Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Loads/stores oauth2 access tokens in DB for system accounts in order to use a single token across multiple sessions.
  19   *
  20   * @package    core
  21   * @copyright  2018 Jan Dageförde <jan.dagefoerde@ercis.uni-muenster.de>
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  namespace core\oauth2;
  25  
  26  defined('MOODLE_INTERNAL') || die();
  27  
  28  use core\persistent;
  29  
  30  /**
  31   * Loads/stores oauth2 access tokens in DB for system accounts in order to use a single token across multiple sessions.
  32   *
  33   * When a system user is authenticated via OAuth, we need to use a single access token across user sessions,
  34   * because we want to avoid using multiple tokens at the same time for a single remote user. Reasons are that,
  35   * first, redeeming the refresh token for an access token requires an additional request, and second, there is
  36   * no guarantee that redeeming the refresh token doesn't invalidate *all* corresponding previous access tokes.
  37   * As a result, we would need to either continuously request lots and lots of new access tokens, or persist the
  38   * access token in the DB where it can be used from all sessions. Let's do the latter!
  39   *
  40   * @copyright  2018 Jan Dageförde <jan.dagefoerde@ercis.uni-muenster.de>
  41   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  42   */
  43  class access_token extends persistent {
  44  
  45      /** The table name. */
  46      const TABLE = 'oauth2_access_token';
  47  
  48      /**
  49       * Return the definition of the properties of this model.
  50       *
  51       * @return array
  52       */
  53      protected static function define_properties() {
  54          return array(
  55              // Issuer id instead of the system account id because, at the time of storing/loading a token we may not
  56              // know the system account id.
  57              'issuerid' => array(
  58                  'type' => PARAM_INT
  59              ),
  60              'token' => array(
  61                  'type' => PARAM_RAW,
  62              ),
  63              'expires' => array(
  64                  'type' => PARAM_INT,
  65              ),
  66              'scope' => array(
  67                  'type' => PARAM_RAW,
  68              ),
  69          );
  70      }
  71  }