From 12d487342811814a437d464a5bda30e9cc62850f Mon Sep 17 00:00:00 2001 From: Josh Cunningham Date: Mon, 25 Feb 2019 09:00:29 -0800 Subject: [PATCH] Official deprecation of legacy Authentication API methods --- src/API/Authentication.php | 454 ++++++++++++++++++------------------- 1 file changed, 224 insertions(+), 230 deletions(-) diff --git a/src/API/Authentication.php b/src/API/Authentication.php index 587a494d..f71cd847 100644 --- a/src/API/Authentication.php +++ b/src/API/Authentication.php @@ -121,32 +121,6 @@ public function __construct( $this->telemetry = $infoHeadersData->build(); } - // phpcs:disable - /** - * Set an ApiClient for use in this object - * - * TODO: Deprecated - * - * @return void - * - * @codeCoverageIgnore - To be deprecated - */ - protected function setApiClient() - { - $apiDomain = "https://{$this->domain}"; - - $client = new ApiClient( - [ - 'domain' => $apiDomain, - 'basePath' => '/', - 'guzzleOptions' => $this->guzzleOptions - ] - ); - - $this->apiClient = $client; - } - // phpcs:enable - /** * Builds and returns the authorization URL. * @@ -299,53 +273,6 @@ public function get_logout_link($returnTo = null, $client_id = null, $federated ); } - // phpcs:disable - /** - * Authorize using an access token - * - * @param string $access_token - * @param string $connection - * @param string $scope - * @param array $additional_params - * - * @return mixed - * - * @deprecated - 5.1.1, This feature is disabled by default for new tenants as of 8 June - * 2017. Open the browser to do social authentication instead, which is - * what Google and Facebook are recommending. - * - * @see https://auth0.com/docs/api/authentication#social-with-provider-s-access-token - * @see https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html - * @see https://auth0.com/docs/api-auth/intro - * - * @codeCoverageIgnore - Deprecated - */ - public function authorize_with_accesstoken( - $access_token, - $connection, - $scope = 'openid', - array $additional_params = [] - ) - { - $data = array_merge( - $additional_params, - [ - 'client_id' => $this->client_id, - 'access_token' => $access_token, - 'connection' => $connection, - 'scope' => $scope, - ] - ); - - return $this->apiClient->post() - ->oauth() - ->access_token() - ->withHeader(new ContentType('application/json')) - ->withBody(json_encode($data)) - ->call(); - } - // phpcs:enable - /** * Start passwordless login process for email * @@ -403,117 +330,6 @@ public function sms_passwordless_start($phone_number) ->call(); } - // phpcs:disable - /** - * Verify SMS code - * - * TODO: Deprecate - * - * @param string $phone_number - * @param string $code - * @param string $scope - * - * @return mixed - * - * @throws ApiException - * - * @codeCoverageIgnore - To be deprecated - */ - public function sms_code_passwordless_verify($phone_number, $code, $scope = 'openid') - { - return $this->authorize_with_ro($phone_number, $code, $scope, 'sms'); - } - // phpcs:enable - - // phpcs:disable - /** - * Verify email code - * - * TODO: Deprecate - * - * @param string $email - * @param string $code - * @param string $scope - * - * @return mixed - * - * @throws ApiException - * - * @codeCoverageIgnore - To be deprecated - */ - public function email_code_passwordless_verify($email, $code, $scope = 'openid') - { - return $this->authorize_with_ro($email, $code, $scope, 'email'); - } - // phpcs:enable - - // phpcs:disable - /** - * DEPRECATED - This endpoint is part of the legacy authentication pipeline and - * has been replaced in favor of the Password Grant. For more information on the - * latest authentication pipeline refer to Introducing OIDC Conformant - * Authentication. - * - * @param string $username - * @param string $password - * @param string $scope - * @param null|string $connection - * @param null|string $id_token - * @param null|string $device - * - * @return mixed - * - * @throws ApiException - * - * @deprecated Use `login` instead. Use only for passwordless verify - * - * @see https://auth0.com/docs/api/authentication#resource-owner - * @see https://auth0.com/docs/api-auth/intro - * - * @codeCoverageIgnore - Deprecated - */ - public function authorize_with_ro( - $username, - $password, - $scope = 'openid', - $connection = null, - $id_token = null, - $device = null - ) - { - $data = [ - 'client_id' => $this->client_id, - 'username' => $username, - 'password' => $password, - 'scope' => $scope, - ]; - if ($device !