Feature/gnp number verification (#483)

* Finished GNP Auth and SimSwap MVP implementation

* Add documentation

* init

* Add next workflow to SDK (#476)

* Add from validation on request (#477)

* Feature/conversations (#478)

* WIP

* WIP

* WIP

* WIP

* WIP

* refactor to remove attempt at putting all event objects in

* Added docs

* phpstan fix number object

* Update README.md

8.1 is minimum

* Remove Orphaned Code (#480)

* Big cleanup of unused internals

* clean some unused imports

* Fix baseline, mark some deprecations coming

* fix ConversationClientFactory (#479)

Co-authored-by: yosh <yosh@latvm.unnamed.typo.pw>

* Remove a load of traits not being used by anything (#481)

* bring psr7 trait back (#482)

* Finished GNP Auth and SimSwap MVP implementation (#475)

* Finished GNP Auth and SimSwap MVP implementation

* Add documentation

* PSR-4 fix

* clean imports

* Finished GNP Auth and SimSwap MVP implementation

* bring psr7 trait back (#482)

* Fix broken git history

* Bulk of work pre-testing

* Testing complete

* Configure scopes correctly within the client, remove rogue die statement

---------

Co-authored-by: Yoshitaka Takeuchi <yosh@baud.jp>
Co-authored-by: yosh <yosh@latvm.unnamed.typo.pw>

Author: 3 people

phpunit.xml.dist

@@ -26,6 +26,12 @@
     <testsuite name="client">
       <directory>test/Client</directory>
     </testsuite>
+    <testsuite name="sim_swap">
+      <directory>test/SimSwap</directory>
+    </testsuite>
+    <testsuite name="number_verification">
+      <directory>test/NumberVerification</directory>
+    </testsuite>
     <testsuite name="conversations">
       <directory>test/Conversation</directory>
     </testsuite>

src/Client.php

@@ -24,6 +24,7 @@
 use Vonage\Client\Credentials\Basic;
 use Vonage\Client\Credentials\Container;
 use Vonage\Client\Credentials\CredentialsInterface;
+use Vonage\Client\Credentials\Gnp;
 use Vonage\Client\Credentials\Handler\BasicHandler;
 use Vonage\Client\Credentials\Handler\SignatureBodyFormHandler;
 use Vonage\Client\Credentials\Handler\SignatureBodyHandler;
@@ -171,12 +172,12 @@ public function __construct(
 
         $this->setHttpClient($client);
 
-        // Make sure we know how to use the credentials
         if (
             !($credentials instanceof Container) &&
             !($credentials instanceof Basic) &&
             !($credentials instanceof SignatureSecret) &&
-            !($credentials instanceof Keypair)
+            !($credentials instanceof Keypair) &&
+            !($credentials instanceof Gnp)
         ) {
             throw new RuntimeException('unknown credentials type: ' . $credentials::class);
         }
@@ -231,13 +232,15 @@ public function __construct(
 
             // Additional utility classes
             APIResource::class => APIResource::class,
-            Client::class => function() { return $this; }
+            Client::class => function () {
+                return $this;
+            }
         ];
 
         if (class_exists('Vonage\Video\ClientFactory')) {
             $services['video'] = 'Vonage\Video\ClientFactory';
         } else {
-            $services['video'] = function() {
+            $services['video'] = function () {
                 throw new \RuntimeException('Please install @vonage/video to use the Video API');
             };
         }
@@ -360,7 +363,6 @@ public static function authRequest(RequestInterface $request, Basic $credentials
 
     /**
      * @throws ClientException
-     * @deprecated Use the Vonage/JWT library if you need to generate a token
      */
     public function generateJwt($claims = []): Token
     {

src/Client/Credentials/Container.php

@@ -14,7 +14,8 @@ class Container extends AbstractCredentials
     protected array $types = [
         Basic::class,
         SignatureSecret::class,
-        Keypair::class
+        Keypair::class,
+        Gnp::class
     ];
 
     /**

src/Client/Credentials/Gnp.php

@@ -4,11 +4,26 @@
 
 namespace Vonage\Client\Credentials;
 
-class Gnp extends Keypair
+use Lcobucci\JWT\Encoding\JoseEncoder;
+use Lcobucci\JWT\Token;
+use Vonage\JWT\TokenGenerator;
+
+class Gnp extends AbstractCredentials
 {
-    public function __construct(protected string $msisdn, protected string $key, $application = null)
+    protected ?string $code = null;
+    protected ?string $state = null;
+    protected ?string $redirectUri = null;
+
+    public function __construct(
+        protected string $msisdn,
+        protected string $key,
+        protected $application = null
+    ) {
+    }
+
+    public function getKeyRaw(): string
     {
-        parent::__construct($key, $application);
+        return $this->key;
     }
 
