return associative array when validating token

Author: hafezdivandari

src/Handlers/AbstractTokenHandler.php

@@ -43,14 +43,14 @@ protected function getBearerTokenValidator(): BearerTokenValidatorInterface
     }
 
     /**
-     * @return array{0:non-empty-string, 1:array<non-empty-string, mixed>}|array{0:null, 1:null}
+     * @return array{type: non-empty-string, data: array<non-empty-string, mixed>}|null
      *
      * @throws OAuthServerException
      */
     protected function validateToken(
         ServerRequestInterface $request,
         ClientEntityInterface $client
-    ): array {
+    ): ?array {
         $token = $this->getRequestParameter('token', $request)
             ?? throw OAuthServerException::invalidRequest('token');
 
@@ -60,17 +60,15 @@ protected function validateToken(
         // the search across all supported token types according to the RFC spec.
         if ($tokenTypeHint === 'refresh_token') {
             return $this->validateRefreshToken($request, $token, $client)
-                ?? $this->validateAccessToken($request, $token, $client)
-                ?? [null, null];
+                ?? $this->validateAccessToken($request, $token, $client);
         }
 
         return $this->validateAccessToken($request, $token, $client)
-            ?? $this->validateRefreshToken($request, $token, $client)
-            ?? [null, null];
+            ?? $this->validateRefreshToken($request, $token, $client);
     }
 
     /**
-     * @return array{0:non-empty-string, 1:array<non-empty-string, mixed>}|null
+     * @return array{type: non-empty-string, data: array<non-empty-string, mixed>}|null
      */
     private function validateRefreshToken(
         ServerRequestInterface $request,
@@ -79,8 +77,8 @@ private function validateRefreshToken(
     ): ?array {
         try {
             return [
-                'refresh_token',
-                $this->validateEncryptedRefreshToken($request, $refreshToken, $client->getIdentifier()),
+                'type' => 'refresh_token',
+                'data' => $this->validateEncryptedRefreshToken($request, $refreshToken, $client->getIdentifier()),
             ];
         } catch (Throwable) {
             return null;
@@ -90,7 +88,7 @@ private function validateRefreshToken(
     /**
      * @param non-empty-string $accessToken
      *
-     * @return array{0:non-empty-string, 1:array<non-empty-string, mixed>}|null
+     * @return array{type: non-empty-string, data: array<non-empty-string, mixed>}|null
      */
     private function validateAccessToken(
         ServerRequestInterface $request,
@@ -99,8 +97,12 @@ private function validateAccessToken(
     ): ?array {
         try {
             return [
-                'access_token',
-                $this->getBearerTokenValidator()->validateBearerToken($request, $accessToken, $client->getIdentifier()),
+                'type' => 'access_token',
+                'data' => $this->getBearerTokenValidator()->validateBearerToken(
+                    $request,
+                    $accessToken,
+                    $client->getIdentifier()
+                ),
             ];
         } catch (Throwable) {
             return null;

src/Handlers/TokenIntrospectionHandler.php

@@ -26,16 +26,16 @@ public function setResponseType(IntrospectionResponseTypeInterface $responseType
     public function respondToRequest(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
     {
         $client = $this->validateClient($request);
-        [$tokenType, $tokenData] = $this->validateToken($request, $client);
+        $token = $this->validateToken($request, $client);
 
         $responseType = $this->getResponseType();
 
-        if ($tokenType === null || $tokenData === null) {
+        if ($token === null) {
             $responseType->setActive(false);
         } else {
             $responseType->setActive(true);
-            $responseType->setTokenType($tokenType);
-            $responseType->setTokenData($tokenData);
+            $responseType->setTokenType($token['type']);
+            $responseType->setTokenData($token['data']);
         }
 
         return $responseType->generateHttpResponse($response);

src/Handlers/TokenRevocationHandler.php

@@ -4,6 +4,7 @@
 
 namespace League\OAuth2\Server\Handlers;
 
+use League\OAuth2\Server\Exception\OAuthServerException;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -12,14 +13,16 @@ class TokenRevocationHandler extends AbstractTokenHandler
     public function respondToRequest(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
     {
         $client = $this->validateClient($request);
-        [$tokenType, $tokenData] = $this->validateToken($request, $client);
+        $token = $this->validateToken($request, $client);
 
