authkit2/src/Oidc/Authentication/TokenAuthentication.php

<?php

declare(strict_types=1);

namespace authkit2\Oidc\Authentication;

use authkit2\Oidc\Token;

/**
 * Authenticates requests using an oauth token from a service account
 * or user.
 */
class TokenAuthentication extends Authentication
{
	/**
	 * Token used to authenticate requests.
	 * @var Token
	 */
	protected $token;

	/**
	 * Who to call if the token is expired.
	 * @var ?callable
	 */
	protected $refresh_callback;

	/**
	 * Create a new token authentication provider.
	 *
	 * @param Token     $token           token to authenticate requests with
	 * @param ?callable $refreshCallback callback to generate us a new token when our existing one expires
	 */
	public function __construct(Token $token, callable $refreshCallback = null)
	{
		$this->token = $token;
		$this->refresh_callback = $refreshCallback;
	}

	/**
	 * Set the callback to be called when the underlying token expires.
	 *
	 * @param  callable $refreshCallback
	 * @return void
	 */
	public function setRefreshCallback(callable $refreshCallback): void
	{
		$this->refresh_callback = $refreshCallback;
	}

	/**
	 * Authenticate the passed in request with the provided token.
	 *
	 * Token authentication uses the token as a bearer token.
	 *
	 * @param  \Psr\Http\Message\RequestInterface $request request to authenticate
	 * @return \Psr\Http\Message\RequestInterface authenticated request
	 */
	public function authenticate(\Psr\Http\Message\RequestInterface $request): \Psr\Http\Message\RequestInterface
	{
		if ($this->token->isExpired() && isset($this->refresh_callback))
		{
			$callback = $this->refresh_callback;
			$this->token = $callback($this);
		}
		return $request->withHeader('Authorization', 'Bearer '.$this->token->getAccessToken());
	}
}