Token request attribute configurable

src/Container/ResourceServerMiddlewareFactory.php

@@ -23,6 +23,7 @@
 
 use Psr\Container\ContainerInterface;
 use ZfrOAuth2\Server\Middleware\ResourceServerMiddleware;
+use ZfrOAuth2\Server\Options\ServerOptions;
 use ZfrOAuth2\Server\ResourceServerInterface;
 
 /**
@@ -35,7 +36,9 @@ public function __invoke(ContainerInterface $container): ResourceServerMiddlewar
     {
         /** @var ResourceServerInterface $resourceServer */
         $resourceServer = $container->get(ResourceServerInterface::class);
+        /** @var ServerOptions $serverOptions */
+        $serverOptions  = $container->get(ServerOptions::class);
 
-        return new ResourceServerMiddleware($resourceServer);
+        return new ResourceServerMiddleware($resourceServer, $serverOptions->getTokenRequestAttribute());
     }
 }

src/Middleware/ResourceServerMiddleware.php

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /*
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
@@ -43,12 +43,18 @@ class ResourceServerMiddleware
      */
     private $resourceServer;
 
+    /**
+     * @var string
+     */
+    private $tokenRequestAttribute;
+
     /**
      * @param ResourceServerInterface $resourceServer
      */
-    public function __construct(ResourceServerInterface $resourceServer)
+    public function __construct(ResourceServerInterface $resourceServer, string $tokenRequestAttribute = 'oauth_token')
     {
-        $this->resourceServer = $resourceServer;
+        $this->resourceServer        = $resourceServer;
+        $this->tokenRequestAttribute = $tokenRequestAttribute;
     }
 
     public function __invoke(
@@ -61,10 +67,11 @@ public function __invoke(
         } catch (InvalidAccessTokenException $exception) {
             // If we're here, this means that there was an access token, but it's either expired or invalid. If
             // that's the case we must immediately return
-            return new JsonResponse(['error' => $exception->getCode(), 'error_description' => $exception->getMessage()], 401);
+            return new JsonResponse(['error' => $exception->getCode(), 'error_description' => $exception->getMessage()],
+                401);
         }
 
         // Otherwise, if we actually have a token and set it as part of the request attribute for next step
-        return $next($request->withAttribute('oauth_token', $token), $response);
+        return $next($request->withAttribute($this->tokenRequestAttribute, $token), $response);
     }
 }

src/Options/ServerOptions.php

@@ -86,6 +86,13 @@ final class ServerOptions
      */
     private $ownerRequestAttribute;
 
+    /**
+     * Attribute that the ResourceServerMiddleware uses to access the token
+     *
+     * @var string
+     */
+    private $tokenRequestAttribute;
+
     /**
      * @param callable|string $ownerCallable either a callable or the name of a container service
      */
@@ -97,7 +104,8 @@ private function __construct(
         bool $revokeRotatedRefreshTokens,
         $ownerCallable,
         array $grants,
-        string $ownerRequestAttribute
+        string $ownerRequestAttribute,
+        string $tokenRequestAttribute
     ) {
         $this->authorizationCodeTtl       = $authorizationCodeTtl;
         $this->accessTokenTtl             = $accessTokenTtl;
@@ -107,6 +115,7 @@ private function __construct(
         $this->ownerCallable              = $ownerCallable;
         $this->grants                     = $grants;
         $this->ownerRequestAttribute      = $ownerRequestAttribute;
+        $this->tokenRequestAttribute      = $tokenRequestAttribute;
     }
 
     /**
@@ -122,7 +131,8 @@ public static function fromArray(array $options = []): self
             $options['revoke_rotated_refresh_tokens'] ?? true,
             $options['owner_callable'] ?? null,
             $options['grants'] ?? [],
-            $options['owner_request_attribute'] ?? 'owner'
+            $options['owner_request_attribute'] ?? 'owner',
+            $options['token_request_attribute'] ?? 'oauth_token'
         );
     }
 
