[13.x] Support OAuth2 Server v9

.github/workflows/tests.yml

@@ -16,13 +16,9 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        php: ['8.0', 8.1, 8.2, 8.3]
+        php: [8.1, 8.2, 8.3]
         laravel: [9, 10, 11]
         exclude:
-          - php: '8.0'
-            laravel: 10
-          - php: '8.0'
-            laravel: 11
           - php: 8.1
             laravel: 11
           - php: 8.3

UPGRADE.md

@@ -2,6 +2,14 @@
 
 ## General Notes
 
+## Upgrading To 13.0 From 12.x
+
+### Minimum PHP Version
+
+PR: https://github.com/laravel/passport/pull/1734
+
+PHP 8.1 is now the minimum required version.
+
 ## Upgrading To 12.0 From 11.x
 
 ### Migration Changes
@@ -14,6 +22,8 @@ php artisan vendor:publish --tag=passport-migrations
 
 ### Password Grant Type
 
+PR: https://github.com/laravel/passport/pull/1715
+
 The password grant type is disabled by default. You may enable it by calling the `enablePasswordGrant` method in the `boot` method of your application's `App\Providers\AppServiceProvider` class:
 
 ```php

composer.json

@@ -14,8 +14,9 @@
         }
     ],
     "require": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-json": "*",
+        "ext-openssl": "*",
         "firebase/php-jwt": "^6.4",
         "illuminate/auth": "^9.21|^10.0|^11.0",
         "illuminate/console": "^9.21|^10.0|^11.0",
@@ -26,18 +27,18 @@
         "illuminate/encryption": "^9.21|^10.0|^11.0",
         "illuminate/http": "^9.21|^10.0|^11.0",
         "illuminate/support": "^9.21|^10.0|^11.0",
-        "lcobucci/jwt": "^4.3|^5.0",
-        "league/oauth2-server": "^8.5.3",
+        "lcobucci/jwt": "^5.0",
+        "league/oauth2-server": "^9.0",
         "nyholm/psr7": "^1.5",
-        "phpseclib/phpseclib": "^2.0|^3.0",
+        "phpseclib/phpseclib": "^3.0",
         "symfony/console": "^6.0|^7.0",
-        "symfony/psr-http-message-bridge": "^2.1|^6.0|^7.0"
+        "symfony/psr-http-message-bridge": "^6.0|^7.0"
     },
     "require-dev": {
         "mockery/mockery": "^1.0",
         "orchestra/testbench": "^7.35|^8.14|^9.0",
         "phpstan/phpstan": "^1.10",
-        "phpunit/phpunit": "^9.3|^10.5"
+        "phpunit/phpunit": "^9.3|^10.5|^11.0"
     },
     "autoload": {
         "psr-4": {
@@ -66,6 +67,6 @@
         "post-autoload-dump": "@prepare",
         "prepare": "@php vendor/bin/testbench package:discover --ansi"
     },
-    "minimum-stability": "dev",
+    "minimum-stability": "stable",
     "prefer-stable": true
 }

database/factories/ClientFactory.php

@@ -4,7 +4,6 @@
 
 use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Str;
-use Laravel\Passport\Client;
 use Laravel\Passport\Passport;
 
 /**
@@ -13,11 +12,14 @@
 class ClientFactory extends Factory
 {
     /**
-     * The name of the factory's corresponding model.
+     * Get the name of the model that is generated by the factory.
      *
-     * @var string
+     * @return class-string<\Illuminate\Database\Eloquent\Model>
      */
-    protected $model = Client::class;
+    public function modelName()
+    {
+        return $this->model ?? Passport::clientModel();
+    }
 
     /**
      * Define the model's default state.
@@ -46,7 +48,7 @@ public function definition()
     protected function ensurePrimaryKeyIsSet(array $data)
     {
         if (Passport::clientUuids()) {
-            $keyName = (new $this->model)->getKeyName();
+            $keyName = (new ($this->modelName()))->getKeyName();
 
             $data[$keyName] = (string) Str::orderedUuid();
         }

src/Bridge/AccessToken.php

@@ -15,14 +15,13 @@ class AccessToken implements AccessTokenEntityInterface
     /**
      * Create a new token instance.
      *
-     * @param  string  $userIdentifier
-     * @param  array  $scopes
-     * @param  \League\OAuth2\Server\Entities\ClientEntityInterface  $client
-     * @return void
+     * @param  \League\OAuth2\Server\Entities\ScopeEntityInterface[]  $scopes
      */
-    public function __construct($userIdentifier, array $scopes, ClientEntityInterface $client)
+    public function __construct(string|null $userIdentifier, array $scopes, ClientEntityInterface $client)
     {
-        $this->setUserIdentifier($userIdentifier);
+        if (! is_null($userIdentifier)) {
+            $this->setUserIdentifier($userIdentifier);
+        }
 
         foreach ($scopes as $scope) {
             $this->addScope($scope);

src/Bridge/AccessTokenRepository.php

@@ -17,24 +17,16 @@ class AccessTokenRepository implements AccessTokenRepositoryInterface
 
     /**
      * The token repository instance.
-     *
-     * @var \Laravel\Passport\TokenRepository
      */
-    protected $tokenRepository;
+    protected TokenRepository $tokenRepository;
 
     /**
      * The event dispatcher instance.
-     *
-     * @var \Illuminate\Contracts\Events\Dispatcher
      */
-    protected $events;
+    protected Dispatcher $events;
 
     /**
      * Create a new repository instance.
-     *
-     * @param  \Laravel\Passport\TokenRepository  $tokenRepository
-     * @param  \Illuminate\Contracts\Events\Dispatcher  $events
-     * @return void
      */
     public function __construct(TokenRepository $tokenRepository, Dispatcher $events)
