API Authentication AccessToken - evansims/openfga-php GitHub Wiki

Immutable access token implementation for OpenFGA API authentication. This class represents an OAuth 2.0 access token with expiration tracking and scope management. Access tokens are typically obtained through OAuth flows and provide time-limited access to OpenFGA resources.

Table of Contents


Namespace

OpenFGA\Authentication


Source

View source code


Implements


Related Classes


Methods

fromResponse

Implements Authentication\AccessTokenInterface

public function fromResponse(
    ResponseInterface $response,
    string|null $expectedIssuer = NULL,
    string|null $expectedAudience = NULL,
): self

Create an access token instance from an OAuth server response. This factory method parses an HTTP response from an OAuth authorization server and extracts the access token information. The response should contain a JSON payload with the standard OAuth 2.0 token response fields including access_token, expires_in, and optionally scope. If the access token is a JWT and expectedIssuer/expectedAudience are provided, the JWT is validated to ensure the issuer and audience claims match the expected values from the OAuth client configuration.

View source


Parameters

Name Type Description
$response ResponseInterface The HTTP response from the OAuth token endpoint
$expectedIssuer string | null Optional expected issuer for JWT validation
$expectedAudience string | null Optional expected audience for JWT validation

Returns

self — A new access token instance created from the response data


getExpires

public function getExpires(): int

Get the Unix timestamp when this access token expires. The expiration timestamp indicates when the token is no longer valid for API requests. Applications should check this value before making requests and refresh the token when necessary to avoid authentication failures.

View source


Returns

int — Unix timestamp representing when the token expires


getScope

public function getScope(): ?string

Get the scope that defines the permissions granted by this access token. The scope represents the extent of access granted to the token bearer. Different scopes may provide access to different OpenFGA operations or resources. A null scope typically indicates full access or that scope restrictions are not applicable for this token.

View source


Returns

string | null — The token scope defining granted permissions, or null if no scope is specified


getToken

public function getToken(): string

Get the raw access token value. This method returns the actual token string that was issued by the authentication server. This is the same value returned by __toString() but provided as an explicit getter method for clarity.

View source


Returns

string — The raw access token value


isExpired

public function isExpired(): bool

Check whether this access token has expired and needs to be refreshed. This method compares the token's expiration time against the current time to determine if the token is still valid. Expired tokens cannot be used for API requests as they result in authentication failures.

View source


Returns

bool — True if the token has expired and should be refreshed, false if still valid

Getting Started: IntroductionInstallationAuthentication

Essentials: StoresAuthorization ModelsRelationship TuplesPermissions Queries

Features: Helper FunctionsConcurrencyResultsExceptionsObservabilityIntegration

Developer Resources

Support & Community

OpenFGA Ecosystem

OpenFGA PHP SDK • Apache 2.0 License

⚠️ **GitHub.com Fallback** ⚠️