     public function getMsisdn(): string
@@ -22,4 +37,95 @@ public function setMsisdn(string $msisdn): Gnp
 
         return $this;
     }
+
+    public function getCode(): ?string
+    {
+        return $this->code;
+    }
+
+    public function setCode(?string $code): Gnp
+    {
+        $this->code = $code;
+        return $this;
+    }
+
+    public function getState(): ?string
+    {
+        return $this->state;
+    }
+
+    public function setState(?string $state): Gnp
+    {
+        $this->state = $state;
+        return $this;
+    }
+
+    public function getRedirectUri(): ?string
+    {
+        return $this->redirectUri;
+    }
+
+    public function setRedirectUri(?string $redirectUri): Gnp
+    {
+        $this->redirectUri = $redirectUri;
+        return $this;
+    }
+
+    public function generateJwt(array $claims = []): Token
+    {
+        $generator = new TokenGenerator($this->application, $this->getKeyRaw());
+
+        if (isset($claims['exp'])) {
+            // This will change to an Exception in 5.0
+            trigger_error('Expiry date is automatically generated from now and TTL, so cannot be passed in
+            as an argument in claims', E_USER_WARNING);
+            unset($claims['nbf']);
+        }
+
+        if (isset($claims['ttl'])) {
+            $generator->setTTL($claims['ttl']);
+            unset($claims['ttl']);
+        }
+
+        if (isset($claims['jti'])) {
+            $generator->setJTI($claims['jti']);
+            unset($claims['jti']);
+        }
+
+        if (isset($claims['nbf'])) {
+            // Due to older versions of lcobucci/jwt, this claim has
+            // historic fraction conversation issues. For now, nbf is not supported.
+            // This will change to an Exception in 5.0
+            trigger_error('NotBefore Claim is not supported in Vonage JWT', E_USER_WARNING);
+            unset($claims['nbf']);
+        }
+
+        if (isset($claims['sub'])) {
+            $generator->setSubject($claims['sub']);
+            unset($claims['sub']);
+        }
+
+        if (!empty($claims)) {
+            foreach ($claims as $claim => $value) {
+                $generator->addClaim($claim, $value);
+            }
+        }
+
+        $jwt = $generator->generate();
+        $parser = new Token\Parser(new JoseEncoder());
+
+        // Backwards compatible for signature. In 5.0 this will return a string value
+        return $parser->parse($jwt);
+    }
+
+    public function getApplication(): ?string
+    {
+        return $this->application;
+    }
+
+    public function setApplication(mixed $application): Keypair
+    {
+        $this->application = $application;
+        return $this;
+    }
 }

src/Client/Credentials/Handler/GnpKeypairHandler.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Vonage\Client\Credentials\Handler;
+
+use Psr\Http\Message\RequestInterface;
+use Vonage\Client\Credentials\CredentialsInterface;
+use Vonage\Client\Credentials\Gnp;
+use Vonage\Client\Credentials\Keypair;
+
+class GnpKeypairHandler extends AbstractHandler
+{
+    public function __invoke(RequestInterface $request, CredentialsInterface $credentials): RequestInterface
+    {
+        /** @var Keypair $credentials  */
+        $credentials = $this->extract(Gnp::class, $credentials);
+        $token = $credentials->generateJwt();
+
+        return $request->withHeader('Authorization', 'Bearer ' . $token->toString());
+    }
+}

src/Client/Credentials/Handler/NumberVerificationGnpHandler.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Vonage\Client\Credentials\Handler;
+
+use Psr\Http\Message\RequestInterface;
+use Vonage\Client;
+use Vonage\Client\APIResource;
+use Vonage\Client\Credentials\CredentialsInterface;
+use Vonage\Client\Credentials\Gnp;
+
+/**
+ * This handler is for Vonage GNP APIs that require the CAMARA standard OAuth Flow
+ */
+class NumberVerificationGnpHandler extends SimSwapGnpHandler
+{
+    use Client\ClientAwareTrait;
+    use Client\ScopeAwareTrait;
+
+    protected ?string $baseUrl = null;
+    protected ?string $tokenUrl = null;
+
+    public function getBaseUrl(): ?string
+    {
+        return $this->baseUrl;
+    }
+
+    public function setBaseUrl(?string $baseUrl): NumberVerificationGnpHandler
+    {
+        $this->baseUrl = $baseUrl;
+        return $this;
+    }
+
+    public function getTokenUrl(): ?string
+    {
+        return $this->tokenUrl;
+    }
+
+    public function setTokenUrl(?string $tokenUrl): NumberVerificationGnpHandler
+    {
+        $this->tokenUrl = $tokenUrl;
+        return $this;
+    }
+
+    public function __invoke(RequestInterface $request, CredentialsInterface $credentials): RequestInterface
+    {
+        /** @var Gnp $credentials  */
+        $credentials = $this->extract(Gnp::class, $credentials);
+
+        // submit the code to CAMARA endpoint
+        $api = new APIResource();
+        $api->setAuthHandlers(new GnpKeypairHandler());
+        $api->setClient($this->getClient());
+        $api->setBaseUrl('https://api-eu.vonage.com/oauth2/token');
+
+        $tokenResponse = $api->submit([
+            'grant_type' => 'authorization_code',
+            'code' => $credentials->getCode(),
+            'redirect_uri' => $credentials->getRedirectUri()
+        ]);
+
+        $payload = json_decode($tokenResponse, true);
+
+        // Add CAMARA Access Token to request and return to make API call
+        return $request->withHeader('Authorization', 'Bearer ' . $payload['access_token']);
+    }
+}

