-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBearerAuth.php
More file actions
42 lines (36 loc) · 1.1 KB
/
BearerAuth.php
File metadata and controls
42 lines (36 loc) · 1.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<?php
declare(strict_types=1);
namespace Arcp\Auth;
use Arcp\Messages\Session\Auth;
use Arcp\Messages\Session\PeerInfo;
/**
* Opaque bearer-token verification (RFC §8.2). The runtime keeps a token
* → principal mapping; presence of the token grants the principal.
*/
final class BearerAuth implements AuthScheme
{
/** @param array<string, string> $tokens token → principal */
public function __construct(private readonly array $tokens)
{
}
#[\Override]
public function name(): string
{
return 'bearer';
}
#[\Override]
public function verify(Auth $auth, PeerInfo $client): AuthResult
{
if ($auth->scheme !== 'bearer') {
return AuthResult::reject('scheme mismatch');
}
if ($auth->token === null || $auth->token === '') {
return AuthResult::reject('missing token');
}
if (!isset($this->tokens[$auth->token])) {
return AuthResult::reject('invalid token');
}
$principal = $client->principal ?? $this->tokens[$auth->token];
return AuthResult::accept($principal);
}
}