-        if ($tokenType !== null && $tokenData !== null) {
-            if ($tokenType === 'refresh_token') {
-                $this->refreshTokenRepository->revokeRefreshToken($tokenData['refresh_token_id']);
-                $this->accessTokenRepository->revokeAccessToken($tokenData['access_token_id']);
-            } elseif ($tokenType === 'access_token') {
-                $this->accessTokenRepository->revokeAccessToken($tokenData['jti']);
+        if ($token !== null) {
+            if ($token['type'] === 'refresh_token') {
+                $this->refreshTokenRepository->revokeRefreshToken($token['data']['refresh_token_id']);
+                $this->accessTokenRepository->revokeAccessToken($token['data']['access_token_id']);
+            } elseif ($token['type'] === 'access_token') {
+                $this->accessTokenRepository->revokeAccessToken($token['data']['jti']);
+            } else {
+                throw OauthServerException::unsupportedTokenType();
             }
         }
 

tests/Handlers/AbstractTokenHandlerTest.php

@@ -54,7 +54,7 @@ public function testSetBearerTokenValidator(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame(['access_token', ['foo' => 'bar']], $result);
+        self::assertSame(['type' => 'access_token', 'data' => ['foo' => 'bar']], $result);
     }
 
     public function testValidateToken(): void
@@ -122,11 +122,10 @@ public function testValidateAccessToken(): void
         $client = new ClientEntity();
         $client->setIdentifier('client1');
 
-        /** @var array{0:non-empty-string, 1:array<non-empty-string, mixed>} $result */
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
-        $result[1]['exp'] = $result[1]['exp']->getTimestamp();
+        $result['data']['exp'] = $result['data']['exp']->getTimestamp();
 
-        self::assertSame(['access_token', [
+        self::assertSame(['type' => 'access_token', 'data' => [
             'aud' => ['client1'],
             'sub' => 'user1',
             'jti' => 'access1',
@@ -161,7 +160,7 @@ public function testValidateAccessTokenIsRevoked(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateAccessTokenIsExpired(): void
@@ -186,7 +185,7 @@ public function testValidateAccessTokenIsExpired(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateAccessTokenWithMismatchClient(): void
@@ -211,7 +210,7 @@ public function testValidateAccessTokenWithMismatchClient(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateAccessTokenWithInvalidToken(): void
@@ -230,7 +229,7 @@ public function testValidateAccessTokenWithInvalidToken(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateRefreshToken(): void
@@ -259,7 +258,7 @@ public function testValidateRefreshToken(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame(['refresh_token', [
+        self::assertSame(['type' => 'refresh_token', 'data' => [
             'refresh_token_id' => 'refresh1',
             'expire_time' => $expireTime,
             'client_id' => 'client1',
@@ -292,7 +291,7 @@ public function testValidateRefreshTokenIsRevoked(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateRefreshTokenIsExpired(): void
@@ -316,7 +315,7 @@ public function testValidateRefreshTokenIsExpired(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateRefreshTokenWithMismatchClient(): void
@@ -340,7 +339,7 @@ public function testValidateRefreshTokenWithMismatchClient(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     public function testValidateRefreshTokenWithInvalidToken(): void
@@ -359,7 +358,7 @@ public function testValidateRefreshTokenWithInvalidToken(): void
 
         $result = (fn () => $this->validateToken($request, $client))->call($handler);
 
-        self::assertSame([null, null], $result);
+        self::assertNull($result);
     }
 
     /**

tests/Handlers/TokenIntrospectionHandlerTest.php

@@ -43,7 +43,7 @@ public function testRespondToRequestForAccessToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn(['access_token', ['jti' => 'access1']]);
+            ->willReturn(['type' => 'access_token', 'data' => ['jti' => 'access1']]);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();
@@ -86,7 +86,7 @@ public function testRespondToRequestForRefreshToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn(['refresh_token', ['refresh_token_id' => 'refresh1']]);
+            ->willReturn(['type' => 'refresh_token', 'data' => ['refresh_token_id' => 'refresh1']]);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();
@@ -129,7 +129,7 @@ public function testRespondToRequestForInvalidToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn([null, null]);
+            ->willReturn(null);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();
@@ -176,7 +176,7 @@ public function testSetResponseType(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn(['foo', ['bar' => 'baz']]);
+            ->willReturn(['type' => 'foo', 'data' => ['bar' => 'baz']]);
 
         $result = $handler->respondToRequest($request, $response);
 

tests/Handlers/TokenRevocationHandlerTest.php

@@ -48,7 +48,7 @@ public function testRespondToRequestForAccessToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn(['access_token', ['jti' => 'access1']]);
+            ->willReturn(['type' => 'access_token', 'data' => ['jti' => 'access1']]);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();
@@ -92,7 +92,10 @@ public function testRespondToRequestForRefreshToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn(['refresh_token', ['refresh_token_id' => 'refresh1', 'access_token_id' => 'access1']]);
+            ->willReturn(['type' => 'refresh_token', 'data' => [
+                'refresh_token_id' => 'refresh1',
+                'access_token_id' => 'access1',
+            ]]);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();
@@ -137,7 +140,7 @@ public function testRespondToRequestForInvalidToken(): void
         $handler->expects(self::once())
             ->method('validateToken')
             ->with($request, $client)
-            ->willReturn([null, null]);
+            ->willReturn(null);
 
         $response = $handler->respondToRequest($request, new Response());
         $response->getBody()->rewind();