…lient/Credentials/Handler/GnpHandler.php …redentials/Handler/SimSwapGnpHandler.phpsrc/Client/Credentials/Handler/GnpHandler.php renamed to src/Client/Credentials/Handler/SimSwapGnpHandler.php src/Client/Credentials/Handler/GnpHandler.php renamed to src/Client/Credentials/Handler/SimSwapGnpHandler.php

@@ -11,29 +11,49 @@
 /**
  * This handler is for Vonage GNP APIs that require the CAMARA standard OAuth Flow
  */
-class GnpHandler extends AbstractHandler
+class SimSwapGnpHandler extends AbstractHandler
 {
     use Client\ClientAwareTrait;
     use Client\ScopeAwareTrait;
 
-    protected const VONAGE_GNP_AUTH_BACKEND_URL = 'https://api-eu.vonage.com/oauth2/bc-authorize';
-    protected const VONAGE_GNP_AUTH_TOKEN_URL = 'https://api-eu.vonage.com/oauth2/token';
-    protected const VONAGE_GNP_AUTH_TOKEN_GRANT_TYPE = 'urn:openid:params:grant-type:ciba';
+    protected ?string $baseUrl = null;
+    protected ?string $tokenUrl = null;
+
+    public function getBaseUrl(): ?string
+    {
+        return $this->baseUrl;
+    }
+
+    public function setBaseUrl(?string $baseUrl): SimSwapGnpHandler
+    {
+        $this->baseUrl = $baseUrl;
+        return $this;
+    }
+
+    public function getTokenUrl(): ?string
+    {
+        return $this->tokenUrl;
+    }
+
+    public function setTokenUrl(?string $tokenUrl): SimSwapGnpHandler
+    {
+        $this->tokenUrl = $tokenUrl;
+        return $this;
+    }
+
+    public string $token;
 
     public function __invoke(RequestInterface $request, CredentialsInterface $credentials): RequestInterface
     {
         /** @var Gnp $credentials  */
         $credentials = $this->extract(Gnp::class, $credentials);
         $msisdn = $credentials->getMsisdn();
 
-        // Request OIDC, returns Auth Request ID
-        // Reconfigure new client for GNP Auth
         $api = new APIResource();
-        $api->setAuthHandlers(new KeypairHandler());
+        $api->setAuthHandlers(new GnpKeypairHandler());
         $api->setClient($this->getClient());
-        $api->setBaseUrl(self::VONAGE_GNP_AUTH_BACKEND_URL);
+        $api->setBaseUrl($this->getBaseUrl());
 
-        // This handler requires an injected client configured with a Gnp credentials object and a configured scope
         $response = $api->submit([
             'login_hint' => $msisdn,
             'scope' => $this->getScope()
@@ -44,9 +64,9 @@ public function __invoke(RequestInterface $request, CredentialsInterface $creden
         $authReqId = $decoded['auth_req_id'];
 
         // CAMARA Access Token
-        $api->setBaseUrl(self::VONAGE_GNP_AUTH_TOKEN_URL);
+        $api->setBaseUrl($this->getTokenUrl());
         $response = $api->submit([
-            'grant_type' => self::VONAGE_GNP_AUTH_TOKEN_GRANT_TYPE,
+            'grant_type' => 'urn:openid:params:grant-type:ciba',
             'auth_req_id' => $authReqId
         ]);
 

src/Client/Credentials/Keypair.php

@@ -16,7 +16,7 @@
  */
 class Keypair extends AbstractCredentials
 {
-    public function __construct(protected string $key, $application = null)
+    public function __construct(protected string $key, protected ?string $application = null)
     {
         $this->credentials['key'] = $key;
 
@@ -42,6 +42,17 @@ public function getKeyRaw(): string
         return $this->key;
     }
 
+    public function getApplication(): ?string
+    {
+        return $this->application;
+    }
+
+    public function setApplication(mixed $application): Keypair
+    {
+        $this->application = $application;
+        return $this;
+    }
+
     public function generateJwt(array $claims = []): Token
     {
         $generator = new TokenGenerator($this->application, $this->getKeyRaw());