/**
* Grants an authorisation request by issuing the appropriate response. The response
* may take in the form of an authorization code, an access token or other
* parameters
*
* @param Request $request the authorisation request
* @param Response $response the authorisation response
* @param array $scopes the requested scope
*/
protected function grantAuth($request, $response, $scopes = NULL)
{
$store = StoreManager::instance();
$user = AuthManager::instance()->getUser();
$client = $store->loadClient($request['client_id'], 'SimpleID\\Protocols\\OAuth\\OAuthClient');
if ($scopes == NULL) {
if (isset($request['scope'])) {
$scopes = $request->paramToArray('scope');
} else {
$scopes = array(self::DEFAULT_SCOPE);
}
}
$authorization = $store->loadAuth(Authorization::buildID($user, $client));
if ($authorization == null) {
$authorization = new Authorization($user, $client, $scopes);
} else {
$authorization->setScope($scopes);
}
$activity = array('type' => 'app', 'id' => $client->getStoreID(), 'time' => time());
if ($this->f3->exists('IP')) {
$activity['remote'] = $this->f3->get('IP');
}
$user->addActivity($cid, $activity);
if ($request->paramContains('response_type', 'code')) {
$response['code'] = $authorization->issueCode(isset($request['redirect_uri']) ? $request['redirect_uri'] : NULL);
}
if ($request->paramContains('response_type', 'token')) {
$response->loadData($authorization->issueAccessToken($scopes, SIMPLEID_SHORT_TOKEN_EXPIRES_IN));
$this->mgr->invokeAll('oAuthToken', 'implicit', $authorization, $request, $response, $scopes);
}
$this->mgr->invokeAll('oAuthGrantAuth', $authorization, $request, $response, $scopes);
$store->saveAuth($authorization);
$store->saveUser($user);
$this->logger->log(LogLevel::DEBUG, 'Authorization granted: ', $response->toArray());
$response->renderRedirect();
}
