Viewing file:  ClientToken.php (4.17 KB) -rw-rw-r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
namespace Twilio\Jwt;
use Twilio\Jwt\Client\ScopeURI;
/**
* Twilio Capability Token generator
*/
class ClientToken {
public $accountSid;
public $authToken;
/** @var ScopeURI[] $scopes */
public $scopes;
public $clientName;
/** @var string[] $customClaims */
private $customClaims;
/**
* Create a new TwilioCapability with zero permissions. Next steps are to
* grant access to resources by configuring this token through the
* functions allowXXXX.
*
* @param string $accountSid the account sid to which this token is granted
* access
* @param string $authToken the secret key used to sign the token. Note,
* this auth token is not visible to the user of the token.
*/
public function __construct(string $accountSid, string $authToken) {
$this->accountSid = $accountSid;
$this->authToken = $authToken;
$this->scopes = [];
$this->clientName = false;
$this->customClaims = [];
}
/**
* If the user of this token should be allowed to accept incoming
* connections then configure the TwilioCapability through this method and
* specify the client name.
*
* @param string $clientName
* @throws \InvalidArgumentException
*/
public function allowClientIncoming(string $clientName): void {
// clientName must be a non-zero length alphanumeric string
if (\preg_match('/\W/', $clientName)) {
throw new \InvalidArgumentException(
'Only alphanumeric characters allowed in client name.');
}
if ($clientName === '') {
throw new \InvalidArgumentException(
'Client name must not be a zero length string.');
}
$this->clientName = $clientName;
$this->allow('client', 'incoming', ['clientName' => $clientName]);
}
/**
* Allow the user of this token to make outgoing connections.
*
* @param string $appSid the application to which this token grants access
* @param mixed[] $appParams signed parameters that the user of this token
* cannot overwrite.
*/
public function allowClientOutgoing(string $appSid, array $appParams = []): void {
$this->allow('client', 'outgoing', [
'appSid' => $appSid,
'appParams' => \http_build_query($appParams, '', '&')
]);
}
/**
* Allow the user of this token to access their event stream.
*
* @param mixed[] $filters key/value filters to apply to the event stream
*/
public function allowEventStream(array $filters = []): void {
$this->allow('stream', 'subscribe', [
'path' => '/2010-04-01/Events',
'params' => \http_build_query($filters, '', '&'),
]);
}
/**
* Allows to set custom claims, which then will be encoded into JWT payload.
*
* @param string $name
* @param string $value
*/
public function addClaim(string $name, string $value): void {
$this->customClaims[$name] = $value;
}
/**
* Generates a new token based on the credentials and permissions that
* previously has been granted to this token.
*
* @param int $ttl the expiration time of the token (in seconds). Default
* value is 3600 (1hr)
* @return string the newly generated token that is valid for $ttl seconds
*/
public function generateToken(int $ttl = 3600): string {
$payload = \array_merge($this->customClaims, [
'scope' => [],
'iss' => $this->accountSid,
'exp' => \time() + $ttl,
]);
$scopeStrings = [];
foreach ($this->scopes as $scope) {
if ($scope->privilege === 'outgoing' && $this->clientName) {
$scope->params['clientName'] = $this->clientName;
}
$scopeStrings[] = $scope->toString();
}
$payload['scope'] = \implode(' ', $scopeStrings);
return JWT::encode($payload, $this->authToken, 'HS256');
}
protected function allow(string $service, string $privilege, array $params): void {
$this->scopes[] = new ScopeURI($service, $privilege, $params);
}
}
|