* response_type - 'code' corresponding to the authorization code grant flow and * 'token' corresponding to the implicit grant flow is supported. * client_id - a configured id string agreed upon by any given client and authorization server * redirect_uri - an optional configured uri to redirect the user agent to after authorization is granted or denied * scope - optional configured scope strings agreed upon by any given client and authorization server * state - optional string which clients can use to maintain state during authentication and authorization flows. */ session_cache_limiter('nocache'); $config = SimpleSAML_Configuration::getConfig('module_oauth2server.php'); $clientStore = new sspmod_oauth2server_OAuth2_ClientStore($config); if (isset($_REQUEST['client_id'])) { $client = $clientStore->getClient($_REQUEST['client_id']); } if (isset($client)) { $as = new SimpleSAML_Auth_Simple($config->getValue('authsource')); $params = sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $as->requireAuth($params); if (array_key_exists('redirect_uri', $client) && is_array($client['redirect_uri']) && count($client['redirect_uri']) > 0) { $returnUri = isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : $client['redirect_uri'][0]; $legalRedirectUri = sspmod_oauth2server_Utility_Uri::validateRedirectUri($returnUri, $client); if ($legalRedirectUri) { $requestedScopes = sspmod_oauth2server_Utility_Uri::augmentRequestedScopesWithRequiredScopes($client, isset($_REQUEST['scope']) ? explode(' ', $_REQUEST['scope']) : array()); $invalidScopes = sspmod_oauth2server_Utility_Uri::findInvalidScopes($client, $requestedScopes); if (count($invalidScopes) == 0) { if (isset($_REQUEST['response_type']) && ($_REQUEST['response_type'] === 'code' || $_REQUEST['response_type'] === 'token')) { $state = array('clientId' => $_REQUEST['client_id'], 'redirectUri' => isset($_REQUEST['redirect_uri']) ? $_REQUEST['redirect_uri'] : null, 'requestedScopes' => array_unique($requestedScopes), 'returnUri' => $returnUri, 'response_type' => $_REQUEST['response_type']); if (array_key_exists('state', $_REQUEST)) { $state['state'] = $_REQUEST['state']; } $stateId = SimpleSAML_Auth_State::saveState($state, 'oauth2server:authorization/consent'); $consentUri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php'), array('stateId' => $stateId));
/** * @group unit * @group utility */ public function testCalculateScopingForClientWithSeveralEntriesInIdPList() { $client = array('IDPList' => array('entityId1', 'entityId2', 'entityId3')); $result = \sspmod_oauth2server_Utility_Uri::calculateScopingParameters($client); $this->assertSame(array('saml:IDPList' => array('entityId1', 'entityId2', 'entityId3')), $result); }