Merge pull request #64 from FusionAuth/lyle/ENG-3375/introspect-and-libs

lyleschemmerling · web-flow · commit 14db20f61972 · 2025-12-18T14:02:50.000-07:00
Lyle/eng 3375/introspect and libs
diff --git a/src/FusionAuth/FusionAuthClient.php b/src/FusionAuth/FusionAuthClient.php
@@ -144,6 +144,29 @@ public function approveDevice($client_id, $client_secret, $token, $user_code)
         ->go();
   }
 
+  /**
+   * Approve a device grant.
+   *
+   * @param array $request The request object containing the device approval information and optional tenantId.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function approveDeviceWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+      ,'token' => $request->token
+      ,'user_code' => $request->user_code
+    );
+    return $this->start()->uri("/oauth2/device/approve")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Cancels the user action.
    *
@@ -443,6 +466,29 @@ public function clientCredentialsGrant($client_id, $client_secret, $scope = NULL
         ->go();
   }
 
+  /**
+   * Make a Client Credentials grant request to obtain an access token.
+   *
+   * @param array $request The client credentials grant request containing client authentication, scope and optional tenantId.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function clientCredentialsGrantWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'grant_type' => $request->grant_type
+      ,'scope' => $request->scope
+      ,'tenantId' => $request->tenantId
+    );
+    return $this->startAnonymous()->uri("/oauth2/token")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Adds a comment to the user's account.
    *
@@ -1788,6 +1834,51 @@ public function deleteWebhook($webhookId)
         ->go();
   }
 
+  /**
+   * Start the Device Authorization flow using form-encoded parameters
+   *
+   * @param string $client_id The unique client identifier. The client Id is the Id of the FusionAuth Application in which you are attempting to authenticate.
+   * @param string $client_secret (Optional) The client secret. This value may optionally be provided in the request body instead of the Authorization header.
+   * @param string $scope (Optional) A space-delimited string of the requested scopes. Defaults to all scopes configured in the Application's OAuth configuration.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function deviceAuthorize($client_id, $client_secret, $scope = NULL)
+  {
+    $post_data = array(
+      'client_id' => $client_id,
+      'client_secret' => $client_secret,
+      'scope' => $scope
+    );
+    return $this->startAnonymous()->uri("/oauth2/device_authorize")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
+  /**
+   * Start the Device Authorization flow using a request body
+   *
+   * @param array $request The device authorization request containing client authentication, scope, and optional device metadata.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function deviceAuthorizeWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'scope' => $request->scope
+      ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+    );
+    return $this->startAnonymous()->uri("/oauth2/device_authorize")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Disable two-factor authentication for a user.
    *
@@ -1902,6 +1993,57 @@ public function exchangeOAuthCodeForAccessTokenUsingPKCE($code, $client_id, $cli
         ->go();
   }
 
+  /**
+   * Exchanges an OAuth authorization code and code_verifier for an access token.
+   * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint and a code_verifier for an access token.
+   *
+   * @param array $request The PKCE OAuth code access token exchange request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function exchangeOAuthCodeForAccessTokenUsingPKCEWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'code' => $request->code
+      ,'code_verifier' => $request->code_verifier
+      ,'grant_type' => $request->grant_type
+      ,'redirect_uri' => $request->redirect_uri
+      ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+    );
+    return $this->startAnonymous()->uri("/oauth2/token")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
+  /**
+   * Exchanges an OAuth authorization code for an access token.
+   * Makes a request to the Token endpoint to exchange the authorization code returned from the Authorize endpoint for an access token.
+   *
+   * @param array $request The OAuth code access token exchange request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function exchangeOAuthCodeForAccessTokenWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'code' => $request->code
+      ,'grant_type' => $request->grant_type
+      ,'redirect_uri' => $request->redirect_uri
+      ,'tenantId' => $request->tenantId
+    );
+    return $this->startAnonymous()->uri("/oauth2/token")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Exchange a Refresh Token for an Access Token.
    * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
@@ -1932,6 +2074,32 @@ public function exchangeRefreshTokenForAccessToken($refresh_token, $client_id, $
         ->go();
   }
 
+  /**
+   * Exchange a Refresh Token for an Access Token.
+   * If you will be using the Refresh Token Grant, you will make a request to the Token endpoint to exchange the user’s refresh token for an access token.
+   *
+   * @param array $request The refresh token access token exchange request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function exchangeRefreshTokenForAccessTokenWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'grant_type' => $request->grant_type
+      ,'refresh_token' => $request->refresh_token
+      ,'scope' => $request->scope
+      ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+      ,'user_code' => $request->user_code
+    );
+    return $this->startAnonymous()->uri("/oauth2/token")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Exchange a refresh token for a new JWT.
    *
@@ -1980,6 +2148,33 @@ public function exchangeUserCredentialsForAccessToken($username, $password, $cli
         ->go();
   }
 
