Heimdall Core
Authorization Server

Authorization Server

Authorization Server is an instance which issues access tokens after successfully authenticating a client and resource owner, and authorizing the request (applied in CodeIgniter's Controller (opens in a new tab)).

This instance is also known as HeimdallAuthorizationServer.

It's recommended for Controller that apply this instance to implement an AuthorizationController (opens in a new tab) interface.

bootstrap()

This method is used to set up the HeimdallAuthorizationServer with the current CodeIgniter request & response. We strongly recommended to be call this method right after you get the HeimdallAuthorizationServer instance or before you access other Heimdall's method (eg. validateAuth).

class Authorization extends BaseController implements AuthorizationController
{
 
    private $heimdall;
 
    function __construct()
    {
        // get a new instance of HeimdallAuthorizationServer
        $this->heimdall = OAuthServer::createAuthorizationServer();
 
        // bootrap heimdall with the codeigniter's request & response
        $this->heimdall->bootstrap($this->request, $this->response);
    }
 
    ...
}
⚠️

If you have not bootstrap your HeimdallAuthorizationServer, and you do access the other method inside of it (eg. validateAuth), Heimdall will throw a HeimdallServerException.

validateAuth()

This method is only used for Authorization Code & Implicit grant.

This method is used to verify the authorization request from the client. If success, this method will return a AuthorizationRequest instance that will be used to generate an authorization code in completeAuth method.

function authorize()
{
    try {
        $authRequest = $this->heimdall->validateAuth();
        $authRequest->setUser(new UserEntity());
        ...
    } catch (Exception $exception) {
        $this->heimdall->handleException($exception);
    }
}

It is recommended to apply this method inside a try catch block since it can throw an Exception when the request is not valid.

completeAuth()

This method is only used for Authorization Code & Implicit grant.

This method is used to generate authorization code based on AuthorizationRequest instance that created in validateAuth method. If success, it will return an authorization code as JSON response to client.

function authorize()
{
    try {
        ...
        $this->heimdall->completeAuth($authRequest);
    } catch (Exception $exception) {
        $this->heimdall->handleException($exception);
    }
}

It is recommended to apply this method inside a try catch block since it can throw an Exception when the AuthorizationRequest instance provided is not valid.

createToken()

If you apply an Authorization Code or Implicit grant, the client MUST give a valid authorization code in the request body in order to exchange it with access token.

This method is used to generate access token based on the grant type. If success, it will return an access token as JSON response to client.

function token()
{
  try {
    $this->heimdall->createToken();
  } catch (Exception $exception) {
    $this->heimdall->handleException($exception);
  }
}

It is recommended to apply this method inside a try catch block since it can throw an Exception when request or credential provided by the client is not valid.

handleException()

This method is used to handle an Exception thrown by Heimdall. It will automatically generate a JSON output for the client based on the error message from Exception, with the appropriate HTTP status code.

try {
    ...
} catch (Exception $exception) {
    $this->heimdall->handleException($exception);
}
Refresh Token GrantResource Server
written with ❤️ by nextra
copyright 2024, @ezralazuardy