@@ -192,4 +202,12 @@ public function getOwnerRequestAttribute(): string
     {
         return $this->ownerRequestAttribute;
     }
+
+    /**
+     * Attribute that the ResourceServerMiddleware uses to access the token
+     */
+    public function getTokenRequestAttribute(): string
+    {
+        return $this->tokenRequestAttribute;
+    }
 }

tests/src/Container/ResourceServerMiddlewareFactoryTest.php

@@ -24,6 +24,7 @@
 use Psr\Container\ContainerInterface;
 use ZfrOAuth2\Server\Container\ResourceServerMiddlewareFactory;
 use ZfrOAuth2\Server\Middleware\ResourceServerMiddleware;
+use ZfrOAuth2\Server\Options\ServerOptions;
 use ZfrOAuth2\Server\ResourceServerInterface;
 
 /**
@@ -42,6 +43,11 @@ public function testCanCreateFromFactory()
             ->with(ResourceServerInterface::class)
             ->willReturn($this->createMock(ResourceServerInterface::class));
 
+        $container->expects($this->at(1))
+            ->method('get')
+            ->with(ServerOptions::class)
+            ->willReturn(ServerOptions::fromArray());
+
         $factory = new ResourceServerMiddlewareFactory();
         $service = $factory($container);
 

tests/src/Middleware/ResourceServerMiddlewareTest.php

@@ -39,7 +39,7 @@ class ResourceServerMiddlewareTest extends TestCase
     public function testWillGetAccessTokenWithAccessTokenAsResult()
     {
         $resourceServer = $this->createMock(ResourceServer::class);
-        $middleware     = new ResourceServerMiddleware($resourceServer);
+        $middleware     = new ResourceServerMiddleware($resourceServer, 'oauth_token');
         $accessToken    = $this->createMock(AccessToken::class);
         $request        = $this->createMock(RequestInterface::class);
         $response       = $this->createMock(ResponseInterface::class);
@@ -65,7 +65,7 @@ public function testWillGetAccessTokenWithAccessTokenAsResult()
     public function testWillGetAccessTokenWithNullAsResult()
     {
         $resourceServer = $this->createMock(ResourceServer::class);
-        $middleware     = new ResourceServerMiddleware($resourceServer);
+        $middleware     = new ResourceServerMiddleware($resourceServer, 'oauth_token');
         $accessToken    = null;
         $request        = $this->createMock(RequestInterface::class);
         $response       = $this->createMock(ResponseInterface::class);
@@ -91,7 +91,7 @@ public function testWillGetAccessTokenWithNullAsResult()
     public function testWillCallGetAccessTokenWithException()
     {
         $resourceServer = $this->createMock(ResourceServer::class);
-        $middleware     = new ResourceServerMiddleware($resourceServer);
+        $middleware     = new ResourceServerMiddleware($resourceServer, 'oauth_token');
         $request        = $this->createMock(RequestInterface::class);
         $response       = $this->createMock(ResponseInterface::class);
 

tests/src/Options/ServerOptionsTest.php

@@ -44,6 +44,7 @@ public function testDefaults()
         $this->assertFalse($options->getRotateRefreshTokens());
         $this->assertTrue($options->getRevokeRotatedRefreshTokens());
         $this->assertEquals('owner', $options->getOwnerRequestAttribute());
+        $this->assertEquals('oauth_token', $options->getTokenRequestAttribute());
     }
 
     public function testGetters()
@@ -60,6 +61,7 @@ public function testGetters()
             'owner_callable'                => $callable,
             'grants'                        => [ClientCredentialsGrant::class],
             'owner_request_attribute'       => 'something',
+            'token_request_attribute'       => 'else',
         ]);
 
         $this->assertEquals(300, $options->getAuthorizationCodeTtl());
@@ -70,5 +72,6 @@ public function testGetters()
         $this->assertSame($callable, $options->getOwnerCallable());
         $this->assertEquals([ClientCredentialsGrant::class], $options->getGrants());
         $this->assertEquals('something', $options->getOwnerRequestAttribute());
+        $this->assertEquals('else', $options->getTokenRequestAttribute());
     }
 }