99use Yiisoft \Yii \AuthClient \OAuthToken ;
1010
1111/**
12- * OpenBanking OAuth2 client for UK
12+ * OpenBanking OAuth2 client for UK and other providers.
13+ * The endpoints and scope must be set by the consuming controller before usage.
1314 */
1415final class OpenBanking extends OAuth2
1516{
1617 /**
17- * @var string|null
18+ * @var string
19+ * These must match the parent's type exactly for Psalm invariance.
1820 */
19- protected ?string $ scope'openid accounts payments ' ;
21+ protected string $ authUrl'' ;
22+
23+ /**
24+ * @var string
25+ */
26+ protected string $ tokenUrl'' ;
27+
28+ /**
29+ * @var null|string
30+ */
31+ protected ?string $ scopenull ;
32+
33+ /**
34+ * Set the authorization URL (for the current provider).
35+ * @param string $authUrl
36+ */
37+ public function setAuthUrl (string $ authUrlvoid
38+ {
39+ $ this authUrl = $ authUrl
40+ }
41+
42+ /**
43+ * Set the token URL (for the current provider).
44+ * @param string $tokenUrl
45+ */
46+ public function setTokenUrl (string $ tokenUrlvoid
47+ {
48+ $ this tokenUrl = $ tokenUrl
49+ }
50+
51+ /**
52+ * Set the scope (for the current provider).
53+ * @param string|null $scope
54+ */
55+ public function setScope (?string $ scopevoid
56+ {
57+ $ this scope = $ scope
58+ }
2059
2160 /**
2261 * {@inheritdoc}
@@ -34,20 +73,45 @@ public function getTitle(): string
3473 return 'Open Banking ' ;
3574 }
3675
76+ /**
77+ * Override the auth URL to use the selected provider.
78+ * No fallback to parent is possible: the controller MUST set it.
79+ */
80+ public function getAuthUrl (): string
81+ {
82+ return $ this authUrl ;
83+ }
84+
85+ /**
86+ * Override the token URL to use the selected provider.
87+ * No fallback to parent is possible: the controller MUST set it.
88+ */
89+ public function getTokenUrl (): string
90+ {
91+ return $ this tokenUrl ;
92+ }
93+
94+ /**
95+ * Override the scope to use that of the selected provider.
96+ */
97+ public function getScope (): string
98+ {
99+ // Parent's getScope() returns string
100+ return $ this scope !== null ? $ this scope : parent ::getScope ();
101+ }
102+
37103 /**
38104 * Exchanges the authorization code for an access token, using PKCE (code_verifier).
39105 *
40106 * @param ServerRequestInterface $incomingRequest
41- * @param string|null $authCode
107+ * @param string $authCode
42108 * @param array $params
43109 * @return OAuthToken
44110 */
45- public function fetchAccessTokenWithCurlAndCodeVerifier (ServerRequestInterface $ incomingRequest$ authCode = null , array $ paramsOAuthToken
111+ public function fetchAccessTokenWithCurlAndCodeVerifier (ServerRequestInterface $ incomingRequeststring $ authCodearray $ paramsOAuthToken
46112 {
47113 $ tokenUrl$ this getTokenUrl ();
48- /** @var string|null $redirectUri */
49114 $ redirectUriisset ($ params'redirect_uri ' ]) && is_string ($ params'redirect_uri ' ]) ? $ params'redirect_uri ' ] : null ;
50- /** @var string|null $codeVerifier */
51115 $ codeVerifierisset ($ params'code_verifier ' ]) && is_string ($ params'code_verifier ' ]) ? $ params'code_verifier ' ] : null ;
52116
53117 $ postFields
@@ -62,7 +126,6 @@ public function fetchAccessTokenWithCurlAndCodeVerifier(ServerRequestInterface $
62126 $ postFields'code_verifier ' ] = $ codeVerifier
63127 }
64128
65- // Add client_id and client_secret if needed
66129 $ clientId$ this getClientId ();
67130 if ($ clientId'' ) {
68131 $ postFields'client_id ' ] = $ clientId
@@ -130,13 +193,9 @@ public function decodeIdToken(string $idToken): array
130193 if ($ remainder0 ) {
131194 $ payloadstr_repeat ('= ' , 4 - $ remainder
132195 }
133- /** @var false|string $payloadJson */
134196 $ payloadJsonbase64_decode (strtr ($ payload'-_ ' , '+/ ' ));
135- if ($ payloadJsonfalse ) {
136- return [];
137- }
138197 /** @var array<string, mixed>|null $decoded */
139- $ decodedjson_decode ($ payloadJsontrue );
198+ $ decodedjson_decode ($ payloadJson ?: '' , true );
140199 return is_array ($ decoded$ decoded
141200 }
142- }
201+ }
0 commit comments