Pair framework: OAuth2Token

Pair\Models\OAuth2Token manages bearer token parsing and validation for OAuth2-like flows.

Constants

• LIFETIME = 3600 (default seconds)

Main methods

Header parsing

• basicCredentials(): ?array{id: string, secret: string}
• bearerToken(): ?string

Token generation/validation

• generateToken(int $bytes = 256): string
• getLifetimeSeconds(): int (uses OAUTH2_TOKEN_LIFETIME env override)
• isValid(string $bearerToken): bool

Standardized error replies

• badRequest(string $detail): void (400)
• unauthorized(string $detail): void (401 + WWW-Authenticate: Bearer)
• forbidden(string $detail): void (403)

These methods emit RFC 7807-like JSON problem details and terminate execution.

Implementation examples

Extract bearer token:

$token = \Pair\Models\OAuth2Token::bearerToken();

if (!$token || !\Pair\Models\OAuth2Token::isValid($token)) {
    \Pair\Models\OAuth2Token::unauthorized('Invalid or expired token');
}

Generate token value:

$newToken = \Pair\Models\OAuth2Token::generateToken();

Basic client credentials:

$creds = \Pair\Models\OAuth2Token::basicCredentials();

See also: API, Request, User, Session.