== null) { - $data['device'] = $device; - } - - if ($id_token !== null) { - $data['id_token'] = $id_token; - $data['grant_type'] = 'urn:ietf:params:oauth:grant-type:jwt-bearer'; - } else { - if ($connection === null) { - throw new ApiException( - 'You need to specify a connection for grant_type=password authentication' - ); - } - - $data['grant_type'] = 'password'; - $data['connection'] = $connection; - } - - return $this->apiClient->post() - ->oauth() - ->ro() - ->withHeader(new ContentType('application/json')) - ->withBody(json_encode($data)) - ->call(); - } - // phpcs:enable - /** * Make an authenticated request to the /userinfo endpoint. * @@ -532,52 +348,6 @@ public function userinfo($access_token) ->call(); } - // phpcs:disable - /** - * Obtain an impersonation URL to login as another user. - * Impersonation functionality may be disabled by default for your tenant. - * - * TODO: Deprecate - * - * @param string $access_token - * @param string $user_id - * @param string $protocol - * @param string $impersonator_id - * @param string $client_id - * @param array $additionalParameters - * - * @return mixed - * - * @see https://auth0.com/docs/api/authentication#impersonation - * - * @codeCoverageIgnore - Deprecated - */ - public function impersonate( - $access_token, - $user_id, - $protocol, - $impersonator_id, - $client_id, - array $additionalParameters = [] - ) - { - $data = [ - 'protocol' => $protocol, - 'impersonator_id' => $impersonator_id, - 'client_id' => $client_id, - 'additionalParameters' => $additionalParameters, - ]; - - return $this->apiClient->post() - ->users($user_id) - ->impersonate() - ->withHeader(new ContentType('application/json')) - ->withHeader(new AuthorizationBearer($access_token)) - ->withBody(json_encode($data)) - ->call(); - } - // phpcs:enable - /** * Makes a call to the `oauth/token` endpoint. * @@ -823,4 +593,228 @@ public function dbconnections_change_password( ->withBody(json_encode($data)) ->call(); } + + /* + * Deprecated + */ + + // phpcs:disable + /** + * Set an ApiClient for use in this object + * + * @deprecated 5.4.0, not used. + * + * @return void + * + * @codeCoverageIgnore - Deprecated + */ + protected function setApiClient() + { + $apiDomain = "https://{$this->domain}"; + + $client = new ApiClient( + [ + 'domain' => $apiDomain, + 'basePath' => '/', + 'guzzleOptions' => $this->guzzleOptions + ] + ); + + $this->apiClient = $client; + } + + /** + * Verify SMS code + * + * @deprecated 5.4.0, legacy authentication pipeline, no alternative provided. + * + * @param string $phone_number + * @param string $code + * @param string $scope + * + * @return mixed + * + * @throws ApiException + * + * @codeCoverageIgnore - Deprecated + */ + public function sms_code_passwordless_verify($phone_number, $code, $scope = 'openid') + { + return $this->authorize_with_ro($phone_number, $code, $scope, 'sms'); + } + + /** + * Verify email code + * + * @deprecated 5.4.0, legacy authentication pipeline, no alternative provided. + * + * @param string $email + * @param string $code + * @param string $scope + * + * @return mixed + * + * @throws ApiException + * + * @codeCoverageIgnore - Deprecated + */ + public function email_code_passwordless_verify($email, $code, $scope = 'openid') + { + return $this->authorize_with_ro($email, $code, $scope, 