Skip to content

Commit f775831

Browse files
AltamashShaikhAltamashShaikh
authored
Merge pull request #26 from matomo-org/PG-5079-consistent-docs
Consistent API docs, #PG-5079
2 parents 5bac602 + c78aba9 commit f775831

2 files changed

Lines changed: 29 additions & 25 deletions

File tree

API.php

Lines changed: 27 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,11 @@
1616
use Piwik\Plugins\OAuth2\Model\ClientModel;
1717
use Piwik\UrlHelper;
1818

19+
/**
20+
* Exposes super-user OAuth2 client management endpoints for Matomo.
21+
*
22+
* This API lists configured scopes and lets administrators create, inspect, update, rotate, activate, and delete OAuth2 clients.
23+
*/
1924
class API extends \Piwik\Plugin\API
2025
{
2126
public function __construct(
@@ -32,7 +37,7 @@ public function __construct(
3237
* `grant_types` (array), `scopes` (array), `type` (`confidential` or `public`),
3338
* `active` (bool), `owner_login`, `created_at`, `updated_at`, and `last_used_at`.
3439
*
35-
* @return array[]
40+
* @return array<int, array<string, mixed>> OAuth2 clients ordered by most recently updated first.
3641
*/
3742
public function getClients(): array
3843
{
@@ -44,7 +49,7 @@ public function getClients(): array
4449
* Returns one OAuth2 client configured in Matomo (super users only).
4550
*
4651
* @param string $clientId 32-character hexadecimal client identifier.
47-
* @return array
52+
* @return array<string, mixed> Sanitized OAuth2 client details for the requested client.
4853
*/
4954
public function getClient(string $clientId): array
5055
{
@@ -61,12 +66,12 @@ public function getClient(string $clientId): array
6166
}
6267

6368
/**
64-
* Returns the configured OAuth2 scopes (super users only).
69+
* Returns the OAuth2 scopes enabled for client configuration (super users only).
6570
*
6671
* The array keys are scope identifiers (for example `matomo:read`, `matomo:write`,
6772
* `matomo:admin`, `matomo:superuser`) and the values are human-readable descriptions.
6873
*
69-
* @return array<string, string>
74+
* @return array<string, string> Enabled scope identifiers mapped to their translated descriptions.
7075
*/
7176
public function getScopes(): array
7277
{
@@ -83,14 +88,13 @@ public function getScopes(): array
8388
*
8489
* @param string $name Display name shown in the Matomo UI.
8590
* @param string[] $grantTypes Grant types to enable (`authorization_code`, `client_credentials`, `refresh_token`).
86-
* @param string $scope Scope identifier to allow; filtered against configured scopes.
91+
* @param string $scope Single scope identifier to allow for the client. Must match one of the enabled OAuth2 scopes.
8792
* @param string|string[] $redirectUris Allowed redirect URIs (array or newline-separated string).
8893
* @param string $description Optional description for administrators.
8994
* @param string $type `confidential` (default, requires secret) or `public` (no client secret).
9095
* @param string $active `'1'` to enable the client or `'0'` to disable it.
91-
* @return array{client: array, secret: string|null}
92-
*
93-
* @throws \InvalidArgumentException When redirect URIs or grant types are invalid.
96+
* @return array{client: array<string, mixed>, secret: string|null} The sanitized client record and the generated plaintext
97+
* secret when the created client is confidential.
9498
*/
9599
public function createClient(string $name, array $grantTypes, string $scope, $redirectUris = [], string $description = '', string $type = 'confidential', string $active = '1'): array
96100
{
@@ -124,15 +128,18 @@ public function createClient(string $name, array $grantTypes, string $scope, $re
124128
/**
125129
* Updates an OAuth2 client and optionally returns a newly generated secret.
126130
*
127-
* @param string $clientId 32-character hexadecimal client identifier.
128-
* @param string $name Display name shown in the Matomo UI.
129-
* @param string[] $grantTypes Grant types to enable.
130-
* @param string $scope Scope identifier to allow.
131-
* @param string|string[] $redirectUris Allowed redirect URIs.
132-
* @param string $description Optional description for administrators.
133-
* @param string $type `confidential` or `public`.
134-
* @param string $active `'1'` to enable the client or `'0'` to disable it.
135-
* @return array{client: array, secret: string|null}
131+
* If a public client is converted to a confidential client, this endpoint returns the new plaintext `secret` once.
132+
*
133+
* @param string $clientId 32-character hexadecimal client identifier.
134+
* @param string $name Display name shown in the Matomo UI.
135+
* @param string[] $grantTypes Grant types to enable (`authorization_code`, `client_credentials`, `refresh_token`).
136+
* @param string $scope Single scope identifier to allow for the client. Must match one of the enabled OAuth2 scopes.
137+
* @param string|string[] $redirectUris Allowed redirect URIs (array or newline-separated string).
138+
* @param string $description Optional description for administrators.
139+
* @param string $type `confidential` (default, requires secret) or `public` (no client secret).
140+
* @param string $active `'1'` to enable the client or `'0'` to disable it.
141+
* @return array{client: array<string, mixed>, secret: string|null} The sanitized updated client record and a newly generated
142+
* plaintext secret when the client becomes confidential.
136143
*/
137144
public function updateClient(string $clientId, string $name, array $grantTypes, string $scope, $redirectUris = [], string $description = '', string $type = 'confidential', string $active = '1'): array
138145
{
@@ -176,9 +183,7 @@ public function updateClient(string $clientId, string $name, array $grantTypes,
176183
* The previous secret stops working immediately. The new plaintext secret is returned once and must be saved by the caller.
177184
*
178185
* @param string $clientId 32-character hexadecimal client identifier.
179-
* @return array{client_id: string, secret: string}
180-
*
181-
* @throws \InvalidArgumentException When the client ID is not a 32-character hexadecimal string.
186+
* @return array{client_id: string, secret: string} The client ID and the newly generated plaintext secret.
182187
*/
183188
public function rotateSecret(string $clientId): array
184189
{
@@ -203,7 +208,7 @@ public function rotateSecret(string $clientId): array
203208
*
204209
* @param string $clientId 32-character hexadecimal client identifier.
205210
* @param string $active `'1'` to enable the client or `'0'` to disable it.
206-
* @return array{client: array}
211+
* @return array{client: array<string, mixed>} The sanitized client record after the active flag is updated.
207212
*/
208213
public function setClientActive(string $clientId, string $active): array
209214
{
@@ -222,9 +227,7 @@ public function setClientActive(string $clientId, string $active): array
222227
* Deletes an OAuth2 client and its related access tokens, refresh tokens, and auth codes (super users only).
223228
*
224229
* @param string $clientId 32-character hexadecimal client identifier.
225-
* @return array{deleted: true}
226-
*
227-
* @throws \InvalidArgumentException When the client ID is not a 32-character hexadecimal string.
230+
* @return array{deleted: true} Confirmation that the client and its related OAuth2 records were deleted.
228231
*/
229232
public function deleteClient(string $clientId): array
230233
{

CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
5.0.2 - 2026-04-27
2+
- Updated API documentation
23
- Added code to show scope in the list view
34

45
5.0.1 - 2026-04-17
56
- Fixes README.md
67

78
5.0.0 - 2026-04-13
8-
- Initial release to create OAuth 2.0 clients for token generation and API access
9+
- Initial release to create OAuth 2.0 clients for token generation and API access

0 commit comments

Comments
 (0)