     {
@@ -45,46 +37,45 @@ public function __construct(TokenRepository $tokenRepository, Dispatcher $events
     /**
      * {@inheritdoc}
      */
-    public function getNewToken(ClientEntityInterface $clientEntity, array $scopes, $userIdentifier = null)
-    {
+    public function getNewToken(
+        ClientEntityInterface $clientEntity,
+        array $scopes,
+        string|null $userIdentifier = null
+    ): AccessTokenEntityInterface {
         return new Passport::$accessTokenEntity($userIdentifier, $scopes, $clientEntity);
     }
 
     /**
      * {@inheritdoc}
      */
-    public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity)
+    public function persistNewAccessToken(AccessTokenEntityInterface $accessTokenEntity): void
     {
         $this->tokenRepository->create([
-            'id' => $accessTokenEntity->getIdentifier(),
-            'user_id' => $accessTokenEntity->getUserIdentifier(),
-            'client_id' => $accessTokenEntity->getClient()->getIdentifier(),
+            'id' => $id = $accessTokenEntity->getIdentifier(),
+            'user_id' => $userId = $accessTokenEntity->getUserIdentifier(),
+            'client_id' => $clientId = $accessTokenEntity->getClient()->getIdentifier(),
             'scopes' => $this->scopesToArray($accessTokenEntity->getScopes()),
             'revoked' => false,
             'created_at' => new DateTime,
             'updated_at' => new DateTime,
             'expires_at' => $accessTokenEntity->getExpiryDateTime(),
         ]);
 
-        $this->events->dispatch(new AccessTokenCreated(
-            $accessTokenEntity->getIdentifier(),
-            $accessTokenEntity->getUserIdentifier(),
-            $accessTokenEntity->getClient()->getIdentifier()
-        ));
+        $this->events->dispatch(new AccessTokenCreated($id, $userId, $clientId));
     }
 
     /**
      * {@inheritdoc}
      */
-    public function revokeAccessToken($tokenId)
+    public function revokeAccessToken(string $tokenId): void
     {
         $this->tokenRepository->revokeAccessToken($tokenId);
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isAccessTokenRevoked($tokenId)
+    public function isAccessTokenRevoked(string $tokenId): bool
     {
         return $this->tokenRepository->isAccessTokenRevoked($tokenId);
     }

src/Bridge/AuthCodeRepository.php

@@ -13,15 +13,15 @@ class AuthCodeRepository implements AuthCodeRepositoryInterface
     /**
      * {@inheritdoc}
      */
-    public function getNewAuthCode()
+    public function getNewAuthCode(): AuthCodeEntityInterface
     {
         return new AuthCode;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
+    public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity): void
     {
         $attributes = [
             'id' => $authCodeEntity->getIdentifier(),
@@ -38,15 +38,15 @@ public function persistNewAuthCode(AuthCodeEntityInterface $authCodeEntity)
     /**
      * {@inheritdoc}
      */
-    public function revokeAuthCode($codeId)
+    public function revokeAuthCode(string $codeId): void
     {
         Passport::authCode()->where('id', $codeId)->update(['revoked' => true]);
     }
 
     /**
      * {@inheritdoc}
      */
-    public function isAuthCodeRevoked($codeId)
+    public function isAuthCodeRevoked(string $codeId): bool
     {
         return Passport::authCode()->where('id', $codeId)->where('revoked', 1)->exists();
     }

src/Bridge/Client.php

@@ -4,63 +4,32 @@
 
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\Traits\ClientTrait;
+use League\OAuth2\Server\Entities\Traits\EntityTrait;
 
 class Client implements ClientEntityInterface
 {
-    use ClientTrait;
-
-    /**
-     * The client identifier.
-     *
-     * @var string
-     */
-    protected $identifier;
+    use ClientTrait, EntityTrait;
 
     /**
      * The client's provider.
-     *
-     * @var string
      */
-    public $provider;
+    public ?string $provider;
 
     /**
      * Create a new client instance.
-     *
-     * @param  string  $identifier
-     * @param  string  $name
-     * @param  string  $redirectUri
-     * @param  bool  $isConfidential
-     * @param  string|null  $provider
-     * @return void
      */
-    public function __construct($identifier, $name, $redirectUri, $isConfidential = false, $provider = null)
-    {
-        $this->setIdentifier((string) $identifier);
+    public function __construct(
+        string $identifier,
+        string $name,
+        string $redirectUri,
+        bool $isConfidential = false,
+        ?string $provider = null
+    ) {
+        $this->setIdentifier($identifier);
 
         $this->name = $name;
         $this->isConfidential = $isConfidential;
         $this->redirectUri = explode(',', $redirectUri);
         $this->provider = $provider;
     }
-
-    /**
-     * Get the client's identifier.
-     *
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return (string) $this->identifier;
-    }
-
-    /**
-     * Set the client's identifier.
-     *
-     * @param  string  $identifier
-     * @return void
-     */
-    public function setIdentifier($identifier)
-    {
-        $this->identifier = $identifier;
-    }
 }