PageTokenCredential
extends AutoService
in package
implements
EventSubscriberInterface
Allow Afform-based pages to accept page-level access token
Example:
- Create a JWT with
[scope => afform, afform => MY_FORM_NAME, sub=>cid:123]. This is defined to support "Afform.prefill" and "Afform.submit" on behalf of contact #123. - Navigate to
civicrm/my-form?_aff=Bearer+MY_JWT - Within the page-view, each AJAX call sets
X-Civi-Auth: MY_JWT.
Tags
Table of Contents
Interfaces
- EventSubscriberInterface
Methods
- afformPagePolicy() : void
- Afform page-links use a distinct "flow=>afformpage".
- afformPageToken() : void
- If we get a JWT with `[scope=>afform, afformName=>xyz]`, then setup the current fake-session to allow limited page-views.
- checkAllowedRoute() : bool
- When processing CRM_Core_Invoke, check to see if our token allows us to handle this request.
- getSubscribedEvents() : array<string|int, mixed>
- onInvoke() : void
- If you visit a top-level page like "civicrm/my-custom-form?_aff=XXX", then all embedded AJAX calls should "_authx=XXX".
- checkAllowedApi4Call() : bool
- Determine if a specific APIv4 call is permitted by this JWT.
- checkAllowedApi4Calls() : bool
- Determine if a batch of APIv4 calls are permitted by this JWT.
- getAllowedApi4Calls() : array<string|int, array<string|int, mixed>>
Methods
afformPagePolicy()
Afform page-links use a distinct "flow=>afformpage".
public
afformPagePolicy(CheckPolicyEvent $event) : void
Define a built-in policy for how this flow works.
Listens to civi.authx.checkPolicy (early on - before policy enforcement)
Parameters
- $event : CheckPolicyEvent
afformPageToken()
If we get a JWT with `[scope=>afform, afformName=>xyz]`, then setup the current fake-session to allow limited page-views.
public
afformPageToken(CheckCredentialEvent $check) : void
Parameters
- $check : CheckCredentialEvent
checkAllowedRoute()
When processing CRM_Core_Invoke, check to see if our token allows us to handle this request.
public
checkAllowedRoute(string $route, array<string|int, mixed> $jwt) : bool
Parameters
- $route : string
- $jwt : array<string|int, mixed>
Tags
Return values
boolgetSubscribedEvents()
public
static getSubscribedEvents() : array<string|int, mixed>
Return values
array<string|int, mixed>onInvoke()
If you visit a top-level page like "civicrm/my-custom-form?_aff=XXX", then all embedded AJAX calls should "_authx=XXX".
public
onInvoke(GenericHookEvent $e) : void
Parameters
- $e : GenericHookEvent
checkAllowedApi4Call()
Determine if a specific APIv4 call is permitted by this JWT.
protected
checkAllowedApi4Call(string $entity, string $action, array<string|int, mixed> $params, array<string|int, mixed> $jwt) : bool
Parameters
- $entity : string
- $action : string
- $params : array<string|int, mixed>
- $jwt : array<string|int, mixed>
-
Validated credential describing allowed usages.
Return values
bool —TRUE if this call is permitted by this credential
checkAllowedApi4Calls()
Determine if a batch of APIv4 calls are permitted by this JWT.
protected
checkAllowedApi4Calls(array<string|int, mixed> $calls, array<string|int, mixed> $jwt) : bool
Parameters
- $calls : array<string|int, mixed>
-
List of APIv4 requests
- $jwt : array<string|int, mixed>
-
Validated credential describing allowed usages.
Return values
bool —TRUE if ALL calls are allowed.
getAllowedApi4Calls()
protected
getAllowedApi4Calls() : array<string|int, array<string|int, mixed>>