143 lines
3.2 KiB
PHP
143 lines
3.2 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
namespace Twilio\Jwt;
|
||
|
|
|
||
|
|
|
||
|
|
use Twilio\Jwt\Grants\Grant;
|
||
|
|
|
||
|
|
class AccessToken {
|
||
|
|
private $signingKeySid;
|
||
|
|
private $accountSid;
|
||
|
|
private $secret;
|
||
|
|
private $ttl;
|
||
|
|
private $identity;
|
||
|
|
private $nbf;
|
||
|
|
/** @var Grant[] $grants */
|
||
|
|
private $grants;
|
||
|
|
/** @var string[] $customClaims */
|
||
|
|
private $customClaims;
|
||
|
|
|
||
|
|
public function __construct($accountSid, $signingKeySid, $secret, $ttl = 3600, $identity = null) {
|
||
|
|
$this->signingKeySid = $signingKeySid;
|
||
|
|
$this->accountSid = $accountSid;
|
||
|
|
$this->secret = $secret;
|
||
|
|
$this->ttl = $ttl;
|
||
|
|
|
||
|
|
if (!is_null($identity)) {
|
||
|
|
$this->identity = $identity;
|
||
|
|
}
|
||
|
|
|
||
|
|
$this->grants = array();
|
||
|
|
$this->customClaims = array();
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Set the identity of this access token
|
||
|
|
*
|
||
|
|
* @param string $identity identity of the grant
|
||
|
|
*
|
||
|
|
* @return $this updated access token
|
||
|
|
*/
|
||
|
|
public function setIdentity($identity) {
|
||
|
|
$this->identity = $identity;
|
||
|
|
return $this;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Returns the identity of the grant
|
||
|
|
*
|
||
|
|
* @return string the identity
|
||
|
|
*/
|
||
|
|
public function getIdentity() {
|
||
|
|
return $this->identity;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Set the nbf of this access token
|
||
|
|
*
|
||
|
|
* @param integer $nbf nbf in epoch seconds of the grant
|
||
|
|
*
|
||
|
|
* @return $this updated access token
|
||
|
|
*/
|
||
|
|
public function setNbf($nbf) {
|
||
|
|
$this->nbf = $nbf;
|
||
|
|
return $this;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Returns the nbf of the grant
|
||
|
|
*
|
||
|
|
* @return integer the nbf in epoch seconds
|
||
|
|
*/
|
||
|
|
public function getNbf() {
|
||
|
|
return $this->nbf;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Add a grant to the access token
|
||
|
|
*
|
||
|
|
* @param Grant $grant to be added
|
||
|
|
*
|
||
|
|
* @return $this the updated access token
|
||
|
|
*/
|
||
|
|
public function addGrant(Grant $grant) {
|
||
|
|
$this->grants[] = $grant;
|
||
|
|
return $this;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Allows to set custom claims, which then will be encoded into JWT payload.
|
||
|
|
*
|
||
|
|
* @param string $name
|
||
|
|
* @param string $value
|
||
|
|
*/
|
||
|
|
public function addClaim($name, $value) {
|
||
|
|
$this->customClaims[$name] = $value;
|
||
|
|
}
|
||
|
|
|
||
|
|
public function toJWT($algorithm = 'HS256') {
|
||
|
|
$header = array(
|
||
|
|
'cty' => 'twilio-fpa;v=1',
|
||
|
|
'typ' => 'JWT'
|
||
|
|
);
|
||
|
|
|
||
|
|
$now = time();
|
||
|
|
|
||
|
|
$grants = array();
|
||
|
|
if ($this->identity) {
|
||
|
|
$grants['identity'] = $this->identity;
|
||
|
|
}
|
||
|
|
|
||
|
|
foreach ($this->grants as $grant) {
|
||
|
|
$payload = $grant->getPayload();
|
||
|
|
if (empty($payload)) {
|
||
|
|
$payload = json_decode('{}');
|
||
|
|
}
|
||
|
|
|
||
|
|
$grants[$grant->getGrantKey()] = $payload;
|
||
|
|
}
|
||
|
|
|
||
|
|
if (empty($grants)) {
|
||
|
|
$grants = json_decode('{}');
|
||
|
|
}
|
||
|
|
|
||
|
|
$payload = array_merge($this->customClaims, array(
|
||
|
|
'jti' => $this->signingKeySid . '-' . $now,
|
||
|
|
'iss' => $this->signingKeySid,
|
||
|
|
'sub' => $this->accountSid,
|
||
|
|
'exp' => $now + $this->ttl,
|
||
|
|
'grants' => $grants
|
||
|
|
));
|
||
|
|
|
||
|
|
if (!is_null($this->nbf)) {
|
||
|
|
$payload['nbf'] = $this->nbf;
|
||
|
|
}
|
||
|
|
|
||
|
|
return JWT::encode($payload, $this->secret, $algorithm, $header);
|
||
|
|
}
|
||
|
|
|
||
|
|
public function __toString() {
|
||
|
|
return $this->toJWT();
|
||
|
|
}
|
||
|
|
}
|