+  /**
+   * Exchange User Credentials for a Token.
+   * If you will be using the Resource Owner Password Credential Grant, you will make a request to the Token endpoint to exchange the user’s email and password for an access token.
+   *
+   * @param array $request The user credentials access token exchange request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function exchangeUserCredentialsForAccessTokenWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'grant_type' => $request->grant_type
+      ,'password' => $request->password
+      ,'scope' => $request->scope
+      ,'tenantId' => $request->tenantId
+      ,'user_code' => $request->user_code
+      ,'username' => $request->username
+    );
+    return $this->startAnonymous()->uri("/oauth2/token")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Begins the forgot password sequence, which kicks off an email to the user so that they can reset their password.
    *
@@ -2221,6 +2416,27 @@ public function introspectAccessToken($client_id, $token)
         ->go();
   }
 
+  /**
+   * Inspect an access token issued as the result of the User based grant such as the Authorization Code Grant, Implicit Grant, the User Credentials Grant or the Refresh Grant.
+   *
+   * @param array $request The access token introspection request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function introspectAccessTokenWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'tenantId' => $request->tenantId
+      ,'token' => $request->token
+    );
+    return $this->startAnonymous()->uri("/oauth2/introspect")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Inspect an access token issued as the result of the Client Credentials Grant.
    *
@@ -2240,6 +2456,26 @@ public function introspectClientCredentialsAccessToken($token)
         ->go();
   }
 
+  /**
+   * Inspect an access token issued as the result of the Client Credentials Grant.
+   *
+   * @param array $request The client credentials access token.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function introspectClientCredentialsAccessTokenWithRequest($request)
+  {
+    $post_data = array(
+      'tenantId' => $request->tenantId
+      ,'token' => $request->token
+    );
+    return $this->startAnonymous()->uri("/oauth2/introspect")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Issue a new access token (JWT) for the requested Application after ensuring the provided JWT is valid. A valid
    * access token is properly signed and not expired.
@@ -4682,6 +4918,54 @@ public function retrieveUserCodeUsingAPIKey($user_code)
         ->go();
   }
 
+  /**
+   * Retrieve a user_code that is part of an in-progress Device Authorization Grant.
+   * 
+   * This API is useful if you want to build your own login workflow to complete a device grant.
+   * 
+   * This request will require an API key.
+   *
+   * @param array $request The user code retrieval request including optional tenantId.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function retrieveUserCodeUsingAPIKeyWithRequest($request)
+  {
+    $post_data = array(
+      'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+      ,'user_code' => $request->user_code
+    );
+    return $this->startAnonymous()->uri("/oauth2/device/user-code")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
+  /**
+   * Retrieve a user_code that is part of an in-progress Device Authorization Grant.
+   * 
+   * This API is useful if you want to build your own login workflow to complete a device grant.
+   *
+   * @param array $request The user code retrieval request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function retrieveUserCodeWithRequest($request)
+  {
+    $post_data = array(
+      'client_id' => $request->client_id
+      ,'client_secret' => $request->client_secret
+      ,'tenantId' => ($request->tenantId !== null ? (string)$request->tenantId : null)
+      ,'user_code' => $request->user_code
+    );
+    return $this->startAnonymous()->uri("/oauth2/device/user-code")
+        ->bodyHandler(new FormDataBodyHandler($post_data))
+        ->post()
+        ->go();
+  }
+
   /**
    * Retrieves all the comments for the user with the given Id.
    *
@@ -6415,6 +6699,25 @@ public function validateDevice($user_code, $client_id)
         ->go();
   }
 
+  /**
+   * Validates the end-user provided user_code from the user-interaction of the Device Authorization Grant.
+   * If you build your own activation form you should validate the user provided code prior to beginning the Authorization grant.
+   *
+   * @param array $request The device validation request.
+   *
+   * @return ClientResponse The ClientResponse.
+   * @throws \Exception
+   */
+  public function validateDeviceWithRequest($request)
+  {
+    return $this->startAnonymous()->uri("/oauth2/device/validate")
+        ->urlParameter("client_id", $request->client_id)
+        ->urlParameter("tenantId", $request->tenantId !== null ? (string)$request->tenantId : null)
+        ->urlParameter("user_code", $request->user_code)
+        ->get()
+        ->go();
+  }
+
   /**
    * Validates the provided JWT (encoded JWT string) to ensure the token is valid. A valid access token is properly
    * signed and not expired.