'email'); + } + + /** + * Obtain an impersonation URL to login as another user. + * Impersonation functionality may be disabled by default for your tenant. + * + * @deprecated 5.4.0, legacy authentication pipeline, no alternative provided. + * + * @param string $access_token + * @param string $user_id + * @param string $protocol + * @param string $impersonator_id + * @param string $client_id + * @param array $additionalParameters + * + * @return mixed + * + * @see https://auth0.com/docs/api/authentication#impersonation + * + * @codeCoverageIgnore - Deprecated + */ + public function impersonate( + $access_token, + $user_id, + $protocol, + $impersonator_id, + $client_id, + array $additionalParameters = [] + ) + { + $data = [ + 'protocol' => $protocol, + 'impersonator_id' => $impersonator_id, + 'client_id' => $client_id, + 'additionalParameters' => $additionalParameters, + ]; + + return $this->apiClient->post() + ->users($user_id) + ->impersonate() + ->withHeader(new ContentType('application/json')) + ->withHeader(new AuthorizationBearer($access_token)) + ->withBody(json_encode($data)) + ->call(); + } + + /** + * Authorize using an access token + * + * @deprecated - 5.1.1, This feature is disabled by default for new tenants as of 8 June + * 2017. Open the browser to do social authentication instead, which is + * what Google and Facebook are recommending. + * + * @param string $access_token + * @param string $connection + * @param string $scope + * @param array $additional_params + * + * @return mixed + * + * @see https://auth0.com/docs/api/authentication#social-with-provider-s-access-token + * @see https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html + * @see https://auth0.com/docs/api-auth/intro + * + * @codeCoverageIgnore - Deprecated + */ + public function authorize_with_accesstoken( + $access_token, + $connection, + $scope = 'openid', + array $additional_params = [] + ) + { + $data = array_merge( + $additional_params, + [ + 'client_id' => $this->client_id, + 'access_token' => $access_token, + 'connection' => $connection, + 'scope' => $scope, + ] + ); + + return $this->apiClient->post() + ->oauth() + ->access_token() + ->withHeader(new ContentType('application/json')) + ->withBody(json_encode($data)) + ->call(); + } + + /** + * DEPRECATED - This endpoint is part of the legacy authentication pipeline and + * has been replaced in favor of the Password Grant. For more information on the + * latest authentication pipeline refer to Introducing OIDC Conformant + * Authentication. + * + * @deprecated 5.0.0, use `login` instead. Use only for passwordless verify + * + * @param string $username + * @param string $password + * @param string $scope + * @param null|string $connection + * @param null|string $id_token + * @param null|string $device + * + * @return mixed + * + * @throws ApiException + * + * @see https://auth0.com/docs/api/authentication#resource-owner + * @see https://auth0.com/docs/api-auth/intro + * + * @codeCoverageIgnore - Deprecated + */ + public function authorize_with_ro( + $username, + $password, + $scope = 'openid', + $connection = null, + $id_token = null, + $device = null + ) + { + $data = [ + 'client_id' => $this->client_id, + 'username' => $username, + 'password' => $password, + 'scope' => $scope, + ]; + if ($device !== null) { + $data['device'] = $device; + } + + if ($id_token !== null) { + $data['id_token'] = $id_token; + $data['grant_type'] = 'urn:ietf:params:oauth:grant-type:jwt-bearer'; + } else { + if ($connection === null) { + throw new ApiException( + 'You need to specify a connection for grant_type=password authentication' + ); + } + + $data['grant_type'] = 'password'; + $data['connection'] = $connection; + } + + return $this->apiClient->post() + ->oauth() + ->ro() + ->withHeader(new ContentType('application/json')) + ->withBody(json_encode($data)) + ->call(); + } + // phpcs:enable }