public function handle(GetResponseEvent $event)
 {
     $request = $event->getRequest();
     $oauthEvent = new OAuth2AuthenticationEvent($this->securityContext);
     if ($request->request->get("_username") !== null && $request->request->get("_password") !== null) {
         $token = new OAuthUserToken();
         $token->setUser($request->request->get("_username"));
         $token->setPassword($request->request->get("_password"));
         try {
             $this->eventDispatcher->dispatch(PreAuthenticationEvents::OAUTH2_PRE_AUTHENTICATION, $oauthEvent);
             $authToken = $this->authenticationManager->authenticate($token);
             $authToken->setAuthenticated(true);
             $this->securityContext->setToken($authToken);
             $this->eventDispatcher->dispatch(PostAuthenticationSuccessEvents::OAUTH2_POST_AUTHENTICATION_SUCCESS, $oauthEvent);
         } catch (AuthenticationException $failed) {
             // To deny the authentication clear the token.
             // Make sure to only clear your token, not those of other authentication listeners.
             $token = $this->securityContext->getToken();
             if ($token instanceof OAuthUserToken) {
                 $this->securityContext->setToken(null);
             }
             $this->eventDispatcher->dispatch(PostAuthenticationFailureEvents::OAUTH2_POST_AUTHENTICATION_FAILURE, $oauthEvent);
         }
     } else {
         $token = $this->securityContext->getToken();
         if ($token instanceof OAuthUserToken) {
             if (time() > $token->getExpireTime()) {
                 try {
                     $this->eventDispatcher->dispatch(PreRefreshEvents::OAUTH2_PRE_REFRESH, $oauthEvent);
                     $newToken = $this->authenticationManager->refresh($token);
                     $this->securityContext->setToken($newToken);
                     $this->eventDispatcher->dispatch(PostRefreshSuccessEvents::OAUTH2_POST_REFRESH_SUCCESS, $oauthEvent);
                 } catch (AuthenticationException $failed) {
                     // To deny the authentication clear the token.
                     // Make sure to only clear your token, not those of other authentication listeners.
                     $token = $this->securityContext->getToken();
                     if ($token instanceof OAuthUserToken) {
                         $this->securityContext->setToken(null);
                     }
                     $this->eventDispatcher->dispatch(PostRefreshFailureEvents::OAUTH2_POST_REFRESH_FAILURE, $oauthEvent);
                 }
             }
         }
     }
     // elsewhere we do nothing
     return;
 }
 public function refresh(OAuthUserToken $token)
 {
     // BE CAREFUL !!! argument order is very important !
     // if you change the order of parameters, refresh will not work and the API will give a client credential error.
     $url = $this->remoteApiUrl . "/oauth/v2/token?" . "client_secret=" . $this->remoteApiSecret . "&client_id=" . $this->remoteApiId . "&refresh_token=" . $token->getRefreshToken() . "&grant_type=refresh_token";
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, $url);
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
     $apiResponse = json_decode(curl_exec($ch));
     curl_close($ch);
     if (isset($apiResponse->access_token)) {
         $token->setOAuthToken($apiResponse->access_token);
         $token->setRefreshToken($apiResponse->refresh_token);
         $token->setTokenType($apiResponse->token_type);
         // We take 3 minutes less (180 seconds) just to be sure.
         $token->setExpireTime(time() + $apiResponse->expires_in - 180);
     } elseif (isset($apiResponse->error_description)) {
         throw new AuthenticationException($apiResponse->error_description);
     } else {
         throw new AuthenticationException('The OAuth refresh failed.');
     }
     return $token;
 }