
         {
             "name": "Jelle Sebreghts",
             "email": "sebreghts.jelle@district09.gent"
+        },
+        {
+            "name": "Lennart Van Vaerenbergh",
+            "email": "lennart.vanvaerenbergh@district09.gent"
         }
     ],
     "homepage": "https://github.com/digipolisgent/php_package_api-client",
     "require": {
         "php": "^7.4 || ^8.0",
         "ext-json": "*",
         "guzzlehttp/guzzle": "^6.5 || ^7.0",
+        "jumbojett/openid-connect-php": "^1",
         "psr/http-message": "^1.0",
         "psr/simple-cache": "^1.0"
     },

phpunit.xml

@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
+    bootstrap="vendor/autoload.php"
+    cacheDirectory=".phpunit.cache"
+    executionOrder="depends,defects"
+    requireCoverageMetadata="false"
+    beStrictAboutOutputDuringTests="true"
+    displayDetailsOnPhpunitDeprecations="true"
+    displayDetailsOnTestsThatTriggerNotices="true"
+    displayDetailsOnTestsThatTriggerWarnings="true"
+    failOnPhpunitDeprecation="true"
+    failOnRisky="true"
+    failOnWarning="false"
+    failOnNotice="false"
+>
+    <source ignoreIndirectDeprecations="true">
+        <include>
+            <directory>src</directory>
+        </include>
+    </source>
+
+    <testsuites>
+        <testsuite name="Coretalents/Portal">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <coverage>
+        <report>
+            <clover outputFile="build/logs/clover.xml"/>
+            <html outputDirectory="build/coverage"/>
+        </report>
+    </coverage>
+</phpunit>

src/Client/AbstractClient.php

@@ -8,12 +8,15 @@
 use DigipolisGent\API\Client\Exception\HandlerNotFound;
 use DigipolisGent\API\Client\Handler\HandlerInterface;
 use DigipolisGent\API\Client\Response\ResponseInterface;
+use DigipolisGent\API\Client\Token\OidcTokenProvider;
+use DigipolisGent\API\Client\Token\TokenProviderInterface;
 use DigipolisGent\API\Logger\LoggableInterface;
 use DigipolisGent\API\Logger\LoggableTrait;
 use DigipolisGent\API\Logger\RequestLog;
 use GuzzleHttp\ClientInterface as GuzzleClientInterface;
 use GuzzleHttp\Exception\ClientException;
 use Psr\Http\Message\RequestInterface;
+use Psr\SimpleCache\CacheInterface;
 
 /**
  * Abstract implementation of the service client.
@@ -43,16 +46,37 @@ abstract class AbstractClient implements ClientInterface, LoggableInterface
      */
     protected ConfigurationInterface $configuration;
 
+    /**
+     * The OIDC token provider.
+     *
+     * @var \DigipolisGent\API\Client\Token\TokenProviderInterface
+     */
+    protected TokenProviderInterface $tokenProvider;
+
     /**
      * Client constructor.
      *
      * @param \GuzzleHttp\ClientInterface $guzzle
+     *   The Guzzle HTTP client.
      * @param \DigipolisGent\API\Client\Configuration\ConfigurationInterface $configuration
+     *   The client configuration object.
+     * @param \Psr\SimpleCache\CacheInterface $cache
+     *    Cache used for auth Bearer tokens. Not that this is not for API responses.
      */
-    public function __construct(GuzzleClientInterface $guzzle, ConfigurationInterface $configuration)
-    {
+    public function __construct(
+        GuzzleClientInterface $guzzle,
+        ConfigurationInterface $configuration,
+        CacheInterface $cache,
+    ) {
         $this->guzzle = $guzzle;
         $this->configuration = $configuration;
+        $this->tokenProvider = new OidcTokenProvider(
+            $configuration->getAuthUri(),
+            $configuration->getClientId(),
+            $configuration->getClientSecret(),
+            $configuration->getScope(),
+            $cache,
+        );
     }
 
     /**
@@ -90,10 +114,15 @@ public function send(RequestInterface $request): ResponseInterface
      */
     protected function injectHeaders(RequestInterface $request): RequestInterface
     {
-        return $request->withHeader(
-            'Content-Length',
-            (string) strlen((string) $request->getBody())
-        );
+        return $request
+            ->withHeader(
+                'Content-Length',
+                (string) strlen((string) $request->getBody())
+            )
+            ->withHeader(
+                'Authorization',
+                'Bearer ' . $this->tokenProvider->getAccessToken()
+            );
     }
 
     /**

src/Client/Configuration/Configuration.php

@@ -16,6 +16,34 @@ class Configuration implements ConfigurationInterface
      */
     protected string $endpointUri;
 
+    /**
+     * Endpoint URI for the authentication.
+     *
+     * @var string
+     */
+    protected string $authEndpointUri;
+
+    /**
+     * Client ID.
+     *
+     * @var string
+     */
+    protected string $clientId;
+
+    /**
+     * Client secret.
+     *
+     * @var string
+     */
+    protected string $clientSecret;
+
+    /**
+     * Auth scope.
+     *
+     * @var string
+     */
+    protected string $scope;
+
     /**
      * The configuration options.
      *
@@ -28,10 +56,33 @@ class Configuration implements ConfigurationInterface
 
     /**
      * Create new configuration.
+     *
+     * @param string $endpointUri
+     *   The endpoint URI.
+     * @param string $authEndpointUri
+     *   The authentication endpoint URI.
+     * @param string $clientId
+     *   The client ID.
+     * @param string $clientSecret
+     *   The client secret.
+     * @param string $scope
+     *   The authentication scope.
+     * @param array $options
+     *   The client extra options.
      */
-    public function __construct(string $endpointUri, array $options = [])
-    {
+    public function __construct(
+        string $endpointUri,
+        string $authEndpointUri,
+        string $clientId,
+        string $clientSecret,
+        string $scope,
+        array $options = [],
+    ) {
         $this->endpointUri = $endpointUri;
+        $this->authEndpointUri = $authEndpointUri;
+        $this->clientId = $clientId;
+        $this->clientSecret = $clientSecret;
+        $this->scope = $scope;
 
         foreach ($options as $key => $value) {
             if (!array_key_exists($key, $this->options)) {
@@ -50,6 +101,38 @@ public function getUri(): string
         return $this->endpointUri;
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function getAuthUri(): string
+    {
+        return $this->authEndpointUri;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getClientId(): string
+    {
+        return $this->clientId;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getClientSecret(): string
+    {
+        return $this->clientSecret;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function getScope(): string
+    {
+        return $this->scope;
+    }
+
     /**
      * @inheritDoc
      */

src/Client/Configuration/ConfigurationInterface.php

@@ -16,6 +16,34 @@ interface ConfigurationInterface
      */
     public function getUri(): string;
 
+    /**
+     * Get the authentication URI.
+     *
+     * @return string
+     */
+    public function getAuthUri(): string;
+
+    /**
+     * Get the client ID.
+     *
+     * @return string
+     */
+    public function getClientId(): string;
+
+    /**
+     * Get the client secret.
+     *
+     * @return string
+     */
+    public function getClientSecret(): string;
+
+    /**
+     * Get the scope.
+     *
+     * @return string
+     */
+    public function getScope(): string;
+
     /**
      * Get the service version number to use.
      *