How to create grant type parameters

Edit on GitHub

This document explains how to create and use a grant type parameter.

Integrate authentication following the Glue API Authentication integration guide.

Glue provides grant types password for a customer and a user out of the box:

SPECIFICATION PLUGIN
Customer grant type Spryker\Zed\Oauth\Communication\Plugin\Oauth\CustomerPasswordOauthRequestGrantTypeConfigurationProviderPlugin
User grant type Spryker\Zed\Oauth\Communication\Plugin\Oauth\UserPasswordOauthRequestGrantTypeConfigurationProviderPlugin

Let’s say you have a user and you want to have a new grant type authorization_code for it. To create the grant type, follow these steps:

  1. Create GRANT_TYPE_AUTHORIZATION_CODE constant:
<?php

namespace Pyz\Zed\Oauth;

use Spryker\Zed\OauthConfig as SprykerOauthConfig;

class OauthConfig extends SprykerOauthConfig
{
    public const GRANT_TYPE_AUTHORIZATION_CODE = 'authorization_code';
}
  1. Create UserAuthCodeGrantTypeBuilder:
<?php

namespace Pyz\Zed\Oauth\Business\Grant;

use DateInterval;
use Spryker\Zed\Oauth\Business\Model\League\Grant\AuthCodeGrant;
use Spryker\Zed\Oauth\Business\Model\League\Grant\GrantTypeBuilderInterface;
use Spryker\Zed\Oauth\Business\Model\League\Grant\GrantTypeInterface;
use Spryker\Zed\Oauth\Business\Model\League\RepositoryBuilderInterface;

class UserAuthCodeGrantTypeBuilder implements GrantTypeBuilderInterface
{
    public function buildGrant(
        RepositoryBuilderInterface $repositoryBuilder,
        DateInterval $refreshTokenTTL
    ): GrantTypeInterface {
        $userAuthCodeGrantType = new AuthCodeGrant();
        $userAuthCodeGrantType->setUserRepository($repositoryBuilder->createOauthUserRepository());
        $userAuthCodeGrantType->setRefreshTokenRepository($repositoryBuilder->createRefreshTokenRepository());
        $userAuthCodeGrantType->setRefreshTokenTTL($refreshTokenTTL);

        return $userAuthCodeGrantType;
    }
}
  1. Create UserAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin:
<?php

namespace Pyz\Zed\Oauth\Communication\Plugin\Oauth;

use Generated\Shared\Transfer\GlueAuthenticationRequestContextTransfer;
use Generated\Shared\Transfer\OauthGrantTypeConfigurationTransfer;
use Generated\Shared\Transfer\OauthRequestTransfer;
use Pyz\Zed\Oauth\Business\Grant\UserAuthorizationCodeGrantTypeBuilder;
use Pyz\Zed\Oauth\OauthConfig;
use Spryker\Glue\Kernel\AbstractPlugin;
use Spryker\Zed\OauthExtension\Dependency\Plugin\OauthRequestGrantTypeConfigurationProviderPluginInterface;

class UserAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin extends AbstractPlugin implements OauthRequestGrantTypeConfigurationProviderPluginInterface
{
    protected const GLUE_BACKEND_API_APPLICATION = 'GLUE_BACKEND_API_APPLICATION';

    public function isApplicable(
        OauthRequestTransfer $oauthRequestTransfer,
        GlueAuthenticationRequestContextTransfer $glueAuthenticationRequestContextTransfer
    ): bool {
        return (
            $oauthRequestTransfer->getGrantType() === OauthConfig::GRANT_TYPE_AUTHORIZATION_CODE &&
            $glueAuthenticationRequestContextTransfer->getRequestApplication() === static::GLUE_BACKEND_API_APPLICATION
        );
    }

    public function getGrantTypeConfiguration(): OauthGrantTypeConfigurationTransfer
    {
        return (new OauthGrantTypeConfigurationTransfer())
            ->setIdentifier(OauthConfig::GRANT_TYPE_AUTHORIZATION_CODE)
            ->setBuilderFullyQualifiedClassName(UserAuthorizationCodeGrantTypeBuilder::class);
    }
}
  1. Declare the grant type provider plugin:

\Pyz\Zed\Oauth\OauthDependencyProvider

<?php

namespace Pyz\Zed\Oauth;

use Spryker\Zed\Oauth\Communication\Plugin\Oauth\CustomerPasswordOauthRequestGrantTypeConfigurationProviderPlugin;
use Spryker\Zed\Oauth\Communication\Plugin\Oauth\UserPasswordOauthRequestGrantTypeConfigurationProviderPlugin;
use Spryker\Zed\Oauth\OauthDependencyProvider as SprykerOauthDependencyProvider;

class OauthDependencyProvider extends SprykerOauthDependencyProvider
{
    protected function getOauthRequestGrantTypeConfigurationProviderPlugins(): array
    {
        return [
            new UserPasswordOauthRequestGrantTypeConfigurationProviderPlugin(),
            new CustomerPasswordOauthRequestGrantTypeConfigurationProviderPlugin(),
            new UserAuthCodeOauthRequestGrantTypeConfigurationProviderPlugin(),
        ];
    }
}
“Verification”
  • Ensure that you can authenticate as a user:

    1. Send the request to get the authorization code:
    POST /token/ HTTP/1.1
    Host: glue-backend.mysprykershop.com
    Content-Type: application/x-www-form-urlencoded
    Accept: application/json
    Content-Length: 66
    
    response_type=code&client_id={user_client_id}
    
    1. Send the following request to the access token:
    POST /token/ HTTP/1.1
    Host: glue-backend.mysprykershop.com
    Content-Type: application/x-www-form-urlencoded
    Accept: application/json
    Content-Length: 66
    
    grant_type=authorization_code&code={user_authorization_code}&client_id={user_client_id}
    
    1. Check that the output contains the 201 response with a valid token.